While the fight against hacking takes on an increasingly technical dimension, public DNS resolvers like those of Google, Cloudflare or Cisco/Opendns are now found in the direct scope of judicial injunctions. In France, Belgium and Italy, several recent decisions require these companies to block access to sites deemed illegal. If the objective is to slow down the dissemination of hacked content, the implementation methods reveal very contrasting approaches on the part of the actors concerned. And, in filigree, their global strategies in the face of European digital sovereignty.
From technical role to political role
Long considered a neutral technical infrastructure, the DNS system (DNAMAL NAME SYSTEM) makes it possible to translate a domain name in IP address. Public resolvers such as 8.8.8.8 (Google), 1.1.1.1 (Cloudflare) or opendns are widely used for their speed and reliability, in particular those who wish to bypass restrictions imposed by their access provider. This bypass role makes it a logical target for rights holders and regulators.
By demanding from these services that they redirect, intercept or block certain DNS requests, European jurisdictions deeply modify expectations vis-à-vis these infrastructure. They become active actors in content regulation, even when they are not legally responsible for them.
Opendns, cloudflare, google: three answers, three doctrines
Faced with these decisions, the companies concerned adopt very different answers, which testify to their tolerance to risk, their relationship to European space and their conception of the neutrality of infrastructure.
Cisco/Opendns has chosen a radical path, rather than complying with the injunctions, the company simply has withdrawn its Belgian market serviceas she had already done in France. This withdrawal, presented as temporary, amounts to bypassing the obligation by deactivating access to the service for users located in these countries. The posture of Cisco seems to be guided by a desire to protect itself from any indirect responsibility and to disengage from conflicts of jurisdiction.
Cloudflarefor its part, opts for a more nuanced solution. The company indicates in its transparency reports that it does not directly modify the responses of its DNS public resolver. In practice, users attempting to access the areas referred to in the countries concerned are redirected to an HTTP 451 error page, a code specifically dedicated to the contents made unavailable for legal reasons. Cloudflare evokes the use of “alternative mechanisms”, without precisely detailing their nature. This compromise makes it possible to respect decisions without publicly denying the principles of technical neutrality.
Googlefinally, adopts a silent approach. When a user attempts to access a blocked area via their DNS resolver, the request is simply refused. No explicit message is displayed, no alternative content is offered. The user receives a “unresolved” type error, identical to that caused by a technical failure. This method makes the measureable measure for the majority of Internet users, but also deprives information about the origin of the blocking.
A strategic reading of postures
These differences in treatment are not just technical choices. They reflect strategies of global actors faced with national injunctions. In the case of opendns, rapid withdrawal can be analyzed as a desire not to create a precedent, nor to find itself to have to arbitrate between different legislation. It is also a way to mark a red line on the principle of non-interference.
Cloudflare’s strategy, more ambivalent, seeks to preserve both the image of a responsible player and that of a free internet defender. By avoiding explicit blockages in DNS while respecting the letter of judicial decisions, the company tries to set up a permanent negotiation space.
As for Google, its very discreet method, allows you to comply technically while Minimizing the public exhibition. This could reflect internal arbitration between imperatives of conformity and preservation of its reputation with users. However, this discretion goes against certain judicial recommendations, such as that of the Belgian court which required redirection to an informative page.
Implications that exceed the only question of hacking
These orders and the responses they arouse are part of a dynamic of a recovery in the Internet infrastructure by states. By imposing rules on technical service providers located outside their borders, national courts are testing the limits of their power. This phenomenon contributes to a form of network fragmentation, where access to the same service varies according to the geographic position and the DNS resolver used.
The impact of these decisions is not limited to Europe. In the United States, a bill is considering similar measures. If they were adopted, the American giants would be caught between several jurisdictions imposing sometimes contradictory obligations.
Increased transparency requirement
Whatever the technical choice, a constant emerges with the growing requirement of transparency. The use of HTTP 451 code, databases like Lumen, or transparency reports are all attempts to better inform users. Conversely, the absence of a message, as with Google, feeds confusion. However, when it comes to access to information, the clarity of the blocking process becomes as important as its implementation.
