Data is more valuable than ever; in fact, it has overtaken oil as the world’s most valuable resource. As much of our lives are now carried out online, our personal data is one of our most valuable commodities, and ensuring its safety and ethical use is one of the most pertinent challenges we are facing as a society.
The latest data debate concerns the proposed encryption of the Domain Name System (DNS) and the implications this could have on consumers and their data. Your local DNS acts as an address book for the internet and ensures that when you send or receive data from a server (for example, when you type in a website’s address in the URL bar) you are being directed to the right place. As the internet and the transmission of data permeate our lives, encryption has become a standard privacy expectation for many forms of communication, such as encrypted text messaging, or the use of a VPN when browsing online. Like many early internet protocols that came before the mainstream internet, DNS is distinctly open and accessible, and has remained that way … until now.
Earlier this year, both Google and Mozilla unveiled their plans to move toward DNS encryption using DNS-over-HTTPS (DoH). Traditionally, DNS information requests are unencrypted, meaning your internet service provider and anyone who can snoop on the network connection between your device and your DNS server (including anyone on the same Wi-Fi network) can see all the DNS requests from your device. Unencrypted DNS requests mean cybercriminals can manipulate the request and direct users to a malicious website instead. Known as DNS hijacking, this type of attack could be mitigated through the encryption of DNS. As Dr. Paul Vixie, a DNS pioneer, points out, “Much of today's internet crime and abuse is made possible by the total absence of security consideration in some of the Internet's oldest core protocols and services.” However, this doesn’t mean that total encryption is necessarily the way to go either.
There are concerns that encrypting DNS could actually cause more problems than it solves, as some cybersecurity experts argue that by encrypting DNS, it will be harder to identify malware present on a network. This is especially pertinent to enterprises, where DNS transparency is crucial to maintaining network security. Most notably, encryption of DNS will drastically reduce the amount of user data ISPs have access to, as they would no longer be able to tell which sites their customers are accessing. ISPs are currently able to use DNS information for ad targeting or to police their networks for copyright infringement. As such, many have argued that encrypted DNS is a win for user privacy and control of data, but encryption doesn’t necessarily put control into the hands of the user either.
Whether DNS moves to an encrypted model or not, major tech companies, not consumers, will still be making the choices. As the likes of Google and Mozilla move in on local DNS provision, we must ensure that the user remains at the heart of the battle for data privacy. DNS encryption may keep ISPs from accessing your data, but it could potentially open the door for tech corporations to do so instead.
Interested in learning more about the implications of DNS control? Dr. Vixie delivered the keynote address at the 22nd International Avar Cybersecurity Conference, organized by ESET, which took place Nov. 6-9 in Osaka, Japan. You can find an exclusive interview with Dr. Vixie here.