|
As you read this, please keep in mind that I say it all with a track record nearly 14 years of being proactive and having a zero-tolerance policy toward criminal activity and network abuse on our system. We have great relationships with Law Enforcement Agencies both here in Canada and abroad. We are always helpful and (usually) happy to answer questions, and help LEA understand the complexities and nuances of the internet. We’ve had the good fortune to meet some really intelligent and clued in cybercrime units. We participate in numerous communities in combating net.abuse and cybercrime.
I finally got around to reading the text of the Stop Online Piracy Act (SOPA) today. While the ostensible intentions are to combat online piracy and the sale of counterfeit goods, the bad news is that the legislation contains elements which basically puts every single domain registered under generic TLDs under the authority of the United States Attorney General.
We have already seen in cases if the ICE domain seizures, improper takedowns and overreach resulting in the takedown of tens of thousands of websites when a single one was the target.
How does this affect you?
Our objections to SOPA are very similar to our objections to Verisign’s recent proposal which contained overly broad takedown powers and could be used to assert US law (and “requests”) on all domain holders internationally.
We consider SOPA far more pernicious because it is possibly to become US law, rather than a policy implemented by a private company (albeit one that holds a monopoly on large tracts of internet namespace).
SOPA differentiates between “domestic” and “foreign” domain names, but the definition of “domestic” basically includes all domains registered under any of the gTLDs (generic Top Level Domains), because their respective Registry operators are US-based entities:
(3) DOMESTIC DOMAIN NAME- The term `domestic domain name’ means a domain name that is registered or assigned by a domain name registrar, domain name registry, or other domain name registration authority, that is located within a judicial district of the United States.
All domains under .com, .net, .org, and .biz are “assigned by” a domain name registry in the United States. Verisign, Public Interest Registry and Neustar respectively. Afilias is incorporated in Ireland, however they are operationally in the US. And at the end of the day, all domain names exist in namespaces assigned by ICANN, which is a California corporation.
So basically this means everything. Any domain, any TLD, anywhere, can be cutoff at the knees by the US Attorney General issuing a court order against a service provider, registrar or registry. (Although they may find it more difficult to assert beyond the generic TLDs. ICANN cannot for example, operationally takedown a domain inside some given ccTLD, the way Verisign or some other gTLD registry could simply yank any domain’s nameserver records out of the rootzones.)
Perhaps for the scope of this discussion, only gTLDs are at risk. This means you can probably ignore all of this unless your domain is under com/net/org/biz/info, or you use a US-based registrar, service provider or your website is ever visited by anybody from the United States.
Where This Is Going.
If this becomes law, it’s a short stretch from SOPA to NODA (No Online Dissent Anywhere) and if you think I’m a nutcase for saying so, I’d like to remind everybody what happened just over a year ago, when US politicians were tripping over themselves to shut down wikileaks (a royal fiasco in which this company was embroiled) and to this day, they have not been charged with a crime anywhere.
Many of the “dirty tricks” employed against Wikileaks would be enshrined on law under SOPA (and someday, NODA):
And they added an extra provision that it will be an offense to knowingly create a service or system to provide a workaround to a banned domain or host. So for example, they would no longer have to hassle Mozilla to remove that firefox plugin that let’s you reach ICE blocked websites, it would be illegal to make it or distribute it.
While this is an Online Piracy law, it already contains additional “enhancements” under Title 2: Additional Enhancements to Combat Intellectual Property Theft:, namely:
Where All This Ends
Even if ICANN is officially against SOPA (Former chairman Vint Cerf wrote a good letter opposing it), failure on ICANN’s part to oppose SOPA would mean catastrophic failure in their mission of overseeing the namespace to the benefit of all stakeholders.
If this happens, there needs to be a serious conversation around a topic so incendiary, so heretical that I will probably become persona non-grata within domain policy circles for saying it, but I’m going to say it:
The Internet RootZone would have to be administered by a non-US Entity instead of ICANN.
The reason why is because the internet root is held together largely through two things:
As all of the world’s peoples, businesses and websites come increasingly under the jurisdiction and law of a single country, consensus will fragment. The internet root will have to be under the stewardship of an honest broker who can respect the rights of all sovereign interests as they relate to the internet.
Otherwise, it ends with a split internet root, if we’re lucky. If not, it ends with a completely Balkanized one, because while it may not be the case now, as this escalates (and I suspect it will), it will pose intolerable risk to non-US entities of all stripes.
Already we get business from companies whose stated corporate IT policy is to not use US based servers to hold email or route web traffic. I’m not talking about torrent hosts, whistleblowers and fake Rolex vendors. We’re talking large enterprise entities whose legal departments find even the theoretical legal ability for Homeland Security to monitor their corporate communications simply intolerable.
While I’m not complaining about the extra business, I still smell trouble on the horizon.
Sponsored byRadix
Sponsored byIPv4.Global
Sponsored byVerisign
Sponsored byWhoisXML API
Sponsored byCSC
Sponsored byVerisign
Sponsored byDNIB.com
>The internet root will have to be under the stewardship
>of an honest broker who can respect the rights of all
>sovereign interests as they relate to the internet.
“ICANN Publishes Its Annual Report and Reports $100 Million in Assets”
http://www.circleid.com/posts/20111221_icann_publishes_its_annual_report_reports_100_million_in_assets/
“Power tends to corrupt, and absolute power corrupts absolutely. Great men are almost always bad men.”
It’s the centralization of the root itself that creates the problem. Passing that power like a hot potato does nothing to limit the currupting influence of controling the primary world communication infrastructure. Nor the motivation for 3rd parties to “influance” that infrastructure for their own gain.
“NODA” is only possible because those in control do not want to deal with decent. Having muliple roots (the market will destroy those zoning copies of existing TLDs) results in conflict.
That is the point, conflict IS the cure to NODA (“conflict not allowed”). We can’t have it both ways .....
Split the root. Let the free market implement nTLDs.
Innovation is chaotic and destructive, that is how improvement manefests itself.
There must be a choice available. Centralization gives NO CHOICE.
You’re commenting on the first draft of the bill, not the current version amended on Dec. 12th. The current bill is here: http://judiciary.house.gov/hearings/pdf/HR 3261 Managers Amendment.pdf
The first draft broke DNSSEC because it called for redirection, but the amended version is perfectly consistent with DNSSEC.
The first draft applied to sites hosted in the US, but the amended version only applies to sites hosted in other countries.
Both drafts only apply to sites “dedicated to the theft of U. S. IPR” to there’s no reason to carry on about “No Online Dissent Anywhere.” There’s a clear difference between speech and theft.
>There’s a clear difference between speech and theft.
Why must DNS be used as a substitute for the courts?
>but the amended version only applies to sites hosted in other countries.
The laws of which country will define “theft” and “Piracy”?
The Country of the Server, or the Registrant, or the Registrar, or the Registry, or the Client, or the IP Holder?
Hmmmmmm.
Domain registrations are a private contract between private parties.
We now see these PRIVATE contracts being used to replace law.
Bonnie and Clyde had a successful run at robbing mom & pop grocery stores (and three banks) because they had better technology than the cops: V8 Fords and Browning automatic rifles. To stop them, the cops had to up their game to the same technical level.
The Internet creates opportunities to commit crime that never existed before, so it’s appropriate to use the Internet to stop Internet crime. It’s basically common sense.
>The Internet creates opportunities to commit crime that never existed before,
And complexities that never existed before, as in the laws being different at each of the locations I listed above. I’ve zero issue with the courts shutting down a domain name, of course a court in the US is not likely to try to enforce the law of another country.
This will turn into censorship. One country imposing it’s law on the rest of the world is censorship. Brought to us by a centralize ROOT.
The ROOT is too precious to allow ANY third party to manipulate it in this way. The library of Alexandria was burned for the same reasons we are seeing fires set on the internet’s ROOT.
Hosea 4: 6 (KJV) My people perish from a lack of knowledge.
Therefor destroy threatening communications pathways/repositories as needed ....
Domain names are the street signs that have no affect on the buildings they index, nor the people who don’t need signs to find those buildings and their contents.
Bonnie and Clyde are laughing at the banks taking down their signs to protect themselves. Bonnie and Clyde still have knowledge, and the willingness to act on that knowledge.
Each sovereign nation passes its own laws and enforces them within its borders. The Internet is not a sovereign does not have the right to impose its own norms on anyone who doesn’t care to play along.
If the Internet can’t adapt to the world’s decentralized nature, it must not be as well-designed as its designers say it is.
I just went through the version you referenced.
“DOMESTIC DOMAIN NAME.—The term ‘‘domestic domain name’’ means a domain name that is registered or assigned by a domain name registrar, domain name registry, or other domain name registration authority, that is located within a judicial district of the United States.”
So in general ccTLDs will be “foreign”. Next quote:
“CONSIDERATION.—In making a relief determination under paragraph (2), a court may consider whether the domain name of the foreign internet site has expired or has been re-registered by an entity other than the entity that is subject to the order with respect to which the motion under paragraph (1) is brought.”
Thus the DNS does get broken as “offending” domain names will be on added to an ISP’s list but will likely never come off. The “foreign” site having no clue a given domain is CENSORED by a given ISP and will be so forever more.
Also, these “foreign” sites will likely be subjected to a very liberal definition of infringing, and will in all likelyhood not be in a position to defend themselves in the court of a foreign country.
Looks to me like the OP’s comment is still holding up even with the new revision:
“If not, it ends with a completely Balkanized one, because while it may not be the case now, as this escalates (and I suspect it will), it will pose intolerable risk to non-US entities of all stripes.”
And after all this mental masturbation all the clients needs to do is directly access the server by IP.
>If the Internet can’t adapt to the world’s decentralized nature,
>it must not be as well-designed as its designers say it is.
Garbage in,
garbage out.
Some things never change ....
Wrong, Charles. The section you’re reading titled CONSIDERATION pertains to how court orders to sanction a domain can be reversed; it’s a subsection of Sec. 102(d) MODIFICATION OR VACATION OF ORDERS. It’s saying that a domain formerly sanctioned can be returned to use if it’s no longer used for criminal purposes or has been transferred to another party.
It’s actually saying the exact opposite what you claim it says.
>*CAN* be returned to use *IF* it’s no longer used for criminal purposes
There is no REQUIREMENT that this take place. And thus stale records well exists across the network since the *ALL* ISP in the US will be required to place a record in their DNS servers.
It thus falls on the NEW REGISTRANT to use the court to delete the entries. It should be obvious that this will not happen. As I said most entities in another country are not going to have the resources to pursue this.
Thus *UNOBSERVABLE* “stale records” result in non functioning domains.
This is precisely the point which was being made. It appears to me you’ve totally missed the point of this sentence:
“If not, it ends with a completely Balkanized one, because while it may not be the case now, as this escalates (and I suspect it will), it will pose intolerable risk to non-US entities of all stripes.”
Please REREAD what I said. Thank you .....
At most, you’re pointing to a minor issue.
>At most, you’re pointing to a minor issue.
Minor for who? Certainly not the registrant.
And lets return to pondering differing laws. Lets say a web site with a high traffic keyword is following the law in their country, but someone in the US manages slap their domain with SOPA. Now that high value organic traffic domain is block in a major market forever more. This regardless of change in business model or Registry Delete / Create.
The internet works because of predictability of routing. For lessor “computer barf” domain names, yes, SOPA probably will not affect much. However given the entity affected is located in another country I expect overly agressive application of SOPA as a competitive advantage of corps in the US. That runs very counter to the intent of the internet.
I can also imagine Brand attacks of foreign competitors the same way. Eliminate there corp website, and thus entire product offerings, because one item legal in theri country, is not “legal” in the US.
But here’s another issue that I pondered reading the revision you referenced:
Page 20 3-A-ii
“IN GENERAL.—To ensure compliance with orders issued under this section, the Attorney General may bring an action for injunctive relief—
(ii) against any entity that knowingly and willfully provides or offers to provide a product or service designed or marketed by such entity or by another in concert with such entity for the circumvention or bypassing of measures described in paragraph (2) and taken in response to a court order issued under this subsection, to enjoin such entity from interfering with the order by continuing to provide or offer to provide such product or service”
Lets ponder OpenDNS, Google Public DNS, DNS Advantage (Ultra DNS), etc. These services are not ISPs, what happens if they do not include the required Filter (censor!) records? Are they now liable for offering a service which continues access to the site in question? My read is it would take just one major 3rd party to point out these services still resolve a given domain, and they are them liable - My cynical hat says a will placed PR promo can do that with ease. Argue as you desire, but these services are very “Alt DNS” like as they mirror the Root using their own internal filter algorithms. Or put another way, is a straight up Alt Root infringing if it provides continued resolution of the site in question? My read is it does and thus SOPA begins the attack on Alt DNS systems.
Sorry, but simply put, carving up the DNS is stupid and damages the value of the internet.
If you can’t do the time.
The whole idea is to reduce traffic to criminal sites, after all.
>If you can’t do the time.
I’ve been involved with the internet since 1999.
The internet is a disruptive technology, demanding various degrees of change across all industries.
Throughout that time I’ve watch many groups and organizations try to manipulate my internet freedom, and your internet freedom, for their own gain in order to AVOID having to change themselves. Such as Rupert Murdoch spending a week running fearful news stories on his network of child preditors on MySpace ... Just before he purchased MySpace, and all those stories ended ...
Change is inevitable. The internet is about freedom.
Theft has existed since humans started wanting things.
The internet is forcing change onto the IP industry and it’s cheaper for this industry to grease the skids of government to create laws that allow them to AVOID CHANGE AND INNOVATION.
Richard, if you wish to give up your “internet liberty” so be it, that is your free choice.
But when anybody makes a choice that affects me, or a generally powerless registrant in another country BREAKING NO LAWS IN THAT COUNTRY, then I have a real problem with that position. And people involved with internet operations should have a problem with others carving up the ROOT like a roast ....
>The whole idea is to reduce traffic to criminal sites, after all.
By now we should all know this will NOT solve the stated problem. When Afilias had their free domain registration promotion what “industry” represented the largest block of registrations? An industry that resulted in Google and email servers actually penalizing the .INFO TLD? The spam and malware industry, that’s who. They don’t care about a given domain name. And they can act far faster that a bureaucracy with a passed SOPA in its hands. If these thieves really have a profitable business model then the next $10 reg is meaningless to them ....
SOPA will not reduce traffic to criminal sites by a meaningful amount. However it may well slightly increase the traffic to registrars for yet another domain to use to sell their wares ....
A domain can be regged and zoned in less 120 seconds, this is the observed propagation time from the production server to the ROOT servers. How fast can SOPA filter those resource records? Perhaps 120 DAYS? Q.E.D. Although I admit it may take an hour or two for those folks to rerun their spam email list to promote their new website, so I guess spam traffic will be increasing as well. Great .....
http://www.circleid.com/posts/20120107_afilias_says_no_to_sopa/
Afilias,
THANK YOU!
Charles Christopher
CIO, PocketDomain.Com
An ICANN Accredited Registrar