Lawsuits for falsyfying DNS responses ?

As many may know, the province of Québec has passed a law to protect the
interests of its lottery corporation.

To do so, it will provide ISPs with list of web sites to block (aka:
only allow its own gambing web site).

There is an opportunity to comment this week in which I will submit.

(I've gathered many arguments over the past little while already). But
have a specific question today:

Are there examples of an ISP getting sued because it redirected traffic
that should have gone to original site ?

For instance, user asks for www.google.com and ISP's DNS responds with
an IP that points to a bing server?

If the risk of a lawsuit is real, then it brings new dimension to
arguments already made agains that (stupiod) Québec law.

(And it also creates interesting issues for DNS servers from companies
such as Google which may have a anycast server located in Québec but are
not considered an ISP and won't receive those documenst from the gov
with list of websites to block.

Hi,

You're talking about two different things here: blocking a DNS domain
and redirecting a domain.

While both are technologically ineffective countermeasures against
undesired content, I would expect the legal implications to be
different.

Regards,
Bill Herrin

This happened with Paxfire (and the ISPs that used them) in 2011.

  https://www.eff.org/deeplinks/2011/07/widespread-search-hijacking-in-the-us
  http://www.courthousenews.com/2011/08/08/38796.htm

Marcus

Blocking for that purpose usually means redirecting in practive. You'll
redirect to a page that explains why the original site is not available.

András

I believe that the CRTC has rules against censorship - meaning that Videotron, Bell etcetera have a choice between following the CRTC code or the provincial law (following one = sanctions from the other), rendering internet service provision to Québec impossible without being a dialup provider from out-of-province.

The law may even be actually contrary to federal law.

a message of 18 lines which said:

Blocking for that purpose usually means redirecting in
practive. You'll redirect to a page that explains why the original
site is not available.

It has practical consequences for the user: in France, DNS lies in
ISP's resolvers for "terrorist" sites redirect you to a Web site of
the police, which will get your source IP address and the site you
wanted (thanks to the Host: HTTP field). Clear blocking (DNS lie
returning localhost or NXDOMAIN) is a bit better for privacy. (But
less transparent about the censorship.)

Well "may" is not "must".

“260.34. An Internet service provider may not give access to an online
gambling site whose operation is not authorized under Québec law.

Note that most legal jurisdictions don't include RFC2119 as part of their
legal language.

Jean-Francois,

Canada's Anti-Spam Legislation has specific sections that makes altering of data illegal under the Act.

In my non-lawyer opinion, sections 10 (5) (b) and (e) would be violated by hijacking someone preference to go to Website A and replace it with Website B without their express consent to do so.

Source: http://laws-lois.justice.gc.ca/PDF/E-1.6.pdf

*Section 10 - 5 *

Description of functions

(5) A function referred to in subsection (4) is any of the following functions that the person who seeks express consent knows and intends will cause the computer system to operate in a manner that is contrary to the reasonable expectations of the owner or an authorized user of the computer system:

(a) collecting personal information stored on the computer system;

*(b) interfering with the owner’s or an authorized user’s control of the computer system; *

(c) changing or interfering with settings, preferences or commands already installed or stored on the computer system without the knowledge of the owner or an authorized user of the computer system;

(d) changing or interfering with data that is stored on the computer system in a manner that obstructs, interrupts or interferes with lawful access to or use of that data by the owner or an authorized user of the computer system;

*(e) causing the computer system to communicate with another computer system, or other device, without the authorization of the owner or an authorized user of the computer system; *

(f) installing a computer program that may be activated by a third party without the knowledge of the owner or an authorized user of the computer system; and

(g) performing any other function specified in the regulations.

It might be interesting to bring this to their attention, or the attention of your own lawyers for comment.

Cheers,

In article <c4dc7a7d-8295-e25c-5c76-7e17f682bf5b@gmail.com> you write:

Canada's Anti-Spam Legislation has specific sections that makes altering
of data illegal under the Act.

In my non-lawyer opinion, sections 10 (5) (b) and (e) would be violated
by hijacking someone preference to go to Website A and replace it with
Website B without their express consent to do so.

That section only applies to 10(4) which is about getting permission
to install downloaded software.

Description of functions

(5) A function referred to in subsection (4) is any of the following
functions ...

I don't think the Quebec law is a good idea, or is likely to be
effective, but I also don't think it has preemption issues.

R's,
John

When worded this way in a legal context, I’m pretty sure it is equivalent.

That is “may not” means “is not allowed to”.

Owen

Canada's Telecom Act (*) dates from 1993, which predates the Internet
being a primary transporter that drives the economy.

The clause being looked at by the CRTC is 36:

Content of Messages

36 Except where the Commission approves otherwise, a Canadian carrier
shall not control the content or influence the meaning or purpose of
telecommunications carried by it for the public.

There is not explicit clause about a carrier not modyfying content or
blocking access, so one has to frame an issue to fit existing clauses.

(For instance, network neutrality is driven mostly by 27(2)

(2) No Canadian carrier shall, in relation to the provision of a
telecommunications service or the charging of a rate for it, unjustly
discriminate or give an undue or unreasonable preference toward any
person, including itself, or subject any person to an undue or
unreasonable disadvantage.

The CRTC asked for supporting evidence to allow it to reach a conclusion
that the Québec plan would force ISPs to breach the federal
telecommunication law.

Because so far, only lawyers have been involved, they have not
understood the implications of forcing ISPs to give false DNS answers
which goes beyond just blocking packets.

(For instance, most ISPs will block packets destined to an external port
25 to reduce spam being emitted by infected customers, but they allow
any/all email to be sent via their own servers. There is an element of
controlling content but was never challenged.

Because Section 36 allows the CRTC to approcve some control of content,
it is important to show that the type of control being requested by the
QC government show never be allowed because it is far worse than just
blocking port 25.

(*) http://laws-lois.justice.gc.ca/eng/acts/T-3.4/FullText.html

Please explain to me how one modifies a request or response without
managing to “control the content” or “influence the meaning or purpose”?

Blocking a request or simply failing to answer MIGHT be within the law,
but returning a false record certainly seems to me that it would run afoul
of the law cited.

Owen

Blocking would also be a form of control. Because Section 36 has a
"unless authorized by CRTC" escape clause, one has to show to the CRTC
that granting permission would be bad.

Since court proceedings have already begun, it is likely the CRTC will
be involved in court, at which point, the more evidence they have, the
more chances they have of arguing against the QC loterry censorship.