Technology news sites have been reporting this story, but I think that its importance has been downplayed. Last Friday, Pakistan Telecom blocked access to YouTube inside the country as a measure to censor the site because it contained criticism to the Prophet Mohamed (PBUH). However, this blocking exercise went slightly awry, as the blockade resulted in a two-hour global outage of YouTube.
In order to understand what happened, one has to understand how things get to us online. Sites are nothing but documents hosted in machines around the world. Those servers have IP addresses, which are also connected to the domain name. Browsers find out how to connect to those servers via a Domain Name Server, which gets to resolve addresses into domain names by updating them through the root nameserver system. There are thirteen such root servers, which know that www.youtube.com is hosted in servers with a certain IP address. What Pakistan Telecom did on Friday was to locally hijack that domain name, and told its local DNS servers that YouTube was hosted at a machine that was not the one where the content is normally hosted. This was a server in Pakistan setup to handle the requests to YouTube. The problem occured when the fake information was mistakenly communicated to one of the root nameservers hosted in Hong-Kong, and once there it was replicated to all of the other nameservers.
Depending on how often your ISP updates its tables, you would not have had access to YouTube for a period of time on Friday. YouTube and Google technicians found the source of the problem, and corrected it.
This case has several interesting IT Law implications. Firstly, there is the question of regulation through choke-points, the firewall system. This has proved to be rather more efficient than it was previously believed, but it is still easily bypassed if you know what you’re doing. Pakistan operates inside a firewall, as I experienced when I visited the country in 2006, but because of VPN access, I was able to easily circumvent the ban.
The other issue is that this incident has unearthed a glaring vulnerability to the global domain name system. If you want to bring down a site, all you need to do is to trick one of the root nameservers into passing incorrect information to the others in the network. This in my opinion has tremendous governance implications.
Another question, could YouTube sue Pakistan Telecom?
Update: Seems like the guilty party was not the root nameservers, but routing tables.