SOPA, OPEN and the fight for the Internet

1Executive Summary

The Digital Millennium Copyright Act (DMCA) has plenty of critics. Many resent the way that copyright holders can use the law to force YouTube and other “user-generated content” sites to take content down, even if that content has not been proved to be infringing. But new antipiracy legislation recently proposed in Congress and known as the Stop Online Piracy Act (SOPA) would take those kinds of measures even further. Some — including experts in copyright law and freedom of speech and creators of the modern Internet like Vint Cerf — argue the new legislation would fundamentally impair the way the Internet functions and would impose unreasonable (and possibly even unconstitutional) sanctions on free speech on the web.

SOPA is the latest version of new antipiracy legislation that has been proposed by both the House of Representatives and the Senate. It is the House version of what used to be called the E-PARASITE Act (which stood for “Enforcing and Protecting American Rights Against Sites Intent on Theft and Exploitation”); the Senate’s version of the same legislation is called the PROTECT-IP Act (PIPA), an abbreviation for “Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property.” The new legislation has been put on hold but will likely be revived for debate in the Senate in early 2012.

Like the DMCA, all of these variations on antipiracy law have been created by U.S. legislators due to pressure from the media and entertainment industries, which believe billions of dollars in potential sales of movies, music, software and other products is being jeopardized by “rogue websites” that offer copyright-infringing versions of their content. But critics of SOPA — which recently went through a debate in the House and drew a number of amendments from both parties — say the cure is worse than the disease.

The “Internet death penalty”

The most serious aspect of the law is what some have called the “Internet death penalty,” which would require Internet service providers to remove infringing websites completely at the request of the government or the courts. They would do this by blocking any requests to the central domain-name system that directs Internet traffic. On top of that, ISPs would also be forced to monitor their users’ behavior in order to police acts of copyright infringement and could face severe sanctions if they don’t do so.

Legal experts say the proposed legislation would also be unconstitutional because it is an unreasonable restraint on freedom of speech. In most cases, speech that is illegal has to be shown to be so in a court hearing before penalties are assessed. SOPA, however, would give private companies what is called a “right of action,” which would allow them to remove websites from the Internet with only a court order. And ISPs aren’t the only providers who would be pressed into service as “copyright police” under the act: Payment companies such as PayPal would also be required to cut off service to infringing websites, just as it did with WikiLeaks after the government said it was investigating the organization.

A number of critics have pointed out that the proposed law would allow copyright holders to get around the so-called “safe harbor” protections in the Digital Millennium Copyright Act, including the provisions that protect web services such as YouTube from penalties if they agree to remove infringing content once they are notified about it by copyright holders. Any service or software that could be used to gain access to the “rogue websites” described by the law, such as proxies or other domain-routing services, would also be illegal. And because of the way the law is structured, ISPs and others would be encouraged to take websites down or cut them off before any charges were proven, to gain immunity from prosecution themselves.

Many see the law’s creating what amounts to a U.S. version of the “Great Firewall of China,” which is the term for the various snooping tools and restrictions that the totalitarian government in China uses to keep its citizens from accessing certain websites. Google, which fought with the Chinese government over requests to block certain information or turn over data on users, has come out against SOPA, as have many other technology entrepreneurs and Internet pioneers.

The OPEN Act — a possible alternative?

In addition to the battle to keep SOPA from passing, there is also a bipartisan attempt at an alternative called OPEN, otherwise known as the Online Protection & Enforcement of Digital Trade Act. It is being promoted by Sen. Ron Wyden (D-Ore.) and Rep. Darrell Issa (R-Calif.), both strong critics of SOPA and PROTECT-IP. Among other things, the legislation tries to narrow down the definition of what constitutes an “infringing site.” Under SOPA, a site could be defined as a rogue website and therefore threatened with potential deletion from the Internet even for accidental infringement (which user-generated content sites like Reddit said would make it impossible for them to exist). But OPEN would narrow that to concentrate on sites that were “dedicated to infringing activity.”

The OPEN proposal would also put another legal step between the decision by a copyright holder to take action and the removal of a site from the Internet. It would hand arbitration for these kinds of disputes over to the International Trade Commission, which would have to hear a case before deciding whether it met the criteria. The Electronic Frontier Foundation has said that it supports the Wyden-Issa legislation for a number of reasons:

  • It doesn’t require ISPs or search engines to remove websites and therefore “the DNS System remains intact.”
  • The definition of targeted sites has been “significantly narrowed” and includes only those “dedicated to infringing activity.”
  • The International Trade Commission is tasked with investigating complaints, and it is typically “transparent, quick and effective” and includes more protection for due process than SOPA or PIPA.

One of the biggest fears about SOPA is that because the act is worded so broadly and ISPs and other providers are encouraged to shut down potential infringers even before they have been shown to be infringing, user-generated content sites of all kinds are at risk of being shut down or having their payment methods cut off. Rebecca MacKinnon, the co-founder of the global blogging network Global Voices, has said that doing this could easily cripple the ability of dissidents around the world to get their messages out, if the sites they use are even implicated in piracy. Some have even worried that YouTube could be targeted. And businesses large and small could be driven under, because payment companies would cut off their websites rather than risk being drawn into such a case, and in order to get immunity.

Although substantial opposition to SOPA has emerged since the bill entered the House — including letters that have been sent to Washington by groups of entrepreneurs, venture capitalists, artists and other groups — there is still a lot of support for the bill in both the House and the Senate, and a lot of deep pockets in the media and entertainment industries are interested in seeing it proceed. Whether OPEN or some other alternative can emerge or amendments can blunt some of the worst elements of the law will not be clear until well into 2012.

You must be logged in to post a comment.
41 Comments Subscribers to comment
  1. Richard Bennett Monday, January 2, 2012

    The problem with this analysis is that it fails to distinguish the current SOPA bill – The “Manager’s Amendment” of Dec. 12th – from the first draft. All of the criticisms the author cites pertain to the first draft, and the Manager’s Amendment dealt with them by narrowing the scope of the bill substantially.

    One area of interest: the first draft applied to both US-based services and to overseas ones, but the current draft only applies overseas.

    Another big change relates to DNS. The first draft mandated DNS redirection, which is what the technical people complained about. The current draft allows non-response or response refusal, neither of which conflict with future DNS security.

    It’s not particularly helpful to repeat the criticisms after they’ve been addressed in the amended bill.

    1. Mandatory redirection was one of the objections of the security folks, not the only one. Whether DNS lookup requests are redirected or merely ignored, the enforcement mechanism in the revised bill still amounts to a man-in-the-middle attack, which is precisely what DNSSEC is designed to prevent, as you well know Richard. Browsers and other applications would still be left with the problem of trying to determine whether the man in the middle is the attorney general with a court order or a malicious actor. Dropping the redirection requirement doesn’t really resolve the problem, so to speak.

      1. That’s not quite correct, Paul. There’s a third option for DNS, the “Refuse to answer for policy reasons” response. Some DNS-heads are claiming that this looks man-in-the-middle-ish, but that’s not a credible analysis. The affirmative Refuse answer isn’t signed, but there’s no realistic probability of spoofing it because the connection between client and server is in the scope of the ISP’s first hop.

      2. It’s not a question of what it looks like, or whether it can be spoofed. It *is* a man in the middle, by design. The bill still requires applications to leave themselves open to man in the middle attacks because some of those men in the middle may come bearing court orders. I don’t see how you can argue that such an arrangement is not less secure than the alternative.

        In any case, my original point was a limited one. I don’t think that dropping the redirection requirement, by itself, is a sufficient answer to the questions raised by the DNS-heads. I wasn’t commenting on the rest of Matthew’s analysis.

      3. Perhaps I should say that the Manager’s Amendment resolves legitimate concerns, but that hasn’t stopped some people from claiming it opens a security hole. In fact, there is no man in the middle attack, there’s a non-cooperation mode in its place. This makes DNS no less secure than it is today or than it will be in the future.

        One thing that’s come out of this debate is the realization that DNSSEC has a gaping hole in first-hop signalling.

    2. Thanks for the comments, Richard (and Paul). You are right that some of the criticisms of SOPA were dealt with in the amendments, although I don’t think it’s fair to say that all of them were — or that the amendments make the bill as a whole any more palatable either from a technology or a legal perspective. But perhaps it would be worth adding an update to this report about the amendments and their relative pros and cons. Thanks for the feedback.

      1. Even with the elimination of the DNS redirection requirement, the Manager’s Amendment does raise eyebrows. Some people claim, falsely in my opinion, that it makes the DNS less secure by refusing to answer questions about the IP addresses of banned sites.

        The refusal of the SOPA-haters to acknowledge that DNS Response Code “Refuse to Answer for Policy Reasons” is not a “manin the middle attack” by any reasonable use of the term is a story in itself. The difference, of course, is that attack provide false information and there are ways to comply with SOPA that don’t send false information.

  2. M. R. Pamidi, Ph. D. Monday, January 2, 2012

    The ignorance, greed, and cluelessness of Hollywood and the media industry never cease to amaze me. For a long time they fought Napster, BitTorrent and other file-sharing tools until Steve Jobs taught them them how to make money using the Internet and web. Now, they have enough lobbyists in Washington to push SOPA, E-PARASITE, and PROTECT-IP. The old saying, “In Silicon Valley they make sales; in Hollywood make deals,” still holds true.

    Hollywood should be stopping piracy in China and other countries and not waste time on passing legislation in Washington. When will Hollywood ever wake up to the 21st century and learn?

Explore Related Topics

Learn about our services or Contact us: Email / 800-906-8098