Posted by
On Thursday, the House Judiciary Committee is slated to take up the misleadingly named Stop Online Piracy Act, an Internet censorship bill that will do little to actually stop piracy. In response to an outpouring of opposition from cybersecurity professionals, First Amendment scholars, technology entrepreneurs, and ordinary Internet users, the bill’s sponsors have cooked up an amended version that trims or softens
a few of the most egregious provisions of the original proposal,
bringing it closer to its Senate counterpart, PROTECT-IP. But the
fundamental problem with SOPA has never been these details; it’s the
core idea. The core idea is still to create an Internet blacklist, which
means everything I say in this video still holds true:
Let’s review the main changes. Three new clarifying clauses have been
added up front: the first two make clear that SOPA is not meant to
create an affirmative obligation for site owners to monitor user content
(good!) or mandate the implementation of technologies as a condition of
compliance with the law (also good!). But the underlying incentives
created by the statute push strongly in that direction whether or not
it’s a formal requirement: What else do we imagine sites
threatened under this law because of user-uploaded content or links will
do to escape liability? A third clause says the bill shouldn’t be
construed in a way that would impair the security or integrity of the
network—which is a bit like slapping a label on a cake stipulating that
it shouldn’t be construed to make you fat. These are all nice
sentiments, but they remind me of the old philosophers’ joke: “You’ve
obviously misinterpreted my theory; I didn’t intend for it to have any counterexamples!”
The big changes in the section establishing court-ordered blocking of
supposed “rogue” sites appear to be intended to respond to the objections of cybersecurity professionals
and network engineers, who pointed out that requiring falsification of
Domain Name System records to redirect users from banned domains would
interfere with a major government-supported initiative to secure the
Internet against such hijacking. The updated language explicitly
disavows the idea of redirection, removes a hard five-day deadline for
compliance, and (crucially) says that any DNS operator (like your ISP)
has fully satisfied its obligations under the statute if it simply fails
to respond to DNS queries for blacklisted sites.
This is bad for transparency, in both the engineering and democratic
senses of that term, insofar as it makes a government block
indistinguishable from a technical failure, but it does, in a sense,
address the direct conflict with DNSSEC. But as network engineers point out,
a well-designed application implementing DNSSEC isn’t just going to
give up when it doesn’t get a valid, cryptographically signed reply:
it’s going to try other DNS servers (including servers outside US
jurisdiction) until it finds one that answers.
There are two possibilities here. The first is that application designers don’t design
their software properly to implement DNSSEC for fear of liability under
the statute’s anti-circumvention provisions, which would be a Very Bad
Thing. The second is that they’re assured they won’t be held liable for
good design, in which case this whole elaborate censorship process—which
was never going to be particularly effective against people who
actually want to find pirated content—becomes a truly farcical
pantomime, in which nobody running reasonably up-to-date clients even
notices the nominal “blocking,” beyond a few seconds delay in resolving
the “blocked” site. Now, if we’ve got to have an Internet
censorship law, a completely impotent one is surely the best kind, but
it becomes a bit mysterious what the point of all this is, beyond
providing civil libertarians with a chuckle at the vast amount of money Hollywood has wasted ramming this thing through.
The other big change is to the private right of action, which
previously would have allowed any copyright holder to unilaterally
compel payment processors and ad networks to cut off sites that it
merely accuses of infringement, or enabling infringement, or (in a
baffling specimen of tortured language)
taking “deliberate actions to avoid confirming a high probability” that
the site would be used for infringement. That last little hate crime
against English is mercifully absent from the revised SOPA, and it makes
clear that only foreign sites are covered, and a judge is now required
to actually issue an order before intermediaries are obligated to sever
ties.
Which ultimately goes to show that the original proposal was so
profoundly wretched that you can improve it a great deal, and still have
a very bad idea. This is still, as many legal scholars
have correctly observed, censorship by slightly circuitous economic
means. The involvement of a judge should (knock on wood) weed out the
most obviously frivolous complaints, but it still makes it far too easy
for U.S. corporations to effectively destroy foreign Internet sites
based on a one-sided proceeding in U.S. courts.
These changes are somewhat heartening insofar as they evince some
legislative interest in addressing the legitimate concerns that have
been raised thus far. But the problem with SOPA and PROTECT-IP isn’t
that they need to be tweaked in order to get the details of an Internet
censorship system right. There is no “right” way to do Internet censorship, and the best version of a bad idea remains a bad idea.
No comments:
Post a Comment