Companies pointing fingers over security feature sets up fight in Congress

A group of internet service providers and developer Mozilla are playing a game of “he said, she said” with Congress over an internet security feature, setting up a potential fight in committee hearings over browsing data and how it’s collected or protected.

Chances are that the last time you visited a website, you entered a URL such as washingtonexaminer.com. That address is commonly referred to as a domain. That’s easy for people to grasp, but for computers, it means nothing except to be translated down into an internet protocol address used to direct to a specific website. Domain names are stored in what web infrastructure company Cloudflare describes as a “phonebook of the internet” or the Domain Name System.

Therein lies the point of contention between Mozilla, maker of the Firefox web browser, and groups of internet service providers. Both sent letters to Congress fighting about the DNS over HTTPS, otherwise known as Secured DNS or DoH. The security feature, currently being planned by Google for its Chrome browser and Mozilla for its browser, would essentially limit an ISP’s ability to track exactly which websites their users visit, which Mozilla says will lead to a more secure internet and curb ISPs’ collection and use of any given user’s data. Mozilla argued the letter sent by ISPs was filled with “factual inaccuracies.”

“A complementary effort to our work to fight ubiquitous web tracking, DoH will make it harder to spy on or tamper with users’ browsing activity and will protect users from DNS providers — including ISPs — that can monetize personal data,” Mozilla wrote. “We believe that such proactive measures have become necessary to protect users in light of the extensive record of ISP abuse of personal data. Telecommunications associations are explicitly arguing that ISPs need to be in a position to collect and monetize users’ data. This is inconsistent with arguments made just two years earlier regarding whether privacy rules were needed to govern ISP data use.”

Although DNS monitoring by ISPs can be, and has been used for more controversial reasons — like catered ad targeting based on your online behavior and selling real-time location data — ISPs can also help prevent minors from accessing adult material or try and identify sources of malware. ISPs make this point by arguing that sweeping implementation of DoH could have major repercussions for the function of the internet.

“If not coordinated with others in the internet ecosystem, this could interfere on a mass scale with critical internet functions, as well as raise data competition issues,” the groups wrote. “By limiting the ability to spot network threat indicators, it would also undermine the federal government and private sector efforts to use DNS information to mitigate cybersecurity risks.”

The “data competition issues” that the ISPs raise is primarily targeted at Google. While Mozilla would be using Cloudflare’s DNS system to secure users’ data, Google would be using its in-house system, something ISPs said would give Google a near-monopoly over specific user data, citing the market share of not only Chrome browsers, but also the Android mobile operating system, which is used in more than 80% of the world’s smartphones. Google owns the Android, which is used by almost every phone manufacturer, save for Apple.

ISPs aren’t alone with that concern either. Congress sent a letter to Google, before receiving a letter from either Mozilla or the ISPs, demanding to know what Google’s intentions were for user data by implementing DoH. The Wall Street Journal reported that the Department of Justice had even received complaints about the security feature.

Currently, companies are not prevented from implementing DoH, but that’s what ISPs hope to change by appealing to Congress.

(function(d, s, id){
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) {return;}
js = d.createElement(s); js.id = id;
js.src = “https://connect.facebook.net/en_US/sdk.js”;
fjs.parentNode.insertBefore(js, fjs);
}(document, ‘script’, ‘facebook-jssdk’));

Source link

Go to Source
Author: Washington Examiner