Malaysia's 'draconian' DNS Redirection Plan
"This is how even investors are afraid to come to Malaysia. The government can change policies overnight"
Malaysia’s recent decision (August 2024) to expand its Domain Name Server (DNS) blocking capabilities, followed by a swift reversal of the policy has ignited a fierce debate among the tech community and civil society alike on the balance between cybersecurity, internet freedom and national interests. What began as a measure to restrict access to websites contravening Malaysian law has evolved into a more comprehensive system of internet control, raising alarm bells about potential overreach and unintended consequences.1,2
“LOL, I found out this was planned and was cancelled at the same time,” commented one social media user, highlighting the rapid developments and public reaction to this issue.
The Evolution of Internet Control in Malaysia
Malaysia’s journey with internet regulation began in the late 1990s, coinciding with the global boom of the World Wide Web. The Communications and Multimedia Act (CMA) of 1998 laid the groundwork for the country’s approach to online content regulation, with Section 233 becoming a particularly significant tool for enforcement.
The cornerstone of Malaysia’s internet regulation, CMA, aims to provide a balanced regulatory environment that promotes competition and protects consumer rights.
Section 233 prohibits the transmission of communications deemed offensive or likely to annoy others, carrying penalties of up to RM50,000 or one year of imprisonment.3 Section 233 has been criticised for its vague language, which can lead to selective enforcement against dissenting voices, raising concerns about freedom of expression in Malaysia.
Initially, the government’s DNS blocking was conceived as a straightforward method to deny access to websites that clearly violated Malaysian law, with pornography being a primary target. However, as as noted by experts and implementer Dr. Ramasamy,4 the scope of blocking gradually expanded to include a wider range of content, venturing into politically sensitive territory. He would know, for as he stated in his article, “for the longest time, since the beginning of DNS blocking”, he was the “actual person executing the site blocking, was also responsible in industry participation and helping the government driving policies while pushing back to ensure that Internet neutrality and sanctity stays”. Suffice to say that, overall, the CMA has been a point of contention due to its broad definitions and potential for misuse5.
The Technical Development
When news of the DNS redirection mandate first got out, one of the more common question among many of the netizens were to understand what that really meant. So, to understand the current controversy, a brief explanation of the technical evolution of DNS and internet security protocols is presented below:
The DNS serves as the foundational technology that translates human-readable domain names into IP addresses, forming the backbone of internet navigation.
As concerns about DNS vulnerabilities grew, DNS Security Extensions (DNSSEC) were introduced to add cryptographic signatures to DNS data, enhancing security. This technology is crucial for preventing attacks such as DNS cache poisoning.
More recently, DNS over HTTPS (DoH) and DNS over TLS (DoT) emerged as innovations designed to further enhance privacy and security by encrypting DNS queries. DoH uses HTTPS to secure DNS requests, making them harder to intercept, while DoT encrypts DNS queries using TLS. Both methods are designed to enhance user privacy and security against eavesdropping and tampering.
Malaysia’s move to expand blocking to include DoH/DoT poisoning represents a significant escalation in its technical approach to internet control. That said, Malaysia’s actions do not occur in isolation. Globally, governments grappling with similar issues, are increasingly seeking to exert control over internet infrastructure and content, often citing security and public safety as justifications:
China’s Great Firewall: An extensive system of censorship and surveillance that has long employed DNS redirection among other techniques. The Great Firewall not only blocks access to foreign websites but also redirect users to government-approved content, thereby enforcing strict internet censorship. This model has become a reference point for other nations looking to implement similar control measures.
Russia’s Sovereign Internet Law: Enacted in 2019, this legislation enables the government sweeping powers over internet infrastructure, including the ability to centralise DNS management. The mandate that all Internet Service Providers (ISPs) use a national DNS enables extensive surveillance and censorship and raises concerns about privacy and freedom of expression.
European Union’s Digital Services Act: While focusing more on content moderation, it reflects the growing trend of governments seeking to exert greater control over the digital sphere. It imposes obligations on tech companies to manage illegal content and enhances transparency around algorithmic decision-making. This regulatory framework aims to balance user safety with the need for freedom of expression, although it also raises questions about overreach and the potential for increased censorship.
Narrative Deconstruction
Malaysia’s approach to internet regulation must be understood within its broader historical and cultural context. The country’s diverse ethnic and religious makeup has historically led to sensitivities around certain types of content. Additionally, Malaysia’s ambitions to become a regional tech hub create tension with more restrictive internet policies. The use of Section 233 of the CMA for political purposes further highlights the intersection of internet regulation and political control.
Competing narratives:
Security Imperative: The Malaysian government, through the MCMC, frames the DNS rerouting plan as a necessary measure to protect vulnerable groups, especially children, from harmful online content.
Technological Overreach: Critics argue that the expansion to DoH/DoT poisoning represents a dangerous escalation that undermines internet security. Main focus was on how such measures compromise user privacy, security and autonomy and raises concerns about potential for surveillance and erosion of digital rights. Further, implementation issues raised questions about the government’s technical capability to effectively implement complex internet policies, emphasising the need for thorough planning and technical expertise in internet governance.
Slippery Slope: Concerns that what began as a targeted measure could be part of a broader trend of increasing online censorship and political control, drawing connections to past instances of blocking websites with political criticism. A significant criticism that emerged was the government’s failure to engage in proper stakeholder consultation before implementing the DNS rerouting plan. This highlights the lack of transparent, inclusive policy-making processes in the digital age, especially for decisions that impact fundamental infrastructure.
National Sovereignty: Some view internet regulation as an assertion of Malaysia’s right to govern its digital space according to its own values and laws. Proponents see internet regulation as a means to uphold local norms and values in the face of global digital influences.
Implications
Although Malaysia’s attempt to reroute DNS traffic (which mirrors practices in countries like India and Indonesia) can be seen as a more effective way of controlling internet access, it has has far-reaching policy implications. First, it raises questions about how DNS blocking fits into Malaysia’s broader cybersecurity framework and what impact these measures might have on Malaysia’s attractiveness as a destination for tech investment. Furthermore, Malaysia’s approach may affect its standing in global internet governance discussions.
Second, it raises questions about how DNS blocking relates to existing controls on traditional media and what role public understanding of internet technologies plays in shaping the debate. The issue of transparency and whether there are mechanisms for public oversight of the blocking process is also crucial.
Third, ISPs bear the burden of implementing and maintaining blocking systems6. There are concerns about how restrictions on internet protocols might affect Malaysia’s tech ecosystem. The focus on blocking could create both opportunities and challenges for Malaysia’s cybersecurity sector.
“Maintaining a DNS blocking and redirection system is a complex and costly task, demanding substantial investment in infrastructure and technical expertise.”
“It can lead to a high rate of false positives, unintentionally blocking legitimate and safe websites.”
Tech-savvy users are likely to strongly oppose the measures due to concerns about internet freedom and technical implications. Conservative groups might support measures seen as protecting moral values or national security. The general public may experience confusion or apathy due to the technical nature of the issue.
As criticism mounted, even politicians from Prime Minister Anwar Ibrahim’s ruling coalition voiced their concerns. Two Selangor state politicians called the move “censorship” and “draconian”, leading the government to reconsider its position.
One social media user commented:
“Next time before making a policy, do a comprehensive study first. Not public first study later. Within 24 hours the decision can be changed just like that. This is how even investors are afraid to come to Malaysia. The government can change policies overnight”
In terms of global internet governance, Malaysia’s actions raise questions about whether Malaysia’s approach contributes to the “splinternet” phenomenon and how it might influence regional or global internet standards. There are also considerations about how Malaysia’s stance could affect its relationships with countries that prioritise internet openness.
Future Trajectory
Looking ahead, several scenarios could unfold. Malaysia could further expand its blocking capabilities, potentially moving towards a more comprehensive system of internet control. Alternatively, the government might adjust its approach in response to technical challenges and public pushback, seeking a more balanced implementation. Faced with technical difficulties and international pressure, Malaysia could scale back its DNS blocking efforts. There’s also the possibility that Malaysia’s actions could inspire similar moves in southeast Asia, potentially leading to a regional framework for content regulation.
An ongoing technical arms race may develop, with continued efforts to expand blocking capabilities leading to a cycle of measures and countermeasures between regulators and those seeking to circumvent restrictions. At the point of this writing, Malaysia has cancelled its plan which was expected to fully take effect on 30 September 2024. Communications Minister Fahmi Fadzil announced on September 8, 2024 that he had directed MCMC not to proceed with the plan.
Conclusion
Malaysia’s expansion of DNS blocking capabilities, including the move to implement DoH/DoT poisoning, represents a significant moment in the country’s approach to internet governance. This policy sits at the intersection of cybersecurity, digital rights, economic development, and national sovereignty.
The technical challenges and potential unintended consequences of DNS manipulation highlight the complexity of attempting to regulate the inherently open architecture of the internet. While the stated goals of enhancing cybersecurity and enforcing national laws are understandable, the means chosen raise serious concerns about the future of internet freedom and security in Malaysia. The country’s policy choices in the coming years will not only shape its own digital landscape but may also influence regional and global approaches to internet governance.
Food for Thought
Ultimately, how can nations balance legitimate concerns about online content with the need to maintain a free and open internet?
What role should technical experts play in shaping internet governance policies, and how can their input be effectively incorporated into political decision-making processes?
As internet architecture becomes increasingly politicised, what are the long-term implications for global connectivity and the ideal of a borderless digital world?
As technology continues to evolve, the strategies employed by both governments and those seeking to circumvent restrictions are likely to change as well, potentially reshaping the landscape of internet governance.
International Telecommunication Union (2002) Multimedia Malaysia: Internet Case Study available at: https://www.itu.int/ITU-D/ict/cs/malaysia/material/mys%20cs.pdf