On Mandated Content Blocking in the Domain Name System

Reprinted from CircleID -- COICA (Combating Online Infringement and Counterfeits Act) is a legislative bill introduced in the United States Senate during 2010 that has been the topic of considerable debate. After my name was mentioned during some testimony before a Senate committee last year I dug into the details and I am alarmed. I wrote recently about interactions between DNS blocking and Secure DNS and in this article I will expand on the reasons why COICA as proposed last year should not be pursued further in any similar form. 

Whenever I contemplate or evaluate a proposed security mechanism I like to consider how the opposition will react to it — what will be their next move? If I think the cost of "their" next move will be a lot less than "our" costs in deploying the proposed solution then I can dismiss the proposal on economic grounds. On the other hand if I think that "they" will actually be way better off after "we" force them to make their obvious next move, then I don't just want to dismiss the proposed solution, I want to sound the alarm. So it is with COICA, which is at best a weak proposal and at worst an incredibly dangerous idea.

Pirate DNS

If the US Government mandates some form of "DNS blocking" as protection for intellectual property against piracy, then the people in the world who want to publish and consume pirated content will have to decide what to do about it. They could decide to stop dealing in pirated content but the money involved makes that unlikely. They could move to a non-DNS rendezvous system like putting IP addresses into a Twitter feed but that would require never-ending manual labour by consumers which I think means publishers will not want to do it that way. What I would do if I were a publisher of pirated content and COICA got in my way would be to create an alternate root DNS system and tell my customers how to switch to it.

Virtually all alternate root DNS systems ever created have either failed or just sputtered along. This is due to unalignment between people who want to create alternative top level domain names and people who want to look up those names. The real (IANA) root DNS system has perfect alignment between name producers and name consumers because all name users use the IANA system. Outside of the IANA system, it's always one group of people who want to create alternate names and some other group of people with different incentives who would have to be convinced to do the work of switching to the alternate DNS system to be able to look up those alternate names. Such convincement has never happened and until I studied COICA I thought it never could happen.

In the COICA situation, there is once again perfect alignment between name producers and name consumers, because there is already perfect alignment between pirated content publishers and pirated content consumers. If COICA becomes law and if THEPIRATEBAY.ORG is then blocked by U.S. Government mandate, then I'd expect The Pirate Bay to create an alternative DNS system along the following lines.

First, they'd decide in advance to mirror the IANA DNS system as closely as possible. Anything that appeared in the IANA DNS system would automatically and instantaneously appear in the Pirate Bay DNS system. If ICANN goes ahead and creates a lot of new TLDs then all of those new TLDs would appear in the Pirate Bay DNS system as well, all pointing at ICANN's chosen registrars. In other words no existing DNS content would be overridden (or dare I say: "pirated".)

Second, they'd pick some new TLD that they wanted to create in the Pirate Bay DNS system that would serve their business needs and would be extremely unlikely to ever conflict with any future IANA TLD. For this I'm thinking .PIRATE or .PIRATEBAY or .ARGHHH but that's a decision best left up to the artistic team. For now let's assume that they chose .PIRATE so that their second level domain names would be content names like TORRENTS.PIRATE or ITS-A-WONDERFUL-LIFE.PIRATE.

Third, they'd hire a lot of server capacity all over the world to host their DNS system. Since their DNS system would have no pirated content on it — thus by itself breaking no laws — they would not have to keep it all on their offshore base. Some of this server capacity would be for their root name servers (sort of a small clone of the IANA root name server system and the VeriSign .COM name server system) and some would be for their open recursive name servers (sort of a small clone of the OpenDNS or Google DNS systems).

Fourth, they'd put together a simple system to grab the IANA root zone every few hours, add their .PIRATE TLD to it, and sign the modified copy of the zone with the Pirate DNS root key. This root key would have to be generated and signed in some kind of ceremony, maybe with people wearing viking hats and carrying swords and torches, and the resulting public validation key would have to be published on the web and managed according to RFC 5011 so that it can roll forward throughout all time. Videos from this ceremony would go up on YouTube.

Fifth, they'd write up some high quality documentation on how to use this alternate DNS system. The documentation would be in many languages since their customer base is world wide. This documentation would explain how consumers could configure their laptop or desktop or mobile devices to use the Pirate DNS recursive name servers, and also how ISP's and hobbiests could participate by reconfiguring their own recursive name servers to use Pirate DNS as their root DNS system (including the necessary Secure DNS key.)

Sixth, they'd launch it. I figure that within two to six weeks they'd convert 90% of their installed base from IANA DNS to Pirate DNS, after which they could just go on as before, pretty much ignoring COICA.

Seventh, optionally, they could create some high quality plugins for Windows and MacOS and Linux to use HTTPS for DNS lookups in case some of their customers wanted to be able to look up .PIRATE names from restricted environments like hotel rooms where DNS is hard to reconfigure successfully. Obviously Pirate Bay would have no problem operating the web servers for HTTPS but it's also arguably another service they could hire outside their base since the Pirate DNS content is not pirated and therefore nowhere illegal.

What's Our Next Move?

The whole scheme I've described above is practicable by any qualified sysadmin team, it doesn't take DNS experts. The total cost in capital is between USD 20K and USD 1M depending on how fancy they want to get. The total time it would take to deploy it (see steps one through six above) is about two months. That's "their" cost, and it would move them forever outside of "our" control. This is so easy that I suspect that they would already have done it except that right now — in a world without COICA — their customers aren't aligned yet, there's no motivation to switch over. Given COICA I think there would be perfect and immediate alignment.

At this point in the story the producers and consumers of pirated content would not be using the IANA DNS system so while the rest of the world would be stuck with the costs and complexities of COICA the biggest publisher of pirated content on the Internet would be unaffected. So far we've driven our own ongoing costs up far more than we've driven the pirate's costs up, and we're back where we started except with fewer options. But as bad as it sounds that's not the worst of it.

The next worry is copycats. Once there's an existence proof of this I'll expect the publishers and consumers of other illegal or protected materials to create similar systems since there is again perfect alignment between name producers and name consumers. Some alternate DNS systems might even respect the alternate TLD allocations that occur in other alternate DNS systems as a convenience to their own customers. Countries who want to block certain new IANA TLD's (and here I'm thinking of .XXX) could do this in-country and force alignment by mandating the use of that country's DNS system by all in-country ISP's and enterprises and end users. But even as much chaos as this would create, it's still not the worst outcome from COICA.

My greatest worry is what people will do to bypass all this junk or to prevent other people from bypassing it. My fellow humans are a proud and occasionally adversarial bunch and they don't like being told what they can't do or what they have to do. The things we'll all be doing to bypass the local DNS restrictions imposed by our coffee shops or our governments or our ISPs will break everything. Where this ends is with questions like "which DNS system are you using?" and "which DNS systems is your TLD in?" which in other words means that where this ends is a world without universal naming. We adopted DNS to get universal naming, and today we have universal naming except inside Network Address Translation (NAT) borders. Universal naming is one of the reasons for the Internet's success and dominance. If we're going to start doing stuff like COICA then we should have stuck with a "hosts file" on every Internet connected computer and let every connected device decide for itself what names it recognized.

Advice to the U.S. Government Concerning COICA

I'd like to say simply don't do COICA but I guess that's already been said and the discussion has continued so I'll continue also.

The Internet is not a thing but rather an emergent property of the cooperation of all the people who connect their devices to it. That cooperation is a grant not a mandate, and that cooperation can be withdrawn or altered at only modest cost. The Internet is what in politics is called a "coalition of the willing" and none has ever successfully imposed unilateral terms here. If the Internet were a regulated empire that could accept something like COICA then quite frankly the proof of this would be that the U.S. Government could have stopped spam and malware and Child Abuse Materials and phishing all with the stroke of a pen or the suspension of payments or the imposition of taxes or the dispatching of armed forces. However, those tools have no direct effect on the Internet.

The Internet's social contract is a thin and fragile thing, and it's the responsibility of every country and every government and every operator and every user to try to hold it together. It is within the power of the U.S. Government to try to impose its will on the Internet, but the results would be neither as you expect nor as any of us desire. Relevant and sustainable contributions to the Internet take the form of creation not prevention, and are multilateral and cooperative not unilateral or imposed. I hope that the U.S. Congress will keep searching for ways to protect intellectual property until one is found that does not threaten to act as a "sheer force" against the Internet's fundamentally cooperative infrastructure.

I hope that next time my name comes up in congressional testimony about COICA it will be in the context of these remarks.

By Paul Vixie, Chairman and Chief Scientist, Internet Systems Consortium