Last year’s Combating Online Infringement and Counterfeits Act (COICA) was widely chided as a massive overreach of executive power. Essentially, the bill would allow federal enforcement agencies to force ISPs, Search Engines, Domain Name Registrars and online financial transaction companies, to stop recognizing certain websites that have been deemed “rogue”: those involved in intellectual property theft or copyright infringement.
The bill made it past the Senate Judiciary Committee, but was put on hold. Ron Wyden (D-OR) vowed to make sure the bill never made it to the light of day. “Deploying this statute to combat online copyright infringement seems almost like using a bunker-busting cluster bomb when what you really need is a precision-guided missile,” said Wyden. “The collateral damage of this statute could be American innovation, American jobs, and a secure Internet.” After a legal and policy experts shot holes in the bill, it was laid to rest for the year.
Despite the clear message from Congress that executive overreach into the free and open Internet would not be tolerated, the past few months have seen a share of problems. On November 26, 2010 the Electronic Freedom Foundation reported:
Over the past few days, the U.S. Justice Department, the Department of Homeland Security and nine U.S. Attorneys’ Offices seized 82 domain names of websites they claim were engaged in the sale and distribution of counterfeit goods and illegal copyrighted works.
Setting aside the due process concerns inherent in seizing any website without notice or appropriate recourse for the owner, it appears that the “raid” has swept up several sites that are hardly in the business of willful copyright infringement.
The seizures set a new precedent, further stretching the bounds of U.S. executive power into the Internet. This was exactly the sort of power Wyden and others were afraid that COICA might increase.
On May 12 of this year, a bill eerily similar to COICA found its way to the Senate chambers, introduced again by senator Patrick Leahy (D-VT). And if renaming a piece of legislation could change its content, the “Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act” or the “PROTECT IP Act” would be a vast improvement over COICA; a no-brainer. Sadly, this bill is COICA on steroids.
If passed, The PROTECT IP Act, like its predecessor, would allow the Department of Justice to seek a court order against what are commonly called “rogue websites” -websites purported to be engaging in copyright or intellectual property “infringing activities.”
Rather than addressing the major systemic problems in the COICA bill, Leahy has ignored the advice of legal and policy experts and is hoping a more attractive name might be enough to help poor legislation slide through Congress.
The most obvious problem upon first read of the bill is that it fails to define “rogue” website. The bill broadly defines such a site as one that has “no significant use other than engaging in, enabling, or facilitating the:
reproduction, distribution, or public performance of copyrighted works, in complete or substantially complete form, in a manner that constitutes copyright infringement under section 501 of title 17, United States Code.
This ambiguity in what is considered a rogue website gives government officials an uncomfortable amount of leeway when shutting down websites.
If lawmakers and lawyers do identify a website as being rogue, the PROTECT IP Act would employ a strategy known as DNS filtering to block (or force third parties to block) the site’s DNS. This sort of filtering is problematic in a number of ways itself. So problematic, in fact, that some of the foremost scholars on Internet infrastructure took it upon themselves to produce an apolitical white paper addressing the concerns. Paul Vixie from Internet Systems Consortium, Danny McPherson from Verisign and others illustrate the following concerns:
- The DNS provisions would undermine the universality of domain names, which has been one of the key enablers of the innovation, economic growth, and improvements in communications and information access unleashed by the global Internet.
- Migration away from ISP-provided DNS servers would harm efforts that rely on DNS data to detect and mitigate security threats and improve network performance. Dependencies within the DNS would pose significant risk of collateral damage, with filtering of one domain potentially affecting users’ ability to reach non-infringing Internet content.
- The site redirection envisioned in Section 3(d)(II)(A)(ii) is inconsistent with security extensions to the DNS that are known as DNSSEC. The U.S. Government and private industry have identified DNSSEC as a key part of a wider cyber security strategy, and many private, military, and governmental networks have invested in DNSSEC technologies.
- If implemented, this section of the PROTECT IP Act would weaken this important effort to improve Internet security. It would enshrine and institutionalize the very network manipulation that DNSSEC must fight in order to prevent cyberattacks and other malevolent behavior on the global Internet, thereby exposing networks and users to increased security and privacy risks.
Consumers and innovators alike benefit from a well-crafted and robust protection of intellectual property. Peer-to-peer torrenting of illegally copied films, music, and software presents a unique threat to intellectual property that needs to be addressed. Unfortunately, the PROTECT IP Act sacrifices the free and open Internet, cybersecurity, and certain freedoms in its attempt to address the problem, making it simply the wrong answer for consumers.
Zack Christenson is a Chicago-based digital strategist who writes on tech policy.