[Chapter-delegates] Input Request: DNS Blocking

Tue Jan 18 05:23:54 PST 2011

On 18/01/2011 10:45 PM, Paul Brooks wrote:
> On 18/01/2011 7:36 AM, Sally Wentworth wrote:
>> We have noted that a number of governments are considering and/or implementing public policies to try to address illegal online sites (also known sometimes as “rogue websites” or "sites dedicated to infringing activities") that would require ISPs to block DNS resolution to sites containing illegal content.  While we recognize the need for development of public policy by governments (in consultation with all stakeholders), we believe that policies of this sort would have negative implications for the global DNS and for the implementation of DNSSEC, among other issues.
>>
>> To help ISOC and its members think about and respond to these issues weare developing principles that have global applicability and also provide a baseline to respond to national policy developments.  We are specifically seeking to address the proposals to require ISPs to block DNS resolution of "illegal" sites.  Please note that this is a different discussion/context than the issues associated with Wikileaks and so we'd like to keep those threads separate here.
> We in ISOC-AU have been engaged with advising the Australian government on these sorts
> of things - several years ago I put together a presentation (which was circulated
> within ISOC I believe) that examined many of the common proposed methods of
> implementing content filtering/blocking, and the ease of circumvention, in the context
> of the proposals at the time to block Internet content that was 'refused classification'.

Looking at the policy aspects rather than the technical aspects for a moment - it is
vitally important to encourage the relevent government or agency to define very
clearly what they are hoping to achieve by a blocking policy.

There is a very big difference between a policy of "guarantee to prevent anyone
accessing (illegal content) by any means" and "use best efforts to prevent kids and
vulnerably people from casually stumbling across (illegal content) in a web-browser".
There is a big difference between "prevent children from accessing material that is OK
for adults to see" and "prevent everyone from accessing material that nobody should
have to see, that is already illegal to posess or distribute in print or offline".

Much of the heat and antagonism in these debates tends to come from the technical
community telling governments "you can;t do (x) because..." when the real problem is
that the policy or desired outcome is not sufficiently well defined to allow a
reasoned rebuttal. Only when you - and they - know precisely what they want to achieve
can you nail down specific examples to show them what the negative consequences could
be - and why a technical solution like DNS blocking would cause more harm than it
would solve.

To this end, I think it is  important that government policy people see this Internet
community as a possible helper, rather than a roadblock. Instead of going on the
attack with a response like "whatever you want to do, it won't work", and being
marginalised and ignored, a much better response is something like "if you can tell us
what you are actually trying to achieve, we can help you understand how possible
solutions might or might not work.". Ideally, in the process of defining specifically
what they want to achieve, they'll come to realise for themselves that its not as
simple as they might like, and what they will break in the process.

Regards,
    Paul.