Battling Piracy Needn't Limit Net RightsWhite House Opposes Tech Provision in IP Protection Bills
The fact that the Obama administration over the weekend came out against legislation before Congress aimed at thwarting online piracy shouldn't be surprising. Opposition to the bills from the likes of Facebook, Google and Internet service providers has been mounting for months because of the perception the measures would create new risks to Internet security.
See Also: Attack Surface Management: Improve Your Attack Surface Visibility
In a White House blog posted Saturday, the administration noted the merits of several bills before Congress that attempt to prevent online piracy. Still, the blog said, the Obama administration could not back any legislation it feels would place Internet security at risk, as it contends some of these proposals do.
Any effort to combat online piracy must guard against the risk of online censorship of lawful activity and must not inhibit innovation by our dynamic businesses large and small.
"While we believe that online piracy by foreign websites is a serious problem that requires a serious legislative response, we will not support legislation that reduces freedom of expression, increases cybersecurity risk or undermines the dynamic, innovative global Internet," White House Cybersecurity Coordinator Howard Schmidt, Federal Chief Technology Officer Aneesh Chopra and Victoria Espinel, intellectual property enforcement coordinator at the White House Office of Management and Budget, wrote in the blog.
On Thursday, the chief sponsors of the Senate's Protect IP Act (S 968) and the House's Stop Online Piracy Act (HR 3261) Sen. Patrick Leahy, D-Vt., and Rep. Lamar Smith, R-Texas, issued separate statements saying they would drop provisions from their respective bills regarding the Domain Name Systems, which manages Internet addresses, a key foundation of Internet security.
Both bills, as originally drafted, would have allowed the federal government to order Internet service providers to use the Domain Name System's DNS resolvers - the technology responsible for translating a domain name into an IP address - to inform users that a website deemed to infringe intellectual property does not exist. "The law requires these DNS resolvers to lie, and say, 'Listen, there is no website,'" Allan Friedman, a fellow at the think tanking Brookings Institute, said in an interview with Information Security Media Group (see IP Protection Bills Threaten Internet). "This in general isn't a great idea; it makes things less stable."
Besides, Friedman said, that approach won't work because the U.S. government wouldn't be able to enforce its laws on overseas servers. Plus, he said, many foreign domain resolvers aren't trustworthy. "We've already seen this as an increasingly common attack for cybercriminals; they try to change innocent users' domain name resolvers or DNS servers they're pointing to. And now America is saying, by law, we're going to create very strong incentives for people to go and do voluntarily what the criminals are trying to do by tricking us or through malware?"
Leahy, in a statement, referred to the matters involving DNS as "highly technical issues" but said revised legislation would call for a study of the matter as he shepherds the bill through the Senate. Eliminating that provision, he said, would allow lawmakers to focus on other important aspects of the bill aimed at protecting intellectual property. "I regret that law enforcement will not have this remedy available to it when websites operating overseas are stealing American property, threatening the safety and security of American consumers," he said. Smith's comment mirrored Leahy's stance: "We will continue to look for ways to ensure that foreign websites cannot sell and distribute illegal content to U.S. consumers."
Despite the sponsors' pledges to remove the provisions opponents find offending, Wikipedia said on Monday it would shutter its English-language website for 24 hours beginning midnight EST Tuesday to protest the legislation (see Wikipedia Vows to Shutter over Bills).
The Obama administration, in its blog, said Congress should avoid creating new cybersecurity risks or disrupting the underlying architecture of the Internet. "We must avoid legislation that drives users to dangerous, unreliable DNS servers and puts next-generation security policies, such as the deployment of DNSSEC, at risk," they wrote.
That's a theme highlighted by the White House bloggers:
"Any effort to combat online piracy must guard against the risk of online censorship of lawful activity and must not inhibit innovation by our dynamic businesses large and small," the blog stated. "Across the globe, the openness of the Internet is increasingly central to innovation in business, government, and society and it must be protected. To minimize this risk, new legislation must be narrowly targeted only at sites beyond the reach of current U.S. law, cover activity clearly prohibited under existing U.S. laws, and be effectively tailored, with strong due process and focused on criminal activity.
"Any provision covering Internet intermediaries such as online advertising networks, payment processors, or search engines must be transparent and designed to prevent overly broad private rights of action that could encourage unjustified litigation that could discourage startup businesses and innovative firms from growing."