The bill introduced in the Chamber of Deputies (Cámara de Diputados in Spanish) (Bulletin 10937-15), known as "Uber Law" (“Ley Uber”, in Spanish), includes in its article 12 a provision granting the Department of Transportation and Telecommunications the power to: "... order telecommunications service operators to block the "Domain Name System"(DNS), from the offending platform."
For reasons explained below, we deem this provision harmful and ineffective, and we recommend that it be removed from the bill.
This is consistent with the position of the Internet Society (ISOC), who published a study in March 2017 entitled "Internet Society Perspectives on Internet Content Blocking: An Overview", which concludes with a recommendation against using blocking techniques to prevent access to Internet content, because "(1) They do not solve the problem, and 2) They inflict collateral damage."
The DNS is one of the basic protocols of the Internet, whose purpose is to allow the automatic translation of the domain names to the respective IP addresses. The latter are the ones that actually identify the nodes of the network and allow communication between them. In the DNS there are authoritative servers that provide the information that allows such translation, and resolvers, that are the programs that in the name of the user, formulate the queries to the authoritative servers.
Blocking like the one proposed in practice means that telecom operators would be forced to look for ways to interfere with DNS operation to deliver false "non-existent domain" responses, rather than the correct answers that the system should deliver.
Given that the authoritative servers of the international companies that motivate this regulation likely reside abroad, outside the Chilean jurisdiction, the simplest way in which this blocking can be implemented is by making the resolvers, operated by the Internet service providers (ISPs), be those that deliver these altered answers. This measure may seem to work, but it will be very simple for users to change their settings to use public resolvers instead of those of their ISP, making this measure totally ineffective. In fact, the applications themselves could be programmed to use this very mechanism.
The ISOC document cited above relates what happened when Turkey tried to block the DNS: " For example, when Turkey blocked some DNS queries in 2012, users changed their systems to use Google’s popular public DNS servers and avoid the blockage. Turkish authorities responded by hijacking all traffic to the Google DNS service, which caused significant collateral damage."
It is also possible to consider more complex ways of trying to block the resolution of some domain names; possibly using what is called "deep packet inspection" in ISPs. This measure is however very costly to implement. Its application is also a quite debatable because of the impact it has on the privacy of communications and because in practice it is not uncommon that poorly implemented blocking measures have had effects that go a long way, beyond those sought and may lead to catastrophic consequences.
The complexity and dangers inherent in trying to manipulate the DNS to prevent access to a service contrast, on the other hand, with the fact that companies would have a very simple alternative to avoid blocking, namely that their applications avoid using the DNS and have access to those services by IP address.
Prudence advises against intervening in protocols essential for the proper functioning of the network, more so when such interventions contain great dangers and are ultimately ineffective. For these reasons, we hope that this provision contained in article 12 will not be approved as part of the law.
Here are some examples of how in other countries such blockages have failed when attempted:
- This is how the Twitter blocking works in Turkey and this is how users are avoiding it
https://www.genbeta.com/actualidad/asi-funciona-el-bloqueo-a-twitter-en-turquia-y-asi-se-lo-estan-saltando - How to change the DNS to avoid blocking of the web
http://omicrono.elespanol.com/2014/05/como-cambiar-las-dns-para-evitar-el-bloqueo-de-webs/ - DNS blocked? New ridicule in the fight against piracy.
https://www.adslzone.net/2016/12/20/bloqueo-dns-nuevo-ridiculo-la-lucha-la-pirateria/
Finally, as the entity responsible for an important component of the Internet infrastructure in our country, we are available to directly express our opinion as experts whenever called to do so.
This comment has been sent to the Minister of Transportation and Communications, to the Undersecretary of Telecommuncations and to the Public Works, Transportation and Telecommunications Comission of the Chamber of Deputies.
NIC Chile
Santiago, August 9, 2017.
About NIC Chile
NIC Chile, a center of the Faculty of Physical and Mathematical Sciences of the University of Chile, is in charge of administering the domain name registry of .CL, that identifies Chile in the Internet. In this role, it is responsible before the local and global Internet community for its secure and efficient operation, to allow persons, enterprises and institutions to build their identity on the Internet, under.CL.
Si ya posee cuenta en el nuevo sistema: |