The Day (Some Of) The Web Went Dark
Online protests today of SOPA/PIPA legislation blur future of anti-piracy efforts as several legislators back down
January 19, 2012
On a day when Wikipedia went dark, Google blacked out its Doodle, and various smaller sites also went offline in protest of the controversial SOPA/PIPA anti-privacy bills on Capitol Hill, several key legislators behind the bills withdrew their support.
But whispers of a possible retreat by some lawmakers yesterday didn’t slow the drumbeat of loud online anti-SOPA/PIPA protests. Nor did it seem to affect the latest threat by the Anonymous hacktivist group, which says it will again attack Sony -- a SOPA supporter -- next week in what this time could be a more aggressive hack.
The Stop Online Piracy Act (SOPA) is the House bill written by Rep. Lamar Smith (R-Tex.), and the Protect Intellectual Property Act (PIPA) is the Senate bill, written by Sen. Patrick Leahy (D-Vt.). The Senate is poised to vote on PIPA on Jan. 24, but with several key members dropping their support for the bills today in the wake of the blackout protests, its future, as well as that of the House’s SOPA bill, are now uncertain.
Critics of the bills say it won’t be easy to kill them. “Part of this bill is to make America look serious about IP protection ... so we won’t look weak,” says Robert Graham, CEO of Errata Security, whose website went dark today in solidarity with the online protest.
Several online websites donned blacked-out sections of their sites to demonstrate what a censored Internet could mean. Wikipedia and Reddit went completely dark, while Mozilla and others posted their concerns about the legislation on their home pages with black pages and information on the bills and how to contact Congress.
The bills are aimed at protecting copyrights and intellectual property online, and protecting consumers from counterfeit goods sold online by forcing Internet companies to block access to those sites. The legislation gives the U.S. more leverage to institute court orders against overseas websites engaging in these practices.
But critics say the legislation would censor the Internet and impose damaging regulations on U.S. businesses. As Google explained today on its website, the bills would allow the feds to block sites “using methods similar to those employed by China. Among other things, search engines could be forced to delete entire websites from their search results.”
Internet firms would be forced to monitor network usage, but in the end, says Google, it would not stop piracy. “These sites will just change their addresses and continue their criminal activities, while law-abiding companies will suffer high penalties for breaches they can’t possibly control,” according to Google.
Some security experts have been outspoken on the bills’ impact on the Domain Name Service's (DNS) emerging security protocol, DNSSEC, which is gradually rolling out new high-level domains. Several key players in security and Internet infrastructure wrote a white paper last May explaining how forcing millions of recursive servers to filter out DNS requests to blacklist and block domain names of servers offering pirated music or other illegally obtained intellectual property would basically cripple DNSSEC, which basically provides verification that a site a user visits is indeed that site and not spoofed or redirected.
Dan Kaminsky, one of the authors of the paper, said the DNS-filtering approach called for in the legislation wouldn’t work and could be bypassed: "It's like trying to make a telephone that won't carry swear words," Kaminsky said.
Not everyone agrees that the bills would affect DNSSEC. Errata’s Graham, for instance, says they would basically confuse DNS, not break DNSSEC. “You’d have a confused DNS, but not hinder rolling out DNSSEC," he says. “It would not hinder the signing of DNS domains.”
Cricket Liu, vice president of architecture at Infoblox, says the bills might not hurt DNSSEC deployments right now, but it could affect later phases. “I think that while it might not affect DNSSEC deployments in their current form, it would hamstring us when we moved on to an end-to-end deployment. As soon as we try to do validation on clients or in Web browsers, filtering responses would wreck DNSSEC,” Liu says.
Meanwhile, the online fallout today prompted Sen. Marco Rubio (R-Fla.) to withdraw his support for the bill, as did Sen. John Cornyn (R-Tex.). Orrin Hatch (R-Utah), a co-sponsor of SOPA, tweeted: “After listening to the concerns on both sides of the debate over the PROTECT IP Act, it is simply not ready for prime time. That’s why I will not only vote against moving the bill forward next week but also remove my cosponsorship of the bill.”
Can anti-piracy legislation fly in some form?
It’s unclear what happens tomorrow or the ensuing days now that the bills have lost some backers in the wake of high-profile resistance around the Internet.
Cricket Liu, vice president of architecture at Infoblox, says he hopes Congress has learned from the protest and fallout to consult with the Internet community early on in the legislative process. “I hope that Congress gains a better sense of the power of Internet companies to organize a grassroots protest, and I hope that they learn to involve the Internet community earlier in the legislative process to obviate this kind of response in the future. Most Internet professionals have little sympathy for copyright infringement, but we'll go to the mattresses to defend our Internet,” Liu says.
The challenge is balancing anti-piracy and Internet freedom; Errata’s Graham says anything you do to fight piracy will fight Internet freedom as well. “There’s no way to have anti-piracy not affect freedom. The question is, are there reasonable trade-offs to make?” Graham says.
He says part of the legislation that calls for regional representatives focusing on privacy being located in Africa, Asia, Europe, and other locations is reasonable. Their role would be to urge local hosting firms to shut down piracy sites in their countries, for instance. “I don’t see how that affects my freedoms on the Internet. There’s [something] that could help,” Graham says.
Then there’s Anonymous’ threats of targeting Sony again, according to a report by SC Magazine. Sony, like other entertainment firms, is behind the SOPA/PIPA bills as a way to combat movie and music piracy, for example. According to the report, Anonymous will hack Sony.com and populate the home page with BitTorrent files for downloading copyright-protected movies and music, and making songs free on Sony Music’s online store.
And look for a possible leak of company executives’ personal information on the site, as well, the report says.
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024