The Insidious Quest to Reframe Disinformation as a Cyberattack Targets Internet Infrastructure

If asked to give an example of a cyberattack most people would answer correctly with something along the lines of malware or phishing. Unfortunately, there is an ongoing effort by many organizations intent on censoring speech to expand and confuse the cyberattack term in people’s minds to include the amorphous concepts of mis-, dis-, malinformation. Not content with staying at the application layer, these groups are now going after the lower levels of the internet by calling on the non-profit ICANN, which oversees the domain name system (DNS), to weaponize itself against disinformation, or however these groups define that term.

ICANN is a nonprofit public benefit corporation established to “ensure a stable, secure, and unified global Internet.” The main way it does this is through DNS, which allows for internet users to use domain names that are easily remembered to navigate to different resources rather than the actual routable IP addresses that are used by the underlying internet protocols.

The EU DisinfoLab, a non-profit disinformation focused organization funded in part by Open Society Foundations, is calling on ICANN to retool their cybersecurity mitigations against information sources they deem harmful. Their justification is the prevalence of doppelganger campaigns, wherein the design and domain name of a site from an “authentic” media outlet are copied and tweaked to trick readers. Specifically, they are saying that the Domain Name Security Threat Information Collection & Reporting (DNSTICR) project, which ICANN set up in the aftermath of the Covid-19 pandemic to detect malware and phishing campaigns abusing the uncertainty around the event, should be expanded to include these content focused incidents.

High profile events are commonly used by threat actors to conduct malicious cyberattacks because of the attention they receive. It is perfectly reasonable to monitor domain creation for such activity. It is totally inappropriate to use these countermeasures to crack down on site content and speech. Equally abhorrent is the call for fundamental internet infrastructure and the organizations that manage it to do so. The EU DisinfoLab acknowledges that ICANN refuses to regulate content, but that does not dampen their desire to expand censorship capabilities.

They also acknowledge that there are existing dispute resolution procedures that allow for the reporting of alleged illegal and unfair domain registration by an affected domain owner. Such resolutions should be “done with due attention to freedom of expression” they say, but this sentiment is purely lip service. As with every other censorship obsessed organization, they bemoan the fact that such resolutions take time to sort out properly to not infringe on free speech because it means they will be unable to stop the spread of speech they don’t like before it is heard.

Ultimately, these groups are looking for ways to reframe certain speech as harmful. The Cybersecurity and Infrastructure Security Agency’s (CISA) coordination with Big Tech platforms to censor digital speech, exposed in the Twitter Files, illustrates the extent of this reframing attempt. Highly controversial events like the two most recent presidential elections in the United States and the Covid-19 pandemic are being used to justify crackdowns on related speech that threatens the narratives presented by those in power. If certain speech can be misinterpreted as a cybersecurity threat, then a mandate to stop it from spreading is easily created to protect the internet and its users.

Abusing the purpose of cybersecurity organizations like CISA and ICANN along with essential internet protocols like DNS to crack down on speech is dangerous and threatens to overturn the internet’s promise of free and easy exchange of information. Censorship organizations like the EU DisinfoLab should not be able to determine what speech is and is not allowed on the internet. As platforms like Elon Musk’s X begin to threaten the stranglehold that the censors have on the application layer of the internet, there will be an increase in cries for the abuse to move further down the internet stack. These efforts should be vehemently opposed by all who care about the integrity of the internet and the utility it provides for the advancement of freedom.