Security Experts Blast House Anti-Piracy Bill's DNS Filtering Provisions

By Fahmida Y. Rashid  |  Posted 2011-11-17

Security Experts Blast House Anti-Piracy Bill's DNS Filtering Provisions

Security experts expressed strong concerns about the provisions in the anti-piracy bill that would prevent Internet users from accessing certain Websites.

The Stop Online Piracy Act was introduced last month by Rep. Lamar Smith, R-Texas, the chairman of the House Judiciary committee. The House Judiciary hearing on Nov. 16 invited various industry giants, including the Motion Picture Association of America (MPAA), Pfizer and Google, to weigh in on the bill. Smith has said he intends to mark up the bill by the end of the year, after which the bill will go to the full House of Representatives for a floor vote.

SOPA's sweeping provisions would allow the government and copyright holders to punish Web companies for hosting unauthorized copyrighted content, such as movies, songs and software. The bill is the House counterpart to the Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property (Protect-IP) Act that was passed by the Senate earlier this year and is aimed toward stopping online piracy. Sen. Ron Wyden, D-Ore., placed a hold on the bill in May over concerns about its potential to "muzzle speech and stifle innovation and economic growth."

SOPA's backers argue that new legislation is necessary to combat rogue foreign Websites that violate United States copyright laws, and SOPA provides the mechanism for shutting down those sites that operate outside the U.S. legal system.

Giving copyright holders the legal means to isolate and shut down Websites or online services found hosting illegal content would be a strong anti-piracy tool, advocates claim. Critics argue that SOPA's definitions of what constitutes a "rogue Website" and the proposed remedies are too broad and too vague.

If passed, SOPA would also allow the United States government to order companies to cut off revenue to the site, force search engines to suppress all mention of the site in search results and blacklist the site containing infringing material using Domain Name System (DNS) filtering techniques similar to those used by totalitarian regimes abroad, such as China and Iran.

Authoritarian governments "resent the openness and democratic nature of the Internet," and want to regulate it, said Edward Black, president and CEO of the Computer and Communications Industry Association. "The United States cannot resist the regulation and repression elsewhere if we yield to pressure to do the same here," Black said.

"There's a bill that would require [Internet service providers] to remove URLs from the Web, which is also known as censorship last time I checked," Eric Schmidt, executive chairman of Google, said during a visit to the Massachusetts Institute of Technology on Nov. 16.

Anti-Piracy Bill at Odds With Federal Enforcement Efforts


Security and technology experts are concerned about the DNS filtering proposed in SOPA and, to some extent, in Protect IP. "There is hardly any part of the United States economy today that does not depend upon the smooth operation of the Internet, which in turn relies upon the integrity of [DNS]," wrote Andrew Lee, CEO of ESET, in a letter to Congress. DNS filtering as outlined in SOPA "would seriously undermine that integrity," according to Lee.

Lee also noted that the DNS provisions appear "to be at odds with the sterling efforts" of U.S. law enforcement. Just last week, the FBI arrested a group of cyber-criminals who had been using the DNSchanger Trojan to "subvert DNS for illegal purposes" and diverting users to sites other than where they were trying to go, wrote Steve Cobb, a security evangelist for ESET.

"How disappointing then to get an email later the same day, also about DNS changing, but this time the DNS changer is the U.S. government itself," Cobb wrote. It seems "unwise to give private companies the ability to go ahead and change DNS armed only with court orders" while the FBI works hard to stop the bad guys from making millions by "subverting DNS," he said.

Cobb also warned that DNS filtering is "fundamentally incompatible" with Domain Name System Security Extensions (DNSSEC), a new security technology that is slowly gaining adoption to make it harder to abuse the DNS system.

The bill in its current form doesn't effectively differentiate between actual pirates and mainstream sites where users may post content, such as Twitter, Tumblr, Google and Facebook. SOPA needs to be amended to define rogues as those "primarily dedicated to infringing activities," rather than sites that are used by pirates to facilitate their activities, according to Ryan Radia, associate director of technology studies at nonprofit think tank Competitive Enterprise Institute.

If the site gets shut down by the ISP or have it relationships with the advertising networks and payment processors severed, the site owner can petition the courts to have the injunction lifted.

Radia recommends an amendment that would force copyright holders to shoulder the costs incurred by defendants in case the order was improperly issued. At the moment, there are no penalties against the copyright holder for being wrong.

Without these changes, the bill in its current form "would cast a cloud of legal uncertainty over America's innovative, startup-driven Internet economy," Radia said.

"Trying to stop piracy by adding new tools to disable access to the piracy channels is a futile strategy for most software vendors," said Vic DeMarines, vice president of product strategy at V.i. Labs, an anti-piracy software vendor that helps enterprises track unlicensed software being used within the organization.

Rocket Fuel