Google’s Centralized DoH Plan Could Grow Online Child Sexual Abuse and Break Safety Filters
From high speed Internet, 4G/5G, smartphones, streaming media, social media apps, to TOR and centralized DoH the amazing technological advances revolutionizing our daily lives have also been adapted—with incredibly devastating “success”—to further criminal and sexually exploitative ends.
It’s been more than 20 years since I first became involved in the movement to end sexual exploitation. I started out as a very small actor in the effort to pass what we today call the Trafficking Victims Protection Act (TVPA). In those days, our primary way of sending advocacy letters to members of Congress was by fax and we accessed the Internet via noisy and slow dial-up connections. None of us advocating to end sex trafficking then could have envisioned the wide-ranging impact that technological advances would have in expanding and normalizing sexual exploitation in the U.S. and around the world.
The New York Times’ report titled “The Internet is Overrun with Images of Child Sexual Abuse” gives us one such gut-wrenching glimpse into this reality and is a must read.
As a Gen Xer and someone not interested in technology or highly adaptive to change, I was only too happy to let the rapidly shifting technological landscape pass me by. Life in the slow lane with my hard bound books and flip phone was just fine with me. If great civilizations throughout the millennia could flourish without the aid of smartphones, e-readers, and texting then so could I!
Perhaps this may have been true if I had a different career but, as I have much too slowly come to realize, as an advocate for the abolition of sexual abuse and exploitation understanding the intricacies of tech is not an option—it’s essential. The scale of the threats posed by the reckless, and sometimes nefarious, powerbrokers in the world of Big Tech make it imperative that advocates—be they frontline social workers, program directors, coalition leaders, parents, or policymakers—dig into technology issues.
At NCOSE we’ve recently been wrestling with one such issue: DNS to HTTPS encryption (DoH). It’s a big doughy mess of a topic for techies and non-techies alike that just so happens to be of crucial importance to not only how the Internet works, but also to maintaining the ecosystem of filter and anti-malware systems that help keep us all safe online and, very importantly, which also help us prevent sexual exploitation online.
The Domain Name System (DNS) is the system by which we retrieve information on the Internet through domain names like dictionary.com. Commonly referred to as the “phone book” of the Internet, the DNS converts website names, which are easily readable by people, to Internet Protocol (IP) addresses, which are unique numerical labels that get linked to your online activity. DNS servers are the computers which together form the system by which domain names are translated into IP addresses.
The current DNS system is open and decentralized; Internet Service Providers (ISPs) route, or direct, Internet traffic based on the visibility of user domain name requests for specific sites. This “architecture” facilitates both policing and filtering. Internet safety tools and filters used by parents, libraries, and schools often rely on the ability of ISPs to “see” DNS addresses in order to keep children safe online.
Internet security experts are working to increase Internet privacy and security—very necessary and worthy goals—by securing domain name searches, which at present can be monitored, intercepted, and misdirected. One option developed by the Internet Engineering Task Force (IEFT) is a new protocol, DNS over HTTPS (DoH), which encrypts user domain name queries over a secure HTTPS connection to a DNS server, rather than by a standard unencrypted DNS connection.
So far, so good… except that key browser and mobile operating system providers are set to deploy DoH on a centralized basis (“centralized DoH”). This will dramatically change the Internet by rerouting web traffic in ways that will likely make many child protection tools and filters obsolete.
Just who are those “key browser and mobile operating system providers”? None other than Google and Mozilla. Mozilla Firefox, in partnership with Cloudflare, began its rollout of DoH in late September. Google intends to roll out its DoH protocol as the default setting on its Chrome browser starting October 22, and is also poised to implement this system on Android devices.
Yes, that’s the same Google that already controls 70% of the browser market and which, as reports have revealed, has an apparent track record of supporting entities like Backpage.com that are now under federal prosecution for sex trafficking.
All search activity using Google browsers will be encrypted and hidden from everyone—including law enforcement—except Google. Google will in effect, encrypt all information funneled through its products and direct it to land on its own server where Google will house all of our data. Thus, DNS will be centralized by one major entity: Google..@google's centralized DoH plan will dramatically change the Internet by rerouting web traffic in ways that will likely make many child protection tools and filters obsolete. Click To Tweet
Because Google and Mozilla’s iteration of DoH will make it harder to identify illegal content normally blocked by the ISPs, it could disrupt the way many tools function to protect children in homes, libraries, and schools. Since all domain name queries will be encrypted, traditional tools developed for child safety may be broken and countless images of child sexual abuse victims could potentially become widely accessible.
For a crash course on DoH and the security risks involved, we encourage you to check out these articles and reports:
- Understanding DNS Over HTTPS – DoH
- How much do you trust your browser? Are they search engines or ad platforms?
- DNS-over-HTTPS causes more problems than it solves, experts say
- Centralized DoH is bad for privacy in 2019 and beyond
- DNS over HTTPS: Why we’re saying DoH could be catastrophic
- UK: Open Letter to the Secretary of State for DCMS regarding DNS over HTTPS
- CENTR Issue Paper on DNS to HTTPS
- Dutch government explains the risks behind DNS-Over-HTTPS Move
In light of the staggering implications of centralized DoH for online sexual exploitation, NCOSE and nineteen other groups sent a letter to members of the House and Senate Judiciary and Commerce Committees urging them to look into the unforeseen consequences of DoH and to press Google and Mozilla to prioritize child safety online.
You can take action too! Please study this issue. Contact your congressional offices and ask them to slow down Google and Mozilla’s unilateral decision to centralize DoH. Also, sign our petition to Google! It’s time to tell the titans of tech that the safety and well-being of children online is not a tech experiment. All stakeholders need to be involved in DoH implementation and child safety online must no longer be an afterthought to the tech industry.
1 – Zak Doffman, “Google Chrome Update – ‘A Threat to Children, Cybersecurity and Government Snooping,’” Forbes (April 22, 2019), forbes.com/sites/zakdoffman/2019/04/22/crisis-as-changes-to-google-chrome-threaten-child-safety-and-cybersecurity/#6649e1f45704.\
2 – Shane Tews, “Should Big Tech be the Sole Operator of the Internet’s Domain Name Infrastructure” (June 25, 2019), aei.org/publication/should-big-tech-be-the-sole-operator-of-the-internets-domain-name-infrastructure.
3 – Danny Bradbury, “Google Experiments with DNS-over_HTTPS in Chrome,” Naked Security (September 12, 2019), nakedsecurity.sophos.com/2019/09/12/google-experiments-with-dns-over-http-in-chrome.
4 – Fred Langford, “DNS over HTTPS: Why We’re Saying DoH could be Catastrophic,” Internet Watch Foundation (July 17, 2019), iwf.org.uk/news/dns-over-https-why-we’re-saying-doh-could-be-catastrophic.
5 – Tews, ibid.