Imagine a world where YouTube, Flickr, Facebook or Twitter had never been created due to the cost of regulatory compliance. Imagine an Internet where any website where users can upload text, pictures or video is liable for copyrighted material uploaded to it. Imagine a world where the addresses to those websites could not be found using search engines like Google and Bing, even if you typed them in directly.
Imagine an Internet split into many sections, depending upon where you lived, where a user’s request to visit another website was routed through an addressing system that could not be securely authenticated. Imagine a world where a government could require that a website hosting videos of a bloody revolution be taken down because it also hosted clips from a Hollywood movie.
Imagine that it’s 2012, and much of that world has come to pass after President Obama has signed into law an anti-online piracy bill that Congress enacted in a rare show of bipartisan support. In an election year, after all, would Congress and the President risk being seen as “soft on cybercrime?”
Yes, the examples above represent worst-case scenarios, but unfortunately, they’re grounded in reality. In a time when the American economy needs to catalyze innovation to compete in a global marketplace, members of the United States Congress have advanced legislation that could lead to precisely that landscape.
The Stop Online Piracy Act “is a bill that would eviscerate the predictable legal environment created by the DMCA [Digital Millennium Copyright Act], subjecting online innovators to a new era of uncertainty and risk,” said David Sohn, senior policy counsel at the Center for Democracy and Technology (CDT) in Washington, D.C., in a statement. “It would force pervasive scrutiny and surveillance of Internet users’ online activities. It would chill the growth of social media and conscript every online platform into a new role as content police. And it would lay the groundwork for an increasingly balkanized Internet, directly undercutting U.S. foreign policy advocacy in support of a single, global, open network.”
The names of the “Stop Online Piracy Act (H.R. 3261) and “PROTECT IP Act” (S. 968) make it clear what they’re meant to do: protect the intellectual property of content creators against online piracy. What they would do, if enacted and signed into law, is more contentious. SOPA is “really a Trojan horse that might be better named the Social Media Surveillance Act,” said Leslie Harris, CEO of CDT, in a press conference. “Expect it to have a devastating effect on social media content and expression.”
To ground the potential issue in familiar examples, the Electronic Frontier Foundation (EFF) explained how SOPA could affect Etsy, Flickr and Vimeo. Don’t use those sites? OK. Substitute eBay, Instagram and YouTube. Or the next generation of online innovation.
Let’s be clear: online piracy and the theft of intellectual property are serious problems for the global media. Nor is piracy something that legislators, regulators, publishers or members of the media should condone. Given that context, this legislation has strong support from an industry coalition of content creators, including labor unions, artists guilds, movie studios and television networks.
Those pro-legislation constituencies do have their supporters. Andrew Keen wrote at TechCrunch that the “death of the Internet was exaggerated,” disparaging the claims of the organizations, individuals and experts who have come out against the bills. Scott Cleland argued at Forbes, that this “anti-piracy legislation will become law,” citing the scope of IP theft and the need to address it by some means.
Neither of these commentators, however, addressed the significant technical, legal and security concerns that persist around the provisions in SOPA and the PROTECT IP Act. The drafters of SOPA apply several enforcement mechanisms to combat online piracy. There’s broad support for measures to restrict revenues that support sites that distribute copyrighted material or child pornography. The most controversial provision of the bills centers on the use of the domain name system as a means to prevent people from accessing sites hosting infringing content.
The Stop Online Privacy Act goes further than the Protect IP Act in a number of important ways, and it mirrors provisions in other acts. Nate Anderson wrote at Ars Technica that the House takes the Senate’s bad Internet censorship bill and make it worse.
The CDT recommends a more focused “follow-the-money” approach “narrowly targeting clear bad actors and drying up their financial lifeblood, could reduce online infringement without risking so much damage to Internet openness, innovation, and security,” said Sohn. “Fighting large-scale infringement is an important goal. But SOPA would do far too much collateral damage to innovation, online expression, and privacy. Congress needs to listen to the full range of stakeholders and seriously rethink how it should address the problem of online infringement.”
Significant legal and technical concerns persist about SOPA and the PROTECT IP Act. CDT has a useful SOPA summary that clearly explains these issues. Sohn joined with Andrew McDiarmid to write an editorial in the Atlantic that says SOPA is a “dangerous bill that would threaten legitimate websites.”
In a widely cited editorial for the New York Times last week, Rebecca MacKinnon, author and co-founder of Global Voices, argued that the U.S should not support the creation of a “Great Firewall of America“:
The potential for abuse of power through digital networks — upon which we as citizens now depend for nearly everything, including our politics — is one of the most insidious threats to democracy in the Internet age. We live in a time of tremendous political polarization. Public trust in both government and corporations is low, and deservedly so. This is no time for politicians and industry lobbyists in Washington to be devising new Internet censorship mechanisms, adding new opportunities for abuse of corporate and government power over online speech. While American intellectual property deserves protection, that protection must be won and defended in a manner that does not stifle innovation, erode due process under the law, and weaken the protection of political and civil rights on the Internet.
Tim O’Reilly said the following about SOPA and PROTECT IP Act:
We’re in one of the greatest periods of social and business transformation since the Industrial Revolution, a transformation driven by the open architecture of the Internet. We’re still in early stages of that revolution. New technologies, new companies, and new business models appear every day, creating new benefits to society and the economy. But now, fundamental elements of that Internet architecture are under attack. These legislative attacks are not motivated by clear thinking about the future of the Internet or the global economy, but instead are motivated by the desire to protect large, entrenched companies with outdated business models that are threatened by the Internet. Rather than adapting, and competing with new and better services, they are going to Congress asking for protection. If they succeed, they will vitiate the Internet economy.
As a publisher, I have experience from the front lines of the copyright wars. O’Reilly first began putting our books online in 1987. Now, in 2011, ebooks are the fastest growing part of our business. We are proud that we have never used DRM on our books, and that sales have never suffered as a result. Instead, we are selling books in markets around the world that we were never able to reach in print. Existing copyright laws, and the goodwill of our customers, who constantly report pirated editions to us, are more than sufficient to protect our intellectual property and to enable a rich market for paid content. By making our content more accessible to readers around the world, we’ve expanded our business and our impact.
Opposition from the legal, technical and VC community
How we choose to address the issue of online piracy matters a great deal to both the American people and to the rest of the world. It says something about who we are as a free society, how we value due process and whether Congress listens to the people who understand how something that is to be regulated works.
SOPA “really stands for the proposition that online communication tools, and the DNS, can and should be used for enforcement,” said Cynthia Wong, head of the Project on Global Internet Freedom at the CDT, in a press conference. Once these enforcement tools are put in place, she said, they provide a model for governments to restrict hate speech or online criticism of public officials in the name of copyright protection. “What we’re really risking is further balkanization of the Internet.”
Dozens of law professors say that the PROTECT IP Act is unconstitutional. More than a hundred technology entrepreneurs blasted the PROTECT IP Act in a letter to Congress.
The concerns of the technology industry regarding the effect of SOPA and the PROTECT IP Act on innovation were confirmed by a new study on the impact of Internet copyright regulations by consulting firm Booz & Company. They study found that 70% of angel investors said an increase in anti-piracy regulations would deter them from investing in websites that feature user-generated content.
“The debate over digital content is a vast landscape peppered with many opinions and very little real data,” says Matthew Le Merle, a partner at Booz & Company, in a prepared statement. “We decided to conduct this empirical study to shed light on one important issue. Would angel investors really take their money elsewhere if the regulatory landscape fundamentally changed with regard to copyright regulation and the internet? The answer was definitive.”
“The ‘content industries’ like to make claims about their economic losses,” wrote Tim O’Reilly on Google+. “At last, VCs and startups are starting to point out how much they have to lose from overreaching IP laws.” O’Reilly was among those interviewed for the Booz & Company study.
Fundamental cybersecurity concerns about PROTECT IP
An eminent group of Internet engineers and security professionals published a PROTECT IP whitepaper that demonstrates why the technical provisions would be both ineffective and would damage online security.
“As a group, we’re usually not involved in policy,” said David Dagon, a postdoctoral fellow in computer science at Georgia Tech, at a press briefing this fall. This group of technicians, researchers and operational specialists was brought together by the implications of protecting the integrity and security of DNS infrastructure, he said. “The part that most alarms us are the extent to which requirements of the Act would affect DNSSEC,” the Domain Name System Security Extensions. DNSSEC is a joint effort between ICANN and VeriSign, with support from the U.S. Department of Commerce, to make the domain name system more secure when used on IP networks.
The old version of DNS is not secure enough, explained Paul Vixie, founder of Internet Systems Consortium, at the press briefing. Bad guys could insert code into it. The basic solution was to add cryptographic signatures added to every answer sent back by a name server. That way there’s assurance to the requester of a domain name that the information being received is the same as the information sent by the source. That technology, after a lot of design and development, is in mid-stride for being deployed as DNSSEC around the world.
The value of DNSSEC was recently demonstrated when the FBI revealed “Operation Ghost Click, argued Ernesto Falcon, director of government affairs at Public Knowledge. Operation Ghost Click dismantled a global cybercriminal network that stole $14 million using well-documented security holes in the DNS.
An “absolutely central aspect” of the design of DNSSEC is to detect any change in the answer along the way, said Vixie. “The provisions of this bill try to do the same thing in the spirit of telling the user that the site has been taken down by court order. Unfortunately, the bill tampers at a very low level of architecture of the Internet. The effect will be that it will look like it’s been tampered with.”
Vixie emphasized that the researchers have “no issue with protecting intellectual property. “Many of us have patents and copyrights and are not empathetic at all with piracy. Other provisions will be effective, he said. “This particular one will not be.”
Security researcher Dan Kaminsky (@dakami), who found and fixed a fundamental flaw in DNS, strongly argued that the security challenges that the world faces can’t be ignored.
“America is getting hacked,” he said. “We’re seeing a widespread level of our assets getting broken into. It’s untenable. It’s something we have to fix or our economy can’t work.”
The problem with the DNS provisions in the PROTECT IP Act is the impact they would have outside of pirate sites, said Kaminsky, which he observed have some 53 billion page views ever year.
Kaminsky said these provisions would both be largely ineffectual and increase the security risks for financial services companies, among others. “The amount of tech work someone needs to do is approximately 30 seconds,” he said. “With a click, resolution can be exported overseas. It’s not just Pirate Bay. There are lookups to Bank of America and Citibank overseas. We’d be handing over American Internet access to entities we do not trust, entities that are unambiguously bad guys. The best case technology for finally protecting asserts on the Internet is significantly impacted” by these provisions, he said.
That assessment is backed up by components of the U.S. government’s own research community. Sandia Labs told CNET that SOPA will negatively impact U.S. cybersecurity.
If we as a country put this around our DNS servers, we’ll see an exodus from around the United States, said Dagon. “We believe the volume of users is so large that it will provide opportunities for mischief. Every behavior will be communicated to some server overseas. The volume is such that it’s something policy makers should reflect on.”
Allan A. Friedman, a fellow in governance studies at the Brookings Institution, detailed significant cybersecurity risks posed by SOPA and the PROTECT IP Act that policy makers should consider. There are “very real threats to cybersecurity in a small section of both bills in their attempts to execute policy through the Internet architecture,” he wrote. “While these bills will not ‘break the Internet,’ they further burden cyberspace with three new risks. First, the added complexity makes the goals of stability and security more difficult. Second, the expected reaction of Internet users will lead to demonstrably less secure behavior, exposing many American Internet users, their computers and even their employers to known risks. Finally, and most importantly, these bills will set back other efforts to secure cyberspace, both domestically and internationally.”
It would be “quite a burden on United States companies to follow these rules,” said Vixie. “In order to solve these problems on a global basis without affecting our economy to prevent bypass, they would have to work on an international level with countries and have them do takedowns locally. I don’t believe that there is a unilaterally imposable technical solution that Congress can mandate to address this issue.”
Danny McPherson, the chief security officer for Verisign, agreed. “Were there such a tech solution, I wouldn’t have waited for Congress,” he said at the briefing. “I would have used it 15 years ago versus malware.”
More lawmakers come out against SOPA
As Declan McCullagh reported for CNET, the “SOPA copyright bill’s backers include the Republican or Democratic heads of all the relevant House and Senate committees, and groups as varied as the Teamsters and the AFL-CIO.” As the week begins, PROTECT IP had 39 co-sponsors in the Senate and SOPA had 24 co-sponsors in the House.
Why is SOPA on the Congressional agenda now, given the huge challenges that the country faces with employment, education, healthcare, energy and the long war abroad? As always, follow the money. An analysis by MapLight.org showed that supporters of SOPA have given 12 times as much money to members of Congress than those opposing it.
Despite that notable imbalance, a growing number of U.S. Representatives and Senators in Congress have expressed principled opposition to the PROTECT IP Act and its companion bill in the House.
In the House, Representatives Issa and Lofgren sent a ‘Dear Colleague’ letter opposing SOPA to Congressional leaders. Last week, Representatives Eshoo, Lofgren, Paul, Doggett, Honda, Miller, Thompson, Matsui, Doyle and Polis sent a letter opposing SOPA to the leaders of the House Judiciary Committee. House Minority Leader Nancy Pelosi tweeted that Congressional leaders “need to find a better solution than #SOPA #DontBreakTheInternet.
Oregon Senator Ron Wyden has been an important voice against the PROTECT IP Act and took action to put a hold on it earlier this year. Wyden told the audience at Web 2.0 Summit that the Protect IP Act is about letting the content sector attack the innovation sector. In the video below, I interview Senator Wyden more specifically about the issues raised in the PROTECT IP ACT:
In a press conference on Tuesday, Representative Darrell Issa and Representative Zoe Lofgren addressed concerns with SOPA:
Last week, Rep. Issa told The Hill that SOPA has no chance of passing the House and that “Congress was using Google as a piÃ±ata.” Issa said to Gautham Nagesh that “I don’t believe this bill has any chance on the House floor. I think it’s way too extreme, it infringes on too many areas that our leadership will know is simply too dangerous to do in its current form.”
When asked for further comment on Monday, Congressman Mike Honda made the following statement via email:
“The internet censorship bills currently moving through Congress, the Stop Online Piracy Act (SOPA) and the PROTECT IP Act, set a dangerous precedent and represent a big step backwards in Washington’s efforts to foster growth in the digital sector. These bills would have a profound effect on how the internet functions on a basic level, undermining the legal process and overturning long-standing practices like ‘safe harbors’ that were established in the Digital Millennium Copyright Act.
I have serious concerns about the overly broad definitions of theft included in SOPA that could be used to shut down dozens of lawful exchange sites that are valuable outlets for small-scale buying and selling. I am also uneasy about the use of DNS blocking as a viable solution, especially within the lens of consumer security standards like DNSSEC. Finally, the complete immunity from federal and state laws granted in SOPA to several industries could set off an anti-consumer and anti-competitive wave that will strike at the very core of the internet.
The fact that Congress is considering these haphazard bills is a cause for alarm. I agree with the goal of combating online piracy and am committed to coming up with bi-partisan solutions. I am extremely intrigued by the ideas currently proposed as alternatives, particularly the idea of implementing an International Trade Commission complaint process, but these pieces of legislation as currently drafted will cause substantial harm to innovation and the economic opportunities created by the Internet in my Silicon Valley District and to the fundamental openness of the internet.”
A Congressional hearing stacked against the Internet
It’s not hard to see the House Judiciary Committee has not been equally representing both sides of the debate in either the resources it provides online or in the witnesses it called to testify at a recent hearing.
If you read the U.S. House Judiciary website “resource pages” on “rogue websites, for instance, you’d never know that there’s any opposition to the Stop Online Piracy Act at all, even from within the committee.
Similarly, if you visited the hearing for H.R. 3261 on the House Judiciary committee website, you would not see any of the documents that Representatives Lofgren or Issa read into the record during last week’s hearing.
If you want a more balanced picture of the hearing, turn to InfoDocket.com, which has collected many more SOPA resources.
For media reports on the SOPA hearing, read The Hill, Politico, The Atlantic Wire, Wired, Washington Post, or, most frank of all, ArsTechnica, which captured a truth that became clear to many observers who sat through all of it: “The hearing was designed to shove the legislation forward and to brand companies who object as siding with ‘the pirates’.”
As Carl Franzen put it at TPM’s Idealab, this hearing provided an official venue for the bill’s supporters to explain why SOPA should pass. The problem with that approach is that the witness list (five for SOPA, one against) left the committee wide open to accusations of anti-Internet bias in the witness list.
Opponents of SOPA were dismayed to hear full support for the bill as drafted by the U.S. Register of Copyrights, Maria Pallente, who said that without SOPA, copyright will ultimately fail.
Despite the stacked deck, several representatives raised concerns about freedom of expression and innovation, including Reps. Lofgren, Issa and Maxine Waters.
Rep. Dan Lungren raised a key issue in his questioning, when he asked the representative of the Motion Picture Association of America (MPAA) to respond to the concerns of former Homeland Security Assistant Secretary and former NSA General Counsel, Stewart Baker and Internet engineers regarding SOPA hurting cybersecurity because of its effect on DNSSEC. (The MPAA disagreed, for the record.) Nobody testifying at the hearing said they had the technical expertise to comment on SOPA and DNSSEC, which begged the question: Why weren’t any Internet engineers invited?
Based upon the witness list and the resources offered online, it does not appear that the Congressmen who sponsored the bill were being entirely forthright when they said that the Internet industry was welcome to comment. Rep. Issa said at the hearing that the Consumer Electronics Association (CEA) had been denied a request to testify.
There’s also an important point about open government to make: this hearing was of great interest to the American people, most of whom could not attend in person. The halls of the Rayburn Congressional office building were full for the hearing, with many people turned to a spillover room. That public interest means that broadcasting the hearing online is even more important — and yet the livestream was choppy or simply inaccessible to many citizens. That effectively shut the public out of the SOPA hearings.
Archived video of the three-and-a-half-hour hearing is available but it’s far from user friendly. The Government Oversight and Reform Committee was able to post Rep Issa’s remarks on YouTube the day after the hearing.
Matt Lira, director of new media for the House Majority Leader, says that they “are working on that, structurally; it won’t be a problem in 2nd session.”
Wikileaks, DNS and the Internet commons
What’s happening in Congress now needs to be put in context with a longer continuum of proposed legislation, Internet policy choices and government actions.
Over the past year, a spirited debate about what Wikileaks means for the future of journalism, whistleblowing and Internet freedom has revealed a couple of important realities. One of the best outcomes of the Wikileaks saga is that it has catalyzed discussion about how the technical infrastructure of the Internet relates to freedom of expression online. It remains critically important to heighten general awareness of some of the laws relevant to the Internet that are being discussed in Washington, particularly for media organizations and the audiences affected by them.
As someone who has covered the space for a while, I know that the alphabet soup of that surrounds Internet policy is hard enough to swallow for reporters immersed in it. For most people, it’s too much to navigate. This article, for example, was originally envisioned as a primer on DNS, COICA, ICE, DHS, ACTA and the issues associated with them. For serious geeks, some of these definitions may be old hat, but the government policy surrounding them is worth tracking. Below, you’ll find both explanations of the terms.
The domain name system is one of the hallmark technologies that makes the Internet work. (If you already know how DNS works, skip down to the next section.) DNS stands for Domain Name System, a globally interoperable way for people to easily access websites. This is how an online user is taken to his or her desired website when after entering a URL (Uniform Resource Locator) into the address field of a Web browser. Without the DNS, users would have to know the string of numbers that make up an Internet Protocol (IP) address for a given website. While a few geeks might be able to pull that off, the vast majority of people wouldn’t be able to find the website as easily. Historically, the DNS is coordinated by ICANN and a system of regional organizations that help coordinate the global IP addressing system.
Why does DNS matter to the media and citizens they inform? Think of it like this: what would it mean to the ability of broadcast news to reach citizens if it became much more difficult to tune into the station? Nancy Scola explained why DNS matters for Wikileaks over at TechPresident last winter.
Scola examined how Congress seeks to tame the Internet in a recent feature at Salon.com. “For all the rhetoric,” she writes, “this isn’t even really about copyright. This is about the Internet — and more to the point, the infrastructure and operations of the Internet that make the Internet the Internet. SOPA targets search engines, Internet service providers, ad networks and payment networks precisely because those components are so central to the functioning of the Internet. Those are digital forces that should be messed with only with the greatest of care.”
The Internet is a remarkably robust decentralized network, designed to hold up in the event of a nuclear attack. That said, it does have a centralized choke point: the domain name server system. That makes tampering with the DNS as a means to limit access online content attractive to some. That said, the aftermath of the delisting of wikileaks.org showed, however, the organization was able to get another domain (wikileaks.ch) and mirror its content to over a thousand other servers.
At present, responsibility for addressing illegal activity on the Internet, particularly copyright, is spread throughout multiple parties. Copyright issues in the United States are addressed by a Digital Millennium Copyright Act (DMCA) takedown.
Let’s take a walk back through some important recent history on copyright legislation in the U.S. Senate. Last year, the “Combating Online Infringement and Counterfeits Act” (COICA) (S. 3804), introduced by Sen. Patrick Leahy on September 20, 2010, would have changed that dynamic. The bill, which passed the Senate Judiciary Committee, was meant to “fight online copyright infringement.”
The mechanisms in the bill for enforcement would have forced domain name registries to prevent resolution of domains that online users try to visit. (Sound familiar?) These registries are the companies and organizations that administer top-level domains like .com, .org, .net, and so on, not a second-level provider like GoDaddy, or a DNS provider like the one that delisted Wikileaks.
It’s worth considering how Wikileaks first lost its DNS registration for Wikileaks.org and then the ability to receive donations through PayPal. Another DNS provider put Wikileaks.org back online, but the precedent of how DNS could be used as a mechanism for censorship online was made.
Such precedents are important, both for networks within the borders of the United States and beyond. As more general top-level domains are rolled out by ICANN in the years ahead, more governments will receive control over commercial top-level domains.
If the United States Congress follows through in creating legislation, other governments will have cover and do the same with domains linked to websites that they declare are in violation of their own laws. Domestic actions on Internet policy, in other words, have global impact in a networked age.
COICA enforcement would have required financial transaction providers to prevent transactions for “customers located within the United States based on purchases associated with the domain name.” What was particularly notable about Wikileaks as a case study, then, was not the use of DNS, which the organization quickly routed around. It was how cutting off electronic payment mechanisms starved Wikileaks’ operation of funding. (The effectiveness of which was noted by Google’s Katherine Oyama last week during the hearing before the U.S. House.)
COICA received widespread criticism from civil liberties organizations, although not to the level that COICA’s descendants have more recently. Senator Leahy said that the “Chamber of Commerce, organized labor, content owners and a tremendous cross-section of industry groups all support this legislation.” On that count, COICA is supported by the Motion Picture Association of America, the U.S. Chamber of Commerce, the Screen Actors Guild, Viacom, and the International Alliance of Theatrical Stage Employees, Moving Picture Technicians, Artists and Allied Crafts of the United States. (These supporters should look familiar as well.)
COICA was opposed by organizations and individuals such as the CDT, the EFF, the Distributed Computing Industry Association, Tim Berners-Lee, the American Civil Liberties Union and Human Rights Watch.
As Mike Masnick wrote at TechDirt, the creator of the World Wide Web, Tim Berners-Lee, came out against COICA:
“We all use the web now for all kinds of parts our lives, some trivial, some critical to our life as part of a social world,” says Tim Berners-Lee, creator of the Web. “In the spirit going back to Magna Carta, we require a principle that: No person or organization shall be deprived of their ability to connect to others at will without due process of law, with the presumption of innocence until found guilty. Neither governments nor corporations should be allowed to use disconnection from the Internet as a way of arbitrarily furthering their own aims.”
Berners-Lee reiterated his opposition to the U.S. government censoring the Web last week.
ICE and the Internet
The concerns of the Internet community over the use of DNS for enforcement have played out over the last year. Those concerns emerged when the White House’s new intellectual property enforcement office indicated that the Immigration and Customs Enforcement (ICE) division of the Department of Homeland Security (DHS) would expand website takedowns to online pharmacies. The issues around the seizure of domain names became more complex over the 2010 Thanksgiving holiday, when online piracy enforcement moved to music blogs. The operator of one of those music blogs, Joe Hoffman, went on the record to the New York Times to state that his site had no information about what they were being charged with. This highlighted the due process and transparency issues around enforcement.
“A fundamental problem with the ICE seizures is insufficient regard for due process–the right of people to defend themselves before adverse actions are taken against them,” said John Bergmayer, staff attorney at Public Knowledge, a Washington, D.C.-based public interest group. “Various kinds of property seizures have been abused in other areas of the law for years. I think there’s an important distinction to be drawn on the domestic domain name vs. international domain name issue. In the one case it’s domain seizure, in the other it’s blocking.”
Bergmayer argues that when it comes to domestic domain names, the government has all the tools it needs to redirect domains. “This might be bad policy and law but it doesn’t really ‘break’ DNS per se — it uses extraordinary means to change what the canonical DNS entry is for a domain.”
When it comes to international domains, there are different considerations. “End-user ISPs and anyone who operates a DNS server in the U.S. can be directed to actually break DNS for particular sites,” said Bergmayer. “They are directed to not follow the canonical DNS entry. [There are] dumb technological problems with that — it both breaks the functioning of the Internet, could fragment it into various incompatible nets, raises security problems, and ultimately could be routed around with a simple Firefox plug-in.”
SOPA and Internet freedom
When asked about anti-piracy legislation by Rep. Howard Berman, Secretary of State Hillary Clinton said that there “is no contradiction between intellectual property rights protection and enforcement and ensuring freedom of expression on the Internet.”
Sohn disagrees. SOPA “undermines cybersecurity and encourages, country by country, balkanization of the Internet,” he said. “It’s a blunt instrument. It certainly will affect free speech.”
Wong similarly disputes that position. SOPA “is really hard to square with the United States’ current foreign policy goal of one Internet,” she said. “If adopted, it could have a real effect on human rights defenders. We’ve seen the ability of tools like Tor to help. If government creates obligations on these services to moderate the behavior of users, it will be hard.”
Should Secretary Clinton continue not to directly publicly comment upon these bills, she could be presented with an additional diplomatic headache: the European Parliament warned of global dangers from U.S. domain revocation proposals on Thursday.
Intermediary liability and ACTA
Another important element of the future of copyright at a global level surrounds the Anti-Counterfeiting Trade Agreement (ACTA), an agreement that would establish international standards for intellectual property.
Why does ACTA matter to the media and citizens? Consider the phrase “intermediary liability.” That’s the principle that websites on the Internet, like YouTube, Internet service providers, web hosting companies or social networks, should not be held liable for the content created or uploaded by their users.
White House deputy chief technology officer for Internet policy Danny Weitzner explained what intermediary liability is and why it matters in the context of copyright and the PROTECT IP Act at this year’s Web 2.0 Summit. Fast forward to minute 12:42 for his remarks.
“Requiring intermediary action is always troubling, but if you’re going to do it, it’s better to go after direct business relationships than more indirect or technical connections,” said Bergmayer. “Thus, one of the big problems with the ICE takedowns is the involvement of registries, who have no direct business relationship with the sites in question (and thus no incentive to try to protect their customers). Online service providers have sometimes been heroes in protecting their customers, and it’s good to try to preserve that dynamic.”
The Google Public Policy blog wrote about intermediary liability back in 2007, when India considered changes to its technology laws. As Doc Searls described it in his post on the Internet in China, holding content carriers accountable for copyright through intermediary liability can be thought of as a kind of “encirclement.”
That’s because, as MacKinnon wrote in her article on the Internet “self-discipline”, in China, “all Internet and mobile companies are held responsible for everything their users post, transmit, or search for.”
In theory, as the ACTA FAQ sheets from Canada state, the treaty is meant to focus on copyright issues, not free speech. In practice, as the EFF makes clear in its ACTA brief, the potential for intermediary liability to be an issue in other countries is a legitimate concern.
“When it comes to intermediary-directed actions, there’s a fundamental disagreement about whether those count as ‘enforcement’ provisions,” said Bergmayer. “I would argue that it goes beyond ‘;enforcement’ when you take a new party X and tell him he now is legally obligated to do something new. That’s the creation of a new obligation, forced deputization. To me, increased ‘enforcement’ means, basically, that cops start doing their job better, that courts process cases more quickly — not restructuring the balance of legal responsibilities.”
The EFF submitted its concerns about ACTA after the official request for comments last December. ACTA is “likely to cause harm to investment and innovation in the U.S. technology sector and to American citizens’ ability to engage in currently lawful conduct,” said Bergmayer.
On ACTA, Bergmayer made an important point relating to how the U.S. Trade Representative (USTR) tries to frame it as non-binding is often lost.
“The agreement is binding from an international law perspective, and the U.S.TR can’t do anything about that. If the U.S. is out of compliance, other countries would have all the usual remedies against the U.S. in international bodies. In U.S. courts, it would not be binding, but only persuasive,” he said.
What’s at stake for the open Internet with ACTA, SOPA and PROTECT IP Act? It’s “what’s been at stake for more than 15 years: the possibility that a coalition of forces who are afraid of the Internet will shut it down,” Harvard Law professor Yochai Benkler told me at the eG8 forum this spring. I saw Benkler again at the Club de Madrid annual conference this past week and talked more with him about the challenges to the Internet as we know it today, including SOPA. He mentioned that his paper on the latter bill had been receiving more attention and was more relevant in the context of the introduction of the former bill. The paper compares the attack on Wikileaks to key elements of PROTECT IP on a deep level.
“There is still a very powerful counter argument, one that says both for innovation and for freedom, we need an open Net,” he said. “Both for growth and welfare, and for democracy and participation, we need to make sure that the Internet remains an open Internet, remains a commons we all share, remains neutral at all layers, the physical layer, at the logical layer, at the data layer, at the content layer — at all of these layers, we must have an open Internet. That’s still very strong, but it seems more threatened today than it has been for five or six years. We seem to be closer to the risk we were at in the late ’90s, than the risk we were at five years ago.”
The sleeping Internet giant awakes
In the weeks since SOPA was introduced, the technology media has done a creditable job raising awareness about the bill, albeit with some rhetoric that might mask the genuinely substantive concerns about its provisions. A coalition of organizations that oppose the bill created a website, FightForTheFuture.org, and a simple video that asserts that “PROTECT IP Breaks the Internet.”
Mike Masnick has being blogging non-stop at TechDirt. The EFF has documented an explosion of opposition to the bill, including venture capitalists like Albert Wenger, Brad Burnham, Fred Wilson and many others opposed to the PROTECT IP Act in a letter to Congress. In a rare journey to the nation’s capital, Wilson and others visited Capital Hill this fall in an effort to explain to lawmakers why this approach is problematic.
They’re far from alone. AOL, Yahoo, Google, Facebook, Twitter, eBay, LinkedIn, Mozilla and Zynga wrote a letter to Congress opposing SOPA.
I joined “The Alyona Show” to talk about growing opposition from the tech industry to the SOPA last week. The show’s producers read my article in the Huffington Post, “Internet Companies and Lawmakers Speak Out Against the Stop Online Piracy Act,” and asked me to come in to talk about it.
As the CDT has cataloged, there’s a growing chorus of opposition to SOPA.
That rising tide begs a questions: If Congress declared war on the Internet, as GigaOm’s Mathew Ingram put it, what happens if the Internet fights back?
Last week, websites across the Internet joined in “American Censorship Day” and encouraged citizens to contact their representatives. A White House epetition to “Stop the E-PARASITE Act” gained 18,000 signatures, which means that the White House will respond to it. An Avaaz petition to “Save the Internet now has more than 517,000 signatures.
In what looks like a new horizon for Internet activism, Tumblr said that its users were averaging 3.6 calls every second to Congress at one point using an innovative Internet “click to call” tool the blogging platform created to “protect the Net.” Tumblr’s historic day resulted in 87,834 call to representatives averaging 53 seconds per call.
Reddit galvanized its substantial community around censorship. The Reddit community also crowdsourced discovery and aggregation of potentially infringing content on the congressional websites of the representatives that sponsored the legislation. As Ars Technica reported, however, SOPA sponsors are probably not about to make themselves felons.
OpenCongress logged 53,000 site visits and 65,000 pages views to its SOPA and PROTECT IP Act information, with 810 emails sent from the public to Congress. OpenCongress has been hosting an important experiment in open government over the past few days: a public markup of SOPA, where citizens comment on provisions in the bill text.
Will any of these online efforts have an offline impact? Over at Forbes, Kashmir Hill took an in-depth look at whether Internet lobbying can be as effective as money spent in Washington, but the question about impact is left unanswered. We’ll see. To know whether all of that effort made a difference, we’d need to know whether the bill was subsequently amended (not yet), withdrawn (unlikely), voted down (no opportunity yet), or if more lawmakers come out against it. Pelosi did so last week, although it’s not clear if online activism prompted the move.
The bottom line here is that, as currently drafted, SOPA and the PROTECT IP Act have the potential to negatively affect innovation and Internet security, and enshrine into law the principle that a website hosting user-generated content is liable for any infringing content posted to it. The bills would increase the regulatory burden upon both startups and huge Internet companies, including new requirements to track users in ways that might be conflict with the Federal Trade Commission’s (FTC) instructions to create “privacy by design.”
“It’s not possible to predict the future, but it is possible to shape it for good or ill,” Tim O’Reilly said in our interview. “There is a clear and present danger to the future. The threat isn’t online piracy. It is ill-considered laws driven by the narrow interests of companies that are unable to compete in a changing marketplace.”
As the importance of the Internet as a platform for collective action, commerce, open government and media grows, so too does the need for citizens, officials and journalists to understand how it works.
“Washington is sometimes rightfully criticized for harboring some crazy ideas when it comes to the Internet,” wrote Nancy Scola in Salon. “But the federal government has gotten some basic things very right, from funding the Internet in its early stages to having the wisdom to enshrine Section 230 and the safe harbors. It would be a shame to see Congress trash that legacy with a single bill.”
Digital literacy involves much more than knowing how to manage Facebook privacy settings, download software updates or choose strong passwords. Similarly, civic literacy involves more than knowing where to vote once every two or four years. If you use social media, watch online video, work on open source software, run an online business or believe in the Internet, it’s long past time to become more literate on both counts.
Most American citizens oppose government involvement in blocking access to content online, particularly when the word “censor” is accurately applied. When asked if ISPs, social media sites and search engines should block access — as they would under SOPA — only a third of Americans agree.
Negative attention and significant questions about innovation and cybersecurity appear to have harmed the prospects for SOPA in the U.S. House. While the SOPA debate is far from over, Congressman Issa said on Friday that efforts to grease the skids of SOPA had failed.
Whatever your opinion of SOPA, the PROTECT IP Act or other proposed legislation, there are now a growing number of digital tools to become better informed and to let your legislators know where you stand. Learn more about SOPA. It’s never been easier to do so. It is, after all, your Internet.