The problems that still remain with PIPA and SOPA

Started by Vekseid, January 19, 2012, 01:02:30 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Vekseid

So, I thought some people might like a more technical explanation of the issues with these bills, or one not so glossed-over as on Wikipedia and Google. You can find an accurate explanation of some of the issues on Reddit's blog, but I've seen a lot of misinformation posted about these bills as well. It is true that some bloggers have certainly not understood these bills, possibly because of limited legal understanding.

It's also true that the people pushing for these bills do not understand their contents. This is particularly true of the PROTECT IP ACT (PIPA), to the point where it is almost a comedy piece.

The major opponents of this bill - Google, Reddit, Wikipedia, etc. do have a pretty good understanding of what is wrong with these bills. Often, however, they give rather glossed-over explanations of what is wrong, and some people are openly wondering as to Google's motives. That may seem paranoid, but when a company controls so much of the world's information, it's prudent to consider that.




I will start with PIPA, because it is shorter.



Let's begin with the definitions. I only take serious issue with one, but it's a doozy:

(4) the term `information location tool' has the same meaning as described in subsection (d) of section 512 of title 17, United States Code;

Let's look at subsection (d) there:

(d) Information Location Tools. — A service provider shall not be liable for monetary relief, or, except as provided in subsection (j), for injunctive or other equitable relief, for infringement of copyright by reason of the provider referring or linking users to an online location containing infringing material or infringing activity, by using information location tools, including a directory, index, reference, pointer, or hypertext link, if the service provider —

Each individual link is classified as an information location tool, all by its lonesome.

A more realistic interpretation would be 'Any website with outbound links'. We'll assume that definition, because it presents something moderately sane. Technically, it is more broad than this - you can't get around it by just posting the link as raw text. That is an immense technical problem for sites who generate massive amounts of user-generated content, Elliquiy included. While this is easy to do for the actual raw text of the link, it's much harder to catch and prevent obfuscated but human-understandable 'references'. "The website is hummersville and then you put in a dot and then co.cn." We can't just trap 'hummersville' - there's a good chance it will block some legitimate site. No computer is currently capable of natural language processing.

Issue #1: What this amounts to is a bad definition supplied in an old law. subsection (d) needs an explicit, usable definition of 'information location tool'.

SEC. 3. ENHANCING ENFORCEMENT AGAINST ROGUE WEBSITES OPERATED AND REGISTERED OVERSEAS.

    (a) Commencement of an Action-

        (1) IN PERSONAM- The Attorney General may commence an in personam action against--

            (A) a registrant of a nondomestic domain name used by an Internet site dedicated to infringing activities; or

            (B) an owner or operator of an Internet site dedicated to infringing activities accessed through a nondomestic domain name.

           
Proponents of SOPA and PIPA claim that this bill only targets foreign sites. This is not true per the common understanding of the term, and only true insofar as they create a legal definition of 'foreign site' that happens to include millions of sites registered by US registrars, to US citizens, hosted by US servers. Nothing prevents an American from registering a .it, .tv, .cm, .co, etc. domain name like bit.ly or redd.it. They instead go after 'nondomestic domain names'. This is exceptionally problematic, as it specifically declares them to be an underclass - even more so than they already are.

Issue #2: PIPA, unlike SOPA, does not narrow its definition solely to foreign sites operated by foreign registrars, hosted by foreign companies. If this law is to be claimed to target foreign sites, it should at the very least make a more honest definition of them.

The DNS-blocking provisions are almost certainly going to be removed, so I will only gloss over these issues:
- Both SOPA and PIPA specifically ordered nonauthoritative domain name servers not to resolve. Worse, they don't actually acknowledge the existence of non-traditional DNS providers (such as OpenDNS, Google's free DNS, etc), except possibly as circumvention measures. Even if it did, there's nothing preventing someone from using a non-US DNS resolver.
- Messing with DNS results in-transit is something that the Internet community wants to see stopped, for a wide variety of very good security reasons. We expect the solution to be DNSSEC, but it could just as well be a signed P2P DNS system that eventually replaces the current one, potentially driven by laws like these.

However, there is a broader issue with targeting based on domain names specifically. Spammers and fraudsters typically hold domains on a very short-term basis, to the point where the effective used lifespan of some domains is not measured in years, or even days, but sometimes minutes. Thus:

Issue #3: This law will mostly be effective at fraudulent sites spending time and effort trying to build a seemingly legitimate, persistent presence. As such, it should be targeted accordingly. A more technically savvy, real-time means of dealing with rapid-fire sites must be used instead.

(2) IN REM- If through due diligence the Attorney General is unable to find a person described in subparagraphs (A) or (B) of paragraph (1), or no such person found has an address within a judicial district of the United States, the Attorney General may commence an in rem action against a nondomestic domain name used by an Internet site dedicated to infringing activities.

In general, both SOPA and PIPA do require court proceedings, with notice first given to the owners of the respective domain name. However, no means of trying to correct the issue on-site (say, if there are single, few, or incidental offenses) is given. You're given a notice, and the opportunity to fight it in (American) court. No mention of resolution is given.

Issue #4: There needs to be a means by which an infringing site can bring itself into voluntary compliance, and have this acknowledge.

            (D) INFORMATION LOCATION TOOLS- An service provider of an information location tool shall take technically feasible and reasonable measures, as expeditiously as possible, to--

                (i) remove or disable access to the Internet site associated with the domain name set forth in the order; or

                (ii) not serve a hypertext link to such Internet site.

               
The issue with this portion of the law is that it is inspecific, overly broad, and ineffective all at the same time. Picking up new domain names moves faster than censorship of them. Most of these sites are in bad neighborhoods already, or ought to be, thus discouraging most webmasters from linking to them per Google and Yahoo's policies (and thus Microsoft and Facebook, as well).

Nor is this issue limited solely to outside the United States.

The real crux of the issue is that the only way for the government to comply with (D) is to broadcast all infringing links to everyone who runs a website. Counterproductive, much?

Issue #5: The 'Information Location Tools' subparagraph needs to be dropped from the bill entirely. The only way this is going to work is to instead provide a list of legitimate originators of a given good, allow search engines and other sites to give those items priority when people are looking for such, and allow these same search engines and sites to - in real time - consider fraudulent sites to be 'bad neighborhoods' with all the penalties that linking to such already implies. This is far beyond the scope of the current legislation, as it will require technical coordination over a long period of time. If the process were open, open source, transparent, and have a solid, reputable means of resolving fraudulent claims, then it could have broadly popular support from the Internet's technical community, to say nothing of digital authors of all stripes.

SEC. 5. VOLUNTARY ACTION AGAINST WEBSITES STEALING AMERICAN INTELLECTUAL PROPERTY.

    (a) In General- No financial transaction provider or Internet advertising service shall be liable for damages to any person for voluntarily taking any action described in section 3(d) or 4(d) with regard to an Internet site if the entity acting in good faith and based on credible evidence has a reasonable belief that the Internet site is an Internet site dedicated to infringing activities.


This subsection grants too much power of private action, in my opinion, as it gives too much leeway for a rogue actor to try and shut down legitimate site's revenue streams - either by malice or accident.

Issue #6: If it must remain, it should be narrowed to a suspension of revenue for a reasonable period while the matter can be investigated.




SOPA has provisions that are in effect actually worse, however.

Stop Online Piracy Act

Definitions, again:
(1) DOMAIN NAME- The term `domain name' has the meaning given that term in section 45 of the Lanham Act (15 U.S.C. 1127) and includes any subdomain designation using such domain name as part of an electronic address on the Internet to identify a unique online location.

This is pedantic, but there's nothing about DNS that requires a domain name to resolve to a unique online location. It is perfectly legitimate for a domain name to point to multiple disparate locations.

(5) DOMESTIC INTERNET SITE- The term `domestic Internet site' means an Internet site for which the corresponding domain name or, if there is no domain name, the corresponding Internet Protocol address, is a domestic domain name or domestic Internet Protocol address.

(6) FOREIGN DOMAIN NAME- The term `foreign domain name' means a domain name that is not a domestic domain name.


Issue #1: A repeat of three of PIPA's flaws.This effectively creates the same distinction as Issue #2, above. It makes non-US-run .tlds second-class citizens on the web. Likewise, the initial text of the bill, being nearly identical, shares issue #3 and #4 of PIPA as well.

(B) INTERNET SEARCH ENGINES- A provider of an Internet search engine shall take technically feasible and reasonable measures, as expeditiously as possible, but in any case within 5 days after being served with a copy of the order, or within such time as the court may order, designed to prevent the foreign infringing site that is subject to the order, or a portion of such site specified in the order, from being served as a direct hypertext link.

People wanting to know what Google's ulterior motives are regarding SOPA, I think it comes down to this - a genuine desire not to be known as a company cooperating with censors. This is not necessarily out of altruism, but America's current unrivaled dominance when it comes to research, even in China, America's rather limited take on censorship does Google and other US technology companies a great deal of credit.

As presented with issue #5 in PIPA, however, this would cause Google to seem weaker on these grounds than before, potentially driving the impetus for a foreign competitor who did not have to obey these laws, with Yandex being especially well-positioned to do so, given the degree and thoroughness with which Russian and American programmers currently cooperate. The idea of a Russian company stepping in for Google should give current lawmakers pause.

Issue #2 This is better targeted then PIPA, however, it shares the same fundamental flaw: It imposes censorship without providing any benefit whatsoever in turn. A better target might be to make the suggestion to major search engines that they include these sites in their Bad Neighborhood rankings, but allow them to use their own monitoring technology to make the right judgment, which will likely be able to respond faster and in a superior manner to a per-domain blacklist.

(ii) against any entity that knowingly and willfully provides or offers to provide a product or service designed or marketed for the circumvention or bypassing of measures described in paragraph (2) and taken in response to a court order issued pursuant to this subsection, to enjoin such entity from interfering with the order by continuing to provide or offer to provide such product or service.

It is generally felt, by many in the technical community, that this paragraph, and the part of the DMCA that says providing circumventing measures is illegal, is blatantly unconstitutional, regardless if prior court rulings. Since this subparagraph would become redundant with the removal of the restriction on search engine activities, I think it would do good for Congress to realize that
1) All banning circumvention measures does is create a Striesand effect and
2) Laws need to be both respectable and enforceable, therefore

A) All provisions banning the distribution of circumvention measures should be lifted, and acknowledged as unconstitutional.
B) The DMCA needs stronger penalties for submitting fraudulent DMCA takedown notices, and clearer limitations about when such notices can be lawfully sent.

                (i) the U.S.-directed site is primarily designed or operated for the purpose of, has only limited purpose or use other than, or is marketed by its operator or another acting in concert with that operator for use in, offering goods or services in a manner that engages in, enables, or facilitates--

                    (I) a violation of section 501 of title 17, United States Code;

                    (II) a violation of section 1201 of title 17, United States Code; or

                    (III) the sale, distribution, or promotion of goods, services, or materials bearing a counterfeit mark, as that term is defined in section 34(d) of the Lanham Act or section 2320 of title 18, United States Code; or

                (ii) the operator of the U.S.-directed site--

                    (I) is taking, or has taken, deliberate actions to avoid confirming a high probability of the use of the U.S.-directed site to carry out acts that constitute a violation of section 501 or 1201 of title 17, United States Code; or

                    (II) operates the U.S.-directed site with the object of promoting, or has promoted, its use to carry out acts that constitute a violation of section 501 or 1201 of title 17, United States Code, as shown by clear expression or other affirmative steps taken to foster infringement.


Technical people do not like vague terms. Nor do lawyers. This is meant to be directed at seriously infringing sites, and this could certainly be made more clear here in Section 103. There needs to be fewer ors here and more ands. That a website might try to get away with this by "Having a major alternate use" means that a lot of these 'ors' are unnecessary, and only add vagueness.

Issue #3: This should be targeted with, to put a summary on it, something like: "A site which derives revenue from the fact that it distributes goods unlawfully AND refuses to curtail this activity when investigated. This would need more hashing out, but it's not my job >_>

(2) QUALIFYING PLAINTIFF- The term `qualifying plaintiff' means, with respect to a particular Internet site or portion thereof, a holder of an intellectual property right harmed by the activities described in paragraph (1) occurring on that Internet site or portion thereof.

   (b) Denying U.S. Financial Support of Sites Dedicated to Theft of U.S. Property-

        (1) PAYMENT NETWORK PROVIDERS- Except in the case of an effective counter notification pursuant to paragraph (5), a payment network provider shall take technically feasible and reasonable measures, as expeditiously as possible, but in any case within 5 days after delivery of a notification under paragraph (4), that are designed to prevent, prohibit, or suspend its service from completing payment transactions involving customers located within the United States and the Internet site, or portion thereof, that is specified in the notification under paragraph (4).

        (2) INTERNET ADVERTISING SERVICES- Except in the case of an effective counter notification pursuant to paragraph (5), an Internet advertising service that contracts with the operator of an Internet site, or portion thereof, that is specified in a notification delivered under paragraph (4), to provide advertising to or for such site or portion thereof, or that knowingly serves advertising to or for such site or portion thereof, shall take technically feasible and reasonable measures, as expeditiously as possible, but in any case within 5 days after delivery the notification under paragraph (4), that are designed to--


This is ridiculous. At least PIPA requires a court order before this crap proceeds. This portion of the law basically allows anyone - though at some legal risk - to try and disrupt any website they don't like that depends on payment network or advertising revenue.

Issue #4: Injunctive action that does not require a court order must be robust in the face of potential abuse. A five-day-or-less warning time is most certainly not robust in the face of abuse. This should be removed in its entirety, or replaced with a more DMCA-like 'notice of infringement-please stop doing this' message.

SEC. 104. Immunity for taking voluntary action against sites dedicated to theft of U.S. property.

No cause of action shall lie in any Federal or State court or administrative agency against, no person may rely in any claim or cause of action against, and no liability for damages to any person shall be granted against, a service provider, payment network provider, Internet advertising service, advertiser, Internet search engine, domain name registry, or domain name registrar for taking any action described in section 102(c)(2), section 103(d)(2), or section 103(b) with respect to an Internet site, or otherwise voluntarily blocking access to or ending financial affiliation with an Internet site, in the reasonable belief that—

(1) the Internet site is a foreign infringing site or is an Internet site dedicated to theft of U.S. property; and

(2) the action is consistent with the entity’s terms of service or other contractual rights.

SEC. 105. Immunity for taking voluntary action against sites that endanger public health.

(a) Refusal of service.—A service provider, payment network provider, Internet advertising service, advertiser, Internet search engine, domain name registry, or domain name registrar, acting in good faith and based on credible evidence, may stop providing or refuse to provide services to an Internet site that endangers the public health.


Issue #5: Essentially identical to Issue #6 in PIPA. With the exception of search engines, 'we think you are doing something wrong so we can break out contract with you' should not be handled so lightly.

SEC. 201. Streaming of copyrighted works in violation of criminal law.

Issue #6: My issue with this subsection is not so much with its existence per se, but rather that it still leaves the concept of what constitutes a digital distribution, and the frequency required for infringement, vague. These issues are in bad need of specificity, especially in light of recent ridiculous judgments, sometimes exceeding reduced penalties for murder. Anyone who can claim with a straight face that filesharing is worse than murder has no business having even the remotest amount of influence on our political process.

Section 202 has some of this as well.




There might have been other things I've missed. I spotted a total of ten issues, four of which are shared between the bills. Some of them are technically serious (even with the DNS provisions removed or likely to be), while others have more legal/free speech/abuse consequences. A few, namely the last one, are more issues of ethics and making sure that the punishment fits the crime.



DarklingAlice

Thank you for this, Vekseid. It's nice to see such a detailed analysis of the actual language of the bills rather than just a summary/gloss. If you would, opine on something else that I have seen tossed around the last few days: are these problems with the bill the result of the authors' intentional malice/self-interest or do they stem from a naive and incomplete understanding of how the internet functions? (and I suppose there is no reason they can't be both)
For every complex problem there is a solution that is simple, elegant, and wrong.


Callie Del Noire

Quote from: DarklingAlice on January 19, 2012, 07:16:57 AM
Thank you for this, Vekseid. It's nice to see such a detailed analysis of the actual language of the bills rather than just a summary/gloss. If you would, opine on something else that I have seen tossed around the last few days: are these problems with the bill the result of the authors' intentional malice/self-interest or do they stem from a naive and incomplete understanding of how the internet functions? (and I suppose there is no reason they can't be both)

I think it's a bit of both, you got some malicious thought and a LOT of ignorance from the legislators slathered in with a lot of power grabbing by groups such as RIAA and MPAA going on. Add in less over groups as special interests such as the various publishers and such, these bills were never really intended to be for the publics interests so much as for big medias interests.  And if these groups had had their way we'd never would have had tape recorders or VCRs.

Vekseid

Quote from: DarklingAlice on January 19, 2012, 07:16:57 AM
Thank you for this, Vekseid. It's nice to see such a detailed analysis of the actual language of the bills rather than just a summary/gloss. If you would, opine on something else that I have seen tossed around the last few days: are these problems with the bill the result of the authors' intentional malice/self-interest or do they stem from a naive and incomplete understanding of how the internet functions? (and I suppose there is no reason they can't be both)

Definitions of malice can be rather vague and varied. Two issues come to mind:
1) Leaving open the ridiculous fines for unlawful digital distribution under this act. Someone distributes 20 songs to 200 people, the total damage done is not 'millions of dollars'.
2) The general requirement to go to court to solve these issues. This attitude does strike me as intentional - for example, costing about $2k to be able to afford a bankruptcy. And that's for something that isn't going to be challenged. Similarly, there are a lot of good affirmative defenses listed in the section... but you need to be able to afford to get to those points. How many websites can raise ~$3-4k to defend against a lawsuit, and potentially have to wait years to get their money back? To say nothing of the fact that you'll have to reveal yourself. Someone who is anonymous who faces these charges and wants to stay anonymous has a Problem, unless they've wrapped themselves in a corporate veil.

For the most part, it's just ignorance. As I mentioned, these bills could be reformed to serve a narrow, viable purpose - blocking us revenue streams to long-standing infringing sites. But the very nature of that means that these sorts of things can have a number of checks and balances before action is taken, without diluting the effect of the law.

Dealing with moving targets requires a completely different approach, and the measures this bill takes to address them serve no purpose other than to annoy or harass legitimate operations of many sorts. It's not malice... 'wishful thinking' comes to mind. "Let's serve every website on the Internet an order not to tell anyone about these domains!" Err...

Callie Del Noire

Quote from: Vekseid on January 19, 2012, 12:38:49 PM
Definitions of malice can be rather vague and varied. Two issues come to mind:
1) Leaving open the ridiculous fines for unlawful digital distribution under this act. Someone distributes 20 songs to 200 people, the total damage done is not 'millions of dollars'.
2) The general requirement to go to court to solve these issues. This attitude does strike me as intentional - for example, costing about $2k to be able to afford a bankruptcy. And that's for something that isn't going to be challenged. Similarly, there are a lot of good affirmative defenses listed in the section... but you need to be able to afford to get to those points. How many websites can raise ~$3-4k to defend against a lawsuit, and potentially have to wait years to get their money back? To say nothing of the fact that you'll have to reveal yourself. Someone who is anonymous who faces these charges and wants to stay anonymous has a Problem, unless they've wrapped themselves in a corporate veil.

For the most part, it's just ignorance. As I mentioned, these bills could be reformed to serve a narrow, viable purpose - blocking us revenue streams to long-standing infringing sites. But the very nature of that means that these sorts of things can have a number of checks and balances before action is taken, without diluting the effect of the law.

Dealing with moving targets requires a completely different approach, and the measures this bill takes to address them serve no purpose other than to annoy or harass legitimate operations of many sorts. It's not malice... 'wishful thinking' comes to mind. "Let's serve every website on the Internet an order not to tell anyone about these domains!" Err...

I like how when it's Iran or China doing this it's 'an oppressive regime cutting off essential freedoms' but when the US Government does it it is 'protecting essential commerce'.

Codswallop


Sabby

To further simplify it, I refer to the 'internet scientists', Know Your Meme.

Know Your Meme: A SOPA/PIPA PSA

Vekseid

Quote from: Callie Del Noire on January 19, 2012, 12:43:45 PM
I like how when it's Iran or China doing this it's 'an oppressive regime cutting off essential freedoms' but when the US Government does it it is 'protecting essential commerce'.

Yeah, I don't think they thought of 'it works for Iran and China!' in quite the manner that most people would read it. They know the DNS hijacking technique is being used in those countries, and that it is quite effective. They don't see anything particularly malicious in seeing those domains get null-routed, and if you're not familiar with why DNS hijacking is considered a Bad Thing, you might not realize the problem.

I don't like going to counterfeit sites. I don't like my work, or the work of my members, being plagiarized. This is something that many people in the technical community are in fact concerned with, and Google for example is working on algorithms to try and determine the original author of a piece of work. This is an area the Government could in fact make Google's job much easier, but that requires a separate framework. The framework presented in SOPA and PIPA is completely inappropriate for handling this. We want something that will handle counterfeit and plagiarized works on the likes of Amazon and eBay, as well, for example, and be able to send people looking for the author of a piece to the accurate source - particularly for digital works such as audio, text, images, and video. The proper way to do this, however, is not by creating a blacklist, but rather a whitelist. A fucking huge one, yes, but it will in the end be smaller than the blacklist.

RubySlippers

What about if this passes there are three things I would be concerned about.

1. Innovations by the site owners doing these pirating activities to get around them they are darn clever they could do all kinds of things to technically get around the law.

2. Boycott above board of companies who abuse the law, likely I would not do business with such companies on principle and tell them so.

3. The biggest threat a determined long drawn out hacker threat many black hats and grey hat hackers might make it their missions to screw over any company involved in using this law, they did cyber hack the FBI cyber crimes division once if I recall you think they cannot go after a commercial company? And this bill would be effectively a declaration of war to some I would suspect to come after the companies backing this. And in a cyber arms race you don't need money to be dangerous.

TheGlyphstone

#9
Quote from: RubySlippers on January 19, 2012, 11:44:20 PM
What about if this passes there are three things I would be concerned about.

1. Innovations by the site owners doing these pirating activities to get around them they are darn clever they could do all kinds of things to technically get around the law.
The problem with rules-lawyering your way around this sort of thing is the 'lawyer' bit. You need to have the talent and money to defend your evasion in court when you get called on it, and the vast majority of sites endangered wouldn't be able to afford that. I'd be very surprised to find Elliquiy's operational funds pool is big enough to fight a court shutdown order backed by, say, Universal Studios, whatever legalisms Vekseid had employed to protect us notwithstanding.
Quote
2. Boycott above board of companies who abuse the law, likely I would not do business with such companies on principle and tell them so.
It'll be stuff like the MPAA that abuse the law, if anyone does, and that's a bit like David throwing pebbles at Goliath instead of using a slingshot. You need a heck of a lot of pebbles to do anything.
Quote
3. The biggest threat a determined long drawn out hacker threat many black hats and grey hat hackers might make it their missions to screw over any company involved in using this law, they did cyber hack the FBI cyber crimes division once if I recall you think they cannot go after a commercial company? And this bill would be effectively a declaration of war to some I would suspect to come after the companies backing this. And in a cyber arms race you don't need money to be dangerous.
Yeah, but then the government has a determined and concrete reason to go after the hackers in return, and it's the old adage about offense against defense. The defender has to block or evade every single attempt to break his security, and the attackers only have to succeed once. And frankly, the government has a lot of more time, resources, and if it wants to spend the money, talent, than any independent hacker.

Vekseid

Quote from: TheGlyphstone on January 20, 2012, 08:12:03 AM
The problem with rules-lawyering your way around this sort of thing is the 'lawyer' bit. You need to have the talent and money to defend your evasion in court when you get called on it, and the vast majority of sites endangered wouldn't be able to afford that. I'd be very surprised to find Elliquiy's operational funds pool is big enough to fight a court shutdown order backed by, say, Universal Studios, whatever legalisms Vekseid had employed to protect us notwithstanding.

Elliquiy is found at elliquiy.com, and is therefore not subject to these laws directly, except that it an be construed to act as an 'information tool' or a 'search engine'. The new CMS provides measures for whitelisting domains as a matter of natural course, but even without that, both laws do provide 'undue burden' exemptions. It's affording that that is the problem. It only costs ~$300 to file, but that's a good chunk of change for most websites. And if you want legal advice on how to answer a summons, interrogatories, and the like, well, you'll have to pay for that, too.

These laws basically only allow legal proceedings if you already accept their jurisdiction. As I mentioned, the actual domain blocking provisions are essentially useless, as these can hop from place to place in less time than courts can catch up. The MPAA can't stop the Pirate Bay. It's way too late for that, and the environment for them is continually getting worse as the technocratic 'class' gains power in Europe and, as Wednesday seemed to show, the US as well.

Quote
It'll be stuff like the MPAA that abuse the law, if anyone does, and that's a bit like David throwing pebbles at Goliath instead of using a slingshot. You need a heck of a lot of pebbles to do anything.Yeah, but then the government has a determined and concrete reason to go after the hackers in return, and it's the old adage about offense against defense. The defender has to block or evade every single attempt to break his security, and the attackers only have to succeed once. And frankly, the government has a lot of more time, resources, and if it wants to spend the money, talent, than any independent hacker.

This sort of sword cuts both ways. Not the hacker nonsense - I mean the fact that Wednesday's blackout and its results might start leading to sites like Reddit and Wikipedia playing offense instead of defense. Getting old laws stricken. I'd personally love to see the next Mickey Mouse extension end up with a gutting of current IP law.