#4 - DNS4EU, British campaign against E2E encryption and Google Analytics illegal in EU
DNS4EU: recursive European DNS resolver service infrastructure
The European Health and Digital Executive Agency (HaDEA) announced an EU-wide, secure DNS solution that adheres to the GDPR. Most of the initiatives to boost the European digital competitiveness are ignored by the media because they focus on the underlying infrastructure. Not fancy and hard to grasp.
But the recursive European DNS resolver service infrastructure (aka DNS4EU) is a different kind of beast. It will serve “socio-economic drivers, public, corporate and residential internet end-users in the EU, and offering exceptionally high reliability and protection against global cybersecurity threats and those specific to the EU.”
The Call For Proposal pinpoints the challenges for the European members, like relying on a few public DNS resolvers operated by non-EU entities, a lack of significant EU investment to detect and filter local cyber-threats, and not processing the DNS data adhering to EU privacy and data protection rights. The European Commission (EC) will grant 14 million euros to a consortium of a minimum of 3 applicants from 3 different eligible countries to deliver up to 31.12.2026.
But a recursive DNS is not an obscure hardcore cloud technology. It’s a pervasive technology any device connected to an IP network needs. The Internet Engineering Task Force created the Domain Name System (DNS) in 1983 to serve as the phone book for the Internet by translating human-friendly computer hostnames into IP addresses. So why is the EC pushing DNS4EU as a public initiative now?
The user information obtained from a DNS service is valuable. If Data is the new Oil, DNS is an oil well. Telecoms were the natural place for DNS services, but there is no place for the middle-men in the plans drafted in the San Francisco headquarters of Big Techs. Google, Cisco, and Cloudflare decided to go and dig their wells, luring the user with promises of better performance, higher reliability, or simply an easy-to-remember IP address.
How are DNS4EU going to lure the Europeans? The most appealing reason is strict adherence to the GDPR and the promise not to monetize our data. Call me skeptical, but the CFP says it will improve the threat detection service using… users’ data.
The second reason is localized threat detection and parental control. The Swiss NGO Quad9 or the Russian Yandex already offers these services. Does it make sense to implement localized threat countermeasures? It seems so.
And the third reason is Law enforcement. Filtering of URLs leading to illegal content based on legal requirements applicable in the EU and national jurisdictions. European Telecoms have been collaborating, but things are becoming tricky with some providers. For example, the Quad9 and Sony affair last summer.
What about the European companies? The EC wants to offer Premium and Wholesale services to companies in the EU jurisdictions. The model is: companies pay us for enhanced security services. Do they want to compete against the Telecom providers or Umbrella Cisco? It seems so, as ridiculous as it sounds.
If I read the document after exchanging the word “European” with “Russian” or “Turkish,” I would assume that these countries want to control internet access having the key to subversive content against their regime. But we are talking about the European Union, so I will assume the DNS4EU is for good and the sake of safety.
British campaign against E2E encryption
The British government sponsors a No Place to Hide campaign to keep children safe online. But we can read:
We are not opposed to end-to-encryption in principle and fully support the importance of strong user privacy
In principle, the campaign wants to keep children away from sex abusers. But it is entirely focused on the argument that E2E encryption would impede efforts to tackle child exploitation online.
The campaign aims to mobilize public opinion against secure messaging and the companies supporting end-to-end communications—an excellent piece by Rolling Stone.
Is Google Analytics illegal in the EU?
On December 22, the Austrian data regulator said Google Analytics breached the GDPR. The data sent to the US was not protected adequately against potential access by US intelligence agencies. Following a July 2020 ruling, it was decided that Privacy Shield, the mechanism used by thousands of companies to move data from the EU to the US, was illegal. The decision applies only in Austria and isn’t final. But there are filed 100 other cases with other data protection authorities across Europe.
I guess things will evolve faster now. I think it’s a good idea to bookmark this page.
More stuff
Microsoft acquired Activision by a whopping $68M agreement.
A security bug affects all the latest safari versions that could filtrate your identity and fingerprint you.
Tonga’s outage due to the volcano eruption was one of the longest affecting countries.
The music snippet
U2 knows us Europeans so well…