Piracy bill could waylay FLOSS projects

If enacted, the SOPA bill in the U.S. House would target software vendors

If you're at all tuned into the Internet, then it's very likely that you have heard about two bills currently making their way through the two houses of the US Congress that several organizations have said will "break the Internet."

The bills, PROTECT IP (S. 968) and Stop Online Piracy Act (SOPA) (HR. 3261), are two pieces of legislation with essentially the same theme: give private copyright holders more tools to pull down pirated copy from the Internet. That sounds good on paper, but delving down into the details of each bill reveals some potentially serious problems for free and open source software (FLOSS) developers.

Each bill has the same basic approach: if a copyright holder finds content on a website that they believe infringes on their copyright, then they can go to any vendor who helps provide revenue to that site and request that the vendor cease working with the site. For instance, the request could go to any ad providers for the allegedly infringing site, and under the new law the ad provider would have five days to cut their ads from the site. Or, if the site uses credit cards or an online payment system like PayPal, the copyright holder can also get those organizations to stop supporting the website.

Either of the new bills, if passed into law, would also enable the US Attorney General to send court orders to DNS server operators ordering that DNS servers stop resolving the domain names of infringing sites to their matching IPs. And, almost lastly, search engines would also be required to remove or block links to these sites.

Now, keep in mind, that all of these wheels will be set in motion by private corporations, and there would be no requirement for proving anything. A copyright holder need only accuse a website of infringement, and the search engine, advertisement, and payment system would be cut off in five days. The DNS filtering would still need the involvement of the Department of Justice to get that court order, but again, there would be no need to prove anything to obtain such an order from a judge.

Infringing sites do have those same five days to file a counter-request--presumably to have time to remove the offending material from their site or protest the presence such offending material even being on their site. Jason Mazzone of TorrentFreak sums up the problem pretty well:

"No judicial review is required for the notice to be sent and for the payments and advertising curtailed--only the good faith representation of the copyright owner. Damages are also not available to the site owner unless a claimant 'knowingly materially' misrepresented that the law covers the targeted site, a difficult legal test to meet. The owner of the site can issue a counter-notice to restore payment processing and advertising but services need not comply with the counter-notice.
"There is also a catch: a site owner who issues a counter-notice automatically consents to being sued in U.S. courts (a strong disincentive for sites based abroad)."

All of this seems disturbing enough, and already several lawmakers have questioned the constitutionality of the bills, indicating that the Fourth Amendment's rules on search and seizure seem to be neatly ignored by PROTECT IP and SOPA. Google's Chief Internet Evangelist Vint Cerf--you know, the guy who helped invent the Internet?--has flatly stated both bills' use of DNS filtering will harm the Internet itself. Yahoo! has left the U.S. Chamber of Commerce over that organization's support of the bills, and Google and the Consumer Electronics Association are considering leaving Chamber as well.

And SOPA, the House of Representative's version of the Senate's PROTECT IP bill, goes even farther than that. According to the Electronic Frontier Foundation (EFF), SOPA will also affect any software vendors that copyright holders with which find fault--which would bring serious ramifications of members of the FLOSS community.

The EFF outlined its concerns in an article posted Friday, stating that all of the provisions of SOPA that could be aimed at an infringing website could also be enforced on software developers and distributors.

"This language is clearly aimed at Mozilla, which took a principled stand in refusing to assist the Department of Homeland Security's efforts to censor the domain name system, but we are also concerned that it could affect the open source community, internet innovation, and software freedom more broadly…"

The article goes on to highlight the various examples of software that could be affected by a SOPA-based law: VPN, proxy, privacy, or anonymization software--including SSH; software that works with zone files for generic top-level domains; or "client-side DNSSEC resolver that uses multiple servers until it finds a valid signed entry."

Basically, any software that a private copyright holder might suspect be used for the stealing or hosting of copyrighted material. And again, no legal proof required.

Copyright holders haven't exactly been careful with their accusations in the past, either. Just last week, Warner Brothers admitted in a lawsuit with Hotfile that an automated takedown notice tool Warner Brothers used erroneously sent several erroneous notices… because the search filter for "The Box" was (naturally) too broad.

And just in case you think there's no precedent in targeting software "used for piracy," in the same statement to the court, Warner Brothers "also issued a takedown over some open source software, simply because a Warner Bros. employee didn't like it (the software was a download manager that the WB employee thought could be used to infringe.) It also admits that it took down some software that it distributed, but over which it had no copyrights and no rights to issue a takedown."

Now that takedown notice, made under the current DCMA law, only went after a host that happened to have this unnamed open source software on their site. Imagine what would happen if a copyright holder decided to go after the entire open source project itself. If this download manager tool didn't provide a way to censor user downloads based on the requests made in accordance to an enacted SOPA law, then the software vendor could find itself getting advertising and payment systems cut, and the website filtered out of search engines and possibly even from the master DNS network.

For me, this is even more disturbing, because now it's not just copyright owners going after websites to protect their content (which is bad enough under the "Fourth Amendment? What Fourth Amendment?" aspects of SOPA) but they can also vaporize any software vendor they want from the Internet if they even suspect that software aids software piracy. I look at a BitTorrent client like Transmission, which I use to pull down Linux distros to examine and review, and wonder about its fate in such a climate. There are a bazillion legitimate uses for Transmission and it would silly to deny that some use it to download copyrighted content, too. Is Transmission responsible for that kind of use? If Transmission doesn't enable a way to block such illegal downloads, then by the decision of copyright holders and under the auspices of SOPA, the Transmission developers certainly would be responsible and could be taken down.

Think about that.

The bills are making progress through both houses of Congress, which has a lot of people worried. This coming Wednesday, Nov. 16, will be a memorable event in the life of SOPA.

First, that's the day the House Judiciary Committee will hear testimony on SOPA. The witness list of who's testifying has yet to be released, but Politico has some ideas:

"While the committee hasn't released its witness list just yet, MT hears that representatives from the MPAA, AFL-CIO and Pfizer as well as Register of Copyrights Maria Pallante will be on hand to testify. An industry source also says Google is considering testifying, but has not confirmed."

Nov. 16 is also a key date because that's the day protestors of the bills have planned for American Censorship Day.

"Boing Boing, Grooveshark, Free Software Foundation, The Electronic Frontier Foundation, Public Knowledge, Demand Progress, Open Congress/PPF, TechDirt, Fight for the Future and dozens of other sites have created this day to ask you to join them to stop S. 978 and HR 3261, as hard as you can. Write them, protest, call them, protest, support your favorite sites, protest, sign a letter, block out your site, protest," writes author and tech blogger Cory Doctorow.

A public outcry on these bills may bring attention to some of the more stringent elements of these pieces of legislation, as well as put political pressure on the White House to veto whatever form of these bills that might actually pass.

Piracy is a problem, to be sure, but giving private corporations so much power to indiscriminately take down websites--especially using the DNS system--without burden of proof is most assuredly not the answer.

Read more of Brian Proffitt's Open for Discussion blog and follow the latest IT news at ITworld. Drop Brian a line or follow Brian on Twitter at @TheTechScribe. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon