German court case could have huge repercussions for anyone who uses the internet
All internet users rely on something called the Domain Name System (DNS). Recursive DNS resolvers are the phone books of the internet. Every user interacts with a DNS resolver, which translates URLs into IP addresses, sending internet traffic to the right location.
In 2021, a German court ordered DNS resolver Quad9 to block a site on the basis of an allegation that the site linked to another site that contained pirated material. A law firm hired by Sony Entertainment had visited the site in question.
However, there has been no evidence presented that any Quad9 user actually visited the site or downloaded any copyrighted material. The site in question doesn’t actually house the copyrighted material, it’s more akin to a search engine that was used to access the site with illegally hosted content.
Internet Service Providers (ISPs) and other third-party intermediaries enjoy certain liability protections that limit their ability to be charged in similar circumstances. Yet, the courts have failed to apply these protections to Quad9, despite the role of DNS resolvers as mere conduits. And a key consideration is that the court upheld the damages based on Quad9’s failure to block an allegation by Sony, prior to any legal finding.
The court compelled Quad9, which although a Swiss entity is bound by convention to German civil law in Europe, to no longer resolve DNS queries to the site. This effectively makes the site inaccessible to users who only use Quad9’s service for DNS lookups.
Of all the potential DNS resolvers Sony could pursue, it chose Quad9, a non-profit whose small legal budget is funded significantly by donations. Quad9 lost its initial appeal to the decision, and a full case will be held this year. If the decision is upheld, DNS resolvers would have to block websites upon the assertion of a problem by any rightsholder, rather than by a court determination.
Impact on internet users
This case’s outcome could have huge repercussions for anyone around the world who uses the internet. Rightsholders, such as Hollywood and music studios, in effect could conscript all types of technology businesses into a private, digital police force. This could mean that anyone who claims to be a rightsholder and who also claims that a site houses infringing content could bring forth a case, and the technology provider would be compelled to block the site immediately, without due process.
It’s a “building block” that could be used to create filters not just in Germany, but in the rest of the European Union. And it’s not just DNS resolvers that would be affected. Providers of other types of technical infrastructure components, like virtual private networks, firewalls, content delivery networks, and even hardware manufacturers, could also be held liable.
This case will likely create a feeding frenzy of rightsholders bringing similar cases, quickly overwhelming any ability to defend against them. It will create undue burdens on service providers as well as the courts. If “block on demand” becomes normalized, other entities such as governments could begin to exercise this ability, potentially leading to limits on free speech.
Impact on Americans
January 2022 marked 10 years since the defeat of the Stop Online Piracy Act, which would have censored the web and required site blocking in similar ways as this case. Proponents of the legislation cited doomsday scenarios for content creators and the intellectual property market. However, in the 10 years since, these entities have continued to flourish.
Sen. Thom Tillis (R-N.C.), the top Republican on the Senate Judiciary intellectual property subcommittee, has expressed interest in a pro-rightsholder amendment to the Digital Millennium Copyright Act (DMCA), which has provided the backbone of digital copyright enforcement in the U.S. since 1998.
The desired outcomes of this amendment are eerily similar to what was proposed with SOPA. Tillis wants to make site blocking much easier. “The law simply hasn’t kept pace with changes in technology,” he said in 2020. “The DMCA is now antiquated and is past-due for modernization.”
In an October 2020 tweet, Tillis — in support of other Republican senators — said, “It’s past time [Big Tech CEOs] answer for … their willingness to allow for rampant online piracy and copyright infringement.”
Although the Sony case is in Germany, there is no “German-version” of Quad9 or any similar product. Blocking sites in Germany means the sites are then blocked globally. Do Americans want EU courts dictating their access to web content?
(Big) impact on technology companies
This precedent creates an incredibly burdensome environment for technology providers. They could potentially — at any time — have any rightsholder demand that they block a site or application. Larger technology companies have the legal resources to fight back. But smaller companies, startups, and non-profits do not. Their default will be to comply.
Quad9 is based in Switzerland, and yet this case is happening in Germany. Is any European company that has German customers now fair game? Any business that has customers in Germany, or does business of any kind in Germany, may be liable under this precedent.
Resolvers don’t have the ability to block only a single page or file; to comply, they must block the entire site. With billions of interconnecting links between sites, blocking of entire domains could have far-reaching consequences on information accessibility. The infrastructure cost to resolvers is also being overlooked. Unlike global search engines, resolvers like Quad9 lack the ability to hire additional employees to handle copyright-related complaints or overhaul technology.
Better way forward
“Block on demand” is not an effective strategy for combating piracy or other digital crime. To allow corporations to force DNS resolvers to block sites via cease-and-desists is a slippery slope toward sanctioned censorship. We comply with laws that protect the public, not requests from private companies looking to protect their own interests.
The E.U. has emerging legal frameworks that pay close attention to proportionality and are punitive toward bad actors, not technology or infrastructure providers.
Specifically, the Digital Services Act (DSA), an EU framework for rules governing digital services, classifies recursive DNS resolvers and intermediary software as mere conduits. A technology company such as a firewall provider could not be sued for letting through a site that has pirated content.
If legislation is passed in the U.S., it should mirror DSA. Maintaining freedom leads to better access to information and a free and open Internet. If there are going to be frameworks, they should permit DNS resolvers and other technology providers to be classified as mere conduits.
Ken Carnesi is the CEO and founder of DNSFilter, a DNS threat protection solution that uses artificial intelligence to protect organizations from online security threats. He previously started the company Anaptyx in 2007 while attending Boston College, earning him a spot on EMPACT’s “30 under 30” list two years in a row.