Google's Plans To Add DNS Encryption To Chrome Under Antitrust Scrutiny

Photo: Carsten Koall, AP

Antitrust investigators with the U.S. House Judiciary Committee are looking into Google’s plans to add Domain Name System over Transport Layer Security (DNS over TLS) to its Chrome browser, the Wall Street Journal reported on Sunday, in the latest escalation of scrutiny over the company’s business practices. The U.S. Department of Justice has also heard complaints, a source told the paper.

DNS translates a domain name (such as gizmodo.com.au) into an IP address. It’s essentially an internet phonebook. While encryption tech like HTTPS is already in place across much of the web, DNS is currently largely unencrypted by default, meaning it’s possible for service providers to ascertain which web sites a user is visiting and thus monetise traffic records.

Google has reportedly been integrating TLS, an additional layer of encryption, into DNS in Chrome — which the Journal notes could protect users against spoofing attacks or unauthorised snooping into their web traffic, but could also prevent the many “service providers who don’t support the new standard from observing user behaviour in gathering data.”

Opponents have also raised concerns that as Google controls 64 per cent of the worldwide browser market and operates its own DNS system, Google Public DNS, the company could flip a switch transferring Chrome users away from service provider-operated DNS. That, the critics say, could allow Google to gain an unfair advantage over user behaviour data invaluable for advertising purposes.

In a September 14 letter to the company, investigators with the House committee asked Google for more information on why it is promoting DNS over TLS and whether any of the data collected or processed will be used for profit, the Journal wrote.

“Because the majority of world-wide internet traffic… runs through the Chrome browser or the Android operating system, Google could become the overwhelmingly predominant DNS lookup provider,” a coalition of service providers wrote in a letter to lawmakers this month, per the Journal. “Google would acquire greater control over user data across networks and devices around the world. This could inhibit competitors and possibly foreclose competition in advertising and other industries.”

“Right now, each internet service provider has insight into the traffic of their users, and that’s going to shift,” chief security officer Andy Ellis of Akamai, which does not support the new standard, told the Journal.

Google is planning on starting tests with the new protocol involving one per cent of its user base, a less “aggressive strategy” than Mozilla’s Firefox, which the Journal wrote plans to switch users “to the new standard automatically, even if the change involves switching their DNS service providers.” Google denied that it has any plans to become “the centralised DNS provider,” while Mozilla has characterised the issue as griping by service providers who fear it will make it harder to track users for ad purposes, the paper wrote:

“Google has no plans to centralise or change people’s DNS providers to Google by default. Any claim that we are trying to become the centralised encrypted DNS provider is inaccurate,” the company said in an emailed statement.

... Mozilla sees the antitrust concerns raised about Google as “fundamentally misleading,” according to Marshall Erwin, Mozilla’s senior director of trust and safety.

Service providers are raising these concerns to undermine the new standard and ensure that they have continued access to DNS data, he said.

It is unclear how much weight House investigators are giving to the complaints or whether DNS over TLS is likely to play a major role in Google’s ongoing headaches with the government. For example, Senator Rob Wyden recently urged the U.S. Department of Homeland Security to implement DNS over TLS and similar technologies on government websites, and it was only in 2017 that Congress overturned rules requiring service providers to ask for permission before selling user data. The idea that anyone other than service providers wants to make it as easy as possible for service providers to track users’ web activities for financial gain also seems like more than a bit of a reach.

But Google, which essentially owns the entire web search market worldwide and shares an online ad duopoly with Facebook, has had a rough few months as regulators in DC and across the country have begun dissecting the titan’s business practices as part of a broader shift in official opinion against big tech firms.

Fifty U.S. state and territorial attorneys general have signed on to an antitrust investigation focused on the company’s advertising business (and reportedly recently secured the assistance of high-profile consultants including a former Microsoft counsel).

The DOJ, which is conducting its own antitrust inquiry, has requested Google’s parent company Alphabet begin handing over documents. The aforementioned House panel, as well as the U.S. Senate Judiciary Committee, have been pressuring American federal authorities to hold tech companies’ feet to the fire.

Its troubles aren’t isolated to the U.S.: As the New York Times noted, European regulators have fined Google “for unfair advertising practices, for favouring its own services over those of rivals and for forcing phone makers to include its apps if they want to use its Android operating system.”

[Wall Street Journal]

Trending Stories Right Now