Welcome Guest. | Log In | Register | Membership Benefits

The Day (Some Of) The Web Went Dark

Online protests today of SOPA/PIPA legislation blur future of anti-piracy efforts as several legislators back down

Jan 18, 2012 | 08:14 PM | 

By Kelly Jackson Higgins
Dark Reading
On a day when Wikipedia went dark, Google blacked out its Doodle, and various smaller sites also went offline in protest of the controversial SOPA/PIPA anti-privacy bills on Capitol Hill, several key legislators behind the bills withdrew their support.

But whispers of a possible retreat by some lawmakers yesterday didn’t slow the drumbeat of loud online anti-SOPA/PIPA protests. Nor did it seem to affect the latest threat by the Anonymous hacktivist group, which says it will again attack Sony -- a SOPA supporter -- next week in what this time could be a more aggressive hack.

The Stop Online Piracy Act (SOPA) is the House bill written by Rep. Lamar Smith (R-Tex.), and the Protect Intellectual Property Act (PIPA) is the Senate bill, written by Sen. Patrick Leahy (D-Vt.). The Senate is poised to vote on PIPA on Jan. 24, but with several key members dropping their support for the bills today in the wake of the blackout protests, its future, as well as that of the House’s SOPA bill, are now uncertain.

Critics of the bills say it won’t be easy to kill them. “Part of this bill is to make America look serious about IP protection ... so we won’t look weak,” says Robert Graham, CEO of Errata Security, whose website went dark today in solidarity with the online protest.

Several online websites donned blacked-out sections of their sites to demonstrate what a censored Internet could mean. Wikipedia and Reddit went completely dark, while Mozilla and others posted their concerns about the legislation on their home pages with black pages and information on the bills and how to contact Congress.

The bills are aimed at protecting copyrights and intellectual property online, and protecting consumers from counterfeit goods sold online by forcing Internet companies to block access to those sites. The legislation gives the U.S. more leverage to institute court orders against overseas websites engaging in these practices.

But critics say the legislation would censor the Internet and impose damaging regulations on U.S. businesses. As Google explained today on its website, the bills would allow the feds to block sites “using methods similar to those employed by China. Among other things, search engines could be forced to delete entire websites from their search results.”

Internet firms would be forced to monitor network usage, but in the end, says Google, it would not stop piracy. “These sites will just change their addresses and continue their criminal activities, while law-abiding companies will suffer high penalties for breaches they can’t possibly control,” according to Google.

Some security experts have been outspoken on the bills’ impact on the Domain Name Service's (DNS) emerging security protocol, DNSSEC, which is gradually rolling out new high-level domains. Several key players in security and Internet infrastructure wrote a white paper last May explaining how forcing millions of recursive servers to filter out DNS requests to blacklist and block domain names of servers offering pirated music or other illegally obtained intellectual property would basically cripple DNSSEC, which basically provides verification that a site a user visits is indeed that site and not spoofed or redirected.

Dan Kaminsky, one of the authors of the paper, said the DNS-filtering approach called for in the legislation wouldn’t work and could be bypassed: "It's like trying to make a telephone that won't carry swear words," Kaminsky said.

Not everyone agrees that the bills would affect DNSSEC. Errata’s Graham, for instance, says they would basically confuse DNS, not break DNSSEC. “You’d have a confused DNS, but not hinder rolling out DNSSEC," he says. “It would not hinder the signing of DNS domains.”

Cricket Liu, vice president of architecture at Infoblox, says the bills might not hurt DNSSEC deployments right now, but it could affect later phases. “I think that while it might not affect DNSSEC deployments in their current form, it would hamstring us when we moved on to an end-to-end deployment. As soon as we try to do validation on clients or in Web browsers, filtering responses would wreck DNSSEC,” Liu says.

Meanwhile, the online fallout today prompted Sen. Marco Rubio (R-Fla.) to withdraw his support for the bill, as did Sen. John Cornyn (R-Tex.). Orrin Hatch (R-Utah), a co-sponsor of SOPA, tweeted: “After listening to the concerns on both sides of the debate over the PROTECT IP Act, it is simply not ready for prime time. That’s why I will not only vote against moving the bill forward next week but also remove my cosponsorship of the bill.”

Next Page: Can anti-piracy legislation fly in some form?

1 |  2 |  Next Page » 



Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dark Reading encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dark Reading moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Dark Reading further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
Subscribe to RSS



Compliance Reports

report How To Boost Security Via FFIEC Compliance
With just a smartphone, users can conduct nearly all their banking business at any time of the day or night. However, all this flexibility and convenience opens up new avenues for fraud and cybercrime. Guidelines laid out by the FFIEC several years ago predate many of the capabilities-and vulnerabilities-that are in place today. In this report, we examine the latest guidelines and provide advice on how you can extend the work done to comply with FFIEC guidelines to strengthen your organization's overall security posture and keep customers and their data safe.

report Keeping Compliance In Check
Configuration mistakes, access control gaffes, poor documentation--it doesn?t take much for a compliance audit to go all wrong. In this special retrospective of recent news coverage, Dark Reading takes a look at the costs, common missteps and best practices for compliance, as well as the day the Internet nearly went dark due to the threat of new regulations.

report FISMA Lifts All Compliance Boats
FISMA may not be on your radar now, but it likely will be at some point. Geared specifically toward the federal government and its affiliate agencies and third parties, FISMA is a very specific set of requirements aimed at establishing and maintaining at least a baseline level of computer and network security. FISMA requires unique categorization and classification of information assets, not to mention a boatload of documentation to prove compliance. But once your organization achieves FISMA compliance, it will likely be compliant with just about every security mandate out there.

Other reports from the Compliance Tech Center:

Related Content

Log Management in 2012 and Beyond
2012 brings interesting changes to the log management world. Now, more than ever, it is critical to understand the impact to your log infrastructure and the solutions that will better prepare you to manage your security posture.

SANS Log Management Survey Report
Organizations are increasingly dependent on log management to support core business functions, including cost management, service level and line-of-business application monitoring, as well as traditional IT- and security-focused activities.

Cut the Time and Effort of Troubleshooting and Reporting
Organizations generate millions of logs a day and struggle with centralized collection, storage and analysis of those logs. ArcSight Logger is a universal log management solution that unifies searching, reporting, alerting and analysis across any type of IT data. It consolidates silos of logs into a single indexed repository for fast detection and mitigation of operational issues.

Get Turnkey and Automated PCI Compliance
PCI compliance monitoring is seamless with the self-contained ArcSight PCI Logger solution for log collection, storage and analysis. No database administration expertise is required and a web-based interface simplifies deployment and ongoing management.

Swiss Bank Meets Compliance Requirements and Protects Customer Data
Due to long-term data retention requirements, Swiss bank EFG needed a cost-effective way to collect, secure and store audit-quality log data in an easily accessible log repository. ArcSight Logger helps EFG meet key requirements of Switzerland?s banking laws fast and cost-effectively.




Featured Webcasts
Featured Whitepapers
Featured Reports