TechRepublic pundit Michael Kassner dares to ask a philosophical question. Do antivirus firms have the right to manipulate DNS queries en masse to protect society from a rampant worm or virus? “I’m concerned that precautionary actions being taken may be setting dangerous precedence,” Kassner notes.

Believe me: I envy him for asking this philosophical question. Kudos!

Kassner asks if anti­virus firms have the right to mani­pu­late DNS queries en masse to pro­tect society from the Downadup worm. This forces us to ask “Who watches the Watchmen?”

Obviously, we can respond to Kassner with a tagline from an upcoming movie: “Who watches the Watchmen?” It’s a corollary philosophical question that brings out the debate in all of us.

On the one hand, I don’t think Joe SixPack will care if a reputable DNS provider (e.g. OpenDNS) wants to protect him from a well-documented worm. Joe will almost certainly say “more power to ‘em” and go about his business. If the root servers themselves get involved in this, I think Joe will say the same thing. “They’re protecting me from harm, what’s wrong with that?”

On the other hand, I doubt the U.S. government wants a Russian or Chinese antivirus firm to control the direction & path its military computers take. If any nation could offer protection like this to the root servers themselves, they could very easily weaponize it for a cyber-war. “Greetings, Comrade! Your battalion need directions to g2.army.mil? March your Internet connection to 162.105.161.214…”

Then again, I could very well be wrong here. The Pentagon and the Beltway actually might not care at all who ultimately controls the root DNS servers that their DNS servers rely on.

Things willmight change if/when a reputable civilian firm takes up arms in a cyber-war, making enemies of some of their own customers. But I guess we’ll need to wait for OpenDNS to declare war against the U.S. Air Force.

“Waitaminit, Rob! Didn’t we already debate this in 2001 when The China Syndrome first came to light?” Sure we did — and Joe SixPack told us by his inaction that he doesn’t care one iota if his antivirus firm arms a hostile country with offensive cyber-smallpox technology. Likewise, the U.S. government told us by their inaction that they don’t care, either.

That’s why I might be wrong in thinking the U.S. government actually cares who controls the root DNS servers that their DNS servers rely on. And this only makes sense if you think about it. You just know some members of the U.S. Air Force information assurance community have configured OpenDNS on their home PCs and personal laptops. That means they trust a Russian antivirus firm to protect all of those sensitive-but-unclassified EPRs & OPRs they love to work on after duty hours…