Skip to Content

Free Expression, Open Internet

Déjà Vu All Over Again: Compromising Internet Security is Still Not the Answer to Copyright Infringement

2014-12-19 unlocking encryption, copyright2

Based on information obtained through the deplorable hack of Sony Pictures Entertainment, some of the major content companies may be trying to revive a particularly bad idea: that copyright infringement can and should be combated by ordering Internet service providers (ISPs) to block access to entire websites.

Poorly devised technological mandates have no place in a responsible copyright enforcement regime.

The Stop Online Piracy Act (SOPA), which was overwhelmingly rejected by the Internet community in 2012, had exactly this concept at its core.  Website blocking presents an unwarranted and unjustifiable threat to basic Internet security and freedom of expression. When Internet users, technical experts, companies, academics, and others stood together to oppose SOPA, we sent the clear message that censorship and poorly devised technological mandates have no place in a responsible copyright enforcement regime.

As a reminder: SOPA would have allowed law enforcement to seek orders against ISPs, requiring them to take “measures designed to prevent the domain name of a foreign infringing site (or portion thereof) from resolving to that domain name’s Internet Protocol address.” That is, when a user typed into her browser the name of a foreign-hosted website alleged to be “dedicated to infringing activity,” the ISP would be required to return a result other than the site’s actual IP address—sending the user an inaccurate result. This is a terrible idea.

It’s a terrible idea because it would alter how information is retrieved on the Web and threaten the security of the Domain Name System (DNS). DNS is the basic “phone book of the Internet,” linking the names of websites with their unique IP addresses. The accuracy of the DNS address book is what ensures that typing “bankofamerica.com” into your browser takes you to the website of your bank rather than the website of a sophisticated phishing operation. When DNS filtering appeared in SOPA, renowned cybersecurity expertsSandia National Laboratories, Vint Cerf, a group of 83 Internet inventors and engineers, and eventually the White House expressed serious concerns.

Thankfully, those concerns won out and SOPA went down in spectacular fashion. But it remained alarming to many who followed the debate that it took so long for legislators and stakeholders to appreciate security concerns embedded in DNS filtering. As Representative Jason Chaffetz memorably said at the time, “we’re going to do surgery on the Internet, and we haven’t had a doctor in the room tell us how we’re going to change these organs. We’re basically going to reconfigure the Internet and how it’s going to work, without bringing in the nerds.”

The Motion Picture Association of America apparently is still pursuing website-blocking to combat piracy.

Three years later, the Motion Picture Association of America (MPAA) apparently is still pursuing website-blocking to combat piracy. And the MPAA seems only mildly more interested in the security implications of DNS filtering than it was in 2011. According to a January 2014 MPAA memo, “[v]ery little systematic work has been completed to understand the technical issues related to site blocking in the US . . . We will identify and retain a consulting technical expert to work with us to study these issues.”

Assuming the memo’s accuracy, this nonchalance toward security implications may be the most alarming feature of the MPAA’s attempt to reboot SOPA’s site-blocking regime through other legal theories and forums. Notwithstanding leading security experts and the White House having stated in no uncertain terms that court-mandated DNS filtering by ISPs threatened Internet security, the MPAA’s campaign to put that technological mandate in place continued unabated.

The studios’ interest in streamlined procedures for removing infringing content from the Internet is understandable. But existing procedures for removing infringing content under the Digital Millennium Copyright Act (DMCA) are there for good reasons, including due process and protecting legitimate innovation on the Internet. Yesterday, the U.S. Patent & Trademark Office convened its sixth multi-stakeholder forum on improving the operation of the DMCA’s notice-and-takedown system. Improving notice-and-takedown is a far preferable approach to addressing ongoing infringement concerns than pursuing technological mandates that have already been decisively rejected.

That the MPAA’s renewed or continued interest in site blocking was disclosed through a malicious hack of a private enterprise’s network is regrettable. Any person or entity commenting on that information must struggle with its provenance. However, part of preventing hacks like this from occurring in the future is prioritizing security in policy discussions that impact the Internet. This was one of the core lessons of the SOPA debate – we should learn from it, and move on.