Internet-security researchers are saying: Senate anti-piracy legislation that would dramatically increase the government’s legal power to disrupt and shutter websites dedicated to infringing activity “raises serious technical and security concerns.”

The researchers take shots at a measure in the Protect IP Act allowing the Justice Department to obtain court orders requiring American internet service providers to stop rendering the DNS for an infringing website under the .com, .org and .net domains.

“Mandated DNS filtering would be minimally effective and would present technical challenges that could frustrate important security initiatives. Additionally, it would promote development of techniques and software that circumvent use of the DNS. These actions would threaten the Domain Name System’s ability to provide universal naming, a primary source of the internet’s value as a single, unified, global communications network,”

This is according to Steve Crocker of Shinkuro, David Dagon of Georgia Tech, Dan Kaminsky of DKH, Danny McPherson of Verisign and Paul Vixie of Internet Systems Consortium.

The paper is titled Security and Other Technical Concerns Raised by the DNS Filtering Requirements in the Protect IP Bill.

The Protect IP Act (.pdf) is stalled on the Senate floor for political, not technical reasons. Senator Ron Wyden (D-Oregon) placed a hold on the measure, saying last week the bill “represents a threat to our economic future and to our international objectives.” The measure, however, was hailed by the content industry.

The researchers said that requiring that “name servers return different results than others for certain domains” would place the United States on the same censorship path as China and “some Middle Eastern countries.”

They said that it would also undermine Domain Name System Security Extensions, or DNSSEC, a security protocol to “demand verification” from the domain name system.

The Protect IP Act, they wrote, “would not only require DNS responses that cannot deliver such proof, but it would enshrine and institutionalize the very network manipulation DNSSEC must fight in order to prevent cyberattacks and other miscreant behaviour on the global internet.”