As submitted for the June 2012 issue

The : Law, Politics and Engineering

Steve Crocker

On May 25, 20111 Steve Crocker and colleagues David Dagon, Dan Kaminsky, Danny McPherson and made their paper warning of the changes in law would have on the Internet available to Congress and the public. They wrote:

• The U.S. Government and private industry have identified Internet security and stability as a key part of a wider cyber security strategy, and if implemented, the DNS related provisions of PROTECT IP would weaken this important commitment.

• DNS filters would be evaded easily, and would likely prove ineffective at reducing online infringement. Further, widespread circumvention would threaten the security and stability of the global DNS.

• The DNS provisions would undermine the universality of domain names, which has been one of the key enablers of the innovation, economic growth, and improvements in communications and information access unleashed by the global Internet.1

Steve Crocker was a student at the University of California Los Angeles when engineers were transforming ’s concept of packet-switched data communication into what has become the Internet. He continues his engineering focus on Internet Technology.

In the month following publication “Steve was elected Chair of the ICANN Board.” One of the responsibilities of ICANN, operating under a contract with the U.S. Department of Commerce, is the Internet Domain Name System. This “directory” links the names of users and servers—e.g. Amazon.com—with the Internet Protocol numeric address used to route data packets through the Internet. This is a “digital era” analogue of the traditional telephone directory. This “look up” occurs every time a user enters an URL—the complete and specific address of, a document or website.

The author’s authoritative warning did not enter the discussion of the future of the Internet until early January 2012 when the issue became a public concern. On Tuesday, January 17, 2012, Crocker provided 6 minutes and 54 seconds of explanation to the Advisory Committee to the

1 “Security and Other Technical Concerns Raised by the DNS Filtering Requirements in the PROTECT IP Bill,” Shinkuro, Inc,. 25 May 2012.

Jim Farmer 1 14 May 2012 As submitted for the June 2012 issue

Congressional Internet Caucus.2 The Caucus is funded by firms to provide information and guidance to members of the U.S. Congress. Crocker described the protocols of the Internet— descriptions of how the network should work translated into computer code—as “arcane, nuanced” and with “subtleties.” He continued saying the proposed laws may have “unintended consequences.” He described the Internet as global with “legal boundaries” referring to the scope of law as contrasted to the Internet. He also urged “careful and thoughtful” use of real data in making judgments about the operation of the Internet.

From an engineering perspective, and discussions since at least 2009, some of possible impacts and incentives of current and proposed law and enforcement are:

• The security system DNSSEC is being implemented to ensure a user knows the website addressed is valid. It is inconsistent with the proposed practices of seizing and redirecting domain names to an alternate site. This enforcement practice is exactly the same process used by “rogue sites” to redirect innocent users to their site, and will preserve their ability to do so.

• Cloud computing, except from large, influential and low risk firms, carry increased risks to their users which may limit their economic viability. Enforcement as practiced applies the same remedy—disconnect from the Internet—to non-infringing users.

• The Internet is morphing into a collection of national networks either because of technical considerations (China because of Chinese domain names) or by law (UK). These government-controlled national networks will be overlaid by corporate private Internet-compliant networks to cross national borders.

• The “hacker” community has an incentive to hide the identity of a source of files and to protect the content of files through encryption to prevent routine censorship.

Engineers view ISPs (Internet Service Providers such as BT and Verizon) as operators of a communication network focused on reliability, stability, and security. Lawmakers are viewing ISPs as enforcers of content laws—including non-judicial censorship.3

The Internet technical organizations such as the Internet Engineering Task Force have developed DNSSEC as a way to ensure a user is communicating with the intended party. Implementation has been the dominating topic of the annual GovSec Conferences in Washington DC from 2010 through 2012.

DNSSEC uses the same technology as digitally signed documents. The user can similarly validate an intended party’s Internet address. That is, verifying Citibank.com is really Citibank.com, not a rogue site that looks like Citibank.com. The U.S. Department of Justice currently seizes domain names by instructions to U.S. based Internet registrars and redirects the domain name to one of their websites. If DNSSEC were implemented the user would only receive a message saying the connection could not be completed. As Crocker writes the user

2 Detailed information and event coverage is available at http://www.netcaucus.org. 3 The Oxford Electronic Dictionary defines censorship as “the practice of officially examining books, movies, etc., and suppressing unacceptable parts.” The connotation this is unethical or undesirable is not intended.

Jim Farmer 2 14 May 2012 As submitted for the June 2012 issue

would not know whether communication failed, the intended website was not operational, or the address was invalid. Concerns enforcement would seize the public and private encryption keys to falsely validate their substitute website have been discussed, but not documented. This may provide access to all the user’s digitally signed documents.

“Cloud computing” is also vulnerable. Computer programs on the “cloud” provide service over the Internet rather than from the user’s computer or the firm’s computers. Cloud computing offers economy of scale, reliable computer hardware and communications, and increased capacity on demand.

However seizing a top level domain may deny access to all users communicating with the “cloud” whether or not they are infringing. The Megaupload case demonstrated this unreliability. A substantial number of non-infringing users of the Megaupload “cloud” were denied access to their data and lost processing capabilities.4 This raises the concern that another user’s infringement would seriously impact a non-infringing user.

As an example of instability, the Danish Police accidentally blocked over 8,000 sites, including Facebook and Google, labelling them as child porn; they were not.

Mike Masnick, Editor of TechDirt summarizes:5

For all the talk of how SOPA and PIPA were bad for changing the way the internet would have to work, it's worth noting the very very real impact of the Megaupload takedown on the potential development of various new services and business models. The risks and uncertainty increased massively on January 19th, and not in a good way for anyone.

The role of ISPs in censoring Internet transmissions was revealed in a Pakistan Government Request for Proposal:6

The Internet Service Providers (ISPs) and backbone providers have currently deployed manual URL filtering and blocking mechanism in order to block the specific URLs containing undesirable content as notified by PTA from time to time.

Many countries have deployed web filtering and blocking systems at the Internet backbones within their countries. However, Pakistani ISPs and backbone providers have expressed their inability to block millions of undesirable web sites using current manual blocking systems. A national URL filtering and blocking system is therefore required to be deployed at national IP backbone of the country.

4 We now know staff of the U.S. Department of Defense and Department of State were users. This use is not unusual for transferring lengthy files from one user to another because of typical file limits for email attachments and the difficulty of using a file communications protocol such as FTP (file transfer protocol) 5 Notwithstanding the name TechDirt, the news site is quoted as authoritative by the New York Times, Washington Post, Wall Street Journal and others. He has appeared as a speaker in many meetings and conferences on the Internet, including the Advisory Committee’s “State of the Net” panel with Steve Crocker and representatives of MPAA and U.S. Chamber of Commerce. 6 National URL Filtering and Blocking System, Ministry of Information Technology, Government of Pakistan, 3 February 2012

Jim Farmer 3 14 May 2012 As submitted for the June 2012 issue

Note the “millions of undesirable web sites.” The Pakistani implementation restricts communication based on a government determination of “undesirable content.” While this is more specific, and less damaging, than Domain Name seizure, the use of URLs may also include subordinate websites that have only “desirable content.”

Britain’s high court has required UK ISPs to block communications with Pirate Bay, a website claimed to be infringing. “The block, starting within weeks, will mean millions of Britons will no longer be able to access one of the biggest and longest-running global filesharing sites.” 7 Two days later Pirate Bay had “12 million more visitors than it ever had.”8 This demonstrates how ineffective DNS filtering can be. To effectively prevent communications traffic will require every UK ISP to implement domain name filtering. Smaller ISPs may be eliminated lacking the capital for such an investment. The use of proxies and “encrypted tunnelling” as suggested for Pirate Bay users and the increased traffic suggest effectiveness of DNS filtering may be limited as Crocker predicted.

A law requiring all U.S. ISPs to have DNS filtering capability and the capability for intercepting traffic of selected URLs has been requested.

Many view ICANN as an instrument of the U.S. government. This was illustrated in a 2009 Advisory Committee discussion when the question “What does my Congressman say when a constituent asks why the Internet permits access to child porn?” This references the approval of ICANN of the top level domain name XXX for pornography. The current U.S. contract with ICANN has been put out and then withdrawn from competitive bid. When the RFP is released, further U.S. control of ICANN is possible and feared by many engineers.

Intellectual property attorneys have experience mastering both law and technologies. It may be they rather than politicians, engineers, or content providers can best recommend laws and practices that integrate their perspectives into effective Internet law and law enforcement. And then take this experience into their work with clients, who will benefit from this special experience and expertise. All Internet users would benefit.

7 “British ISPs will block The Pirate Bay within weeks,” the Guardian, 30 April 2012 8 “Pirate Bay Block Initiates Steisand Cascade, Drives Record Traffic,” Leigh Beadon, TechDirt 2 May 2012

Jim Farmer 4 14 May 2012