House Antitrust Investigators Now Scrutinizing Google's Plans to Add DNS Encryption to Chrome

Photo: Carsten Koall (AP)

Antitrust investigators with the House Judiciary Committee are looking into Google’s plans to add Domain Name System over Hypertext Transfer Protocol Secure (DNS over HTTPS) to its Chrome browser, the Wall Street Journal reported on Sunday, in the latest escalation of scrutiny over the company’s business practices. The Department of Justice has also heard complaints, a source told the paper.

DNS translates a domain name (such as Gizmodo.com) into an IP address. It’s essentially an internet phonebook. While HTTPS encryption tech is already in place across much of the web, DNS is currently largely unencrypted by default, meaning it’s possible for service providers to ascertain which web sites a user is visiting and thus monetize traffic records.

Advertisement

Google has reportedly been integrating HTTPS, an additional layer of encryption, into DNS in Chrome—which the Journal notes could protect users against spoofing attacks or unauthorized snooping into their web traffic, but could also prevent the many “service providers who don’t support the new standard from observing user behavior in gathering data.” Opponents have also raised concerns that as Google controls 64 percent of the worldwide browser market and operates its own DNS system, Google Public DNS, the company could flip a switch transferring Chrome users away from service provider-operated DNS. That, the critics say, could allow Google to gain an unfair advantage over user behavior data invaluable for advertising purposes.

In a Sept. 13 letter to the company, investigators with the House committee asked Google for more information on why it is promoting DNS over HTTPS and whether any of the data collected or processed will be used for profit, the Journal wrote.

“Because the majority of world-wide internet traffic…runs through the Chrome browser or the Android operating system, Google could become the overwhelmingly predominant DNS lookup provider,” a coalition of service providers wrote in a letter to lawmakers this month, per the Journal. “Google would acquire greater control over user data across networks and devices around the world. This could inhibit competitors and possibly foreclose competition in advertising and other industries.”

“Right now, each internet service provider has insight into the traffic of their users, and that’s going to shift,” chief security officer Andy Ellis of Akamai, which does not support the new standard, told the Journal.

Advertisement

Google is planning on starting tests with the new protocol involving one percent of its user base, a less “aggressive strategy” than Mozilla’s Firefox, which the Journal wrote plans to switch users “to the new standard automatically, even if the change involves switching their DNS service providers.” Google denied that it has any plans to become “the centralized DNS provider,” while Mozilla has characterized the issue as griping by service providers who fear it will make it harder to track users for ad purposes, the paper wrote:

“Google has no plans to centralize or change people’s DNS providers to Google by default. Any claim that we are trying to become the centralized encrypted DNS provider is inaccurate,” the company said in an emailed statement.

... Mozilla sees the antitrust concerns raised about Google as “fundamentally misleading,” according to Marshall Erwin, Mozilla’s senior director of trust and safety.

Service providers are raising these concerns to undermine the new standard and ensure that they have continued access to DNS data, he said.

Advertisement

It is unclear how much weight House investigators are giving to the complaints or whether DNS over HTTPS is likely to play a major role in Google’s ongoing headaches with the government. For example, Senator Rob Wyden recently urged the Department of Homeland Security to implement DNS encryption and similar technologies on government websites, and it was only in 2017 that Congress overturned rules requiring service providers to ask for permission before selling user data. The idea that anyone other than service providers wants to make it as easy as possible for service providers to track users’ web activities for financial gain also seems like more than a bit of a reach.

But Google, which essentially owns the entire web search market worldwide and shares an online ad duopoly with Facebook, has had a rough few months as regulators in DC and across the country have begun dissecting the titan’s business practices as part of a broader shift in official opinion against big tech firms.

Advertisement

Fifty state and territorial attorneys general have signed on to an antitrust investigation focused on the company’s advertising business (and reportedly recently secured the assistance of high-profile consultants including a former Microsoft counsel). The DOJ, which is conducting its own antitrust inquiry, has requested Google’s parent company Alphabet begin handing over documents. The aforementioned House panel, as well as the Senate Judiciary Committee, have been pressuring federal authorities to hold tech companies’ feet to the fire.

Its troubles aren’t isolated to the U.S.: As the New York Times noted, European regulators have fined Google “for unfair advertising practices, for favoring its own services over those of rivals and for forcing phone makers to include its apps if they want to use its Android operating system.”

Advertisement

[Wall Street Journal]

Correction: Google has clarified that the encryption in question is DNS over HTTPS, which has minor but important differences from DNS over TLS. We regret the error. 

Advertisement

Share This Story

About the author

Tom McKay

"... An upperclassman who had been researching terrorist groups online." - Washington Post