Tuesday, May 31, 2011

Technical solutions to non-technical problems

I was reading Ars Technica the other day and came across an article they ran on the PROTECT IP bill.  In brief, this is a bill which has the goal to improve the protection of intellectual property by using the domain name system (DNS) to re-route traffic away from the bad guys.

I didn't finish reading the article, but I did read a white paper cited by the article.  It's authors are experts in securing and operating the DNS, and they are quite opposed to the bill.  The authors point out (correctly) that while protecting intellectual property is a fine idea, going about it by (effectively) breaking the DNS within the United States is a very silly idea.

The DNS is the large, successful, distributed system that maps names (like www.icpsr.umich.edu) to numeric IP addresses (like 141.211.146.80).  This is handy since people can often remember a DNS-style name more easily than a "dotted quad" set of numbers.  The stability, performance, and correctness of the DNS is one of the things that makes the Internet work.

The idea in the bill is that the US government would be able to order service providers to fiddle with the answers returned by DNS servers.  And so, say, if ICPSR started stealing intellectual property to make available on our web site, the government could arrange to have the answer to the question "What's the IP address of www.icpsr.umich.edu?" changed from 141.211.146.80 to the IP address of a government web site that would explain to the user that they had been redirected, and that ICPSR is a bunch of intellectual property stealing bad guys.

That should work, right?

Unless....  people really do want to get to that stolen intellectual property.  And so instead of typing in www.icpsr.umich.edu into their browser, they type the address.  Or if they add an entry to their "hosts file" to map the name and IP address (instead of relying on the DNS).  Or if someone releases some malware that fiddles with their host file or their registry (if they run Windows).  Or if, in this case, ICPSR moves its DNS service outside the borders of the US.  Or....

So lots of ways to work around the "solution."

It feels like the government is trying to design a technical solution to a non-technical problem.

I'm shocked.  Shocked.
This is probably one of the best examples of how good intentions can still lead people to do the wrong thing.  The very wrong thing.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.