[bwoodcock]

Hi. I'm on the board of the Quad9 Foundation, if anyone has any questions about all this. But, by and large, the folks commenting in this thread are saying about what I would: when Sony goes after the DNS, AND NOT the site hosting what they say is infringing, it gives you a pretty clear picture of their goals.

[marissachan]

What could realistically happen if Quad9 just ignores this?

If I am not mistaking you are based in Switzerland, while Sony sued in Germany. For me the legal system is honestly a little bit of a mystery when multiple countries are involved, and it is hard to follow due to how many different rules can apply.

[bwoodcock]

If Quad9 were based in the US, it could just ignore the whole thing. But then, if Quad9 were based in the US, it wouldn't have happened in the first place, because any US court, particularly the US District Court for Northern California, which is the jurisdiction Google and Cloudflare are in, would have thrown it right out.

But Quad9 moved from that same jurisdiction in Northern California to Switzerland, and three days later, Sony attacked. Because of something called the Lugano Convention.

https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CEL...

The Lugano Convention is a spectacularly ill-conceived treaty that allows plaintiffs to go jurisdiction-shopping in _any_ signatory country, even though it has no connection to either plaintiff or defendant, and then have the judgment enforced in _all_ signatory countries, even if it contradicts the national laws of those countries.

Unfortunately, Switzerland is a Lugano Convention signatory, as it Germany. So although Swiss law is clear that Quad9 is in the right, and that was actually just tested and upheld by the Swiss supreme court a couple of years ago, that doesn't matter, because the Lugano Convention takes precedence over national law.

Which is why people tend to get pretty upset about these kinds of treaties. The Trans-Pacific Partnership (TPP) was a similar sort of deal, which the US did _not_ sign, since it was so widely protested.

https://en.wikipedia.org/wiki/Trans-Pacific_Partnership

But, to get back to your specific question, if Quad9 were to just ignore this, Sony would go back to the court in Germany, and get some sort of finding that Quad9 was maliciously failing to comply, it would get damages, and it would request Swiss law enforcement to extract those damages from Quad9. Swiss law would not be able to protect Quad9, and Swiss LE would be obligated to act on Sony's behalf. At that point, Quad9 could only continue to exist by relocating its headquarters to a non-Lugano-Convention signatory country. When we evaluated national legal regimes for privacy protection, Switzerland was best, the Netherlands second-best, and Iceland third-best... All three are Lugano signatories, unfortunately. I'm not sure where we'd wind up, but it would be a huge blow for privacy.

[TechBro8615]

Yeah, I was wondering this too. What makes Quad9 such a special DNS resolver that Sony is picking on you and only you? What about Cloudflare, or Google, or literally every ISP? Why not just tell Sony to go fuck themselves?

One wonders if Quad9 has its own ulterior motive here, because none of the other DNS providers seem to care, and I find it difficult to believe Sony isn't trying to sue them too.

[Tozen]

They don't want to pick a fight with Cloudflare or Google, because they have deep pockets, and doing so can clearly backfire on them in multiple ways. Where if they pick on easier targets, they then can get the courts to back their censorship, and use that way to force legal compliance by all DNS resolvers. It's a strategy of a bully or predator, where they see a weakness that they can exploit.

Additionally, many DNS resolvers don't turn over records or anonymize. Which doesn't help such companies when they make a claim. These type of companies want the courts to help them to completely destroy the possibility of user privacy or any protection of rights, as it pertains to any claims that they might make. They want to be able to force 3rd parties and DNS resolvers to be compliant to their policies and profits.

[post-it]

Start with a small company to establish precedent, like patent trolls do.

[TechBro8615]

Wasn't Quad9 started by IBM? The title of the launch post was "IBM Quad9" [0]. This doesn't seem like a small company.

If anything maybe the reason Sony started with Quad9 is because Quad9 is already a censoring DNS resolver, since by design it censors malware domains, and Sony is saying "well then you should censor copyright infringement too."

[0] https://news.ycombinator.com/item?id=15712744

[bwoodcock]

Nope, Quad9 was not started by IBM. It was an internal project of PCH, started in 2014 in response first to European privacy regulators who were being lobbied by Google for a one-off exemption for 8.8.8.8 in the run-up to GDPR implementation; then in 2015 a number of cybersecurity organizations were contacting us to do another (we'd built several global recursive resolvers before, while nobody else had done more than one, so it was reasonable for people to be coming to us for more) that did malware/phishing/tracking blocking. Since if we did two separate ones, people would have to choose between privacy and security, we decided to just roll the two projects into one. Because it was public-facing, in 2016 we spun it out into its own separate non-profit originally called "CleanerDNS." From past experience, we knew that a memorable IP address was crucial. We were working with APNIC, and they got us a good v6 address, but then, depending on your mood, we were either sincerely flattered, or tortious interference happened, and so we had to try for other of the other easy-to-remember ones. My friend Jeff Jonas was, at that time, an SVP at IBM, and stepped up and got us 9.9.9.0/24. That process started in July of 2017 and IBM's sponsorship wasn't publicly announced until November of 2017.

[bwoodcock]

Quad9 is a public-benefit not-for-profit. Our purpose is to improve privacy and security. What else did you have in mind?

Quad9 is special in that it's the only recursive resolver of any size that's not headquartered in the jurisdiction of the Northern District of California federal courts. All three others of the "big four" are, and Quad9 was until it moved to Switzerland so as to be bound by criminal privacy law, and to get out from under USG data-collection requirements.

But Quad9 is _not_ the only one being attacked by Sony. Sony has already won against Cloudflare in other venues, but that's a much easier target.

https://www.musicbusinessworldwide.com/italian-court-orders-...

https://dimitrology.com/cloudflare-wants-to-eliminate-moot-p...

Quad9 doesn't sell hosting services to pirate sites, so has no connection with the alleged infringers. Which is the point of all this. Quad9 is being attacked _because_ it has no relationship with infringing parties. If Sony can establish a precedent that Quad9 can be forced to censor, then that precedent is, in principle, applicable to all parties. Firewall manufacturers. Operating system publishers. Wifi hotspot manufacturers. Open-source software authors. Etc.

[nuker]

What are “USG data-collection requirements” please?

[jareklupinski]

What were the specific URLs that sony asked you to block?

[bwoodcock]

https://www.reddit.com/r/Piracy/comments/11bzvbe/comment/ja2...

[a3w]

What will the next legal steps taken by quad9 be?

[randerson]

How can we help?

[bwoodcock]

The most important thing is to raise this to the level of legislation and national policy, so courts are clear that uninvolved third parties, particularly non-profit operators of core Internet infrastructure, cannot be conscripted to the private benefit of companies like Sony.

In the short term, of course, donations to the legal defense fund always help:

https://quad9.net/donate

https://www.quad9.net/news/blog/sony-s-legal-attack-on-quad9...

Thanks.