DNS resolvers: A Digital Sovereignty Battle Ground
We have all been busy with telling the United Nations that an open, multistakeholder, bottom-up Internet governance is better than a centralized, government-led one. Governments left and right and center issue strategy documents on their desire to preserve the open, global and interoperable nature of the Internet.
Contrary to the vows for preserving the open, secure nature of the Internet by different democratic governments, we see regulatory and quasi regulatory initiatives that can affect the free, open and secure Internet. Usually these initiatives take place under the banner of “digital sovereignty”.
One very critical element of the Internet is the Domain Name System Resolver. When the user wants to access an online service, usually uses a domain name to access the service. The DNS resolver acts as a translator in a key role before a user’s service request can even begin: it translates the service domain name into an IP address that can be used to connect to the appropriate server. This central, early translation role makes DNS resolution an obvious target for manipulation. The server the user connects to may have no relationship to the service the user expected to access which means the user cannot access the desired online service. Usually filtering, blocking and online web service moderation at DNS resolver level is very disproportionate and can lead to affecting other web services that are hosted on the domain name and the sub-domains. So far many countries have been careful so as not to regulate or assert their “digital sovereignty” on the Internet through DNS resolvers.
But some have not been. That is because it is not enough to just write up open, secure, interoperable Internet government manifestos. Moreover, it is not just one part of the government that decides the Internet should be open and global, other parts of the State, including the judicial, executive and legislative branches should agree too.
Australia, despite its declaration for preserving the open, global Internet (see this White Paper from 2017), has very stringent laws that impacts DNS resolvers.
Last year, despite Germany’s very comprehensive strategy on keeping the Internet open and global, a court in Hamburg decided in favor of Sony and ruled that Quad9 has to block a torrent domain that was infringing copyrights of Sony. The decision was appealed and fortunately it was overruled.
Recently OpenDNS decided to pull the plug from France and Portugal, which means it does not resolve domain name requests coming from France and Portugal.The problem was raised again due to a copyright complaint during the sports channels live streaming.
France has been determined to regulate the Domain Name System, which led to the issuance of a statement by a few Internet experts last year. The letter stated that “These [expansive powers inferred upon new cybersecurity organizations]include new authorities to force DNS resolvers and browsers to block domains deemed malicious, redirect users to government sites, require software publishers to disclose vulnerabilities, demand non-identifying traffic data from electronic communications operators on-demand, and even to install data collection tools on privately-owned networks and in data centers.”
The risk does not end in bad laws and regulations. The risk lies where the governments and law enforcement agencies with no transparency start “conversations” with the organizations that operate DNS resolvers. The DNS resolvers operators decide to either continue these relationships and block access, or to leave the specific market.
Some might argue that this does not affect the open, global Internet. While the implications and consequences might be gradual and not noticeable, it does not mean that assertion of digital sovereignty in this case does not contribute to a more centralized and less interoperable Internet. Suffice to say that while OpenDNS decided not to provide its services to France and Portugal, Google swiftly complied.
Governing Internet users, platforms and behaviors online through interference with Domain Name System Resolvers should not happen. It is disproportionate and it puts the global, interoperable Internet at risk. We need to advocate for not regulating online services through DNS resolvers throughout all the branches of the government and provide them with alternatives.
