France Keeps Breaking the Internet to Stop Piracy, Even Though It’s Not Working

Back in 2011 and 2012, one of the central technical objections that helped kill SOPA and PIPA was about DNS blocking. Engineers, internet architects, and cybersecurity experts all lined up to explain, in painstaking detail, why blocking at the DNS layer was a terrible idea. It would break the fundamental architecture of how the internet works. It would have massive collateral damage. It would undermine security protocols designed to protect users from exactly the kind of DNS manipulation that the bill proposed. And it wouldn’t even stop piracy, because anyone who actually wanted to get around DNS blocking could do so easily.

Congress, to its rare credit, actually listened to the technical experts (and widespread protests) and shelved the legislation. But the entertainment industry never gave up on the idea. They just went jurisdiction-shopping. And France, which has never met a maximalist copyright enforcement scheme it didn’t love, has been more than happy to oblige.

As recently reported by TorrentFreak, a Paris Court of Appeal validated DNS blocking orders requiring Google, Cloudflare, and Cisco to block access to pirate sites through their own DNS resolvers. This goes beyond traditional ISP resolvers, which France has been ordering blocked for years — this targets third-party resolvers — the ones that millions of people specifically choose to use because they offer better privacy, better security, and better reliability than their ISP’s default DNS.

But, of course, in France (and to the usual crew of Hollywood lobbyists), “better privacy, security, and reliability” can only mean one thing: used for piracy.

The court rejected all five appeals, and in doing so, articulated a legal principle so sweeping that it has no natural stopping point.

In this case, French pay-TV provider Canal+ went to court under Article L. 333-10 of the “French Sport Code,” which lets rightsholders request “all proportionate measures” against “any online entity in a position to help” block access to pirate sites. Canal+ argued that because users were simply switching to third-party DNS resolvers to circumvent ISP-level blocking, those resolvers should be conscripted into the blocking regime too.

Cloudflare and Cisco pushed back, arguing that their DNS resolvers serve a “neutral and passive function” — they translate domain names into IP addresses and that’s it. They compared their role to a phone book. The court’s response boiled down to: we don’t care.

The DNS resolution service allows its users, via the translation of a domain name into an IP address, to access websites on which sports competitions are broadcast in violation of rights-holders’ rights, and in particular to circumvent the blocking of those sites by ISPs.

The court found that the “neutral and passive” nature of DNS resolvers is “simply irrelevant to Article L. 333-10.” The law isn’t about liability at all — it only cares whether a service can help block access to pirate sites, which DNS resolvers clearly can. If you are technically capable of blocking access, you must.

Google, meanwhile, tried a different argument: that DNS blocking through third-party resolvers isn’t effective because users can just switch to a VPN or yet another resolver. The court wasn’t moved by that either:

Any filtering measure can be circumvented, and this possibility does not render the measures in question ineffective.

As long as DNS blocking stops some subset of users from reaching pirate sites, the court ruled, it’s “proportionate.” Under that line of thinking, any measure that inconveniences even a fraction of would-be pirates is legally justified, no matter how much collateral damage it causes for everyone else.

And if you think that principle has any limit, Canal+ has made it quite clear that they don’t think it does:

Canal+ said in a statement that the rulings are “more than a victory,” forming part of “a global approach that will be reinforced by the progressive deployment of complementary measures, including IP blocking.”

Canal+ has already been getting courts to order VPN providers to block as well. So now we have ISP DNS blocking mandated, third-party DNS resolver blocking mandated, VPN blocking mandated — and, per the TorrentFreak article, direct automated IP address blocking is coming too. They will not stop until the entire internet is broken.

Each step reaches further down the internet stack, breaks more of the internet for more people, and stops fewer actual pirates, because the people who are determined to pirate content are always one technical maneuver ahead. The people who get caught in the collateral damage are ordinary users who happen to use Cloudflare’s 1.1.1.1 or Google’s 8.8.8.8 for perfectly legitimate reasons like speed, reliability, and privacy.

Cisco, rather than comply with the original order, simply pulled its OpenDNS service out of France entirely. That’s the kind of collateral damage we’re talking about. French users who relied on OpenDNS for entirely lawful purposes completely lost access to the service. Because a copyright holder decided that the DNS layer was the right place to play whack-a-mole with pirate sites.

When Cisco argued on appeal that implementing geo-targeted DNS blocking would require 64 person-weeks of engineering work, the court waved it off, saying the estimate was “not supported by any objective evidence” and pointing out that Cisco already offers DNS filtering to enterprise customers. The fact that enterprise DNS filtering for corporate networks is a fundamentally different thing than mass geo-targeted blocking of domains at the resolver level for an entire country’s users apparently did not register as a meaningful distinction.

The court’s core reasoning — that any entity technically capable of blocking must do so, that circumvention doesn’t make blocking disproportionate, and that the “neutral and passive” function of an intermediary is irrelevant — creates a legal framework that can reach basically anything. If a DNS resolver can be conscripted because it’s “in a position to help,” what about browsers? What about operating systems? What about CDNs, or cloud hosting providers, or certificate authorities? The logic has no brake pedal. Every layer of the internet stack is, in some sense, “in a position to help” block access to content. The question the court’s reasoning cannot answer is: where does it end?

Under this reasoning, what’s to stop a rightsholder from arguing that browsers should block pirate URLs directly? Or that operating systems should refuse to resolve them at all?

That seems bad!

Of course, this kind of maximalist copyright enforcement is something of a French specialty. This is the same country that brought us HADOPI, the graduated response agency that cost French taxpayers €82 million over a decade while imposing a grand total of roughly €87,000 in fines. A staggering return on investment — if the goal was to light money on fire while accomplishing nothing. France has also been at the forefront of copyright exceptionalism that risks undermining the EU legal system more broadly, pushing interpretations of copyright law so aggressive that they threaten to distort the legal frameworks of neighboring countries.

France keeps doing the same thing over and over again: spend enormous sums, conscript more and more intermediaries, break more and more of the internet’s infrastructure, accomplish almost nothing in terms of actually reducing piracy, and then conclude that what’s really needed is… more of the same, but harder. The entertainment industry’s refusal to learn from twenty years of evidence that enforcement-maximalism doesn’t work is genuinely remarkable. Every study and every natural experiment shows the same thing: the most effective anti-piracy tool ever invented is convenient, reasonably priced legal access to content. But that requires adapting your business model, and it’s apparently much more satisfying to get courts to break the internet for you instead.

The ruling’s real danger is the template it sets. Other countries with similar legal frameworks will look at this appeals court validation and think: we can do that too. The “any entity in a position to help” standard, combined with the “doesn’t have to be perfectly effective” standard, combined with the “we don’t care about your neutral role in the architecture” standard, adds up to a legal toolkit for conscripting nearly any internet infrastructure provider into a copyright enforcement apparatus. And the costs get externalized onto those providers (and their users), while the rightsholders collect the benefits.

The engineers who fought SOPA warned about exactly this: DNS blocking breaks things, creates collateral damage, pushes enforcement into layers of the stack never designed for it — and doesn’t actually stop piracy, because the actual pirates just route around it while everyone else suffers. France apparently decided all of those concerns are, to quote the court, “simply irrelevant.” And now they’ve moving on to IP blocking.

At some point, you run out of layers of the internet to break. But apparently we’re going to have to find out where that point is the hard way.