America is moving to censor the Internet. The PROTECT IP and Stop Online Piracy Acts have received considerable attention in the legal and tech world; SOPA’s markup in the House occurs tomorrow. I’m not opposed to blacklisting Internet sites on principle; however, I think that thoughtful procedural protections are vital to doing so in a legitimate way. Let me offer six things that are wrong with SOPA and PROTECT IP: they harm cybersecurity, are wildly overbroad and vague, enable unconstitutional prior restraint, undercut American credibility on Internet freedom, damage a well-working system for online infringement, and lack any empirical justification whatsoever. And, let me address briefly Floyd Abrams’s letter in support of PROTECT IP, as it is frequently adverted to by supporters of the legislation. (The one-word summary: “sellout.” The longer summary: The PROTECT IP letter will be to Abrams’ career what the Transformersmovie was to that of Orson Welles.)
- Cybersecurity – the bills make cybersecurity worse. The most significant risk is that they impede – in fact, they’d prevent – the deployment of DNSSEC, which is vitally important to reducing phishing, man-in-the-middle attacks, and similar threats. Technical experts are unanimous on this – see, for example, Sandia National Laboratories, or Steve Crocker / Paul Vixie / Dan Kaminsky et al. Idiots, like the MPAA’s Michael O’Leary, disagree, and simply assert that “the codes change.” (This is what I call “magic elf” thinking: we can just get magic elves to change the Internet to solve all of our problems. Congress does this, too, as when it includes imaginary age-verifying technologies in Internet legislation.) Both bills would mandate that ISPs redirect users away from targeted sites, to government warning notices such as those employed in domain name seizure cases. But, this is exactly what DNSSEC seeks to prevent – it ensures that the only content returned in response to a request for a Web site is that authorized by the site’s owner. There are similar problems with IP-based redirection, as Pakistan’s inadvertent hijacking of YouTube demonstrated. It is ironic that at a time when the Obama administration has designated cybersecurity as a major priority, Congress is prepared to adopt legislation that makes the Net markedly less secure.
- Wildly overbroad and vague– the legislation (particularly SOPA) is a blunderbuss, not a scalpel. Sites eligible for censoring include those:
-
- primarily designed or operated for copyright infringement, trademark infringement, or DMCA § 1201 infringement
- with a limited purpose or use other than such infringement
- that facilitate or enable such infringement
- that promote their use to engage in infringement
- that take deliberate actions to avoid confirming high probability of such use
If Flickr, Dropbox, and YouTube were located overseas, they would plainly qualify. Targeting sites that “facilitate or enable” infringement is particularly worrisome – this charge can be brought against a huge range of sites, such as proxy services or anonymizers. User-generated content sites are clearly dead. And the vagueness inherent in these terms means two things: a wave of litigation as courts try to sort out what the terminology means, and a chilling of innovation by tech startups.
-
- Unconstitutional prior restraint – the legislation engages in unconstitutional prior restraint. On filing an action, the Attorney General can obtain an injunction that mandates blocking of a site, or the cutoff of advertising and financial services to it – before the site’s owner has had a chance to answer, or even appear. This is exactly backwards: the Constitution teaches that the government cannot censor speech until it has made the necessary showing, in an adversarial proceeding – typically under strict scrutiny. Even under the more relaxed, intermediate scrutiny that characterizes review of IP law, censorship based solely on the government’s say-so is forbidden. The prior restraint problem is worsened as the bills target the entire site via its domain name, rather than focusing on individualized infringing content, as the DMCA does. Finally, SOPA’s mandatory notice-and-takedown procedure is entirely one-sided: it requires intermediaries to cease doing business with alleged infringers, but does not create any counter-notification akin to Section 512(g) of the DMCA. The bills tilt the table towards censorship. They’re unconstitutional, although it may well take long and expensive litigation to demonstrate that.
- Undercuts America’s moral legitimacy – there is an irreconciliable tension between these bills and the position of the Obama administration – especially Secretary of State Hillary Clinton – on Internet freedom. States such as Iran also mandate blocking of unlawful content; that’s why Iran blocked our “virtual embassy” there. America surrenders the rhetorical and moral advantage when it, too, censors on-line content with minimal process. SOPA goes one step farther: it permits injunctions against technologies that circumvent blocking – such as those funded by the State Department. This is fine with SOPA adherents; the MPAA’s Chris Dodd is a fan of Chinese-style censorship. But it ought to worry the rest of us, who have a stake
Comments
“Technical experts are unanimous on this”… I think that’s the problem here, right? The PROTECT IP movement isn’t some organic thing born of science and logic, but industries that feel threatened lashing out against something they don’t understand, and using the government as a part of that campaign.
Posted by: Beckley Mason | Dec 16, 2011 1:11:33 PM