Home / Blogs

The Myth of the Unintended Infringer in SOPA and PIPA

In a recent op-ed piece in TheHill.COM, some friends and I described the futility of mandated DNS blocking as contemplated by the SOPA (H.R. 3261) and PIPA (S. 968) bills now working their way through the U.S. Congress:

No Internet user is required to use the Domain Name servers provided by their ISP. And if millions of American citizens who for whatever reason want to engage in online piracy can no longer do so because Congress has passed this law and their ISP is now filtering the citizen’s DNS lookups, well, those citizens will have dozens if not thousands of off-shore Domain Name servers they can switch to with the click of a mouse.

This is an important point since if federal law is changed to mandate that hundreds of millions of dollars be spent by ISP’s blocking the estimated hundred or so domain names used by the worst off-shore offenders of U. S. copyright and trademark law, then we’d all like to have some assurance that American consumers will respect this blockade. We would call those consumers “unintended infringers” because they are infringing U. S. copyrights and trademarks now, but are doing so in ignorance, and if they knew they were stealing, they wouldn’t do it. We know that no “intended infringers”—who already know they are stealing when they buy pirated or infringing goods online—will be stopped by any federal law, since the Internet just doesn’t work that way. From the same article:

The Great Firewall of China is built to a massive scale and could easily cope with this sort of problem. Since we in America would never monitor and restrict Internet traffic at that scale, the best Congress could hope for would be a symbolic gesture that merely indicates our country’s displeasure with online piracy and infringement—without stopping such activities or even slowing them down by much.

Today I happened across a recent report from Cisco Systems entitled “Beg, Borrow or Steal? Young Professionals, College Students Admit They’ll Go to Extreme Measures for Internet Access Despite IT Policies, Identity Theft Risks”, which studies the infringement motives of a statistically meaningful population. Here’s an excerpt:

“Of those who were aware of IT policies, seven of every 10 (70%) employees worldwide admitted to breaking policy with varying regularity. Among many reasons, the most common was the belief that employees were not doing anything wrong (33%). One in five (22%) cited the need to access unauthorized programs and applications to get their job done, while 19% admitted the policies are not enforced. Some (18%) said they do not have time to think about policies when they are working, and others either said adhering to the policies is not convenient (16%), they forget to do so (15%), or their bosses aren’t watching them (14%).”

What this means from a high level policy perspective is that we really can put “unintended infringer” into the “myth” category. [2017 Note: A few years later I learned a more nuanced view, which is, in some cases the unintended and intended infringer populations are of the same order of magnitude—which shows that criminals are smarter and better motivated than I knew when I wrote this. See also Nation Scale Internet Filtering for a more recent treatment of this topic.]

NORDVPN DISCOUNT - CircleID x NordVPN
Get NordVPN  [74% +3 extra months, from $2.99/month]
By Paul Vixie, VP and Distinguished Engineer, AWS Security

Dr. Paul Vixie is the CEO of Farsight Security. He previously served as President, Chairman and Founder of Internet Systems Consortium (ISC), as President of MAPS, PAIX and MIBH, as CTO of Abovenet/MFN, and on the board of several for-profit and non-profit companies. He served on the ARIN Board of Trustees from 2005 to 2013, and as Chairman in 2008 and 2009. Vixie is a founding member of ICANN Root Server System Advisory Committee (RSSAC) and ICANN Security and Stability Advisory Committee (SSAC).

Visit Page

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Threat Intelligence

Sponsored byWhoisXML API

Cybersecurity

Sponsored byVerisign

DNS

Sponsored byDNIB.com

Brand Protection

Sponsored byCSC

IPv4 Markets

Sponsored byIPv4.Global

New TLDs

Sponsored byRadix

Domain Names

Sponsored byVerisign