Quantum Windbag
Gold Member
- May 9, 2010
- 58,308
- 5,101
- 245
SOPA is not dead, they just want to slap a new coat of paint on it.
https://www.cdt.org/blogs/david-soh...-sopa-some-welcome-cuts-major-concerns-remain
On the negative side, serious problems remain. SOPA would still carry dangerous consequences for innovation in online communications tools, for online free expression, and for cybersecurity.
The bill still includes domain-name filtering the very tactic CDT warned the Committee against in our March hearing testimony and in much of our writing on the topic ever since. The new version may not strictly require ISPs to engage in domain-name filtering, but it does demand that they take steps to prevent access to targeted websites. And it states that if they employ domain-name filtering, they get safe harbor certainty that they have sufficiently complied. So its pretty clear what any competent general counsel would recommend that the ISP do. Its worth noting, too, that this obligation can be put on any service providers, a term defined in the bill as an operator of a nonauthoritative domain name server a pretty strong signal that DNS filtering is whats really on the table. And really, what other viable tactics would an ISP have at its disposal? Other means of preventing access involve constant surveillance of the bitstream of the ISPs entire user base in order to identify communications with rogue sites. Thats not an appealing option from a cost perspective or from a privacy perspective.
In short, the practical result of requiring ISPs to prevent access will be domain-name filtering. And that carries all the negative consequences that CDT has previously described. It undermines cybersecurity, sets a dangerous international precedent towards further balkanization of the Internet, and risks inadvertent impact on lawful content.
The amendment tries to sidestep the cybersecurity problems of domain-name filtering in a few different ways. All are unsuccessful. First, it states that ISPs need not re-direct traffic (the bill previously had contemplated re-directing users to a DoJ warning page, but re-direction is blatantly inconsistent with the emerging security upgrade known as DNSSEC). But simply not answering domain name requests leaves users in limbo, with the impression that something is broken. ISPs cant afford a new barrage of service calls from confused subscribers. If they have to do domain-name filtering, theyre going to want to provide re-direction to some kind of explanation. They cant do that and implement DNSSEC too. So the bottom line is, the bill would create a strong incentive for ISPs not to move forward with DNSSEC. Thats a blow to security.
Moreover, domain-name filtering causes significant security problems even without re-direction. Top domain name system (DNS) engineers have made this point directly; DNSSEC cant play its intended role as a valuable security platform if government creates a gaping ambiguity and loophole by demanding that ISPs take actions that, from the technical DNSSEC perspective, are indistinguishable from true attacks. And as Sandia National Labs described in its discussion of the cybersecurity threat posed by DNS filtering, the tactics security risks are not limited to the negative impact on DNSSEC.
Second, the amendment tries to brush off cybersecurity problems by saying that nothing in the bill shall be construed to create obligations that would impair the security or integrity of the domain name system. But courts, tasked with ruling in particular cases, wont have the relevant evidence or expertise to draw conclusions about the overall impact on the domain name system. Domain-name filtering is expressly cited in the bill as a way for ISPs to comply with the legislation; would a court really conclude that the bills general statement about DNS security and integrity is intended to override the explicit approval of domain-name filtering? Moreover, court orders are likely to direct ISPs to prevent access and then leave to ISPs the question of how to do it. Since the court isnt ordering specific action, its unlikely to feel it is in any position to analyze specific consequences for DNS security.
Third, the amendment calls for a study of the effects of the ISP obligation to prevent access. This is shoot first, ask the tough questions later. The impact of imposing filtering obligations on ISPs should be fully considered before it is written into federal statute. After all, the bill does not contain any sunset provision; the measures it proposes would, if enacted into law, likely be with us for a long, long time.
The amendments modified definition of sites that can be targeted for suits by the Attorney General remains entirely open-ended. Any site is subject to prosecution as an infringement site if its domain name, were it domestic, would be eligible for seizure. Seizure law allows for seizure of any property that is used in any manner or part to commit or facilitate illegal activity. That means a website with 99% lawful activity and no bad intent can qualify as an infringement site based on a small amount of infringing activity by users. End result: The A.G. would have carte blanche to go after virtually any user-generated content site, whenever it wants to. They are all punishable as infringement sites by the terms of this bill.
By including a private right of action, the amendment still undermines the predictable legal environment that the DMCA sought to create for online services. Under current law, a site that complies with section 512 of the DMCA gets safe harbor protection against copyright suits seeking monetary damages. But under SOPA, that same site could still face lawsuits seeking to cut off its sources of revenue. In effect, a litigious rights holder gets a second bite at the apple, this time without having to worry about that pesky safe harbor. Thats bad for online innovation, as it gives rights holders a powerful club with which to threaten emerging online services.
That risk might be reduced if the private right of action were strictly limited to foreign entities that would otherwise be outside U.S. jurisdiction. But the bill would allow suits against any website registered to a non-U.S. domain name, even if the parent company is U.S.-based. So U.S. Internet companies with sites registered in foreign country domains would be fair game. Thats evident from the fact that the bill, in both sections 102 and 103, talks about in personam actions it envisions actions against parties that are fully subject to U.S. jurisdiction, even though such parties are already subject to strong legal tools to address infringement.
https://www.cdt.org/blogs/david-soh...-sopa-some-welcome-cuts-major-concerns-remain
Last edited: