A bill moving through the U.S. Senate that would grant the government greater power to shutter Web sites that host copyright-infringing content is under fire from security researchers, who say the legislation raises “serious technical and security concerns.” Meanwhile, hacktivists protested by attacking the Web site of the industry group that most actively supports the proposal.
Earlier this month, the Senate Judiciary Committee passed the Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act (PDF), a bill offered by committee chairman, Sen. Patrick Leahy (D-Vt.), that would let the Justice Department obtain court orders requiring U.S. Internet service providers to filter customer access to domains found by courts to point to sites that are hosting infringing content. The bill envisions that ISPs would do this by filtering DNS requests for targeted domains. DNS, short for “domain name system,” transforms computer-friendly IP addresses (such as 184.108.40.206) into words that are easier for humans to remember. For example, typing “krebsonsecurity.com” into a browser brings you to 220.127.116.11, and vice versa.
But the idea of blocking piracy by asking ISPs to filter DNS requests has touched a nerve with several prominent security experts, who say it would be “minimally effective and would present technical challenges that could frustrate important security initiatives.” The comments came in a whitepaper sent to Senate leaders this month by DNS experts Steve Crocker, David Dagon, Dan Kaminsky, Danny McPherson and Paul Vixie. For a brief explanation of why these individuals are worth hearing from on this subject, see the “About the Authors” section at the end of their paper.
The Protect IP Act “would promote the development of techniques and software that circumvent use of the DNS,” the experts wrote. “These actions would threaten the DNS’s ability to provide universal naming, a primary source of the Internet’s value as a single, unified, global communications network.”
For now, the legislation is stalled, although Wired.com’s David Kravets notes that this is largely due to political — not technical — reasons: “Sen. Ron Wyden (D-Oregon) placed a hold on the measure, saying last week the bill “represents a threat to our economic future and to our international objectives.” The measure, however, was hailed by the content industry.”
The bill’s current status in legislative limbo on the Senate floor wasn’t enough for unknown hackers who busied themselves over the long Memorial Day holiday weekend plotting ways to attack and disable Web sites belonging to supporters of the measure. The online property of one high-profile target — the U.S. Chamber of Commerce — was unreachable for most of the weekend. The site appears to be back up today. I asked the Chamber for comment on the outage, but have not received a response. The action appears to have been the work of Anonymous, the hacktivist group that called on followers last week to attack the Chamber’s site for its support of the bill.
KrebsOnSecurity will bring you further developments on this controversial legislation as they occur. Stay tuned.