[abridged from an article by Larry Downes for CNET.]
Five essential changes
The best solution to Protect IP’s deficiencies would be for Congress to ignore the Senate bill altogether. But as the House prepares its own version of the law, here are five essential changes to Protect IP that would greatly reduce unnecessary risks to the Internet ecosystem:
1. Don’t destabilize the domain name system. Since U.S. law enforcement agents cannot easily “seize” the domain of a site registered outside the U.S., Protect IP tries to trick Internet users into believing the banned site has disappeared. Courts can order domain name system servers to reroute URL requests for a banned foreign site to a government warning site instead. But the banned site would still exist, accessible by its IP address or through a DNS server that wasn’t covered by the court order. (There are as many as a million worldwide DNS servers today.)
Cutting off a website by forcing DNS servers to incorrectly resolve a URL will badly damage the integrity of the DNS system. Protect IP allows such tampering for any “nonauthoritative” domain name server, but never defines “nonauthoritative.” Most analysts assume this means ISPs rather than higher-level domain registries and registrars. But even if that’s true, law enforcement agents will likely apply this provision only to the largest ISPs. Doing so could splinter the DNS system, undermine efforts to authenticate URLs, and encourage users to abandon domain names in favor of entering a site’s IP address directly.
2. Leave search engines and hyperlinks out. In addition to misdirecting DNS requests, Protect IP allows law enforcement agencies to order providers of any “information location tool” to remove hyperlinks and other references to a banned non-U.S. site. The definition of “information location tool” is much broader than just search engines, including “services” that provides a “directory, index, reference, pointer, or hypertext link.”
In theory, that means a court could order the removal of any reference to the banned site from any Internet service in the U.S., including links in user comments and blog posts. In practice, law enforcement would likely serve these orders only on large search engines and indices, leaving users with the prospect of uncertain and inconsistent search and linking results. This provision would significantly damage the integrity of search, indexing and linking–foundations of the Web that are as valuable as the domain name system.
3. No private enforcement. Protect IP added provisions to an earlier draft that allow private parties to enforce some of the new protections without any criminal proceeding by the Department of Justice. What’s more, the newly added private enforcement provisions apply to Web sites registered in the U.S. as well as to foreign sites.
But rights holders already have effective and carefully tailored tools for dealing with infringement on sites registered in the U.S.–no new law is required. For foreign Web sites, enforcement efforts should be left solely to the Department of Justice. Private enforcement would only encourage large media companies to bully foreign sites through U.S.-based ad networks and credit card companies that serve them. These providers have little incentive to defend the rights of their customers.
4. Correct ongoing abuses by DHS. Any new law to expand enforcement of U.S. copyrights and trademarks to foreign Web sites should first correct ongoing abuses of existing law. DHS’s “Operation in Our Sites” has demonstrated the danger to due process of allowing the government to seize domain names under civil forfeiture laws, which sidesteps procedural safeguards including proof beyond a reasonable doubt. The invocation of emergency seizure provisions has also been abused, allowing DHS to seize domains without any notice or hearing.
Before expanding the power of federal law enforcement agents to apply these potent legal weapons through domain name servers, information location tools, ad networks, and financial transaction processors serving banned foreign sites, Congress must reign in DHS’s dubious interpretation of existing law. Protecting copyrights and trademarks is an important goal; but the rule of law can’t be suspended in the process.
5. Clearly define “rogue” Web site. Responding to criticism of last year’s bill, Protect IP’s authors made significant changes to the definition of an “Internet site dedicated to infringing activities.” But the new definition–actually there are several of them–conflicts with existing law. The Senate bill is still too broad. And if it already existed, it arguably would have allowed law enforcement agents to shut down or disrupt YouTube and other services early in their existence.
Protect IP continues to grasp for a definition that would address the most abusive Web sites, including sites that index unauthorized movie torrents, those that appear to sell licensed copies of movies and music but which are not in fact licensed to do so, and sites claiming to sell branded goods that are actually counterfeits. The current definition, however, goes far beyond the intended “rogue” sites and introduces ambiguities that will generate long and expensive litigation for years to come.
Five essential changes
The best solution to Protect IP’s deficiencies would be for Congress to ignore the Senate bill altogether. But as the House prepares its own version of the law, here are five essential changes to Protect IP that would greatly reduce unnecessary risks to the Internet ecosystem:
1. Don’t destabilize the domain name system. Since U.S. law enforcement agents cannot easily “seize” the domain of a site registered outside the U.S., Protect IP tries to trick Internet users into believing the banned site has disappeared. Courts can order domain name system servers to reroute URL requests for a banned foreign site to a government warning site instead. But the banned site would still exist, accessible by its IP address or through a DNS server that wasn’t covered by the court order. (There are as many as a million worldwide DNS servers today.)
Cutting off a website by forcing DNS servers to incorrectly resolve a URL will badly damage the integrity of the DNS system. Protect IP allows such tampering for any “nonauthoritative” domain name server, but never defines “nonauthoritative.” Most analysts assume this means ISPs rather than higher-level domain registries and registrars. But even if that’s true, law enforcement agents will likely apply this provision only to the largest ISPs. Doing so could splinter the DNS system, undermine efforts to authenticate URLs, and encourage users to abandon domain names in favor of entering a site’s IP address directly.
2. Leave search engines and hyperlinks out. In addition to misdirecting DNS requests, Protect IP allows law enforcement agencies to order providers of any “information location tool” to remove hyperlinks and other references to a banned non-U.S. site. The definition of “information location tool” is much broader than just search engines, including “services” that provides a “directory, index, reference, pointer, or hypertext link.”
In theory, that means a court could order the removal of any reference to the banned site from any Internet service in the U.S., including links in user comments and blog posts. In practice, law enforcement would likely serve these orders only on large search engines and indices, leaving users with the prospect of uncertain and inconsistent search and linking results. This provision would significantly damage the integrity of search, indexing and linking–foundations of the Web that are as valuable as the domain name system.
3. No private enforcement. Protect IP added provisions to an earlier draft that allow private parties to enforce some of the new protections without any criminal proceeding by the Department of Justice. What’s more, the newly added private enforcement provisions apply to Web sites registered in the U.S. as well as to foreign sites.
But rights holders already have effective and carefully tailored tools for dealing with infringement on sites registered in the U.S.–no new law is required. For foreign Web sites, enforcement efforts should be left solely to the Department of Justice. Private enforcement would only encourage large media companies to bully foreign sites through U.S.-based ad networks and credit card companies that serve them. These providers have little incentive to defend the rights of their customers.
4. Correct ongoing abuses by DHS. Any new law to expand enforcement of U.S. copyrights and trademarks to foreign Web sites should first correct ongoing abuses of existing law. DHS’s “Operation in Our Sites” has demonstrated the danger to due process of allowing the government to seize domain names under civil forfeiture laws, which sidesteps procedural safeguards including proof beyond a reasonable doubt. The invocation of emergency seizure provisions has also been abused, allowing DHS to seize domains without any notice or hearing.
Before expanding the power of federal law enforcement agents to apply these potent legal weapons through domain name servers, information location tools, ad networks, and financial transaction processors serving banned foreign sites, Congress must reign in DHS’s dubious interpretation of existing law. Protecting copyrights and trademarks is an important goal; but the rule of law can’t be suspended in the process.
5. Clearly define “rogue” Web site. Responding to criticism of last year’s bill, Protect IP’s authors made significant changes to the definition of an “Internet site dedicated to infringing activities.” But the new definition–actually there are several of them–conflicts with existing law. The Senate bill is still too broad. And if it already existed, it arguably would have allowed law enforcement agents to shut down or disrupt YouTube and other services early in their existence.
Protect IP continues to grasp for a definition that would address the most abusive Web sites, including sites that index unauthorized movie torrents, those that appear to sell licensed copies of movies and music but which are not in fact licensed to do so, and sites claiming to sell branded goods that are actually counterfeits. The current definition, however, goes far beyond the intended “rogue” sites and introduces ambiguities that will generate long and expensive litigation for years to come.