So, I thought some people might like a more technical explanation of the issues with these bills, or one not so glossed-over as on Wikipedia and Google. You can find an accurate explanation of some of the issues on Reddit's blog
, but I've seen a lot of misinformation posted about these bills as well. It is true that some bloggers have certainly not understood these bills, possibly because of limited legal understanding.
It's also true that the people pushing for these bills do not understand their contents. This is particularly true of the PROTECT IP ACT (PIPA), to the point where it is almost a comedy piece.
The major opponents of this bill - Google, Reddit, Wikipedia, etc. do
have a pretty good understanding of what is wrong with these bills. Often, however, they give rather glossed-over explanations of what is wrong, and some people are openly wondering as to Google's motives. That may seem paranoid, but when a company controls so much of the world's information, it's prudent to consider that.
I will start with PIPA, because it is shorter.
Let's begin with the definitions. I only take serious issue with one, but it's a doozy:(4) the term `information location tool' has the same meaning as described in subsection (d) of section 512 of title 17, United States Code;
Let's look at subsection (d) there:(d) Information Location Tools. — A service provider shall not be liable for monetary relief, or, except as provided in subsection (j), for injunctive or other equitable relief, for infringement of copyright by reason of the provider referring or linking users to an online location containing infringing material or infringing activity, by using information location tools, including a directory, index, reference, pointer, or hypertext link, if the service provider —
Each individual link is classified as an information location tool, all by its lonesome.
A more realistic interpretation would be 'Any website with outbound links'. We'll assume that definition, because it presents something moderately sane. Technically, it is more broad than this - you can't get around it by just posting the link as raw text. That is an immense technical problem for sites who generate massive amounts of user-generated content, Elliquiy included. While this is easy to do for the actual raw text of the link, it's much harder to catch and prevent obfuscated but human-understandable 'references'. "The website is hummersville and then you put in a dot and then co.cn." We can't just trap 'hummersville' - there's a good chance it will block some legitimate site. No computer is currently capable of natural language processing.Issue #1: What this amounts to is a bad definition supplied in an old law. subsection (d) needs an explicit, usable definition of 'information location tool'.SEC. 3. ENHANCING ENFORCEMENT AGAINST ROGUE WEBSITES OPERATED AND REGISTERED OVERSEAS.
(a) Commencement of an Action-
(1) IN PERSONAM- The Attorney General may commence an in personam action against--
(A) a registrant of a nondomestic domain name used by an Internet site dedicated to infringing activities; or
(B) an owner or operator of an Internet site dedicated to infringing activities accessed through a nondomestic domain name.
Proponents of SOPA and PIPA claim that this bill only targets foreign sites. This is not true per the common understanding of the term, and only true insofar as they create a legal definition of 'foreign site' that happens to include millions of sites registered by US registrars, to US citizens, hosted by US servers. Nothing prevents an American from registering a .it, .tv, .cm, .co, etc. domain name like bit.ly or redd.it. They instead go after 'nondomestic domain names'. This is exceptionally problematic, as it specifically declares them to be an underclass - even more so than they already are.Issue #2: PIPA, unlike SOPA, does not narrow its definition solely to foreign sites operated by foreign registrars, hosted by foreign companies. If this law is to be claimed to target foreign sites, it should at the very least make a more honest definition of them.
The DNS-blocking provisions are almost certainly going to be removed, so I will only gloss over these issues:
- Both SOPA and PIPA specifically ordered nonauthoritative domain name servers not to resolve. Worse, they don't actually acknowledge the existence of non-traditional DNS providers (such as OpenDNS, Google's free DNS, etc), except possibly as circumvention measures. Even if it did, there's nothing preventing someone from using a non-US DNS resolver.
- Messing with DNS results in-transit is something that the Internet community wants to see stopped
, for a wide variety of very good security reasons. We expect the solution to be DNSSEC, but it could just as well be a signed P2P DNS system that eventually replaces the current one, potentially driven by laws like these.
However, there is a broader issue with targeting based on domain names specifically. Spammers and fraudsters typically hold domains on a very short-term basis, to the point where the effective used lifespan of some domains is not measured in years, or even days, but sometimes minutes
. Thus:Issue #3: This law will mostly be effective at fraudulent sites spending time and effort trying to build a seemingly legitimate, persistent presence. As such, it should be targeted accordingly. A more technically savvy, real-time means of dealing with rapid-fire sites must be used instead.(2) IN REM- If through due diligence the Attorney General is unable to find a person described in subparagraphs (A) or (B) of paragraph (1), or no such person found has an address within a judicial district of the United States, the Attorney General may commence an in rem action against a nondomestic domain name used by an Internet site dedicated to infringing activities.
In general, both SOPA and PIPA do require court proceedings, with notice first given to the owners of the respective domain name
. However, no means of trying to correct the issue on-site (say, if there are single, few, or incidental offenses) is given. You're given a notice, and the opportunity to fight it in (American) court. No mention of resolution is given.Issue #4: There needs to be a means by which an infringing site can bring itself into voluntary compliance, and have this acknowledge. (D) INFORMATION LOCATION TOOLS- An service provider of an information location tool shall take technically feasible and reasonable measures, as expeditiously as possible, to--
(i) remove or disable access to the Internet site associated with the domain name set forth in the order; or
(ii) not serve a hypertext link to such Internet site.
The issue with this portion of the law is that it is inspecific, overly broad, and ineffective all at the same time
. Picking up new domain names moves faster than censorship of them. Most of these sites are in bad neighborhoods already, or ought to be, thus discouraging most webmasters from linking to them per Google and Yahoo's policies (and thus Microsoft and Facebook, as well).
Nor is this issue limited solely to outside the United States
The real crux of the issue is that the only way for the government to comply with (D) is to broadcast all infringing links to everyone who runs a website
. Counterproductive, much?Issue #5: The 'Information Location Tools' subparagraph needs to be dropped from the bill entirely. The only way this is going to work is to instead provide a list of legitimate originators of a given good, allow search engines and other sites to give those items priority when people are looking for such, and allow these same search engines and sites to - in real time - consider fraudulent sites to be 'bad neighborhoods' with all the penalties that linking to such already implies. This is far beyond the scope of the current legislation, as it will require technical coordination over a long period of time. If the process were open, open source, transparent, and have a solid, reputable means of resolving fraudulent claims, then it could have broadly popular support from the Internet's technical community, to say nothing of digital authors of all stripes.SEC. 5. VOLUNTARY ACTION AGAINST WEBSITES STEALING AMERICAN INTELLECTUAL PROPERTY.
(a) In General- No financial transaction provider or Internet advertising service shall be liable for damages to any person for voluntarily taking any action described in section 3(d) or 4(d) with regard to an Internet site if the entity acting in good faith and based on credible evidence has a reasonable belief that the Internet site is an Internet site dedicated to infringing activities.
This subsection grants too much power of private action, in my opinion, as it gives too much leeway for a rogue actor to try and shut down legitimate site's revenue streams - either by malice or accident.Issue #6: If it must remain, it should be narrowed to a suspension of revenue for a reasonable period while the matter can be investigated.
SOPA has provisions that are in effect actually worse, however.Stop Online Piracy Act
Definitions, again:(1) DOMAIN NAME- The term `domain name' has the meaning given that term in section 45 of the Lanham Act (15 U.S.C. 1127) and includes any subdomain designation using such domain name as part of an electronic address on the Internet to identify a unique online location.
This is pedantic, but there's nothing about DNS that requires a domain name to resolve to a unique online location. It is perfectly legitimate for a domain name to point to multiple disparate locations.(5) DOMESTIC INTERNET SITE- The term `domestic Internet site' means an Internet site for which the corresponding domain name or, if there is no domain name, the corresponding Internet Protocol address, is a domestic domain name or domestic Internet Protocol address.
(6) FOREIGN DOMAIN NAME- The term `foreign domain name' means a domain name that is not a domestic domain name.Issue #1: A repeat of three of PIPA's flaws.This effectively creates the same distinction as Issue #2, above. It makes non-US-run .tlds second-class citizens on the web. Likewise, the initial text of the bill, being nearly identical, shares issue #3 and #4 of PIPA as well.(B) INTERNET SEARCH ENGINES- A provider of an Internet search engine shall take technically feasible and reasonable measures, as expeditiously as possible, but in any case within 5 days after being served with a copy of the order, or within such time as the court may order, designed to prevent the foreign infringing site that is subject to the order, or a portion of such site specified in the order, from being served as a direct hypertext link.
People wanting to know what Google's ulterior motives are regarding SOPA, I think it comes down to this - a genuine desire not to be known as a company cooperating with censors. This is not necessarily out of altruism, but America's current unrivaled dominance when it comes to research, even in China
, America's rather limited take on censorship does Google and other US technology companies a great deal of credit.
As presented with issue #5 in PIPA, however, this would cause Google to seem weaker on these grounds than before, potentially driving the impetus for a foreign competitor who did not have to obey these laws, with Yandex being especially well-positioned to do so, given the degree and thoroughness with which Russian and American programmers currently cooperate. The idea of a Russian company stepping in for Google should
give current lawmakers pause.Issue #2 This is better targeted then PIPA, however, it shares the same fundamental flaw: It imposes censorship without providing any benefit whatsoever in turn. A better target might be to make the suggestion to major search engines that they include these sites in their Bad Neighborhood rankings, but allow them to use their own monitoring technology to make the right judgment, which will likely be able to respond faster and in a superior manner to a per-domain blacklist.(ii) against any entity that knowingly and willfully provides or offers to provide a product or service designed or marketed for the circumvention or bypassing of measures described in paragraph (2) and taken in response to a court order issued pursuant to this subsection, to enjoin such entity from interfering with the order by continuing to provide or offer to provide such product or service.
It is generally felt, by many in the technical community, that this paragraph, and the part of the DMCA that says providing circumventing measures is illegal, is blatantly unconstitutional, regardless if prior court rulings. Since this subparagraph would become redundant with the removal of the restriction on search engine activities, I think it would do good for Congress to realize that
1) All banning circumvention measures does is create a Striesand effect and
2) Laws need to be both respectable and enforceable, therefore
A) All provisions banning the distribution of circumvention measures should be lifted, and acknowledged as unconstitutional.
B) The DMCA needs stronger penalties for submitting fraudulent DMCA takedown notices, and clearer limitations about when such notices can be lawfully sent. (i) the U.S.-directed site is primarily designed or operated for the purpose of, has only limited purpose or use other than, or is marketed by its operator or another acting in concert with that operator for use in, offering goods or services in a manner that engages in, enables, or facilitates--
(I) a violation of section 501 of title 17, United States Code;
(II) a violation of section 1201 of title 17, United States Code; or
(III) the sale, distribution, or promotion of goods, services, or materials bearing a counterfeit mark, as that term is defined in section 34(d) of the Lanham Act or section 2320 of title 18, United States Code; or
(ii) the operator of the U.S.-directed site--
(I) is taking, or has taken, deliberate actions to avoid confirming a high probability of the use of the U.S.-directed site to carry out acts that constitute a violation of section 501 or 1201 of title 17, United States Code; or
(II) operates the U.S.-directed site with the object of promoting, or has promoted, its use to carry out acts that constitute a violation of section 501 or 1201 of title 17, United States Code, as shown by clear expression or other affirmative steps taken to foster infringement.
Technical people do not like vague terms. Nor do lawyers. This is meant to be directed at seriously infringing sites, and this could certainly be made more clear here in Section 103. There needs to be fewer ors here and more ands. That a website might try to get away with this by "Having a major alternate use" means that a lot of these 'ors' are unnecessary, and only add vagueness. Issue #3: This should be targeted with, to put a summary on it, something like: "A site which derives revenue from the fact that it distributes goods unlawfully AND refuses to curtail this activity when investigated. This would need more hashing out, but it's not my job >_> (2) QUALIFYING PLAINTIFF- The term `qualifying plaintiff' means, with respect to a particular Internet site or portion thereof, a holder of an intellectual property right harmed by the activities described in paragraph (1) occurring on that Internet site or portion thereof.
(b) Denying U.S. Financial Support of Sites Dedicated to Theft of U.S. Property-
(1) PAYMENT NETWORK PROVIDERS- Except in the case of an effective counter notification pursuant to paragraph (5), a payment network provider shall take technically feasible and reasonable measures, as expeditiously as possible, but in any case within 5 days after delivery of a notification under paragraph (4), that are designed to prevent, prohibit, or suspend its service from completing payment transactions involving customers located within the United States and the Internet site, or portion thereof, that is specified in the notification under paragraph (4).
(2) INTERNET ADVERTISING SERVICES- Except in the case of an effective counter notification pursuant to paragraph (5), an Internet advertising service that contracts with the operator of an Internet site, or portion thereof, that is specified in a notification delivered under paragraph (4), to provide advertising to or for such site or portion thereof, or that knowingly serves advertising to or for such site or portion thereof, shall take technically feasible and reasonable measures, as expeditiously as possible, but in any case within 5 days after delivery the notification under paragraph (4), that are designed to--
This is ridiculous. At least PIPA requires a court order before this crap proceeds. This portion of the law basically allows anyone - though at some legal risk - to try and disrupt any website they don't like that depends on payment network or advertising revenue.Issue #4: Injunctive action that does not require a court order must be robust in the face of potential abuse. A five-day-or-less warning time is most certainly not robust in the face of abuse. This should be removed in its entirety, or replaced with a more DMCA-like 'notice of infringement-please stop doing this' message. SEC. 104. Immunity for taking voluntary action against sites dedicated to theft of U.S. property.
No cause of action shall lie in any Federal or State court or administrative agency against, no person may rely in any claim or cause of action against, and no liability for damages to any person shall be granted against, a service provider, payment network provider, Internet advertising service, advertiser, Internet search engine, domain name registry, or domain name registrar for taking any action described in section 102(c)(2), section 103(d)(2), or section 103(b) with respect to an Internet site, or otherwise voluntarily blocking access to or ending financial affiliation with an Internet site, in the reasonable belief that—
(1) the Internet site is a foreign infringing site or is an Internet site dedicated to theft of U.S. property; and
(2) the action is consistent with the entity’s terms of service or other contractual rights.
SEC. 105. Immunity for taking voluntary action against sites that endanger public health.
(a) Refusal of service.—A service provider, payment network provider, Internet advertising service, advertiser, Internet search engine, domain name registry, or domain name registrar, acting in good faith and based on credible evidence, may stop providing or refuse to provide services to an Internet site that endangers the public health. Issue #5: Essentially identical to Issue #6 in PIPA. With the exception of search engines, 'we think you are doing something wrong so we can break out contract with you' should not be handled so lightly.SEC. 201. Streaming of copyrighted works in violation of criminal law.Issue #6: My issue with this subsection is not so much with its existence per se, but rather that it still leaves the concept of what constitutes a digital distribution, and the frequency required for infringement, vague. These issues are in bad need of specificity, especially in light of recent ridiculous judgments, sometimes exceeding reduced penalties for murder. Anyone who can claim with a straight face that filesharing is worse than murder has no business having even the remotest amount of influence on our political process.
Section 202 has some of this as well.
There might have been other things I've missed. I spotted a total of ten issues, four of which are shared between the bills. Some of them are technically serious (even with the DNS provisions removed or likely to be), while others have more legal/free speech/abuse consequences. A few, namely the last one, are more issues of ethics and making sure that the punishment fits the crime.