Archive for January, 2012

SOPA Sucks (and PIPA too)

I am writing to you as a voter in your district. I urge you to vote “no” on cloture for S. 968, the PROTECT IP Act, on Jan. 24th. The PROTECT IP Act is dangerous, ineffective, and short-sighted. It does not deserve floor consideration.  I urge my representative to vote “no” on SOPA, the corresponding House bill.

Over coming days you’ll be hearing from the many businesses, advocacy organizations, and ordinary Americans who oppose this legislation because of the myriad ways in which it will stifle free speech and innovation.  We hope you’ll take our concerns to heart and oppose this legislation by voting “no” on cloture.

Beyond the commonly understood ramifications of these bills, there are also some very dangerous technological worries. An explanation from Tom Daly explains it well below. If you don’t understand the material I’m including, then that’s another reason why you shouldn’t be legislating on it!

Explanation from Tom Daly (http://dyn.com/sopa-breaking-dns-parasite-stop-online-piracy/):

ISP-based DNS query manipulation — is the most hazardous to the health of the global DNS.

Implementing such a solution breaks the distributed tree of authority concept used by the DNS by “injecting” U.S. nationalized pieces of DNS policy into the system. ISPs around the United States would become responsible for implementing, maintaining and monitoring these SOPA feeds into their DNS infrastructures, creating an additional layer of operational complexity for their DNS operations. Additionally, since not all DNS systems permit the inclusion of external data feeds to support local policy, many operators would be required to upgrade the recursive DNS infrastructures in significant ways.

There’s a number of conditions that could occur where a SOPA-fed recursive DNS server could hand back incorrect DNS data or be circumvented all together. If an ISP were to have issues pulling the SOPA feed or clearing domains from the SOPA list, a single domain could be blacklisted in the United States when it is perfectly legal to be used. If the source of a SOPA feed were to ever be compromised, an attacker could take critical Internet infrastructure domains offline by adding them to the feed (i.e. root-servers.net).

Savvy users could simply bypass a SOPA-enabled recursive DNS server by pointing their DNS settings to an off-shore recursive DNS server. Technically savvy networks might respond by blocking port 53 externally or by hijacking port 53 traffic on their network to their SOPA-enabled recursive DNS resolvers. Anyone want to bring Net Neutrality into this discussion? What would happen to users if an infringer decided to setup a “free, non-SOPA” recursive DNS server for users to use – one that additionally hijacked legitimate banking, ecommerce and business websites, too?

Thank you for your time,

Matthew Kocsis

Comments

Copyright © Matthew Kocsis, All Rights Reserved.