This document discusses the trend of governments using access restrictions as a policy tool for compliance. It notes that censorship has existed as long as the internet, through methods like the Great Firewall of China. The document examines perspectives from 2011 that viewed access restrictions as minor inconveniences rather than censorship. It analyzes how the UK uses a protective DNS service to block malware while maintaining it is not censorship. Examples from Hong Kong and predictions for other Asian countries show how access restrictions have become mandated under national security laws. The document raises the question of whether similar trends could occur in other countries like the US and Taiwan.

1. Charles Mok 莫乃光 | Cyber Policy Center, Stanford University | Internet Society | ICANN-APAC TWNIC Engagement Forum | 2023.5.19
Compliance through
Compulsion
The trend and impact of access restriction becoming a policy tool
for compliance

2. Censorship is almost as old as IP address and DNS
• GFW of China (and any
other censor)
• DNS injection
• Packet dropping
• DNS poisoning
• Content/packet
inspection
• etc….

3. Views on access restrictions
from another era
• “DNS RPZ and similar DNS blocking
technologies work very well when the
protected users’ interests are aligned with
their ISP’s interests” (e.g. malware)
• “On the other hand it’s merely a minor and
temporary inconvenience to have domain
names that would hurt a user not work any
more that the user likes and depends on…”
(e.g. pirated movies, but users can use
VPN)
• “There would be no need to mandate
blocking of domain names users
fi
nd
harmful; the invisible hand of the market
would automatically take care of the matter.”
• Paul Vixie, 2011.

4. So, when did censorship become “access restriction”?
• Let’s take the example of the UK's Protective Domain Name Service (PDNS)
• PDNS was built to hamper the use of DNS for malware distribution and operation. It has been created by
the National Cyber Security Centre (NCSC), and is implemented by Nominet.
• PDNS is a recursive resolver, which means it
fi
nds answers to DNS queries. Management of your own
domains (authoritative DNS) is done separately to this NCSC service and will not be a
ff
ected by the
adoption of PDNS.
• It is a free and reliable internet accessible DNS service and is one of the NCSC’s widely deployed Active
Cyber Defencecapabilities. It has been mandated for use by central government departments by the
Cabinet O
ffi
ce but is also available to other organisations that wish to use it (see eligibility section below).
• PDNS prevents access to domains known to be malicious, by simply not resolving them. Preventing access
to malware, ransomware, phishing attacks, viruses, malicious sites and spyware at source makes the
network more secure.
• https://www.ncsc.gov.uk/information/pdns
• It is not available to the private sector.

5. So the good guys use it too, right?

6. Hong Kong after NSL
• Hong Kong’s National Security Law requires ISPs to block access to websites, for the
fi
rst
time in Hong Kong (but the NSL is imposed from the central government and not a local
law).
• It’s unclear whether the national security police mandates the use of which technologies to
do the job.
• It is believed that various ISPs are using DNS RPZ and IP address blocking.
• Since May 2023, ISPs are provided or incentivized with a “safe harbor provision” to relieve
them of liabilities if they comply with orders to block.
• More attempts will be made with local legislations to empower the authorities to remove
websites deemed undesirable (e.g. cybercrime law, cybersecurity law, misinformation law,
local version of national security law, etc. etc.)
• Similar trends all over Asia.

7. But it can be the US too
• One country, many systems

8. How about Taiwan?

9. • Charles Mok 莫乃光
• Visiting Scholar, Cyber Policy
Center, Stanford University
• Trustee, Internet Society
• Founder, Tech for Good Asia
•
•