Friday, January 13, 2012

DNS Provision Pulled from SOPA!

I wrote some of my thoughts about SOPA down in this earlier log post.  Now it appears that common sense has prevailed.  After a good discussion on the O'Reilly Foo Campers Alumni list, some of the participants of which were asked to get opinions, it seems that the DNS provisions of SOPA are being dropped.  This was just reported on SlashDot http://politics.slashdot.org/story/12/01/13/2222203/dns-provision-pulled-from-sopa .

The Republican Chairman Mr. Lamar Smith has historically been one of the biggest backers of the so called Stop Online Piracy Act.  CNET ran the story and claimed Mr. Smith announced that he plans to remove the Domain Name System or DNS-blocking provision.

"After consultation with industry groups across the country," Smith said in a statement released by his office, "I feel we should remove DNS-blocking from the Stop Online Piracy Act so that the [U.S. House Judiciary] Committee can further examine the issues surrounding this provision"

Read more at CNET

Wednesday, January 11, 2012

Stop Online Piracy Act (SOPA) - aka HR 3261

Several people have recently asked for an opinion on the US proposed legislation to stop online piracy of intellectual property.  Rather than read the opinions of others, I decided to read the actual proposed legislation itself.  For the record, the version I read is at http://thomas.loc.gov/cgi-bin/query/D?c112:1:./temp/~c112UufGtF::   There are many worries about limitations on freedom of speech and costs that will be born to internet service providers (ISP's) including potential legal actions to recover damages from those who find themselves participants in such transactions.

DISCLAIMER:  I am not a lawyer, nor am I am US citizen.  I am a musician and have a vested interest in enforcement of IPR laws.

I found the bill somewhat flawed, despite what appears to be a noble attempt to correct an injustice.  I initially like this section:

"SEC. 2. SAVINGS AND SEVERABILITY CLAUSES.
(a) Savings Clauses-

(1) FIRST AMENDMENT- Nothing in this Act shall be construed to impose a prior restraint on free speech or the press protected under the 1st Amendment to the Constitution."

This alone alleviated many of my worries. My first issue was section 101 (23) paragraph C:

"(23) U.S.-DIRECTED SITE- The term `U.S.-directed site' means
an Internet site or portion thereof that is used to conduct business
directed to residents of the United States, or that
<SNIP/>
(C) the Internet site or portion thereof does not
contain reasonable measures to prevent such goods and services from
being obtained in or delivered to the United States;…<SNIP/>

I am sorry but I do not believe that I should have to take measure to comply with US law.  First of all, the internet is "opt in" by default.  Anyone may take any publicly served file and re-serve it via another website.  I can reference files and there is no clear demarcation of paragraph C that ensures I am not wrongly classified as such a site.   I am also not a US citizen, I have no physical presence in the US.  Your laws do not apply to me.  Furthermore, I, like many other website hosts, have no way to prevent such goods or services from being obtained in the USA.

As far as the original question goes, there is little elaboration on the impact to ISP's.  Section 102 C reads: 

(c) Actions Based on Court Orders-

(1) SERVICE- A process server on behalf of the Attorney General, with prior approval of the court, may serve a copy of a court order issued pursuant to this section on similarly situated entities within each class described in paragraph (2). Proof of service shall be filed with the court.

DN: Inference - ISP's do not need to take proactive action, only respond to court orders.  The problem is that there could be huge numbers of these court orders and most of the violating sites will be not on USA soil, hence out of reach of United States law.  This concerns me since each ISP must block each site via their own system as well as potentially making the sits visible again should they not be in violation anymore.

(2) REASONABLE MEASURES- After being served with a copy of an order pursuant to this subsection, the following shall apply:

(A) SERVICE PROVIDERS-

(i) IN GENERAL- A service provider shall take technically feasible and reasonable measures designed to prevent access by its subscribers located within the United States to the foreign infringing site (or portion thereof) that is subject to the order, including measures designed to prevent the domain name of the foreign infringing site (or portion thereof) from resolving to that domain name's Internet Protocol address. Such actions shall be taken as expeditiously as possible, but in any case within 5 days after being served with a copy of the order, or within such time as the court may order.

DN: Filtering an IP address or domain name is very little effort but may have unintentional consequences.  For example, Apache virtual servers may share a common IP address but use virtual hosting based on the http.config file.  Such actions may block legitimate sites causing financial losses.

(ii) LIMITATIONS- A service provider shall not be required--

(I) other than as directed under this subparagraph, to modify its network, software, systems, or facilities;

(II) to take any measures with respect to domain name resolutions not performed by its own domain name server; or

DN: This means that ISP's are not required to perform any further work in these cases?

(III) to continue to prevent access to a domain name to which access has been effectively disabled by other means.

DN: My gut feel is as follows:

- there is a problem that needs to be addressed WRT IP theft.
- in parallel, I believe there are issues with orthogonal systems such as the USPTO/WIPO and the problems cannot be adequately addressed alone via HR 3216.
- if it proceeds to become legislation, it will take a while to establish legal precedent and find where the bill in practicality does not work.
- the criminals who sell the IP of others knowingly are likely crafty enough to use revolving IP addresses or even hacked legitimate servers to complete such transactions making it virtually impossible for an effective countermeasure.

Then again, what do I know?

Duane Nickull