Re: [Pearg] Responding to "Concerns over DNS Blocking" technical error(s)

[Vittorio Bertola <vittorio.bertola@open-xchange.com>]

 

> Il 31/07/2023 04:36 PDT Marwan Fayed <marwan=40cloudflare.com@dmarc.ietf.org> ha scritto:
>  
>  
> Dear wg, and more--
>  
> There is a just-published open letter [1], also summarized at 117's pearg [2] in response to a proposed initiative that (as is summarized) can require ISPs to block domains via DNS without a court order.
> 
I also wanted to provide my comments on this topic, as I tried to do so at the mic but I was only given 20 seconds, which is an impossible timing for any meaningful comment, and so I shut up. Generally speaking, I would find in-person meetings more useful if they were less like two hours of slides and more like actual discussion of privacy-related issues among people with different views.
 
In particular, with no offense to the signatories and to their good intentions, I would like to explain how bad the open letter is when read from a French/European policymaker viewpoint. Sorry if I will be blunt at times - better than being hypocritical.
 
First of all, I concur that there are parts of the French law which are egregiously wrong; the part about putting surveillance stuff in data centres, first of all. Also, the point about not having to disclose vulnerabilities before patching them is valid, though this is soon to become a Europe-wide requirement via the Cyber Resilience Act. However, the effectiveness of this part of the letter is mooted when it repeatedly says that informing the French public cybersecurity authority about potential exploits will actively reduce security. This implies the statement that they are either incompetent or a malicious actor, and, guess what, this won't fly well.
 
However, most of the letter is about DNS/browser blocking, and this is the worst part of it.
 
Let's start from the end: I was infuriated by the final suggestion that governments should rather block websites by IP address or by blocking HTTPS connections. I, like many other Internet old-timers from European ISOC chapters and industry, spent the last 25 years educating our policymakers that DNS blocking would be the less bad option in respect to IP address blocks, as it would significantly reduce overblocking, it would target the end-user identifier and not its potentially transient network location, and would be less dangerous in terms of censorship (more on this below). Then, Vint Cerf comes and says the opposite, without any kind of involvement of the local Internet community. It's not just wrong and counterproductive, it's rude.
 
Now, the arguments offered against blocking are the usual ones that European policymakers have heard again and again and already dismissed in the past. Yes, DNS blocking is imperfect and circumventable, but that's a feature, not a bug; it is exactly an intrinsic guarantee against abuse for political censorship. The point of these blocks is to make it somewhat hard for the average non-technical user to watch illegal football match streams, so that it's more convenient for them to just pay the legal streaming service. The point is not to establish an effective political censorship tool, and suggesting so, as the letter does, is insulting to the French parliament's integrity.
 
Also, the argument that France shouldn't do this because it would motivate dictatorships to do the same doesn't work. Dictatorships already block stuff with everything they have, no matter what France does.
 
The argument "we cannot implement these blocks in our DNS resolvers because they would apply to the whole world" is very hard to believe. This is said by a VP of the same company that runs Youtube, where you get a "this content is not allowed in your country" message every five minutes. Global resolvers could just geolocate requests or segment them by country via routing, and apply each country's filters accordingly. Yes, this requires a bit of cost and effort, and the real problem is exactly that.
 
Even in Europe, DNS operators do not like mandatory filters: apart from any principle consideration, they create costs and liabilities. Yet they have been implementing them for decades now, because it's the law. The letter is about Google and other global resolvers not being willing to play by the same rules, trying to tilt competition in the DNS resolution market and keep their competitive advantage of being able to make illegal content available - illegal content which is not political dissent, but football matches, CSAM, unlicensed gambling and the likes. It is really about corporations that want to be socially irresponsible to make more money.
 
So, how is this letter going to be perceived? From a principle viewpoint, it looks like a group of Americans (plus the IAB Chair, who possibly underestimated the geopolitical reading of this letter) telling France to be less French and more American in terms of the compromise between public order and free expression. From an industry viewpoint, it looks like Google's lobbying effort to protect their position in the French DNS market.
 
I am sure that the nice people at European digital rights groups like La Quadrature or EDRi will support this letter, but I don't think that it will be successful in parliaments or that it will advance the cause of the open Internet. It will just reconfirm the perception of this Silicon Valley big tech circle (including the IETF) which doesn't want to play by European rules. I'd not be surprised if the law proceeded without changes.

--

Vittorio Bertola | Head of Policy & Innovation, Open-Xchange
vittorio.bertola@open-xchange.com mailto:vittorio.bertola@open-xchange.com
Office @ Via Treviso 12, 10144 Torino, Italy