I’m sure everyone has heard the headlines about the U.S. House of Representatives’ bill HR-3261 Stop online Piracy Act and the Senate Bill equivalent; Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011 (PROTECT IP). Well it’s more than just hyperbole. However, I’ll start with what these bills actually say, what could go wrong, and all the reasons it’s ridiculous from a technical standpoint.
What is it really?
Basically, SOPA (and PROTECT IP) are legislation to give broader powers to the executive branch (specifically the Department of Justice) to shutdown U.S. websites that stand “accused of enabling or facilitating copyright infringement.” The implementation allows for the Justice Department to filter the domain name from publicly registered DNS servers. For example, if a web site called copymusic.com is found in violation of this law then a court order could be initiated to have all registered Domain Naming Servers (DNS) servers in the .com Top Level Domain (TLD) redirect a potential user to a new Internet Protocol (IP) address. This basically means the U.S. Government will poison DNS. What this does mean is that:
- The website will still be reachable over its IP address. Meaning if copymusic.com has been redirected to the U.S. server saying that “This domain is offine due to copyright violations, etc…” the site will still be accessed from its original IP address via http://192.168.1.100.
- If the Top Level Domain (TLD) exists outside the U.S. like .eu, .ru, .cn then the U.S. government does not have authority to block them.
Technical Concerns, Or reasons why this won’t work
For every network engineer, DNS is understood as a core function of the Internet. So messing with it in this way can have serious systemic technical issues.
- The first is called the “fat finger effect.” Basically, if the Justice Department finds that youtubeee.com is in violation and orders it to be shut off, but the operator of the .com TLD instead redirects youtube.com then the consequences are far reaching. This, in fact already happened a little differently (and intentionally) by the Pakistan Telecommunications Authority (PTA) in 2008 when they poisoned the routing tables to say that they owned the address space for You Tube. What this did was take down You Tube entirely.
- DNSSEC, or DNS Security, was a technology that was implemented to solve the problem of malicious hackers from poisoning DNS. This security mechanism would have to be removed now because the redirection is actually breaking DNSSEC. So SOPA would break Internet security.
- In a whitepaper published by Steve Crocker and Dan Kaminsky, they sum up the technical problem like this: “Moreover, any filtering by nameservers, even without redirection, will pose security challenges, as there will be no mechanism to distinguish court-ordered lookup failure from temporary system failure, or even from failure caused by attackers or hostile networks.” So there could be no way for network operators to tell if a site being down because of DNS poisoning is due to hackers or a SOPA court order. Why? Because the trust model (see DNSSEC) is broken.
- There’s a Firefox plugin that gets around this all now anyway. Having this plugin will allow a user to skirt these restrictions by SOPA. It’s called DeSOPA. Feel free to download it today: https://addons.mozilla.org/en-US/firefox/addon/desopa/
- If the web site operator moves overseas, then this cannot be enforced.
Big Brother Protects us from pirates (and terrorists, etc, etc), or how Big Brother protects us from the “bad people”
Take a minute and think of the worst distopian novel and apply it to the Internet. With broad powers that’s why could happen in the U.S. China, Iran and others already filter DNS this way with people they don’t like. Basically, any U.S. site operator that violates “section 2318, 2319, 2319A, 2319B, or 2320, or chapter 90, of title 18, United States Code” will be shut down. What happens when one of those laws were expanded to state “terrorists” or “anti-American activities” were added to the list? What about government whisteblowers? This is giving the government a blank check to restrict our freedom.
In conclusion, we (Tachyon Dynamics) believe that SOPA and PROTECT IP are harmful to the Internet, the U.S. economy and the freedom of all Americans. We encourage each of you to write your congressman and senators and urge them to vote this and any other version of this bill down before it’s too late. Please take a few minutes to read over each of these bills in their entirety:
Update 23 December 2011: I have a list of all the companies supporting SOPA and/or PROTECT IP. Take a look and let them hear your thoughts!
Supporting PROTECT IP: http://www.opencongress.org/bill/112-s968/money