The Impact of Passive DNS Collection on End-User Privacy
March 2012 • White Paper
Jonathan Spring, Carly L. Huth
In this paper, the authors discuss whether pDNS allows reconstruction of an end user's DNS behavior and if DNS behavior is personally identifiable information.
Software Engineering Institute
This paper was presented at Securing and Trusting Internet Names 2012 (Teddington, UK). There are two distinct problems in determining the impact of passive DNS (pDNS) on end-user privacy. One is whether or not pDNS would allow the observer to reconstruct an individual end-user’s DNS behavior. The other is if DNS behavior constitutes personally identifiable information (PII) or is otherwise legally protected. This paper develops a framework to discuss both aspects of the privacy issue. From the technical point of view, DNS sensor architecture is analyzed and a statistical model is developed to describe the sensor’s ability to violate end-user privacy. To the other end, a review of various jurisdictions’ privacy legislation is presented and analyzed in the context of DNS as a system and pDNS as a collection mechanism. In general, we find that pDNS, properly configured, does not violate end-user privacy.