UK's GCHQ Takes A Page From China, Plans To Build A Great British Firewall

from the well,-that's-just-dandy dept

Generally speaking, taking cues from China on things like best ways to censor the internet... probably isn't the best idea. Yet, it appears that's exactly what the UK's big surveillance agency, GCHQ is doing. The "Director-General of Cyber" (that's a thing? yikes!) at GCHQ, Ciaran Martin, gave a speech at a cybersecurity summit in DC recently and announced exciting plans to censor the UK internet at a DNS level. No, really.

Finally, we're exploring a flagship project on scaling up DNS filtering: what better way of providing automated defences at scale than by the major private providers effectively blocking their customers from coming into contact with known malware and bad addresses? Now it's crucial that all of these economy-wide initiatives are private sector led. The Government does not own or operate the Internet. Consumers must have a choice. Any DNS filtering would have to be opt out based. So addressing privacy concerns and citizen choice is hardwired into our programme.

Of course, while the reasoning and sentiment may sound good, we've pointed out time and time again how DNS filtering, in particular is a really bad idea that actually does more harm than good for internet security. The internet works under the expectation that when you put in an address, the DNS system returns with info from the proper server.

And, of course, once you start mucking with the DNS system for filtering out stuff that you consider to be "malware" or "bad addresses" you open it up to much worse. You also end up validating China's Great Firewall, since China just responds that their use of DNS filtering is also used to block "bad addresses." It's just that they have a different interpretation of what's "bad."

Filed Under: ciaran martin, dns, filter, firewall, gchq, great british firewall, great firewall, uk