SOPA 4 dummies


Published on

This document tries to explain on a non-technical level how SOPA will not be able to do what it is intended for but will also break DNSSEC at the same time. Forward this to anybody you know to convince them to express their support to SOPA resistance.

Published in: Education, Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

SOPA 4 dummies

  1. 1. Is SOPA worth the sacrifice of a secure internet? On October 26th 2011, the “Stop Online Piracy Act” (SOPA) was introduced to theU.S. congress with the intent to curb the proliferation of copyright infringement and thepiracy of intellectual property. The goals of SOPA are clear and understood. The means bywhich the proposed bill will try to achieve these goals are, however, not without a far-fetching negative impact on the stability and the security of the internet. This documentsintends to clarify the repercussions of SOPA and how the bill contradicts earlier U.S.commitment to internet security and the protection of online U.S. assets. When an individual is looking for information, purchasing goods or doing business onthe internet she uses a computing device that, either through a web browser or anotherapplications, allows her to interact with assets on the internet. Today she can use a phone, atablet, a laptop, a PC or a fridge for this purpose. The assets she interacts with can beanywhere in the world. While her user experience is smooth and everything seems to go backand forth automatically there is a lot of technology involved. Technology that is not relevantto the end user. Technology that is ubiquitous and trivial, until it breaks. The maintechnology enabling people to send mails, buy presents, write blogs, etc. etc. is the DomainName System (DNS). Where all assets on the internet are known by their ‘Internet Protocoladdresses’, the DNS translates these weird numbers to human-readable, and are all examples of suchDNS names. They are easy to remember, easy to use and easy to share. The DNS is, and willremain to be, what makes the internet user-friendly for most of it’s users and thus a crucialpart of our online life. Internet users are, on a daily basis, targeted by online criminals who abuse severalweaknesses in the DNS. Online criminals impersonate social networks, banks and legitimateonline businesses. The weaknesses allow viruses to be installed on the devices used by ourcitizens, they facilitate identity theft and the abuse of credit cards. As online crime hassoared over the past years, impacting citizens and businesses alike, several counter-measureshave been evaluated and most of them have been proven to fall short in re-establishing thetrust in the internet. The only solution, build on the DNS, that maintains the flexibility oftoday’s internet while adding the required robustness is DNSSEC : Domain Name SystemSecurity Extensions. DNSSEC is so much of a necessity for a secure internet that it has beensupported and promoted by the highest levels of the U.S. government since the Clintonadministration. George W. Bush included securing the DNS among national cybersecuritypriorities and when DNSSEC roll-out started in 2010, the Obama administration called it “amajor milestone for internet security”. This all underlines the importance of the DNS as atechnology supporting the internet and the crucial part it plays in enabling and securingonline business.
  2. 2. DNSSEC guarantees the authenticity of a DNS name. When a user requests the DNSname associated with an ‘Internet Protocol’ address from a DNS server using DNSSEC, shecan trust the response as the cryptographic signature associated with the DNS name can notbe forged or changed. This blocks any attempt by online criminals to impersonate onlineassets, secures the internet from the ground up and re-establishes trust in runningbusinesses online. SOPA, at it’s core, contains a provision to filter traffic between the internet user and awebsite hosting pirated content using the DNS. This would empower the Department ofJustice, with a court order, to require operators of DNS servers to redirect traffic for aspecific website to a specific textual notice developed by the Attorney General thusrendering the pirated content unavailable. The first problem with using this counter-measure to protect intellectual property isthat it will not prevent internet users that want to access pirated content from doing so.There are 10 million DNS servers, a minority of those operated by U.S. organizations, on theinternet that those users can connect to instead of the DNS servers that have filteringimplemented. Moreover they can connect to the servers hosting the pirated content usingtheir ‘Internet Protocol’ addresses, thus completely circumventing the DNS (and renderingthe filtering useless). SOPA’s DNS filtering provision will (and can) not prevent internetusers who are looking for pirated content from accessing it. The second, and more serious, problem is that SOPA will undermine the trustbetween consumers who use online services and businesses who offer their services online.Online trust has been eroding over the past decade as no technology was able to preventcriminals from stealing identities, other personal information or impersonate popular orhigh profile websites. Just like in the real world, where consumers tend to do business withthose entities that they can trust, the online world needs a system that can guarantee that aspecific website is the website that the consumer intends to do business with. We, ashumans, tend to avoid buying bread from those bakeries that are suspected from messingwith the ingredients in their products. We take our business to other butchers once we get ahunch that ours is selling us second grade meat. We buy from those that we trust and theeconomy soars when trust is honored. DNSSEC, as it is in the process of being rolled out, is supported by the U.S.government and the only solution to guarantee online users that they are dealing with theonline entity they intended to deal with. It works very much like an online identity store,maintained by it’s owner, listing all the names of online resources that are allowed torepresent it’s brand name. When a DNSSEC enabled application requests such a resource,the answer is basically signed by the owner’s CEO, giving the user the guarantee that it’s okto conduct business. As more and more applications start supporting DNSSEC, any attemptto redirect a user to a resource she didn’t intend to access will no longer happen without
  3. 3. notice thus preventing online criminals from using the simplest tool available without beingdetected. The DNS filtering provision in SOPA relies on the same technique that onlinecriminals use to steal from our citizens. If we accept this provision to become law, we do notonly give those criminals a waiver to keep doing damage to our citizens and businesses butwe also call a stop to a joint effort to secure the internet. We have been going forward withgreat strides. The U.S. government, (inter)national corporations and internet users havejoined hands allowing DNSSEC to gain traction and get up to speed. We can not allow aprovision that doesn’t have the capacity to prevent what it’s intended to prevent toundermine online trust, render the internet insecure forever and wipe away anunprecedented effort - made possible by citizens, the government and corporations - in onego.