Published: 02 Feb 2012
Antipiracy legislation designed to cripple websites that peddle pirated software and other content lost congressional support after stinging criticism from networking experts and high-tech veterans who say the proposed pirating laws could undermine the security and integrity of the Internet.
The Stop Online Piracy Act (SOPA) and the Protect IP Act (PIPA), two bills that were initially designed to force search engines and domain name system (DNS) providers to block access to rogue websites that are deemed to be selling or sharing pirated material, caused an uproar across the technology industry. While the legislation gives the U.S. Department of Justice the power to seek a court order to block a foreign website, security experts say the proposed rules would have undermined the system that enables users to visit a specific website.
“DNS is critical to everything that makes the Internet function, so we’re taking a sledge hammer where a scalpel is needed to address the piracy problem,” says Trend Micro Advanced Threats Researcher Paul Ferguson. “I think there are better solutions than trying to implement DNS blocking.”
Ferguson says there are ways to identify trouble domains to suspend the domain registrar, rather than blocking people from accessing content by rerouting them around the rogue site. Both bills dangerously promote online censorship, Ferguson says.
There are signs, despite strong support from executives in the entertainment industry, that the criticism is being heard by legislators. Following strong opposition to SOPA from the White House, the bill appeared in January to have been shelved by the House. PIPA remained in the Senate, but was losing many of its supporters and Senate Judiciary Committee Chairman Patrick Leahy, a Vermont Democrat, removed the key DNS blocking provision from PIPA, saying it needs more study.
More than 80 industry luminaries including Paul Vixie, the author of BIND, the most widely used DNS server software, and Vint Cerf, the co-designer of TCP/IP, sent a letter warning of the consequences that the two antipiracy bills would pose if they became law. They warned that DNS blocking could undermine DNSSEC, the next generation of DNS that includes a layer of encryption in the website verification process.
“Censorship of Internet infrastructure will inevitably cause network errors and security problems. This is true in China, Iran and other countries that censor the network today; it will be just as true of American censorship. It is also true regardless of whether censorship is implemented via the DNS, proxies, firewalls, or any other method. Types of network errors and insecurity that we wrestle with today will become more widespread, and will affect sites other than those blacklisted by the American government,” the experts wrote in an open letter to the U.S. Congress.
The letter helped fuel additional opposition and in an Internet protest, Google collected millions of signatures from the U.S. for its online petition opposing the legislation. Wikipedia, the online encyclopedia, blocked the English language version of its website for 24 hours to protest the bills.
The legislation was also seen as potentially disrupting growth in the tech industry by creating a barrier to expansion and potentially hindering innovation, says Markham C. Erickson, executive director of the Open Internet Coalition, a Washington D.C.-based group that advocates broadband Internet access and the protection of an open Internet where everyone can access what they want, when they want. Erickson says the people who designed the legislation didn’t think about how it would be enforced or how organizations could ensure compliance.
“Once a user or a network engineer attempts to get visibility into the network, they won’t be able to tell if an ISP is disrupting that connection pursuant to court order or if a cybercriminal is creating the disruption in advance of a cyberattack,” Erickson says.
About the author:
Robert Westervelt is the news editor of SearchSecurity.com. Send comments on this article to firstname.lastname@example.org.