[dns-operations] DNS-based site blocking in the UK
jim at rfc1035.com
Mon Aug 8 13:00:03 UTC 2011
Nothing much to see here... move along.
The government passed a new law, the Digital Economy Act, in 2010.
Amongst other things, this authorised Ofcom (the regulator) to figure
out some way of reducing copyright violation on the Interwebs. Ofcom
was to work with the copyright holders and ISPs to come up with a
solution. The report is essentially the outcome of those discussions.
Here's the URL: http://stakeholders.ofcom.org.uk/binaries/internet/site-blocking.pdf
The report's actually quite reasonable -- though I've just skimmed it.
One silliness however is the info about obvious ways of subverting
blocking measures has been blacked out.
I quote from the report's conclusions:
Of the techniques we consider to be most effective, only blocking
based on Deep Packet Inspection would appear to offer a level of
granularity where over blocking would not be a major concern. The use
of DPI is not, however, without risk, as it raises privacy issues, and
is extremely complicated to implement, based on current technologies.
DNS blocking would perhaps offer a simpler and less expensive option,
but it is likely to be fully effective only until DNSSEC is
implemented, so is perhaps not a long term solution. IP address
blocking is simply not granular enough and thec ase by which is can be
circumvented would suggest that it is not a suitable technique
candidate. URL blocking is currently used, but its limited scope and
ease of circumvention would suggest it has at best a complementary
role to play alongside DNS blocking.
A court case between the Motion Picture Association and BT to get
newzbin2 blocked came to a conclusion just as the report was
published. The court told BT to block access. IIUC, this pretty much
established that copyright holders need to get a court order before an
ISP can block something. The ruling was based on existing copyright
law, not the DEA. Now the current government seems to be disowning the
troublesome clauses in the DEA which was passed by the previous
In summary, it's far from clear if or how blocking measures will be
applied or what will be the legal framework for that. A new law or
secondary legislation might well be needed. Tampering with DNS doesn't
look to be a viable option for this in the eyes of the Powers That Be.
Though I doubt that's going to stop the MPA from attempting to get
ISPs to do that.
More information about the dns-operations