SOPA undercuts Internet security, experts say; lawmakers float alternative

A bipartisan alternative to controversial anti-piracy bills now before Congress is being floated online by a handful of senators and representatives.

The Online Protection and Enforcement of Digital Trade (OPEN) Act would treat online piracy or counterfeiting by foreign websites as an unfair trade practice under the Tariff Act of 1930 and would give enforcement authority to the U.S. International Trade Commission.

Absent from the draft act are DNS blocking provisions included in the House’s Stop Online Piracy Act and the Senate's Protect IP Act. Opponents in the Internet community say those provisions are incompatible with DNS Security Extensions (DNSSEC), a set of cryptographic protocols intended to secure the Domain Name System.


Related stories:

Protect IP Act would create a lot of criminals

House bill would attack online piracy, 'rogue websites'


SOPA and PIPA would require Internet service providers and search engines either to redirect traffic away from offending sites or to block it.

“Both of these remedies involve modifying DNS responses, and that is exactly what DNSSEC is designed to prevent, no matter who is doing it,” said Cricket Liu, general manager of the Infoblox IPv6 Center of Excellence. “The bill seeks to codify something that we in the DNS community have been working to prevent for 15 years.”

The Domain Name System maps Internet domain names such as gcn.com to numerical IP addresses and underlies nearly all Internet activities. DNSSEC enables the use of digital signatures that can be used to authenticate DNS data that is returned to query responses. This will help to combat attacks such as pharming, cache poisoning and DNS redirection that are used to misdirect traffic to malicious sites for fraud and the distribution of malware.

There has been a push to deploy DNSSEC throughout the Internet for the past four years. The Office of Management and Budget in 2008 ordered deployment of DNSSEC in all federal systems by the end of 2009, a deadline which has not been met. The .gov Top Level Domain was signed in early 2009, and DNSSEC was fully deployed by operators of the Internet’s authoritative root zone in July 2010, providing a trust anchor that now can tie together “islands of trust” that have been created by the deployment of DNSSEC in other top level and secondary domains.

Requirements to interfere with DNS responses would either be impossible to comply with, or would require undoing DNSSEC, Liu said. He said the assessment is widely held by experts who understand the operation of DNSSEC.

“Infoblox could stand to benefit if the SOPA bill is passed,” he said, because the company’s products could perform the kind of filtering required. “And I am all in favor of copyright protection. I hold copyrights myself” on several books that have been pirated online. But requiring and enabling that kind of filtering would undermine the security of the Domain Name System, he said.

The OPEN Act was drafted by Sen. Ron Wyden (D-Ore.) and Rep. Darrell Issa (R-Calif.) and was posted online in December. It would halt the transfer of money to and delivery of advertisements from foreign websites that are found by the commission to be principally used for activities that infringe on the intellectual or other property rights of U.S. citizens. It would apply only to sites outside the jurisdiction of U.S. courts, and would provide a safe-harbor exemption for legitimate websites that routinely remove links to or disable access to offending sites.

The commission could issue temporary and permanent cease-and-desist orders against offending sites, and financial services providers in this country could be enjoined from providing payment services to the sites. Online advertising services also could be ordered to stop serving their ads.

In both cases, the service providers would be required only to take feasible and commercially reasonable measures to comply, and could not be required to comply if the process imposes an unreasonable technical or economic burden.

Listed supporters of the OPEN Act are, in the House:

  • Darrell Issa (R-Calif.)
  • John Campbell (R-Calif.)
  • Jason Chaffetz (R-Utah)
  • Lloyd Doggett (D-Tex.)
  • Mike Doyle (D-Penn.)
  • Anna Eshoo (D-Calif.) 
  • Blake Farenthold (R-Tex.)
  • Zoe Lofgren (D-Calif.)
  • Jared Polis (D-Colo.)
  • Doris Matsui (D-Calif.)
  • Jackie Speier (D-Calif.)
  • Lee Terry (R-Neb.)
  • Mike Thompson (D-Calif.)

In the Senate:

  • Ron Wyden (D-Ore.)
  • Jerry Moran (R-Kan.)
  • Mark Warner (D-Va.)
  • Maria Cantwell (D-Wash.)

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above