After blocking Cloudflare to prevent IPTV piracy just a few months ago, on Saturday the rightsholders behind Piracy Shield ordered Italy's ISPs to block Google Drive. The subsequent nationwide blackout, affecting millions of Italians, wasn't just a hapless IP address blunder. This was the reckless blocking of a Google.com subdomain that many 10-year-olds could identify as being important. Reckless people and internet infrastructure, what could possibly go wrong next?

piracy-shield-planet-s Italy has an administrative blocking mechanism and a technical blocking platform, Piracy Shield, operated by rightsholders in the private sector.

Up until now, AGCOM, Italy’s independent telecoms regulator, has been Piracy Shield’s greatest supporter, at least of those not already benefiting financially from the activities of football league Serie A, currently the only beneficiary of Piracy Shield blocking.

To the extent there’s much of a ‘public’ component to Piracy Shield’s activities in Italy, the ‘private’ absolutely dominates. There’s almost zero transparency and any information of any use is routinely withheld from the public, even when that information relates directly to the public. People who demand access to information are routinely ignored, even punished. The only people never punished are those operating Piracy Shield, no matter how big the blunder or how many people are affected.

After blocking Cloudflare a few months ago, on Saturday night another vital online service was rendered inaccessible. The nature and circumstances of this event should be a signal for the Italian government to remove rightsholders’ ability to meddle in internet infrastructure before it’s too late. The details make for very uncomfortable reading.

Warnings Pile Up, All Ignored, Again and Again

When reporting on the Cloudflare debacle in February, we included commentary from Giorgio Bonfiglio, Principal Technical Account Manager at Amazon Web Services.

Bonfiglio’s expert advice was ignored before, during, and after last year’s introduction of new law to support blocking, despite predicting the Cloudflare problem before it actually became one. As far as we can determine, Bonfiglio was first to link Google Drive’s outage on Saturday evening with Piracy Shield blocking.

“Piracy Shield blocked a Google Drive domain,” Bonfiglio revealed on X, along with the AGCOM notice displayed on the blocked domain.

The domain/subdomain blocked in the image above is drive.usercontent.google.com; not only does this URL clearly identify Google as its owner, the Google product it serves is on full display too. With no prompting a 10-year-old could identify google.com as important on the internet. So, three broad explanations for how it ended up on the system (ticket below) before causing chaos.

1. Domain was accidentally entered into the system, then evaded all subsequent checks
2. Domain was knowingly entered into the system, then evaded all subsequent checks
3. Domain was knowingly entered into the system, and then passed, regardless of risk

The losing ticket….
shield-ticket1
For good measure, the relevant Google IP address [142.250.180.129] was also entered into Piracy Shield to be blocked by local ISPs; this image shows how access to that IP degraded unlike an adjacent one.

Those hoping to access Google Drive were subject to domain hijacking instead, with requests diverted to a blocking page hosted at different IP addresses depending on the ISP involved; 195.162.95.240 [Sky] and 34.110.214.49 [TIM], for example.

Blocking in 30 Minutes, Unblocking…whenever

The domain/IP address block began to take effect a little time after 6pm and as the image below shows, three smaller ‘downtime peaks’ were followed by an almost total degradation of service around 9pm. This seems to show that blunders take at least three hours to fix, even a massive one like this. More tellingly, the constant claim of blocking internet resources within 30 mins is at best, very optimistic indeed.

We took a look at Google Trends data for Italy during the same period. The top five queries in Italy all relate to Google Drive (right) and on the left, the topic ‘Google Drive’ dominates by a very wide margin. Nevertheless, the results are sensitive enough to identify AGCOM and piracy as connected to the trending searches.

piracy-shield-trends
More data is needed to draw firm conclusions but under both columns, Google Drive competitor ‘One Drive’ gets a mention. It wouldn’t be unreasonable to conclude that faced with no access to their files on Google Drive, searching for a replacement would be a logical step. The hidden costs of overblocking are perhaps not quite so hidden here.

Full Unblocking Doesn’t Take 30 mins

A full twelve hours after the block was put in place, around 20% of the Italian population still had no access to their Google Drives due to the lingering IP address block that underpinned the domain-based blocking.

block-delay
Had this disaster happened on a weekday, who knows the damage it could’ve caused. Luckily it didn’t, and everyone can be grateful for that, but the word ‘luck’ in a sentence to describe an event that should not have happened, period, understates the seriousness of the situation.

Whether there will be explanation of any kind on Monday is currently unknown, but there is no explaining this one away. Explanations for the Cloudflare block began with denial, slowly moved towards claims it was only a tiny, tiny block that didn’t last long, before Cloudflare was blamed for having a customer allegedly pirating football matches.

Drastic Action Required Immediately

Incompetence doesn’t qualify as an excuse, not when a Google domain is part of the equation. So if not incompetence, surely it must’ve been deliberate? Whatever the reason or excuse, the conclusion is the same; this cannot be allowed to continue, and the government must step in before the unthinkable happens.

Since users are about to be fined for piracy, an alternative would be to introduce heavy fines, directly linked to the potential damage to companies, infrastructure or government, plus compensation paid to citizens, for those who overblock.

Let’s say, a population of 59 million in Italy, a conservative 30 million Google users, one euro compensation each, leading to a 30 million euro fine. It won’t stop incompetence, but it should focus the mind during the 30-day ban on any additional blocking or until the fine is paid in full, whichever comes last.