2012-01-11

SOPA: An Architecture for Censorship

Posted by Julian Sanchez at http://www.cato-at-liberty.org/sopa-an-architecture-for-censorship/


The Stop Online Piracy Act—a bill misleadingly named for its aspirations, not its probable effect—has provoked an outpouring of justified opposition, much of it centered on two primary concerns: The virtual certainty that it will result in the ancillary blocking of much legitimate free speech, and the damage it would do to the basic architecture of the open Internet. One point I haven’t seen pressed forcefully enough thus far, however, is that architectural and free speech concerns are not entirely independent. The practical effect of SOPA will be to create an architecture for censorship—both legal and technological—that will radically alter the costs of engaging in future censorship unrelated to piracy or counterfeiting.
SOPA is a 70 page statute establishing a detailed legal process by which the Justice Department can initiate blocking of supposed pirate domains by ISPs and search engines, and by which private parties can seek orders requiring payment processors and ad networks to sever ties. After flying largely below the radar of public attention for many months, we’re finally seeing sustained scrutiny and fierce debate over the bill. But the portion of the bill laying out the specific types of criminal conduct that trigger this Rube Goldberg censorship machine occupy just a couple of paragraphs. With the legal framework in place, expanding it to cover other conduct—obscenity, defamation, “unfair competition,” patent infringement, publication of classified information, advocacy in support of terror groups—would be a matter of adding a few words to those paragraphs. One sentence slipped in as a rider on some must-pass omnibus bill would do it: “Section 102(2)(B) is amended to add ‘or civil action under 17 USC §271′.”—voila, a nuclear weapon for patent trolls.
Then there’s the technological architecture. If SOPA passes, thousands of commercial ISPs, colleges, small businesses, nonprofits, and other entities that maintain domain servers are going to have to reconfigure their networks, potentially at substantial cost, in order to easily comply with the new law. There is an introductory clause in the latest version of the bill stipulating that no network operator will be required to implement a specific technology or redesign their networks in any particular manner in order to be considered in compliance. But let’s think realistically about what compliance will look like. Genuine “rogue sites” often operate via dozens of different domains, which means we’re apt to see regular updates to the government’s standing blacklist, potentially adding dozens or hundreds of domains in one go. Any sane network operator is just going to build a filter that reads off the current list of banned domains from a government feed and automatically stops resolving them. (This will, incidentally, be an enormously attractive attack surface for hackers: Spoof the SOPA feed—either at the source or to a particular provider—and you’ve got an instant bulk denial of service attack!)
Once the up-front costs of implementing that filter mechanism are paid, the marginal cost of additional censorship is effectively zero for the providers. It won’t much matter to the providers, at that point, whether the blacklist contains 10 domains or 10,000. The technology itself, needless to say, will be indifferent to the rationale for blacklisting. The filter will just automatically implement the list of domains it’s given; it won’t know or care whether they’re being blocked for hosting pirated movies, Hamas propaganda, or the Pentagon Papers.
These twin architectures will obliterate major institutional barriers to Internet censorship generally, not just censorship for antipiracy purposes.  Political actors—or special interest groups—who want to expand the scope of blocking will no longer have to justify putting in place a wholly new system of Internet blocking. Instead, the rhetorical question will become: Now that we’ve got this whole filter architecture in place for music and movie pirates, how can we possibly justify not using it for sites that host terrorist propaganda or classified documents, for sites that implement a patented business model without permission, for sites enabling speech some U.S. court has held libelous, and for whatever new moral panic is gracing the cover of Time in five years. Surely you’re not suggesting that illicit downloads of Norbit are a bigger problem than whatever outrage Joe Lieberman is fulminating against this week, are you?
Changing legal and technological architectures also changes the costs of future political decisions that make use of those architectures. Speech is more likely to stay free when censorship isn’t. The cheaper the muzzle, the dimmer the prospects for online expression.

No comments:

Post a Comment