IGF 2012: Workshop 180
Blocking and Filtering Internet DNS Content
Concise Description of Workshop:
The Internet Domain Name System (DNS) is the world's first distributed, reliable, autonomous, heirarchical, coherent database, and it is the authoritative map and guide to the Internet -- which is in turn humanity's global commons. Control of DNS is seen by many as control of the Internet itself, with the additional prospect of influencing global commerce and culture. For others, filtering of DNS content is an essential element of network and end-user security. This workshop will explore the state of the art of blocking or filtering the content of the DNS as it is seen by some population -- whether an entire country, an enterprise or university, or just the customers of an Internet Service Provider.
Discussion topics include:
Current methods for implementing DNS filters
Cultural motivations such as blocking controversial top level domains
Commercial motivations such as blocking lookups for web sites trafficking in counterfeit or pirated goods
Security motivations such as blocking lookups for malicious web sites
Impact of government-mandated DNS filtering
Current methods for bypassing or circumventing DNS filters
Likely future innovations and developments in this area
Brief substantive summary and the main issues that were raised:
This workshop focused on the collateral effects of various kinds of DNS filtering/blocking, as recently highlighted by ICANN SSAC report #056, “Advisory on Impacts of Content Blocking via the Domain Name System.” Panelists described both the inevitability of content filtering via the DNS, and the inevitability of evasion of such content filtering by mainstream and otherwise law abiding citizens of countries where such filtering is or will be practiced. Government policies can support filtering in law as practiced by ISP’s or parents; or can mandate some type of content filtering to protect online content.
In Western democracies, content filtering of content deemed illegal occurs in a variety of jurisdictions. In some countries blocking is mandated, whereas in others it is voluntary. Technical measures have evolved the space where content is distributed has changed over time. The panelist who took Interpol’s place on the panel spoke about the experience of the Internet Watch Foundation (IWF) in the UK. He gave a detailed description of the history of blocking in the U.K. It evolved from banning USENET newsgroups, which started in 2001, to URL blocking in 2004 when the web became the dominant means of information sharing and dissemination.
When it was first established in 1996 the Internet Watch Foundation (IWF) responded to complaints from the public but any response could be short-lived since demised content could be quickly re-posted over and over, where each takedown event would have to begin with a new complaint. A decision was made by IWF to behave more proactively. Today IWF maintains a list of “bad URLs” (not bad domains, just specific web URL’s, to avoid collateral damage). This is complicated and expensive compared to DNS based filtering or IP address based filtering. The blueprint for this URL-based system is available from British Telecom, free of charge, to responsible network operators.
Disrupting the trade is the real goal of government policy in this area; not stopping committed abusers. In the case of online child abuse materials, the dignity and peace-of-mind of the victims is a priority.
Political, economic, or cultural motives are often not subject to useful debate outside a country where the policy is made and enforced. In practical terms, each country absolutely will exercise self-determination in this matter. It’s also important for each country to pay attention to its CCTLD and to avoid criminal domain registrations, for example domains used for phishing and other electronic crime. ICANN’s slogan, “One world, one Internet” does not mean “One world, one network, one set of rules.”
Collateral impact by policy blocking is inevitable. The continuity and spirit of the Internet asks any nation who mandates Internet filtering to inform Internet users both inside and outside that nation as to the exact nature and method of blocking to be used. Otherwise the Internet operations community could accidentally work around the filtering.
The power of states is greatly reduced online. Blocking DNS while also cutting funding for child protections and failing to investigate corrupt government officials is at best a losing proposition. No technical measures can circumvent good traditional law enforcement.