EU Plans to Build Its Own DNS InfrastructurePrimary Aims: Enhance Resilience, Cybersecurity, Privacy and Data Protection Rights
The European Union has initiated plans to build its own high-performance and secure DNS infrastructure to reduce increasing reliance on a few public DNS resolvers operated by non-EU entities, says the European Commission in its tender.
The main aim of the service, which is called DNS4EU, is to provide a high level of resilience, cybersecurity and data protection, and privacy to everyone located in the EU and in accordance with the EU's laws, which include GDPR.
The commission has also proposed making this DNS service available to all EU citizens and organizations for free as well as on a paid premium service basis for corporate users with additional security and performance facilities.
A commission spokesperson tells Information Security Media Group, "This initiative addresses the lack of significant EU investment in free and public DNS resolution and enables the deployment of an alternative to existing solutions in a market that is characterized by a consolidation of this service in the hands of a few non-EU providers."
The Key Benefits
The commission says this new DNS infrastructure proposition is crucial because "the processing of DNS data can have an impact on privacy and data protection rights" of internet users in EU. The deployment and usage of this new infrastructure means that data protection and privacy will be strictly governed by rules applicable in the EU - such as GDPR, among others - and this will "ensure that DNS resolution data are processed in Europe and personal data are not monetized."
Currently, many DNS resolvers do not recognize EU privacy legislation, such as GDPR and ePrivacy, and could potentially allow operators to track user activity clandestinely and block or manipulate requests such as inserting advertisements and custom search results.
The commission spokesperson tells ISMG that DNS4EU will "increase protection against malicious activities based on both global and EU threat feeds and intelligence shared through information exchange with trusted partners that includes national CERTs."
The other key benefits of DNS4EU, according to the European Commission, are:
- It is a high-end alternative to existing dominant non-EU public DNS resolvers.
- It will test and deploy innovative technologies to enhance internet access security and privacy.
- It will support all modern DNS standards and technologies, such as DNSSEC, DoT andDoH, and at the same time be IPv6-compliant.
The commission spokesperson says the European Commission has earmarked 14 million pounds ($15.9 million) funding under the digital part of the Connecting Europe Facility program, or CEF Digital.
The Controversial Filtering Feature
The commission has also proposed a built-in filter that will block DNS name resolutions for bad domains, such as those hosting malware, phishing sites or other cybersecurity threats, based on intelligence shared by its own local and international partners.
In addition, the European Commission plans to block access to other types of data and URLs containing illegal content, which it says could be carried out based on court orders.
The word "illegal content" published in the tender has engendered controversy for the commission on social media. Andre Jonker, who describes himself on Twitter as an information security expert, calls the filtering and DNS4EU initiative a censorship project and compares them to those in China and Russia.
Patrick Breyer, member of the European Parliament for the German Pirate Party, says on his chaos.social account that his party believes "orders to remove allegedly illegal content should be left to independent courts, not government-controlled authorities."
In response, the commission spokesperson tells ISMG that DNS4EU is not a mandatory but a complementary service that users are free to choose. "Users can remain with their current DNS resolution service or opt for any other public DNS resolver. We are suggesting that users outside of the EU can also choose DNS4EU as their preferred DNS resolver. Internet service providers such as telecom operators and other organizations offering DNS resolution could also make use of DNS4EU."
Regarding censorship, the spokesperson says: "DNS4EU is a technical infrastructural project and has no relation with issues such as censorship or freedom of speech. The EU is committed to firmly defending online rights and freedoms and this initiative is meant to support such rights and the open internet."
The spokesperson tells ISMG: "Illegal content is content violating law applicable in the EU or in the national jurisdictions of its member states, where the violation as such and the corresponding request to filter URLs leading to this illegal content has been established following applicable legal procedures and in full compliance with applicable EU rules, e.g., court orders. There are no additional parameters for defining illegal content, other than existing ones concerning filtering. All resolution services available today should also comply with these norms, and DNS4EU will not be different."
'It's About Time'
Alan Calder, CEO of GRC International Group, says he welcomes this initiative and tells ISMG that it was about time the EU thought of building its own infrastructure. He says: "We are increasingly moving into an era of data regionalization, particularly for personal data. Given that transfers of personal data from the EU to the U.S. are now so difficult to do legally, it makes sense for the EU to be looking at building out a regional infrastructure that enables member states to host data locally in compliance with EU laws and regulations."
In a blog post published on Wednesday, Kent Walker, president of global affairs and chief legal officer at Google, wrote about the current data framework that is causing issues between the EU and the U.S. and "the lack of legal stability for international data flows facing the entire European and American business ecosystem."
In his closing statements, the commission spokesperson says, "The deployment of DNS4EU will diminish the dependency on these major public resolvers and reduce vulnerabilities caused by potential outages of a small number of resolvers" - which was exactly the case recently when Enom, a DNS resolving company, faced an outage for nearly three days that caused a massive outage for thousands of websites that use the platform (see: Enom's Data Center Migration Leaves Customers ‘Trapped').