via cnet News
Technologists are warning that the practical effects of a controversial copyright bill backed by Hollywood will “weaken” Internet security and cause other harmful side effects.
As more Internet engineers, networking professionals, and security specialists have evaluated the so-called Protect IP Act that was introduced last month, concern is growing about how it will change the end-to-end nature of the Internet in ways that could do more harm than good.
The Protect IP Act would give the U.S. Department of Justice the power to seek a court order against an allegedly infringing Web site, and then serve that order on search engines, certain Domain Name System (DNS) providers, and Internet advertising firms, who would be required to make the target Web site invisible. It’s sponsored by Senate Judiciary Committee Chairman Patrick Leahy, a Vermont Democrat, and aims to target overseas Web sites.
An analysis (PDF) prepared by five Internet researchers lists the problems with that approach. Among them: it’s “incompatible” with a set of DNS security improvements called DNSSEC, innocent Web sites will be swept in as “collateral damage,” and the blocks can be bypassed by using the numeric Internet address of a Web site. The address for CNET.com, for instance, is currently 188.8.131.52.
Another concern, the authors said, is that the filters could be circumvented easily by using offshore DNS servers not subject to U.S. law. That “will expose users to new potential security threats” not present if they continued to use, say, Comcast’s or AT&T’s DNS servers. Fake DNS entries can be used by criminals to spoof Web sites for banks, credit card companies, e-mail providers, social-networking sites, and so on.
Circumvention by using offshore servers “will also mean that ISPs gain less data on network security threats, since they use their DNS services to monitor systems and guard against denial-of-service attacks, identify botnet hosts, and identify compromised domains,” wrote Public Knowledge attorney Sherwin Siy in a blog post yesterday.