SOPA Update

The key Amendment that was voted down was introduced by Darrell Issa (R-CA) and Zoe Lofgren (D-CA) and would have eliminated the requirement in SOPA for Internet service providers (ISPs) to “take such measures as it determines to be the least burdensome, technically feasible, and reasonable means designed to prevent access by its subscribers located within the United States to the foreign infringing site that is subject to the order,” and search engines to “take technically feasible and commercially reasonable measures, as expeditiously as possible, designed to prevent the serving, in response to a query, of a direct hypertext link to the foreign infringing site that is subject to the order, or the portion of such site specified in the order.” Critics interpret that language to mean that the Attorney General can force changes to the core of the Internet's structure and require ISPs to filter out allegedly infringing domain names and prevent search engines from listing those sites in results.

Cybersecurity Concerns

Under the latest version of the Act, ISPs and search engines are required to block access by Americans to foreign websites that contain material that infringes on copyrights. Issa told the Committee that security experts warn that SOPA would actually weaken Internet security, introducing into the record a letter by former Policy Director of the Department of Homeland Security, Stewart Baker.

[T]he new version would still do great damage to Internet security, mainly by putting obstacles in the way of DNSSEC, a protocol designed to limit certain kinds of Internet crime.
Today, it's not uncommon for crooks to take over Internet connections in hotels, coffee shops and airports ' and then to direct users to fake websites. ' DNSSEC prevents such attacks by giving each website a signed credential that must be shown to the browser by the domain name system server before the connection can be completed. ' Unfortunately, the things a browser does to bypass a criminal site will also defeat SOPA's scheme for blocking pirate sites.

(The full letter is available on the Volokh Conspiracy at http://bit.ly/tyF5hZ.)

Additionally, current Google Vice President and former ICANN Chairman, Vint Cerf, considered one of the fathers of the Internet, warned of SOPA's impact in a letter sent to the Committee, also introduced into the record during the Dec. 15 hearing:

Unfortunately, the amendments to SOPA do not resolve the fundamental flaws in this legislation; the bill will still undermine cybersecurity including the robust implementation of DNS Security Extensions, known more commonly as DNSSEC. ' Even with the proposed manager's amendment, SOPA's site-blocking provisions remain problematic. They would undermine the architecture of the Internet and obstruct the 15-year effort by the public and private sectors to improve cybersecurity through implementation of DNSSEC. ' A congressional “tech mandate” on search engines to delete a domain name from search results does not result in the website disappearing. Users can and do today find their way to these websites largely without the help of search engines. Relative to the questionable efficacy of this proposed remedy, requiring search engines to delete a domain name begins a worldwide arms race of unprecedented “censorship” of the Web.

(The full letter is available on CNET at http://cnet.co/tmIRhr.)

In an article on the Stanford Law Review Online, three law professors worry about SOPA and Protect IP's Constitutional problems, calling the legislation “an unprecedented, legally sanctioned assault on the Internet's critical technical infrastructure.” See, Mark Lemley, David S. Levine, & David G. Post, “Don't Break the Internet,” 64 Stan. L. Rev. Online 34, http://bit.ly/scnzZy. “Directing the remedial power of the courts towards the Internet's core technical infrastructure in this sledgehammer fashion,” they continue, “has impact far beyond intellectual property rights enforcement ' it threatens the fundamental principle of interconnectivity that is at the very heart of the Internet.” And on Constitutional grounds:

Both bills suggest that ' remedies can be meted out by courts after nothing more than ex parte proceedings ' proceedings at which only one side (the prosecutor or even a private plaintiff) need present evidence and the operator of the allegedly infringing site need not be present nor even made aware that the action was pending against his or her “property.”
This not only violates basic principles of due process by depriving persons of property without a fair hearing and a reasonable opportunity to be heard, it also constitutes an unconstitutional abridgement of the freedom of speech protected by the First Amendment. ' Websites can be “completely removed from circulation” ' rendered unreachable by, and invisible to, Internet users in the United States and abroad ' immediately upon application by the government, without any reasonable opportunity for the owner or operator of the website in question to be heard or to present evidence on his or her own behalf. This falls far short of what the Constitution requires before speech can be eliminated from public circulation. ' Copyright and trademark infringement on the Internet is a very real problem, and reasonable proposals to augment the ample array of enforcement powers already at the disposal of IP rights holders and law enforcement officials may serve the public interest. But the power to break the Internet shouldn't be among them.

What's the Rush?

Lofgren was joined by Dan Lungren (R-CA) in questioning the speed with which Smith seemed bent on getting the Bill through the Committee, noting that there are no “exigent circumstances” calling for rushing the legislation such as existed for the Patriot Act.

Issa and others, including Jason Chaffetz (R-UT), called for more hearings to be held in which technology experts on both sides of the Bill can further instruct the Committee on the security and technological aspects of SOPA. (“We should have A hearing with nerds to testify what #sopa would do to DNSSEC #open That is reasonable and needed,” he tweeted). Mel Wyatt (D-NC) replied that hearings have no teeth and that people only pay attention when there's a markup. “Well, we have their attention now,” Chaffetz responded, noting the thousands of calls and e-mails House members have received since the hearing began. In what was indicative of the direction of the first day of the hearing as a whole, Wyatt said that while he is not a “nerd,” he doesn't believe what the cybersecurity experts say and voted against Issa and Lofgren's Amendment.

Speculation around the Web was that Smith wanted to finish the markup and have the Act voted upon quickly, because waiting until after the Congressional recess would give the Act's opponents more time to dissect the Manager's Amendment, suggest their own changes and line up support from constituents. Opponents say that Smith is trying to satisfy music, movie and TV companies who back the Bill. According to political watchdog Maplight.org, the Bill's sponsors have received four times as much in contributions (almost $2 million) from the entertainment industry as from the software industry ($524,977), which opposes the Bill. See, www.maplight.org/content/72896.

Get Away Day

Day Two of the hearings began much like the first, but the proceedings soon took an abrupt turn.

Faced with votes being taken on the House floor, the Committee took a recess to attend to those matters ' and lunch. Upon their return, the Committee once again heard Chaffetz call for hearings on cybersecurity: a classified hearing where the Committee could hear from the National Security Administration (NSA), Department of Homeland Security (DHS), and other governmental agencies; and another with industry experts. During that discussion, Lofgren introduced a letter (submitted at Lofgren's request for a technical assessment of SOPA and the companion Senate Bill, Protect IP (S. 968)), from cybersecurity expert Dr. Leonard Napolitano, Director of the Sandia National Laboratories' Center for Computer Sciences and Information Technologies. Napolitano wrote that SOPA would “negatively impact U.S. and global cybersecurity and Internet functionality.”

Rep. Wyatt, who had one day earlier been against such hearings, said he would like to hear from said experts and get more information.

Chaffetz then asked Chairman Smith again if he would be open to considering the hearings to further explore the security aspects of the Act. Smith, up against the clock as more votes were ready to be counted on the House floor (one of which was the $1 trillion budget bill to avert a government shutdown) and Committee members expressing concerns about missing their flights home for the holiday recess, agreed to hold the hearings “on the next available day,” which was presumed at the time to be after the Congressional recess at the end of January. The Chairman then abruptly called the markup concluded for the day, the Committee members hustled out, and the video feed went dark.

There was concern from the opposition that Smith would proceed without the informational hearings, as he announced late in the afternoon on Dec. 16 that the markup would continue on Dec. 21, a highly unusual move considering many Representatives wouldn't be in Washington, DC. However, Issa tweeted on Dec. 20 that the markup “has been POSTPONED 'due to House schedule.'” It remains to be seen, but Smith's tactic may backfire. Word of an in-recess hearing set the Twitter-verse ablaze and may have stirred the opposition pot even more.

Protect IP (S.968), the Senate's companion Bill to SOPA, is scheduled to be put to a vote on Jan. 24, majority leader Harry Reid (D-NV) announced on Dec. 17.

Technology Moves Quickly

One of the problems in regulating the Internet has always been that technology changes ' and programmers react ' much too rapidly for the law to catch up. Legislators can be as forward-thinking as they like, but once a proposed piece of legislation is introduced, the tech community has plenty of time to counter. And so with techies in fear of SOPA's passage, a plug-in for the Firefox browser was developed that would essentially render the law useless. According to TorrentFreak.com, with DeSopa, as its developer calls it, “users can click a single button to resolve a blocked domain via foreign DNS servers, bypassing all domestic DNS blockades and allowing the user to browse the site though the bare IP-address (if supported).” If that plug-in doesn't work, you can be sure others will be developed quickly.

Issa's Alternative

Issa has proposed an alternative to SOPA, called the Online Protection and Enforcement of Digital Trade (OPEN) Act. This legislation would take what some are calling a “follow the money” approach and has been endorsed by Cerf and 10 of the leading Internet companies (including Google, Yahoo!, Facebook and Twitter). According to the FAQ page on www.keepthewebopen.com, OPEN is summarized as such:

The OPEN Act takes a much narrower and more targeted approach to combating online infringement than other proposed legislation by targeting only sites 'primarily and willfully' engaging in infringement. By employing such a clear and targeted definition of infringement, the OPEN Act will ensure that only legitimate cases are pursued while giving ITC commissioners clear standards to follow in enforcing IP rules.
While other legislation would employ a one-sided process in which judges would only hear from rights holders, by putting the ITC in charge of IP investigations, the OPEN Act would ensure an adversarial process in which all parties have an opportunity to be heard.
Unlike other legislation the OPEN Act does not interfere in the Domaine Name System or go after sites or search engines that simply link to websites that host infringing content. Rather the OPEN Act would combat online infringement simply by cutting off a foreign site's ability to profit from the sale of fake merchandise or content they don't own.

Conclusion

With the House Judiciary Committee scheduled to continue SOPA's markup when Congress reconvenes, it will be interesting to see if Smith goes through with his promise to hear from cybersecurity experts and, more importantly, how ' and if ' SOPA will change as a result. Or if OPEN, Issa's industry-supported alternative, gets any attention. Stay tuned.

For Twitter, LinkedIn, Facebook and Google+ followers, click here to subscribe to Internet Law & Strategy at a special introductory rate of $269. This offer is valid for new subscribers only.

On Dec. 15 and 16, just as Congress was preparing to go dark until after the New Year, The U.S. House of Representatives Committee on the Judiciary held hearings on SOPA, the Stop Online Piracy Act (H.R. 3261) that we reported on last issue (see, “Companies and Lobbyists on Both Sides of SOPA,” http://bit.ly/sahiiY). And what seemed destined to be a long drawn-out fight by a few in attendance who were in opposition of passing the Bill against Committee Chairman and sponsor Lamar Smith (R-TX) and its many supporters, took a bizarre and sudden turn as Day 2 restarted after lunch ' and maybe more importantly, as Representatives' flights home for recess were in danger of being missed.

On Day One, it seemed from watching the hearings as if SOPA was one of those in-class worksheets that had to be finished before the teacher would let the class leave for break, and that Smith just wanted it sent to the full House “as is.”
Proposed Amendment after proposed Amendment, most of which were aimed at resolving the major objections of the technology community, was voted down, despite seemingly persuasive arguments by their authors.

The Bill has changed since we last reported on it. The latest version, referred to in the hearings as the Manager's Amendment (http://1.usa.gov/uSPOD4) was introduced on Dec. 12, leading some Representatives to argue that the Committee wasn't given enough time to fully grasp the changes (more on that later).

The key Amendment that was voted down was introduced by Darrell Issa (R-CA) and Zoe Lofgren (D-CA) and would have eliminated the requirement in SOPA for Internet service providers (ISPs) to “take such measures as it determines to be the least burdensome, technically feasible, and reasonable means designed to prevent access by its subscribers located within the United States to the foreign infringing site that is subject to the order,” and search engines to “take technically feasible and commercially reasonable measures, as expeditiously as possible, designed to prevent the serving, in response to a query, of a direct hypertext link to the foreign infringing site that is subject to the order, or the portion of such site specified in the order.” Critics interpret that language to mean that the Attorney General can force changes to the core of the Internet's structure and require ISPs to filter out allegedly infringing domain names and prevent search engines from listing those sites in results.

Cybersecurity Concerns

Under the latest version of the Act, ISPs and search engines are required to block access by Americans to foreign websites that contain material that infringes on copyrights. Issa told the Committee that security experts warn that SOPA would actually weaken Internet security, introducing into the record a letter by former Policy Director of the Department of Homeland Security, Stewart Baker.

[T]he new version would still do great damage to Internet security, mainly by putting obstacles in the way of DNSSEC, a protocol designed to limit certain kinds of Internet crime.
Today, it's not uncommon for crooks to take over Internet connections in hotels, coffee shops and airports ' and then to direct users to fake websites. ' DNSSEC prevents such attacks by giving each website a signed credential that must be shown to the browser by the domain name system server before the connection can be completed. ' Unfortunately, the things a browser does to bypass a criminal site will also defeat SOPA's scheme for blocking pirate sites.

(The full letter is available on the Volokh Conspiracy at http://bit.ly/tyF5hZ.)

Additionally, current Google Vice President and former ICANN Chairman, Vint Cerf, considered one of the fathers of the Internet, warned of SOPA's impact in a letter sent to the Committee, also introduced into the record during the Dec. 15 hearing:

Unfortunately, the amendments to SOPA do not resolve the fundamental flaws in this legislation; the bill will still undermine cybersecurity including the robust implementation of DNS Security Extensions, known more commonly as DNSSEC. ' Even with the proposed manager's amendment, SOPA's site-blocking provisions remain problematic. They would undermine the architecture of the Internet and obstruct the 15-year effort by the public and private sectors to improve cybersecurity through implementation of DNSSEC. ' A congressional “tech mandate” on search engines to delete a domain name from search results does not result in the website disappearing. Users can and do today find their way to these websites largely without the help of search engines. Relative to the questionable efficacy of this proposed remedy, requiring search engines to delete a domain name begins a worldwide arms race of unprecedented “censorship” of the Web.

(The full letter is available on CNET at http://cnet.co/tmIRhr.)

In an article on the Stanford Law Review Online, three law professors worry about SOPA and Protect IP's Constitutional problems, calling the legislation “an unprecedented, legally sanctioned assault on the Internet's critical technical infrastructure.” See, Mark Lemley, David S. Levine, & David G. Post, “Don't Break the Internet,” 64 Stan. L. Rev. Online 34, http://bit.ly/scnzZy. “Directing the remedial power of the courts towards the Internet's core technical infrastructure in this sledgehammer fashion,” they continue, “has impact far beyond intellectual property rights enforcement ' it threatens the fundamental principle of interconnectivity that is at the very heart of the Internet.” And on Constitutional grounds:

Both bills suggest that ' remedies can be meted out by courts after nothing more than ex parte proceedings ' proceedings at which only one side (the prosecutor or even a private plaintiff) need present evidence and the operator of the allegedly infringing site need not be present nor even made aware that the action was pending against his or her “property.”
This not only violates basic principles of due process by depriving persons of property without a fair hearing and a reasonable opportunity to be heard, it also constitutes an unconstitutional abridgement of the freedom of speech protected by the First Amendment. ' Websites can be “completely removed from circulation” ' rendered unreachable by, and invisible to, Internet users in the United States and abroad ' immediately upon application by the government, without any reasonable opportunity for the owner or operator of the website in question to be heard or to present evidence on his or her own behalf. This falls far short of what the Constitution requires before speech can be eliminated from public circulation. ' Copyright and trademark infringement on the Internet is a very real problem, and reasonable proposals to augment the ample array of enforcement powers already at the disposal of IP rights holders and law enforcement officials may serve the public interest. But the power to break the Internet shouldn't be among them.

What's the Rush?

Lofgren was joined by Dan Lungren (R-CA) in questioning the speed with which Smith seemed bent on getting the Bill through the Committee, noting that there are no “exigent circumstances” calling for rushing the legislation such as existed for the Patriot Act.

Issa and others, including Jason Chaffetz (R-UT), called for more hearings to be held in which technology experts on both sides of the Bill can further instruct the Committee on the security and technological aspects of SOPA. (“We should have A hearing with nerds to testify what #sopa would do to DNSSEC #open That is reasonable and needed,” he tweeted). Mel Wyatt (D-NC) replied that hearings have no teeth and that people only pay attention when there's a markup. “Well, we have their attention now,” Chaffetz responded, noting the thousands of calls and e-mails House members have received since the hearing began. In what was indicative of the direction of the first day of the hearing as a whole, Wyatt said that while he is not a “nerd,” he doesn't believe what the cybersecurity experts say and voted against Issa and Lofgren's Amendment.

Speculation around the Web was that Smith wanted to finish the markup and have the Act voted upon quickly, because waiting until after the Congressional recess would give the Act's opponents more time to dissect the Manager's Amendment, suggest their own changes and line up support from constituents. Opponents say that Smith is trying to satisfy music, movie and TV companies who back the Bill. According to political watchdog Maplight.org, the Bill's sponsors have received four times as much in contributions (almost $2 million) from the entertainment industry as from the software industry ($524,977), which opposes the Bill. See, www.maplight.org/content/72896.

Get Away Day

Day Two of the hearings began much like the first, but the proceedings soon took an abrupt turn.

Faced with votes being taken on the House floor, the Committee took a recess to attend to those matters ' and lunch. Upon their return, the Committee once again heard Chaffetz call for hearings on cybersecurity: a classified hearing where the Committee could hear from the National Security Administration (NSA), Department of Homeland Security (DHS), and other governmental agencies; and another with industry experts. During that discussion, Lofgren introduced a letter (submitted at Lofgren's request for a technical assessment of SOPA and the companion Senate Bill, Protect IP (S. 968)), from cybersecurity expert Dr. Leonard Napolitano, Director of the Sandia National Laboratories' Center for Computer Sciences and Information Technologies. Napolitano wrote that SOPA would “negatively impact U.S. and global cybersecurity and Internet functionality.”

Rep. Wyatt, who had one day earlier been against such hearings, said he would like to hear from said experts and get more information.

Chaffetz then asked Chairman Smith again if he would be open to considering the hearings to further explore the security aspects of the Act. Smith, up against the clock as more votes were ready to be counted on the House floor (one of which was the $1 trillion budget bill to avert a government shutdown) and Committee members expressing concerns about missing their flights home for the holiday recess, agreed to hold the hearings “on the next available day,” which was presumed at the time to be after the Congressional recess at the end of January. The Chairman then abruptly called the markup concluded for the day, the Committee members hustled out, and the video feed went dark.

There was concern from the opposition that Smith would proceed without the informational hearings, as he announced late in the afternoon on Dec. 16 that the markup would continue on Dec. 21, a highly unusual move considering many Representatives wouldn't be in Washington, DC. However, Issa tweeted on Dec. 20 that the markup “has been POSTPONED 'due to House schedule.'” It remains to be seen, but Smith's tactic may backfire. Word of an in-recess hearing set the Twitter-verse ablaze and may have stirred the opposition pot even more.

Protect IP (S.968), the Senate's companion Bill to SOPA, is scheduled to be put to a vote on Jan. 24, majority leader Harry Reid (D-NV) announced on Dec. 17.

Technology Moves Quickly

One of the problems in regulating the Internet has always been that technology changes ' and programmers react ' much too rapidly for the law to catch up. Legislators can be as forward-thinking as they like, but once a proposed piece of legislation is introduced, the tech community has plenty of time to counter. And so with techies in fear of SOPA's passage, a plug-in for the Firefox browser was developed that would essentially render the law useless. According to TorrentFreak.com, with DeSopa, as its developer calls it, “users can click a single button to resolve a blocked domain via foreign DNS servers, bypassing all domestic DNS blockades and allowing the user to browse the site though the bare IP-address (if supported).” If that plug-in doesn't work, you can be sure others will be developed quickly.

Issa's Alternative

Issa has proposed an alternative to SOPA, called the Online Protection and Enforcement of Digital Trade (OPEN) Act. This legislation would take what some are calling a “follow the money” approach and has been endorsed by Cerf and 10 of the leading Internet companies (including Google, Yahoo!, Facebook and Twitter). According to the FAQ page on www.keepthewebopen.com, OPEN is summarized as such:

The OPEN Act takes a much narrower and more targeted approach to combating online infringement than other proposed legislation by targeting only sites 'primarily and willfully' engaging in infringement. By employing such a clear and targeted definition of infringement, the OPEN Act will ensure that only legitimate cases are pursued while giving ITC commissioners clear standards to follow in enforcing IP rules.
While other legislation would employ a one-sided process in which judges would only hear from rights holders, by putting the ITC in charge of IP investigations, the OPEN Act would ensure an adversarial process in which all parties have an opportunity to be heard.
Unlike other legislation the OPEN Act does not interfere in the Domaine Name System or go after sites or search engines that simply link to websites that host infringing content. Rather the OPEN Act would combat online infringement simply by cutting off a foreign site's ability to profit from the sale of fake merchandise or content they don't own.

Conclusion

With the House Judiciary Committee scheduled to continue SOPA's markup when Congress reconvenes, it will be interesting to see if Smith goes through with his promise to hear from cybersecurity experts and, more importantly, how ' and if ' SOPA will change as a result. Or if OPEN, Issa's industry-supported alternative, gets any attention. Stay tuned.

For Twitter, LinkedIn, Facebook and Google+ followers, click here to subscribe to Internet Law & Strategy at a special introductory rate of $269. This offer is valid for new subscribers only.