[governance] Filtering and Blocking Closer To The Core Of The Internet?

Sun Nov 20 09:47:36 EST 2011

For myself, I'm no advocate of exceptionalism of the United States (my
country) but I am an advocate of the exceptionalism of democracy.

Therefore, per my past positions, I've not favored transfer of internet
control from the USA to ICANN, because it is a step down from democratic
control via the USA (at least in theory) to non-democratic control (since
ICANN is not democratic in a true sense even in theory).

Paul Lehto, J.D.

On Sun, Nov 20, 2011 at 9:40 AM, Riaz K Tayob <riaz.tayob at gmail.com> wrote:

>  [Now just where are those vulgar proponents of US exceptionalism over
> critical internet resources (the don't worry its in good hands crowd and
> you will break the internet) as this is pushed through while ordinary
> non-violent folk are pepper sprayed while marginal sanctions are pushed
> against brutal police officers?]
>
>  Filtering and Blocking Closer To The Core Of The Internet? Published on
> 20 November 2011 @ 1:00 pm
>
>   EmailShare [image: Print This Post]<http://www.ip-watch.org/weblog/2011/11/20/filtering-and-blocking-closer-to-the-core-of-the-internet/print/>
>  Print This Post<http://www.ip-watch.org/weblog/2011/11/20/filtering-and-blocking-closer-to-the-core-of-the-internet/print/>
>
> By Monika Ermert <http://www.ip-watch.org/weblog/author/monika/> for
> Intellectual Property Watch
>
> With protests against draft US legislation like the Stop Online Piracy Act
> (SOPA) and the Protect IP Act ongoing and the European Parliament voting on
> 17 November for a resolution to request that the United States should be
> “refraining from unilateral measures to revoke IP addresses or domain
> names,” politicians are talking a lot about technology for the internet
> domain name system. But at the same time, engineers are getting more
> political and are intensively discussing technology providing the tools for
> blocking – by governments and private parties.
>
> For the community that cares for the functioning of the domain name system
> (DNS), it came as a shock when Paul Vixie, founder of the Internet Software
> Consortium (ISC), said that the BIND software would allow the filtering out
> of sites with a bad “reputation” – like listed malware sites – and also the
> “rewriting” of DNS answers – manipulating what people get to see when
> asking for domain names.
>
> Vixie is a guru of the DNS and one of the authors of the letter by
> well-known experts against DNS blocking in the Protect IP Act. But he is
> perhaps best-known for being the father of BIND, which has for a decade
> been the open source tool that makes the DNS work.
>
> More Filter-Friendly DNS Software
>
> Jim Reid, one of the chairs of the DNS working group at the Réseaux IP
> Europeéns, said during a recent debate about principles that he was “rather
> saddened” by ISC’s decision to allow the rewriting. “We’re giving the bad
> guys tools,” Reid warned.
>
> The rewriting – which sends back a “lie” upon a request to the DNS from
> someone looking for a website – “also sends a rather nasty message saying
> it’s okay to do this kind of thing.“ What is worse from the engineers’
> standpoint with the rewriting is that it breaks new measures to secure the
> DNS, because the “lies” are detected and dropped without users knowing what
> happened.
>
> The “lying” is currently happening for domains seized by the US government
> agency ICE (US Immigration and Customs Enforcement), some of them legal in
> their country of origin, like the Spanish RojaDirecta.com, (a case
> discussed intensively by the experts). When typing RojaDirecta.com, users
> do not get to that site, but to a warning/blocking site by the ICE.
>
> It is this kind of case that has stirred up debate in the European
> Parliament, pushed by the European Digital Right initiative (EDRi). “By
> this you render a site and the data inaccessible without having any court
> order in the site owner’s country,” said Joe McNamee, who fought for the
> declaration now officially included in the Parliament’s resolution on the
> upcoming European Union-US Summit of 28 November 2011.
>
> The text of the Parliament resolution is here<http://www.europarl.europa.eu/sides/getDoc.do?type=TA&reference=P7-TA-2011-0510&language=EN&ring=P7-RC-2011-0577>.
>
>
> Under the topic “Freedom and Security,” the declaration stresses the need
> “to protect the integrity of the global internet and freedom of
> communication by refraining from unilateral measures to revoke IP addresses
> or domain names.”
>
> SOPA, McNamee warned, would be so broad that “it could be interpreted in a
> way that would mean that no online resource in the global internet would be
> outside US jurisdiction.”
>
> Of those who provide users with domain names – with the so-called DNS
> registrars closer to the user and the user’s jurisdictions – it is the
> registry companies who manage the central database for zones like .com (for
> example) who are an easy target when it comes to take-downs. They keep the
> record of who every .com domain name is delegated to and inform those
> looking for a site where to go. So they can from a top spot in the DNS
> hierarchy point to a “wrong” location.
>
> What makes things difficult is that many large registries, like VeriSign
> (registry for .com and .net) which changed the rojadirecta.com record,
> are located in the United States and while offering services globally in
> name, they in fact are bound by US law.
>
> Registries – Target for Take-Downs
>
> VeriSign recently tried to get a new registry policy acknowledged by the
> Internet Corporation for Assigned Names and Numbers (ICANN), the DNS
> technical oversight body, which would have allowed the dot com and .dot net
> registry (VeriSign) “to comply with any applicable court orders, laws,
> government rules or requirements, requests of law enforcement or other
> governmental or quasi-governmental agency, or any dispute resolution
> process.” After a first wave of protests, the company backed off and
> withdrew the test for the time being.
>
> Matt Pounsett from Afilias, the registry for .info and some other TLDs,
> explained the dilemma. While the registries certainly like people to see
> the correct DNS-answers that they send, “there are cases where even we
> participate in things like that, particularly domain take-down.“ Many
> take-downs were made when it was found out “that a particular domain is
> being used in a way that violates acceptable use.”
>
> Registry operators and a software providers like ISC underline that the
> fight against malware mainly drives their interventions. BIND’s filtering
> function will help the manager of a local domain to protect his network.
> Customers are pushing, for example, for options like rewriting, said Joao
> Damas, a developer at ISC.
>
> The rewriting not only allows ICE to lead people to their website instead
> of Rojadirecta’s, it also allows commercial companies to attract traffic to
> their search engine with recommendations and paid ads. Some big
> telecommunications providers, for example, lure users to their search site
> every time they mistype a domain name or simply look for something that
> does not exist.
>
> “If we do not do offer functionalities like the rewriting in our BIND
> software, we will drive them away from BIND,” said Damas. BIND’s new
> “reputation policy zone” function allows people to have names checked
> against lists of alleged bad actors, known spammers or
> malware-distributers, and in case of a match do not display the respective
> sites.
>
> More Private Filtering
>
> But what about the governance of increased private manipulation and also
> filtering that is enabled by better tools, asked Peter Koch, a DNS expert
> at Denic, the registry for the .de. country code TLD of Germany. “When we
> talk about a near real-time facility that would enable certain groups to
> influence resolvers to block or rewrite resolution data,” Koch warned,
> collateral damage and even liability issues could arise. The more sceptical
> engineers also warn that such interventions could make the deployment of
> secure DNS on the last mile to the user very difficult. As they, including
> Vixie, have worked for a decade to implement this kind of security, they
> oppose it from an architectural standpoint.
>
> Civil liberty advocates like McNamee or Wendy Seltzer, co-founder of the
> project Chilling Effects, point to the difficulties for victims of the
> varieties of filtering possibilities to push back. Why can a DMCA (US Digital
> Millennium Copyright Act<http://en.wikipedia.org/wiki/Digital_Millennium_Copyright_Act>)
> request from a private party lead to Google even filtering a part of the
> rojadirecta website included in the Spanish version and housed under .es,
> the country code TLD of Spain – as actually happened?
>
> “Today the biggest problem is there’s too many things happening not based
> on legislation,” said Patrik Fältström, chair of the Security and Stability
> Advisory Committee of the ICANN. Fältström belongs to the engineers hoping
> that fixing the political code might be the first necessary step to solve
> the problems. Only then would the next step be addressed, Fältström said,
> in addressing conflicting national legislations. A mega-size example is
> coming with regard to this problem: the introduction of new TLDs as
> approved by ICANN.
>
> Could ICANN approve a domain name that is illegal in one jurisdiction?
> asked Fältström. Several jurisdictions have announced they would otherwise
> block complete TLDs, with new top level domains like .gay being only one
> example not being welcome everywhere in the world. Or should controversial
> new address zones be blocked at the outset by ICANN?
>
> If the registries are close to the core, the root zone that lists existing
> TLDs (like .com, .net, .ch) and future ones could be seen as one core spot
> of the global internet.
>
> With the new contract for the managing of this root function, the Internet
> Assigned Numbers Authority (IANA) contract, the US administration seems to
> have put itself in a difficult spot. The contract has been performed by the
> ICANN so far, and the US National Telecommunications and Information
> Administration oversees the work. The difficult spot for NTIA is that they
> will for every new TLD check if ICANN’s procedure for approving a new TLD
> has been supportive of the “global public interest”. What will the US do
> about potential knocks at their door from those who do not like to have a
> .gay or a .sex? It will be a difficult filtering function, close to the
> core.
>
> ____________________________________________________________
> You received this message as a subscriber on the list:
>     governance at lists.cpsr.org
> To be removed from the list, visit:
>     http://www.igcaucus.org/unsubscribing
>
> For all other list information and functions, see:
>     http://lists.cpsr.org/lists/info/governance
> To edit your profile and to find the IGC's charter, see:
>     http://www.igcaucus.org/
>
> Translate this email: http://translate.google.com/translate_t
>
>
>

-- 
Paul R Lehto, J.D.
P.O. Box 1
Ishpeming, MI  49849
lehto.paul at gmail.com
906-204-4026 (cell)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.igcaucus.org/pipermail/governance/attachments/20111120/3e22a4ab/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: printer_famfamfam.gif
Type: image/gif
Size: 1035 bytes
Desc: not available
URL: <http://lists.igcaucus.org/pipermail/governance/attachments/20111120/3e22a4ab/attachment.gif>
-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.cpsr.org
To be removed from the list, visit:
     http://www.igcaucus.org/unsubscribing

For all other list information and functions, see:
     http://lists.cpsr.org/lists/info/governance
To edit your profile and to find the IGC's charter, see:
     http://www.igcaucus.org/

Translate this email: http://translate.google.com/translate_t