IGF 2020 WS #73 DNS over HTTPS (DoH): Human Rights, Markets, and Governance

Wednesday, 11th November, 2020 (15:10 UTC) - Wednesday, 11th November, 2020 (16:40 UTC)
Room 2
About this Session
This session explains how the DoH standard, which protects domain name queries, affects fundamental Internet governance issues like cybersecurity and human rights. Panelists and audience members will discuss the implications of DoH adoption for network/user security and privacy, the economic incentives and organization of impacted markets, potential impacts on domestic regulatory compliance and extraterritorial effects of DoH adoption, and explore some recent decisions by states.

Organizer 1: Civil Society, Western European and Others Group (WEOG)
Organizer 2: Civil Society, Asia-Pacific Group

Speaker 1: Joey Salazar, Civil Society, Latin American and Caribbean Group (GRULAC)
Speaker 2: Andrei Robachevsky, Technical Community, Western European and Other States Group (WEOG)
Speaker 3: Bruna Santos , Civil Society, Latin American and Caribbean Group (GRULAC)
Speaker 4: Amod Malviza, Private Sector, Asia Pacific
Speaker 5: Alissa Starzak, Private Sector, Western European and Other States Group (WEOG)

Additional Speakers

We have also confirmed as a speaker the participation of Alissa Starzak, Head of Public Policy, Cloudflare (WEOG), Olga Makarova, Head of Internet and Data Services, MTS (EEG), and Barry Leiba, Director Internet Standards, Futurewei and IETF Area Director.



Round Table - U-shape - 90 Min

Policy Question(s)

How does the adoption of DoH affect network/user security and privacy, as well as the organization of the markets for browsers and operating systems, ISPs, network security products and services, and public and managed DNS? Which actors will the adoption of DoH potentially strengthen or weaken? Are the network security vs data privacy trade-offs under DoH understood and apt? What are the potential impacts on domestic regulatory compliance (e.g., censorship, data logging, privacy) and extraterritorial effects of policies (e.g., freedom of expression, intellectual property protection)?

Dialogue about implementing DoH has been largely centered on potential impacts on ISPs, network security, and government legal/policy regimes based in the US and UK. Less explored is the transnational context and the role of users and markets in developing countries. For example, the confidentiality of DNS query data and availability of global products and services can be especially important to individuals in countries where an authoritarian government and/or state-controlled ISPs might conduct surveillance or censor web sites and applications. Initial research suggests that users outside of North America and Europe rely less on their ISP’s DNS resolvers, supporting claims by proponents of DoH that confidentiality of DNS query data matters. But there are also legitimate concerns about the concentration of data and DNS service in the hands of the big global platforms, and how users discover and select DNS resolvers.


GOAL 9: Industry, Innovation and Infrastructure


A new protocol, DNS over HTTPS (DoH), has emerged as a potentially revolutionary modification to the DNS intended to improve the security and confidentiality of DNS queries. This has resulted in a heated controversy involving Internet service providers (whose DNS would be bypassed by DoH), the browser software and trusted resolver producers (who would have more control over the handling of DNS queries), and governments that use DNS to filter or censor the internet (whose blocking mechanisms would be bypassed). Many users and rights advocates are uncertain about how to approach this controversy. This panel brings together experts and regional perspectives to discuss and interact with the audience on the broader human rights, market concentration, and governance impacts of DoH development and deployment.

Expected Outcomes

Our outcome is to improve human rights advocates’ understanding of the true implications of DoH for Internet users, so that they can properly mobilize around the issue. The session will build awareness of how the Internet’s technical standards and transnational governance impact markets and influence privacy, freedom of speech and association.

Once it is known that the proposal has been accepted by the MAG, the organizers will begin preparing the participants by holding several online pre-meetings to work out the specific wording of the questions that will be discussed, the order of responses, and the viewpoints that will be expressed. Advance preparation of this kind improves the quality of the interactions. During the workshop the moderator will begin by describing the general situation that has given rise to the debate and framing the issues to be addressed. The next segment of the workshop will be organized around the four Issues/Challenges/Opportunities listed in Section 6. After the roundtable discussion concludes, we will allow 2 or 3 questions from the floor and online on each Issue.

Relevance to Internet Governance: The Domain Name System (DNS) is a central component of the Internet, and one of the most important global communication infrastructures of our time. Concerns about network/user security, privacy, and market concentration are critical to the future of the global Internet. They need to be understood and explored. Our proposal touches on fundamental issues in Internet governance, cybersecurity and human rights, while taking into account economic incentives and institutional constraints that result in emergent forms of actor behavior like standards adoption.

Relevance to Theme: DNS data, or query and response messages (generated, e.g., when you click a website link), allow users to engage in the public sphere, find information, and communicate globally. Given these messages are traditionally unencrypted (i.e., cleartext), observing them can reveal what content a user may be interested in. Moreover, DNS messages both in isolation and when combined can be leveraged to identify a user or serve targeted content (e.g., advertisements). The same DNS message data is also monitored extensively by network operators like Internet Service Providers (ISPs), network security services, and enterprises to secure infrastructure, filter malicious content, and protect users.

Online Participation


Usage of IGF Official Tool. Additional Tools proposed: IGP operates a Twitter account and will highlight observations made by participants.