Following last week's Backspin, reader Alex Gonzales (Sweetwater, Texas) wrote to me: "Just read your SOPA article and I guess I'm just not seeing the big picture. If the Stop Online Piracy Act (SOPA) and Protect Intellectual Property Act (PIPA) could put an end to online piracy and stop a lot of those damn viruses, maybe even stop hackers -- what's bad about that? You say bad for business, bad for Internet -- but how? How is stopping/policing the bad stuff on the Internet bad? Give me some real reasons as to why [SOPA/PIPA] is bad. And don't tell me to go read the SOPA/PIPA bills in their entirety."
I figure that if Alex is asking these questions then so are lots of other people. So, let's dissect the issues of SOPA and PIPA and figure out why these proposed attempts at legislation are so misguided and downright dangerous.
First, let me point out the SOPA and PIPA don't address and will do little to stop virus and malware distribution, and will definitely do nothing to reduce hacking (indeed, as we will see, SOPA and PIPA may well make hacking easier!).
ANALYSIS: SOPA and PIPA: What went wrong?
OK, so, what's the problem that SOPA and PIPA are trying to address? Simple. There are many people who have no qualms about acquiring and sharing the intellectual property of others without paying for it.
What these crooks are doing is purely and simply stealing; they are "pirating" and distributing content such as music, books, videos, movies and software, and hawking knockoffs of tangible goods such as pharmaceuticals, brand name handbags, perfumes ... you name it. This is big business.
Not surprisingly and not unreasonably, the people who produce these products and the people assigned to manage the sale and distribution of said products are, to say the least, not happy. The Internet makes it easy to set up a website to promote, sell and distribute these pirated and fake products.
So, who represents the content owners? Over the years this contingent has evolved and now includes powerful trade organizations such as the Recording Industry Association of America (RIAA) and the Motion Picture Association of America (MPAA).
These are very well-heeled groups whose lobbying efforts operate on an amazing scale and who have been among the greatest supporters of legislation targeted at improving the ability of law enforcement to stop the distribution of pirated intellectual property. For the sake of simplicity, let's refer to the content rights holders and their trade organizations collectively as "Big Media."
Now, I think all of us law-abiding citizens respect the rights of content owners and see piracy as morally corrupt and antisocial. We'd support laws that made it easier for companies and organizations to defend and control the duplication and distribution of their intellectual property, but only insofar as those laws might actually address the real issues, don't allow for over-reaching, and aren't obviously ripe for creating unintended consequences.
So, what about SOPA and PIPA? The core idea of these proposed laws that have been aggressively (and expensively) lobbied for by the likes of Big Media, would allow a company that believes, rightly or wrongly and for substantive reasons or simply because it fulfills their commercial or political agenda, to file a complaint with the U.S. Department of Justice that a website was infringing their intellectual property rights.
A complaint to the DOJ under SOPA and PIPA could result in the accused website being taken offline ... not by actually shutting it down, but by requiring Internet Service Providers (ISPs) to disable the resolution of the site's name by the Domain Name Service to an IP address. If DNS resolution is prevented then the site effectively disappears from the Internet.
What evidence would the DOJ require to force this to happen? Merely a detailed complaint conforming to the acts' requirements, which are minimal. The alleged offending site would have little or no opportunity to defend itself before it disappeared from the 'Net.
Now a constitutional requirement in American law is for "due process" ... this is, according to The Free Dictionary: "A fundamental, constitutional guarantee that all legal proceedings will be fair and that one will be given notice of the proceedings and an opportunity to be heard before the government acts to take away one's life, liberty, or property. Also, a constitutional guarantee that a law shall not be unreasonable, arbitrary, or capricious."
The explanation continues, "The constitutional guarantee of due process of law, found in the Fifth and Fourteenth Amendments to the U.S. Constitution, prohibits all levels of government from arbitrarily or unfairly depriving individuals of their basic constitutional rights to life, liberty, and property."
So, what has to be done to violate due process? Simple, take action against an alleged offender depriving them of life, liberty or property without the alleged offender being given the opportunity to defend themselves. As would be the case with a website accused under SOPA and or PIPA of infringing property rights.
While the legal issues are monumental there are other serious consequences to manipulating the DNS service, and Wikipedia has a good summary of many of these issues.
For example, messing with the DNS service would effectively compromise Internet security. A white paper by Steve Crocker, Danny McPherson, Dan Kaminsky, David Dagon and Paul Vixie titled "Security and Other Technical Concerns Raised by the DNS Filtering Requirements in the Protect Intellectual Property Bill" argues that: "From an operational standpoint, a resolution failure from a nameserver subject to a court order and from a hacked nameserver would be indistinguishable. Users running secure applications have a need to distinguish between policy-based failures and failures caused, for example, by the presence of an attack or a hostile network, or else downgrade attacks would likely be prolific."
But above and beyond technical concerns is the issue that under SOPA and PIPA, due process would be effectively skipped and the result would be "guilty until proven innocent" rather than what is supposed to happen: "Innocent until proven guilty." This is, without question, unconstitutional.
The rationale of the pro-SOPA/PIPA lobby about the need to able to take alleged offenders offline quickly is that finding out who owns a site, serving papers and so on -- the whole inconvenient legal process -- can take months or even years. And given the rate of evolution of the Internet, the offenders, if guilty, could easily move on to new sites before proceedings had really commenced. In short, SOPA and PIPA are exercises in expediency.
Moreover, the potential for abuse of the acts to thwart and derail competition and suppress free speech are real risks. All of the vague assurances by the SOPA/PIPA supporters that "exceptions" would be rare, simply aren't good enough because even one "exception" would cause someone or some organization to have their rights violated. Any legal system that allows for "guilty until proved innocent" is a sitting duck for abuse and manipulation.
There are many technical and legal concerns that SOPA and PIPA raise, but the ones I've discussed above are arguably the nuts and bolts of why SOPA and PIPA are so profoundly wrong-headed and why the acts and their successors (for they will surely appear) have to be fought against.
This legislation is not just another example of the endless procession of legal issues that the Internet has raised, but a quintessential attack on our constitutional rights. If these acts or anything like them passes the consequences will change the Internet and American justice for the worst and probably for the foreseeable future.
Gibbs, in Ventura, Calif., wants you to defend your rights. Tell firstname.lastname@example.org what you're going to do about it and follow Gibbs on Twitter (@quistuipater) and on Facebook (quistuipater).
Read more about wide area network in Network World's Wide Area Network section.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.