Internet Engineers to Congress: SOPA censorship will harm Internet security

83 of the Internet's most prominent inventors, founders, and engineers have penned an open letter to Congress in opposition to the Stop Online Piracy Act, which is slated for markup in the House today. The signatories warn that the bill will compromise fundamental Internet infrastructure and undermine the security of the net.

Censorship of Internet infrastructure will inevitably cause network errors and security problems. This is true in China, Iran and other countries that censor the network today; it will be just as true of American censorship. It is also true regardless of whether censorship is implemented via the DNS, proxies, firewalls, or any other method. Types of network errors and insecurity that we wrestle with today will become more widespread, and will affect sites other than those blacklisted by the American government.

The current bills -- SOPA explicitly and PIPA implicitly -- also threaten engineers who build Internet systems or offer services that are not readily and automatically compliant with censorship actions by the U.S. government. When we designed the Internet the first time, our priorities were reliability, robustness and minimizing central points of failure or control. We are alarmed that Congress is so close to mandating censorship-compliance as a design requirement for new Internet innovations. This can only damage the security of the network, and give authoritarian governments more power over what their citizens can read and publish.

This is the last chance to tell your representative to keep the Internet free before the markup: have you phoned DC yet?

An Open Letter From Internet Engineers to the U.S. Congress


  1. Something tells me that this will be WAAAYY over the heads of congressmen who mostly still can’t understand what the internet is beyond “a series of tubes.”

  2. I’d be interested to hear more on how they envision DNS blocking to be a security risk.  I can imagine plenty of secondary issues, like people using insecure DNS that doesn’t block these sites, or sites being blocked which provide security services.  But I can’t think of how the act of simply breaking the DNS resolution of a site can have such dire consequences.  In fact, it’s pretty standard practice for network security people to prevent resolution of malicious domains on their own DNS servers.

    Which isn’t to say that these bills are a GOOD idea.  Far from it.  It just seems like they should provide more evidence of these issues, since we’re always complaining about pro-copyright legislation not being evidence-based.

      1. Ah, indeed:

        Though it seems at this point, without clients really doing DNSSEC enforcement, ISPs could simply set their resolvers to give NXDOMAIN replies to blacklisted sites without clients caring.  Though that’s certainly not sustainable with the ultimate goal of DNSSEC.

        Interesting that legislators didn’t simply put the mandate on domain registrars instead of ISPs.

      2. OK, so a SOPA blocked site in DNS returns a false response and DNSSEC shows the response has been tampered with.

        That is exactly what has happened, and the results are what you would expect. You don’t use the response and you don’t get to the site.

        I don’t see how SOPA is a good idea, but I don’t see how it interferes with DNSSEC if the goal is to prevent blocked sites from resolving.

Comments are closed.