Paul Vixie Explains How PROTECT IP Will Break The Internet



from the not-cool-folks dept

It’s pretty difficult to question Paul Vixie’s credibility when it comes to core internet infrastructure. Creator of a variety of key Unix and internet software, he’s still most known for his work on BIND, “the most widely used DNS software on the internet.” So you would think that when he and a few other core internet technologists spoke up about why PROTECT IP wouldbreak fundamental parts of the internet, people would pay attention. Tragically, PROTECT IP supporters, like the MPAA, appear to be totally clueless in arguing against Vixie. Their response is basically “it’s fine to break the internet to evil rogue sites.”

That, of course, is missing the point. It’s not that anyone’s worried about breaking the internet for those sites. It’s that it will break fundamental parts of the internet for everyone else as well. And… it will do this in a way that won’t make a dent in online infringement. Afterdawn sat down with Vixie who gave a clear and concise explanation of why PROTECT IP is a problem. The biggest issue is how it will impact DNSSEC, which adds encrypted signatures to DNS records to make sure that the IP address you’re getting is authentic. You want that. Without that, there are significant security risks. But PROTECT IP ignores that.

Explained simply, for DNSSEC to work, it needs to be able to route around errors. But the way PROTECT IP is written, routing around errors will break the law:

Say your browser, when it’s trying to decide whether some web site is or is not your bank’s web site, sees the modifications or hears no response. It has to be able to try some other mechanism like a proxy or a VPN as a backup solution rather than just giving up (or just accepting the modification and saying “who cares?”). Using a proxy or VPN as a backup solution would, under PROTECT IP, break the law.And, of course, none of these DNS efforts will actually stop infringement. As the Afterdawn article notes: “Bypassing DNS filtering is trivially easy. All you need to do is configure your computer to use DNS servers outside the US which won’t be affected by the law.”

And while supporters of PROTECT IP insist that there’s nothing to worry about because it only impacts those “foreign websites,” that’s misleading in the extreme. PROTECT IP will impact a ton of US-based technology companies. First, if we have a less secure internet, that’s going to be a problem for obvious reasons. Additionally, the way the law works is that it puts a direct burden on US companies to figure out ways to block sites declared rogue (you know, like the Internet Archive and 50 Cent’s personal website), or face liability. This will increase both compliance and legal costs.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s