Most of the information from the Sony Pictures Entertainment hack leaked so far has been embarrassing for the company, but not directly related to Internet security. However, last week some leaked emails revealed the Motion Picture Association of America (MPAA) is trying to find ways to effectively delete sites that host pirated content from the Internet using Domain Name Server (DNS) takedowns. To understand why this is a security concern, you need to know a little bit about how the DNS system works.
What is a Domain Name Server?
The Internet functions using IP addresses, a string of numbers that is easy for machines to understand but not very user-friendly for humans. Your computer or mobile device needs the help of a server that can match these IP addresses to a name of the destination you can remember. The DNS is usually maintained by internet service providers, but some organizations such as Google offer a public DNS anyone can use.
When you type an address like www.bvsystems.com into your browser or click on a link in our newsletter, your computer or mobile device queries a DNS and receives the IP address it needs to get here. If the DNS cannot match the URL to an address, you get an error message instead of the page you expected.
What is a DNS Takedown?
Currently copyright holders can take down pirated content by ordering the hosting site to remove it. An example would be requesting YouTube take down a copyrighted video or a web hosting company to delete a user’s account. A DNS takedown would go a step further, ordering the DNS owner to remove the site from the server’s IP address tables. Servers at different companies communicate freely with one another, so changes made on one DNS could propagate to other servers across the Internet in as little as a few hours.
Removing the listing is the equivalent of removing the building address numbers off a business. Someone trying to locate the place would find it very difficult unless they knew the exact location, or in this case the IP address.
Are DNS Takedowns Legal?
The legal grounds for DNS takedowns are shaky. The Digital Millennium Copyright Act (DMCA) of 1998 both makes it illegal to distribute copyrighted material without permission and protects the sites hosting pirated content as long as they respond immediately to takedown requests. The Stop Internet Piracy Act (SOPA) of 2011 would have made DNS takedowns legal, but it was defeated in Congress after a major outcry from both private businesses and the general public.
The MPAA is working on an argument that would include DNS filtering under the DMCA, forcing DNS operators to remove the DNS entries of sites hosting pirated content without a court review.
The Problem with DNS Takedowns
The major concern is this system could be ripe for abuse, with organizations or individuals filing false copyright infringement claims to harm their opponents or silence critics. Smaller DNS operators may be overwhelmed with the number of requests and just rubber stamp them out of concern for losing their protection.
Imagine if your biggest competitor could make your web site disappear overnight, and there was nothing you could do about it. It could be devastating for businesses that rely extensively on their web sites for income or leads.