Images of child abuse and terrorist propaganda could be made freely available online by the move to the DNS over HTTPS protocol planned by Firefox, the Internet Watch Foundation (IWF) has warned. The Domain Name System (DNS) has functioned as the phone book of the internet for over 30 years by connecting browsers to domains when
Images of child abuse and terrorist propaganda could be made freely available online by the move to the DNS over HTTPS protocol planned by Firefox, the Internet Watch Foundation (IWF) has warned.
The Domain Name System (DNS) has functioned as the phone book of the internet for over 30 years by connecting browsers to domains when a user types in a web address, but its ability to protect online privacy was questioned in the wake of Edwards Snowden’s 2013 revelations about government surveillance.
DNS over HTTPS was developed as a more secure alternative. The system encrypts DNS requests, making movements online harder to track by bypassing the Internet Service Provider’s DNS, but it also makes it harder to remove illegal content that is normally blocked by the ISP.
“Everything would be encrypted; everything would be dark,” Fred Langford, the deputy CEO of IWF, told Techworld. “For the last 15 years, the IWF have worked with many providers on our URL list of illegal sites. There’s the counterterrorism list as well and the copyright infringed list of works that they all have to block. None of those would work.”
The IWF has helped cut the quantity of online child sexual abuse imagery hosted in the UK from 18 percent in 1996 to 0.04 percent in 2018 by providing key stakeholders and ISPs with a range of alerts and data. These include the IWF URL List of web addresses containing child sexual abuse material that ISPs can block and filter until it is taken down by the hosting provider.
DNS over HTTPS could render the service obsolete, by allowing internet users in the UK to access illegal content hosted outside the government’s jurisdiction. This is because the protocol often connects directly to remote servers based overseas, unlike the local servers currently used by most ISPs in the UK.
Requests could therefore tunnel through the UK network to a machine in a country with less stringent protections around child sexual abuse, which the IWF will approach to remove the content.
“We put the entry onto our list until we can work with our international stakeholders and partners to get the content removed in their country,” said Langford. “Sometimes that will only be on the list for a day. Other times it could be months or years. It just depends on the regime at the other end, wherever it’s physically located.”
Safeguarding the deployment
Firefox aims to roll out DNS over HTTPS as default in future updates of the popular web browser, and competitors such as Google Chrome may follow its lead, triggering growing concerns in Parliament.
In recent weeks, Labour deputy leader and shadow digital secretary Tom Watson and Labour peer Baroness Thornton have both sought clarification on the dangers of the protocol. Privacy campaign groups such as Censor Watch worry that the government is more concerned about limits to its powers of surveillance.
The IWF has attempted to allay these concerns by acknowledging the benefits of the protocol on privacy and security and focusing on the needs for it to be deployed with the appropriate safeguards in place.
It is calling for the government to insert a duty of care that includes the IWF URL List in the forthcoming online harms regulatory framework to ensure that the service providers comply with current UK laws and security measures.
“The technology is not bad; it’s how you implement it,” said Langford. “Make sure your policies are in place, and make sure there’s some way that if there is an internet service provider that is providing parental controls and blocking illegal material that the DNS over HTTPS server can somehow communicate with them to redirect the traffic on their behalf.”