The Protect IP Act is a bill proposed by Sen. Patrick Leahy of Vermont as replacement for the failed Combating Online Infringement and Counterfeits Act (COICA). The bill was passed by committee today but blocked by Sen. Ron Wyden of Oregon. Wyden also blocked COICA.

Among the various proposals in the act is one that would use The Domain Name System (DNS) to block blacklisted websites. This element of the proposal has come under fire from several security researchers who have published a paper titled Security and Other Technical Concerns Raised by the DNS Filtering Requirements in the PROTECT IP Bill.

One of the co-authors is Dan Kaminsky, the security researcher famous for discovering a serious DNS security flaw. On his blog Kaminsky writes: "Filtering DNS traffic will not work, and in its failure, will harm both the security and stability of the Internet at large."

The paper highlights the value of DNS to both economic growth and cybersecurity, and says that the bill's DNS provisions would undermine other security systems that use DNS to detect and mitigate threats. "The site redirection envisioned in Section 3(d)(II)(A)(ii) is inconsistent with security extensions to the DNS that are known as DNSSEC. The U.S. Government and private industry have identified DNSSEC as a key part of a wider cyber security strategy, and many private, military, and governmental networks have invested in DNSSEC technologies," the report says.

The report also says that DNS filtering would be ineffective at stopping Internet piracy because the filters will be circumvented easily. It further notes that there could be "collateral damage" to non-infringing sites blocked due to infringing material elsewhere on a domain, which is what happened earlier this year when Homeland Security seized

The bill has been blocked for now, but we have the feeling Leahy and the other architects of the bill will be back.