Interview Andrew Sullivan, chief exec of the Internet Society, has condemned governments that "interfere in underlying technologies that people are allowed to build," as regulators increasingly target net infrastructure to enforce their visions of how the online world ought to be.
Speaking to The Register, Sullivan warned that laws passed to ban, or force, the use of certain types of tech risked damaging confidence in infrastructure that is becoming ever more vital for the internet to function safely and securely.
"If you look at the internet right now, people have been responding to it in recent times primarily in a threat mode," he said, contrasting it to the "everything is great" vibe of the 1990s and early 2000s.
"Now," continued Sullivan, who previously worked at Dyn and has been credited with opening up the dot-org and dot-info domains to world+dog, "we've lived with this technology for long enough that all we see are the downsides. We're forgetting the great benefits that it brings."
His pitch is simple: governments and quasi-governmental regulators alike need to stop targeting internet infrastructure as a means of blocking certain types of content. If they continue doing it, he said, vital security protections will end up being weakened and innocent sites will be wrongly blocked.
D'oh! Amber Rudd meant 'understand hashing', not 'hashtags'READ MORE
"It's all about the content and not the infrastructure. We're talking about the thing we're actually trying to regulate. What people are doing is reaching for the thing they're trying to regulate, the underlying infrastructure."
Top of the infrastructure-as-policy-tool agenda in the UK is the DNS over HTTPS (DoH) proposal made by browser builders Google and Mozilla. As we reported, the problem is that DoH would allegedly nobble the Internet Watch Foundation's anti-child abuse imagery watch list, among other surveillance and blocking methods used in the UK. The IWF watchlist compares plaintext DNS requests to a master blacklist and sinkholes requests going to URLs of known child abuse imagery; the same method is used to block pro-terrorism websites.
DoH would encapsulate DNS requests – needed to turn things like human-readable addresses like theregister.com into IP network addresses that software can use – in encrypted and private HTTPS requests to DNS servers. This should prevent eavesdropping on domain name queries by ISP filters and GCHQ spies, which is what prompted near-incomprehensible outbursts by the British government about Google threatening children.
One of the proposals made in response to DNS-over-HTTPS showing up is to outlaw DoH – 'You're not allowed to use this protocol.' A very strange thing for Parliament to do, to regulate specific tech over how bits travel over a wire...
While Sullivan doesn't quibble with the premise of blocking pro-terrorism and child abuse websites, he argues that blocking them by "fiddling with some kind of infrastructure that also has all kinds of other uses," is effectively opening a Pandora's box.
"It tends to block the ability to look at these resolution attempts. By blocking the ability to look at the resolution attempts, you block the ability of that intermediate server to say, 'Hey, you're looking up something that's evil'," he told us, warning that fiddling with or banning DoH could end up frustrating attempts to protect against DNS-hijacking malware that could, for example, "misdirect you to websites that impersonate your bank."
Sullivan continued: "One of the proposals made in response to DoH showing up is to outlaw DoH – 'You're not allowed to use this protocol.' A very strange thing for Parliament to do, to regulate specific tech over how bits travel over a wire."
In contrast to the doom and gloom being pumped out in the UK in response to the DoH proposal, Sullivan was upbeat about the prospects for content blocking: "There's other ways to do it. You could embed the blocklist in servers on the internet. So you could say, hey, if you're serving content on the internet you should subscribe to this list too."
In other words, rather than (effectively) subverting DNS queries as we do at present, or banning DoH because UK regulators haven't got the imagination to think up a DoH-compliant filtering method, Sullivan proposes making all content hosts sign up to what would effectively be a public blacklist, something bound to go down badly among UK policymakers, who prefer the behind-closed-doors, just-between-us informality of the current IWF watchlist arrangement.
"It's not that people disagree that content is bad," Sullivan mused when we asked him whether he can see the side of the argument that says blocking bad content is inherently good, whether done at the transport layer or not. "I don't agree massacres of people should be filmed and shown on the internet or elsewhere. I don't think [child abuse images and footage] is OK. I don't think, either, that we should permanently try to use the underlying infrastructure to stamp out content we don't like."
He adds that while people tend to say "this is an inconvenience", a "problem we have to put up with to live in a democratic society and part of the cost," the real problem lies with politicians who want to be seen to have done something – and who reach for infrastructure regulation in the process.
"This is a consistent pattern we see here, quite a big interference in the underlying tech that people are allowed to build, in response to bad content. The politicians who need to be seen to do something don't bear any cost in this thing. That cost imposes negative consequences on the rest of the internet, it means the rest of the infrastructure is less reliable than it could be." ®