We’re Confident Tech Community Can Help Us Solve Challenge of Rogue Sites

by Paul Brigner 07/14/2011 09:11 (UTC-08:00) Pacific Time (US & Canada)

Authors of a technical white paper on the PROTECT IP Act held a press conference today co-sponsored by the Center for Democracy and Technology and the Internet Society.

The technologists’ report boils down to two main arguments: concerns that the provision of PROTECT IP which requires domain name servers not to resolve to criminal sites will affect developing security standards, and the assumption that the vast majority of Internet users will circumvent the remedies the bill puts in place.

We disagree.

DNSSEC was designed to provide consumers with a secure, trusted connection to services like online banking, commercial transactions, and electronic medical records - not to foreign websites operated by criminals for the purpose of offering counterfeit and infringing works. These evolving protocols should be flexible enough to allow for government, acting pursuant to a court order, to protect intellectual property online. And we have a hard time believing that average Internet users will be willing to reconfigure their computers to evade filters set up by court order when doing so will risk exposure to fraud, identity theft, malware, slower service, and unreliable connections. The PROTECT IP Act makes getting to rogue sites just inconvenient enough that the large majority of users will seek a legitimate option instead.

Here's the bottom line: We rely on the Internet to do too much and be too much to let it decay into a lawless Wild West. We are confident that America's technology community, which leads the world in innovation and creativity, will be capable of developing a technical solution that helps address the serious challenge of rogue sites.

Rogue Sites Host More than Stolen Movies

by Paul Brigner 07/01/2011 07:22 (UTC-08:00) Pacific Time (US & Canada)

Internet users who go looking for stolen movies online may end up getting more than they bargained for – a practically “indestructible” form of malicious software designed to give cyber criminals remote control over users’ computers. 

This week, researchers at security firm Kaspersky Labs wrote that TDL, a new form of malicious software or malware that they describe as “the most sophisticated threat today,” is spread by paying “affiliates” in exchange for placing an installation package online someplace where users will accidentally pick it up.  Kaspersky’s researchers noted that rogue websites are prime vehicles for this kind of abuse: 

The way in which the new version of TDL works hasn’t changed so much as how it is spread - via affiliates. As before, affiliate programs offer a TDL distribution client that checks the version of the operating system on a victim machine and then downloads TDL-4 to the computer.

Affiliates receive between $20 to $200 for every 1,000 installations of TDL, depending on the location of the victim computer. Affiliates can use any installation method they choose. Most often, TDL is planted on adult content sites, bootleg websites, and video and file storage services.

TDL is designed to transform machines it infects into a network of “zombies” that can be controlled from afar.  In just three months this year, TDL infected 4.5 million computers worldwide, with over a third of those in the U.S.  The U.K.’s The Telegraph reports:

"The owners of TDL are essentially trying to create an 'indestructible' botnet that is protected against attacks, competitors, and anti-virus companies," said Sergey Golovanov and Igor Soumenkov, reseachers at Kaspersky Labs.

"The [TDL-4] botnet, with more than 4.5 million infected computers, is used by cyber criminals to manipulate adware and search engines, provide anonymous internet access, and acts as a launch pad for other malware."

All the more reason to keep rogue sites from reaching U.S. consumers.  Stealing movies isn’t worth the risk to American jobs – or the risk to Internet security.

Internet Engineer George Ou Debunks Claims PROTECT IP Will Break the Internet

by Paul Brigner 06/24/2011 11:40 (UTC-08:00) Pacific Time (US & Canada)

Internet engineer George Ou has written a forceful response to claims that the PROTECT IP Act will “break the Internet” by allegedly undermining the Internet’s architecture. 
Those arguments suggest that PROTECT IP would interfere with a protocol that allows users to connect to websites more securely and that technology used to prevent access to rogue websites would be ineffective. 
Ou makes two particularly compelling points.  First, in response to concerns about the security protocol Secure DNS (DNSSEC), Ou points out that the purpose of that system is to facilitate users’ secure access to legal, legitimate websites to support online commerce and protect personal data. 
“[S]ecure access to an illegal site is moot because the purpose of the Protect IP court ordered filters is to prevent any access to that illegal site,” Ou writes.  “These opponents of DNS filtering never make the claim that DNS filtering will compromise DNSSEC in the general case for websites that aren’t blacklisted with a court order.  DNS filtering is not a threat to legal websites implementing DNSSEC.” 
In other words – you shouldn’t need to be able to connect securely to illegal rogue sites, because those sites shouldn’t exist in the first place.
Ou’s second point responds to criticisms of technology in which domain name systems prevent access to certain sites, noting that Paul Vixie, one of a group of engineers who signed a white paper opposing PROTECT IP, had himself developed a system to protect users from accessing risky websites:

The thesis of the letter opposing the Protect IP Act is that protecting Intellectual Property is important but DNS filters are ineffective and dangerous.  Yet Paul Vixie is the inventor of DNS filters, so it is self-evident that he does not think his invention is ineffective.  Vixie simply believes that protecting Intellectual Property is not important enough to deserve the protection of his technology.

This is an important paper that should help shed some light on the debate around PROTECT IP. 
The bottom line, of course, is that while some people use technology to commit crime or fraud, technology can also be one of our strongest weapons to fight theft of our creative works – and one of our strongest partners in making those works more widely available to the people who want them.  Now that’s real innovation.

Month List