The domain name system has been an essential component of the Internet since the mid-1980s.
DNS resolvers allow a human-readable domain name to be mapped to an IP address, so that a website or service can be easily located. Old people also call it the Internet phone book.
These days there are several great DNS resolvers. Many ISPs operate their own, but third-party DNS services are also popular. Popular third-party options include Google, Cloudflare, OpenDNS, and Norton, all of which are based in the United States. This large foreign footprint worries the EU.
To offer some balance to the American dominance in the DNS industry, Europe offers its own alternative called DNS4EU. Last week the European Commission published a call for proposals, which also describes in detail the features that the government-controlled DNS resolver should offer.
The project overview makes it clear that DNS4EU is intended to protect end-user privacy and ensure their security.
“DNS4EU must provide a high level of resilience, comprehensive and EU-specific cybersecurity protection, data protection and privacy in accordance with EU rules, ensure that DNS resolution data is processed in Europe and that personal data is not monetized,” the EU writes in its overview. .
In addition to serving consumers directly, the resolver will also be available for Internet backbone networks that handle traffic to, from and to Europe. These ridges are part of the global traffic lanes, which means millions of people could potentially be affected.
Many of the DNS4EU features offered are aimed at protecting EU citizens. For example, the DSN resolver is not allowed to monetize user data and must comply with applicable privacy regulations, including GDPR.
At the same time, the focus is also on filtering. DNS4U should help block malware and phishing, for example, and protect against other cybersecurity threats. These are fairly common features for DNS services these days.
Blocking illegal traffic
However, the EU initiative goes further. Although details are scarce at this early stage, the language of official documentation suggests that “illegal content” could also be blocked.
“Filtering of URLs leading to illegal content based on applicable legal requirements in the EU or national jurisdictions (e.g. based on court orders), in full compliance with EU rules.”
The above suggests that pirate sites can also be blocked by DNS4EU, if there is an applicable court order. These sites will then be blocked for all users in the region. At the same time, it could also affect traffic that passes through internet backbones that use the DNS resolver.
Without knowing the full technical setup, we are careful not to draw solid conclusions. That said, backbones typically work across borders and continents, so potential overblocking is a serious concern.
The project overview stresses that filtering and blocking measures must comply with national rules. We therefore assume that the DNS resolver can treat traffic from individual member states differently if necessary.
Risk of censorship?
Patrick Breyer, Member of the European Parliament (MEP) for the Pirate Party, believes that the project is useless. Current DNS solutions work well, and adding government-run filtering and blocking tools is dangerous.
“A government-run DSA system carries the risk of online censorship,” Breyer told TorrentFreak, while adding that DNS blocking itself is easily circumvented.
“Access blocking leaves content inline and can therefore be easily circumvented and often results in overblocking and collateral removal of legal discourse hosted on the same website, by the same provider or via the same network.”
This type of collateral damage is not just hypothetical. Breyer notes that in 2020, the Project Gutenberg public domain library was blocked in its entirety in Italy because some content allegedly violated local laws.
Backbone without borders
That blocking does not always stop at borders is also well known. In 2017, several websites were blocked around the world because Internet backbone provider Cogent blocked several Cloudflare IP addresses in response to an Italian court order.
According to Breyer, infringing content should be removed, not blocked. Otherwise, there is always the risk of overblocking.
“Illegal content must be removed where it is hosted,” says Breyer, adding that is why the Civil Liberties Committee will ask the European Parliament to remove blocking orders from the Digital Services Act.
The DNS4EU also raises other issues. For example, it will offer better security options for paying ‘customers’, which seems odd for a government-backed service.
As said before, the project is still in its early stages and many details have yet to be fleshed out.
According to Breyer, this DNS solution must not turn into a “Chinese-style Euro-Net”. It is important that people are aware of these plans and that they are modified as needed, in order to maintain an open Internet.