The Internet's Perilous New Year's Resolution
Antipiracy legislation headed for a U.S. Senate vote in January could be fraught with downsides.
Internet legislation that is scheduled for a vote in the U.S. Senate next month would aim to stop the unlicensed downloading of billions of dollars’ worth of movies and music—as well as the trade in counterfeit drugs and other goods—by blocking access to certain websites, many of them registered abroad. But its basic strategies could lead to trouble on several fronts.
For one thing, the crackdown may unintentionally weaken Internet security. That is because the legislation could let courts order Internet service providers, search engines, domain-name servers and others to block Web addresses or send people to addresses other than the ones they typed or clicked. That trick, called redirection, is just the kind thing security engineers want to stamp out, because it’s also a key tool for committing Internet fraud.
For another, song and movie traders will always be able to use widely available circumvention tools—such as Tor, a technology funded and developed by the U.S. government itself—to get around blocks and reach the desired sites. If passed, the legislation may achieve little more than an ineffectual antipiracy law recently enacted in France, which has been bogged down by its complexity and costs.
Under the Protect IP Act, government prosecutors or copyright holders could seek a court order finding that a website was “dedicated to infringing activities.” With such a finding, a court could order those sites blocked so as to prevent people who click the relevant links or type their domain names into a browser from actually reaching them. (Instead, the user might be redirected to a warning page.) The Senate bill is scheduled for a January 24 vote. A similar House bill, called the Stop Online Piracy Act, or SOPA, is still in the Judiciary Committee.
Redirecting people from domain names they’d typed or clicked would upend efforts to make the domain-name system more secure, several researchers have argued. “The security community is trying to tell Congress you can’t build a system that distinguishes between a government-required false answer and a hacker’s false answer,” says Ernesto Falcon, director of government affairs at Public Knowledge, a free-speech think tank in Washington, DC. “If you have ISPs and the domain-name system falsify information and give people wrong [Web pages], then efforts to build a secure system won’t work.”
If the U.S. government were to order the widespread blocking of websites, authoritarian regimes that censor the Internet would be likely to trumpet the news for political cover, argues Hal Roberts, a fellow at the Berkman Center for Internet and Society at Harvard University, who has made several studies of the means by which China and other countries filter online content. “China and other countries happily defend their filtering practices by pointing out that some Western countries filter as well,” Roberts says, “and laws like SOPA will only make it easier for them.”
SOPA has the support of more than 140 companies and organizations, mainly in the music, book, television, and film industries. Many major Internet companies oppose it.
There’s little evidence that similar legislation elsewhere has worked. In 2009, for instance, France passed “three strikes” legislation that was meant to require Internet service providers to cut off access to people who had ignored two warnings to stop trading pirated works. The government set up a bureaucracy to implement the measure earlier this year. But actual enforcement has been slow in coming; ISPs say the task of tracking pirated works is very costly, and they want the government to pay for it.
In the case of the U.S. legislation, the Congressional Budget Office has estimated that hiring enforcement staff in the U.S. Department of Justice would cost $47 million over the next five year.
Keep up with the latest in Security at Business of Blockchain 2019.
May 2, 2019