On anti piracy red button in Italy (and the untold risk of retaliation)

A law passed unanimously in the Italian parliament against piracy requires ISPs to poison DNS and block IP addresses within 30′ of notification. The idea is that this will block pirate streaming of sporting events while the event is in progress.

Rightholders will have flaggers who will notify the Communications Authority-AGCOM (the Italian NRA) of the ip addresses and domain names to be blocked, and AGCOM will forward them to all ISPs operating in Italy for blocking, which must take place, as mentioned, within 30′.

Given the tight timeframe, AGCOM will not be able to perform any checks: it will take IP addresses and domain names and forward them to the Italian ISPs who will automatically block domains and IP addresses.

Basically, it’s a red button: you type in a domain and an IP address, you press the button and that disappears from the Italian internet.

In hearings during the parliamentary process of the law, ISPs have pointed out that there are risks. These include the fact that a flagger could make a transcription error in an IP address that would lead to the blocking of a totally lawful service or the fact that a malicious actor could infiltrate communications and thus block any target.

Rightholders are almost unanimously applauding; ISPs are almost unanimously against, not least because no one will reimburse them for the related costs (sporting events generally take place out of business hours, so they will have to provide ad hoc staff – the AGCOM itself will hire 10 people to handle communications forwarding).

Now a technical table that will also include ACN, Italy’s cybersecurity agency, will have to define the specific technical rules. Some critical issues can be addressed at this table.

I believe there are 3 major problems:

  • Zombie IP addresses: Unlike a similar measure in the UK, in Italy there is no specified duration of blocking. Once the IP address is blocked, that IP address goes away. But pirates often use services provided by hosting providers so when the event ends, the IP addresses are released and reassigned to other legitimate clients who will be inaccessible in the Italy. If no block duration is provided as in the UK, it will litter the Italian Internet with zombies.
  • Redress procedure: No provision is made for a redress process. Should an IP address be “reenabled,” either because of a wrong or malicious disablement (due to an attack), or because the IP address is later used for a lawful service, there is no redress procedure. This is particularly delicate in the case of errors or attacks: if there were a relevant target deleted from the Internet in Italy, critical services could be crippled, and there would have to be a fast restoration and appeal procedure by users. A variant of this problem is when a blocking of an IP address corresponds to multihosting whereby, in addition to the pirate service, the same IP address corresponds to lawful services that therefore should not be blocked (e.g., as happened with the Project Gutenberg site, which has been blocked for over 2 years)
  • Pirate retaliation: AFAIK, so far, no one pointed out that the IP address of a legitimate service could be maliciously entered into the DNS of the pirate site by the pirate himself. That would cause the flagger to notify a legitimate service (eventually some critical service’s IP address) that would disappear from the Italian Internet. The DNS server of a pirate site is in fact totally under the control of the pirate himself, and nothing can prevent him from seeking retaliation by entering, in addition to those of his own servers, an IP address of a legitimate critical service. As it is well known to those who read this blog, it is not always possible to tell whether an IP address entered into a DNS server is actually used by a pirate site or it corresponds instead to a third party’s legitimate service. Therefore, AGCOM has done very well to require specific and certain documentary evidence from the flaggers for each and every IP address to be disabled and to make it explicit that the reporter assumes any resulting liability. Flaggers need to understand that they have a very dangerous weapon on their hands: they type in an IP address, push a button, and that – poof- disappears from the Internet in Italy: a digital ballistic missile that must be directed only at absolutely certain targets

One final comment: Many have noted that getting around the blocks is difficult for people who are not interested in piracy but easy, for those who want to pirate by resorting to foreign DNS and/or VPNs.

Unfortunately, there are no plans to evaluate the effect of this measure to see if it works or not. The number of domain names and IP addresses blocked cannot be considered a metric of effectiveness: if 9,999 IP addresses were blocked and only one IP address – used by one million people – remained, one could not argue that it was 99.99% successful. The more appropriate measure is increased sales of legal offerings. We will find out when the rights holders report data on subscribers. Netflix has adopted systems to prevent reuse of passwords by multiple people. It was called a great success: it was estimated that more than 100 million accounts were sharing passwords. The company reported an increase of just under 2 million subscribers out of a total of 238 million subscribers. To call a 0.7 percent increase a great success seems too emphatic to me.

If you like this post, please consider sharing it.

4 thoughts on “On anti piracy red button in Italy (and the untold risk of retaliation)”

  1. Interesting and scarying. But you say about DNS poisoning to block piracy actors, not IP. ISP should block the IP (i.e. in a firewall) or just the resolution IP address of a specified dns?

    1. Stefano Quintarelli

      ISPs must both block the IP address (routing) and the resolution (DNS) when instructed

  2. There is another way around this ban: rolling IPs addresses.
    The pirates can put a set of reverse proxies in front of their (relatively) stable network architecture and then modify their player to accept the IP address of a new proxy every, say, 10 minute. The proxies will hide the real IPs of the stable network.

    With a pay-per-use IaaS and orchestration technologies (like containers) they can easily enroll new proxies on demand and at a relatively small cost.
    They could even check reachability in real time to exploits delay in the execution of the law or switch over on demand.
    Basically they can reuse any technology meant for HA (afterall it’s just like their proxies started failing after a random amount of time).

    1. Stefano Quintarelli

      absolutely. yes.
      on the same line they could switch to IPv6 and use hundreds of variable addresses. (I told that to the NRA, eventually pirates are going to do it).
      how’s the proverb ? The Interenet interprets censorship as a malfunction and routes around it..

Leave a Comment

Your email address will not be published. Required fields are marked *