SOPA undercuts Internet security, experts say; lawmakers float alternative
A bipartisan alternative to controversial anti-piracy bills now before Congress is being floated online by a handful of senators and representatives.
The Online Protection and Enforcement of Digital Trade (OPEN) Act would treat online piracy or counterfeiting by foreign websites as an unfair trade practice under the Tariff Act of 1930 and would give enforcement authority to the U.S. International Trade Commission.
Absent from the draft act are DNS blocking provisions included in the House’s Stop Online Piracy Act and the Senate's Protect IP Act. Opponents in the Internet community say those provisions are incompatible with DNS Security Extensions (DNSSEC), a set of cryptographic protocols intended to secure the Domain Name System.
SOPA and PIPA would require Internet service providers and search engines either to redirect traffic away from offending sites or to block it.
“Both of these remedies involve modifying DNS responses, and that is exactly what DNSSEC is designed to prevent, no matter who is doing it,” said Cricket Liu, general manager of the Infoblox IPv6 Center of Excellence. “The bill seeks to codify something that we in the DNS community have been working to prevent for 15 years.”
The Domain Name System maps Internet domain names such as gcn.com to numerical IP addresses and underlies nearly all Internet activities. DNSSEC enables the use of digital signatures that can be used to authenticate DNS data that is returned to query responses. This will help to combat attacks such as pharming, cache poisoning and DNS redirection that are used to misdirect traffic to malicious sites for fraud and the distribution of malware.