PROTECT IP Would Destabilize Internet Security, Consultants Warn Drew Wilson | July 18, 2011 We’ve already heard from law professors who disapprove of the PROTECT IP act, now security experts are also lining up to oppose the PROTECT IP act for the simple reasons that it would destabilize the internet and harm cyber security efforts. Note: This is an article I wrote that was published elsewhere first. It has been republished here for archival purposes A growing chorus is saying that the PROTECT IP act, something some refer to as “The Great Firewall of America”, is a bad piece of legislation that will only serve to make matters worse for everyone. A white paper was released (PDF) explaining why the PROTECT IP Act is bad for cyber security, bad for internet stability and only serves to make matters worse for trying to stop copyright infringement. From the paper: – The U.S. Government and private industry have identified Internet security and stability as a key part of a wider cyber security strategy, and if implemented, the DNS related provisions of PROTECT IP would weaken this important commitment. – DNS filters would be evaded easily, and would likely prove ineffective at reducing online infringement. Further, widespread circumvention would threaten the security and stability of the global DNS. – The DNS provisions would undermine the universality of domain names, which has been one of the key enablers of the innovation, economic growth, and improvements in communications and information access unleashed by the global Internet. – Migration away from ISP-provided DNS servers would harm efforts that rely on DNS data to detect and mitigate security threats and improve network performance. – Dependencies within the DNS would pose significant risk of collateral damage, with filtering of one domain potentially affecting users’ ability to reach non-infringing Internet content. – The site redirection envisioned in Section 3(d)(II)(A)(ii) is inconsistent with security extensions to the DNS that are known as DNSSEC. The U.S. Government and private industry have identified DNSSEC as a key part of a wider cyber security strategy, and many private, military, and governmental networks have invested in DNSSEC technologies. – If implemented, this section of the PROTECT IP Act would weaken this important effort to improve Internet security. It would enshrine and institutionalize the very network manipulation that DNSSEC must fight in order to prevent cyberattacks and other malevolent behavior on the global I think they hit the nail on the head on this one. Once the US starts censoring the internet, users are going to find ways of bi-passing these censors by changing their DNS server to an unfiltered version. This will fragment the internet after a while because everyone’s DNS would cease being universal. So, for instance, if someone from the MPAA types in “thepiratebay.org” and gets an anti-piracy warning while someone else types the same thing in their address bar and gets the actual website instead, it will only serve to make matters worse for anti-piracy efforts because they will never know for sure if users can access the site or not. Anyone who wants to download Iron Man 2 will always be able to find a way to download it. No amount of web censorship, packet sniffing or protocol blocking will stop it. Since numerous law professors have already come out to say that the PROTECT IP act amounts to the suppression of free speech, among other things, I think that the list of people opposing this Act, as with the reasons to oppose it, will only keep growing. With respect to people supporting this bill, how many ways can we say, “Shooting themselves in the foot”? [Via /.] Drew Wilson on Twitter: @icecube85 and Google+.