[dns-operations] DNS-based site blocking in the UK

Jim Reid jim at rfc1035.com
Mon Aug 8 13:00:03 UTC 2011

Nothing much to see here... move along.

The government passed a new law, the Digital Economy Act, in 2010.  
Amongst other things, this authorised Ofcom (the regulator) to figure  
out some way of reducing copyright violation on the Interwebs. Ofcom  
was to work with the copyright holders and ISPs to come up with a  
solution. The report is essentially the outcome of those discussions.

Here's the URL: http://stakeholders.ofcom.org.uk/binaries/internet/site-blocking.pdf

The report's actually quite reasonable -- though I've just skimmed it.  
One silliness however is the info about obvious ways of subverting  
blocking measures has been blacked out.

I quote from the report's conclusions:

Of the techniques we consider to be most effective, only blocking  
based on Deep Packet Inspection would appear to offer a level of  
granularity where over blocking would not be a major concern. The use  
of DPI is not, however, without risk, as it raises privacy issues, and  
is extremely complicated to implement, based on current technologies.   
DNS blocking would perhaps offer a simpler and less expensive option,  
but it is likely to be fully effective only until DNSSEC is  
implemented, so is perhaps not a long term solution. IP address  
blocking is simply not granular enough and thec ase by which is can be  
circumvented would suggest that it is not a suitable technique  
candidate.  URL blocking is currently used, but its limited scope and  
ease of circumvention would suggest it has at best a complementary  
role to play alongside DNS blocking.

A court case between the Motion Picture Association and BT to get  
newzbin2 blocked came to a conclusion just as the report was  
published. The court told BT to block access. IIUC, this pretty much  
established that copyright holders need to get a court order before an  
ISP can block something. The ruling was based on existing copyright  
law, not the DEA. Now the current government seems to be disowning the  
troublesome clauses in the DEA which was passed by the previous  

In summary, it's far from clear if or how blocking measures will be  
applied or what will be the legal framework for that. A new law or  
secondary legislation might well be needed. Tampering with DNS doesn't  
look to be a viable option for this in the eyes of the Powers That Be.  
Though I doubt that's going to stop the MPA from attempting to get  
ISPs to do that.

More information about the dns-operations mailing list