An absurd thing is happening in the halls of Congress. Major ISPs such as Comcast, AT&T, and Verizon are banging on the doors of legislators to stop the deployment of DNS over HTTPS (DoH), a technology that will give users one of the biggest upgrades to their Internet privacy and security since the proliferation of HTTPS. This is because DoH ensures that when you look up a website, your query to the DNS system is secure through encryption and can’t be tracked, spoofed, or blocked.
But despite these benefits, ISPs have written dozens of congressional leaders about their concerns, and are handing out misleading materials invoking Google as the boogeyman. EFF, Consumer Reports, and National Consumers League wrote this letter in response.
The reason the ISPs are fighting so hard is that DoH might undo their multi-million dollar political effort to take away user privacy. DoH isn’t a Google technology—it’s a standard, like HTTPS. They know that. But what is frustrating is barely two years ago, these very same lobbyists, and these very same corporations, were meeting with congressional offices and asking them to undo federal privacy rules that protect some of the same data that encrypted DNS allows users to hide.
ISPs Want to Protect an Illegitimate Market of Privacy Invasive Practices to “Compete” with Google’s Privacy Invasive Practices, Congress Should Abolish Both
Congress shouldn’t take its cues from these players on user privacy. The last time they did, Congress voted to take away users’ rights. As long as DNS traffic remains exposed, ISPs can exploit our data the same way that Facebook and Google do. That’s the subtext of this ISP effort. Comcast and its rivals are articulating a race to the bottom. ISPs will compete with Internet giants on who can invade user privacy more, then sell that to advertisers.
The major ISPs have also pointed out that centralization of DNS may not be great for user privacy in the long run. That’s true, but that would not be an issue if everyone adopted DoH across the board. Meaning, the solution isn’t to just deny anyone a needed privacy upgrade. The solution is to create laws that abolish the corporate surveillance model that exists today for both Google and Comcast.
But that’s not what the ISPs want Congress to do, because they’re ultimately on the same side as Google and other big Internet companies—they don’t want us to have effective privacy laws to handle these issues. Congress should ignore the bad advice it’s getting from both the major ISPs and Big Tech on consumer privacy, and instead listen to the consumer and privacy groups.
EFF and consumer groups have been pleading with Congress to pass a real privacy law, which would give individuals a right to sue corporations that violate their privacy, mandate opt-in consent for use of personal information, and allowing the states to take privacy law further, should the need arise. But many in Congress are still just listening to big companies, even holding Congressional hearings that only invite industry and no privacy groups to “learn” what to do next. In fact the only reason we don’t have a strong federal privacy law because corporations like Comcast and Google want Congress to simply delete state laws like California’s CCPA and Illinois’s Biometric Protection Act while offering virtually nothing to users.
DNS over HTTPS Technology Advances More than Just Privacy, It Advances Human Rights and Internet Freedom
Missing from the debate is the impact DoH has on Internet freedom and human rights in authoritarian regimes where the government runs the broadband access network. State-run ISPs in Venezuela, China, and Iran have relied on insecure DNS traffic to censor content and target activists. Many of the tools governments like China and Iran rely on in order to censor content relies on exposed DNS traffic that DoH would eliminate. In other words, widespread adoption of encrypted DNS will shrink the censorship toolbox of authoritarian regimes across the world. In other words the old tools of censorship will be bypassed if DoH is systematically adopted globally. So while the debate about DoH is centered on data privacy and advertising models domestically, U.S. policymakers should recognize the big picture being that DoH can further American efforts to promote Internet freedom around the world. They should in fact be encouraging Google and the ISPs to offer encrypted DNS services and for them to quickly adopt it, rather than listen to ISP’s pleas to stop it outright.
For ISPs to retain the power to censor the Internet, DNS needs to remain leaky and exploitable. That's where opposition to DoH is coming from. And the oposition to DoH today isn't much different from early opposition to the adoption of HTTP.
EFF believes this is the wrong vision for the Internet. We've believed, since our founding, that user empowerment should be the center focus. Let's try to advance the human right of privacy on all fronts. Establishing encrypted DNS can greatly advance this mission - fighting against DoH is just working on behalf of the censors.