SOPA/PROTECT IP: Congress, under orders from Hollywood, wants to kill the internet
Since industry lobbyists basically run Congress, and since Congress is full of human fossils who are confused by any technology newer than a photocopier, Congress is always proposing some horrible new bill to censor, regulate, and/or stifle technological innovation on the internet.
Their latest effort is one of the worst yet, and it has a very high danger of passing. Not only is there a lot of Hollywood and record company money behind it, it also has huge bipartisan support, with like 40 Senate co-sponsors.
(which proves once again that bipartisanship is no guarantee that an idea is any good. Sometimes "Bipartisan" is code for "This idea has enough big-government overreach to please Democrats, AND enough violation of human rights to please Republicans." The Patriot Act had huge bipartisan support, for example.)
Anyway the Senate version of this horrible thing is called "PROTECT IP" (a really awkward backronym). The House version is called "E-PARASITES" (an even more awkward backronym) or "SOPA" (Stop Online Piracy Act).
Full text of SOPA (PDF).
Full text of PROTECT IP (PDF).
The house version is supposedly worse, but the basic idea behind all of them is that the large media corporations who own a lot of copyrights want to be able to force any site off of the internet as soon as they accuse it of copyright infringement. For foreign sites, the copyright holder just has to tell the US attorney general "this site is infringing" and, with no chance for the site owners to defend themselves in court, the site is added to a nationwide blacklist of sites which all internet service providers will be forced to block. For domestic sites, the copyright holder just has to tell credit card companies and advertisers that the site is violating copyright; with no requirement that the copyright holder prove their case in court, the credit cards and advertisers would be required to cut off all business with the accused site within five days. Search engines would have to remove links to the accused site as well.
Even though I personally have my doubts that copyright infringement is morally equivalent to theft, let's assume for the sake of argument that it is. Let's assume that copyright infringement is a really serious problem and that stopping it is important enough that we need a sweeping new law to stop infringement on the internet. This bill still goes way too far. It has enormous potential for abuse.
The way it's written, even a single copyright-infringing post on a site by one of that site's users could lead to the entire site getting shut down. This would make many of the most popular web-based companies, services, and business models effectively impossible. And since the accuser doesn't have to prove in court that the accused site is violating copyright, there's no way to be sure that the application of the law will be restricted to fighting copyright infringement. Not only could a site get shut down for having one infringing file, it could get shut down for having zero infringing files, because a copyright holder made a false accusation. The site is treated as guilty until proven innocent.
By setting up a national blacklist -- it's been called a "Great Firewall of America" -- the proposed law would let corporations use the power of the government to censor any website they don't like, including vast swaths of perfectly legitimate content. If you care at all about free speech on the internet, this bill needs to be stopped or at least hevily modified.
The current law, the DMCA, has a "safe harbor" provision stating that when a copyright holder notices infringing content on a site, they can contact the site owner and request that the content be taken down. If the site owner takes the content down when requested, then they can't be sued for it. Even this compromise leaves room for legal harassment by copyright holders in the form of spurious takedown requests, but it's a basically functional compromise between internet freedom and the rights of media companies which has worked out OK for the last 13 years.
The new blacklist bill does away with safe harbor protection. Meaning if any user of a site posts infringing content, the whole site can get blacklisted. Once it's blacklisted, credit card companies and advertisers have 5 days to cut off all business with the blacklisted site.
There is no way that any site hosting user-generated content can survive under this legal regime, which makes a site liable for anything that any of its users might post. The action of a single user posting a single infringing file can get the whole site blacklisted.
Here's a real example: I posted video of myself singing Happy Birthday (a copyrighted song) on Vimeo. Under the current DMCA law, the copyright holder could make Vimeo take that video down. Under the new blacklist law, the copyright holder could force Vimeo out of business. Vimeo might have the resources to fight the case in court but they might not, and they're treated as guilty until proven innocent. Not only my illegal accordion playing, but all the millions of other completely legitimate videos hosted on the site, would be lost to the internet as part of a disproportionate punishment for the actions of one criminal individual.
This new legal regime would make hosting any user-generated content incredibly risky. No commercial website would dare to risk leting users post their own content when it could get the whole site blacklisted. User-generated content is more or less the backbone of every website started since 2004 or so. Some of the world's highest-traffic websites like Youtube, Twitter, Facebook, and Wikipedia never could have gotten off the ground under the blacklist regime. Neither could any discussion forum, any wiki, or any blog that allows posting comments.
Maybe this is what the movie and music industry lobbyists pushing this bill actually want. They don't just want to get infringing videos off of YouTube: they would rather not have YouTube exist at all. They have a long history of trying to stamp out new technologies just because those technologies could be used for copyright infringement, never mind how many beneficial uses that technology has. For example, in 1976 Universal Studios and Disney tried to stifle the VCR by claiming in court that Sony (who had just invented Betamax) should be responsible for any infringement (e.g. taping of movies) committed by home Betamax users. (They lost).
The end of user-generated content on the web would be bad enough. But that's not all! SOPA/PROTECT IP has even worse provisions lurking inside.
The bill makes "streaming" (whatever that means) copyrighted work over the internet a federal felony punishable by up to 5 years of jail time. It's ambiguous whether the poster of the content or the hosting site is the one doing the "streaming" according to the bill. If it's the poster, I could go to jail because I sang Happy Birthday to my sister over the internet. If it's the hosting site, I could go to jail because one of my commenters used my site to sing Happy Birthday over the internet and I didn't take it down fast enough.
So far I've been talking how far the bill overreaches in the case of posts that actually infringe copyright. But because of the lack of oversight and lack of due process, website owners are still going to have to worry even if nothing copyright-infringing ever gets posted on their site. You can get put on the blacklist without a trial. The accuser doesn't have to prove that you infringed their copyright. Once they accuse you, you're assumed guilty until proven innocent. You can take the copyright holder to court to try to get your blacklisting overturned, but by that point the damage to your business has been done, and how many smalltime website operators will have the resources to fight Viacom and Time-Warner in court anyway?
What about the many cases where part of a copyrighted work is used in a way that's legal under fair use doctrines -- like parody, reviews, etc. Are copyright owners going to be able to use this new law to shut down people doing completely legal and legitimate things with their work? They'll be able to shut you down just by accusing you, and the cost of fighting them in court to prove that your use was fair use will be far too high.
They could even accuse you in cases where you've done nothing wrong, either due to honest mistakes or malevolence, and suddenly you have to choose between trying to take them to court or giving up on having a website.
(It's worth remembering why the right to a fair trial, with the burden of proof on the accuser, is such a good legal principle to stand by. It's not just because we believe that imprisoning an innocent person is morally worse than letting a guilty person go free. It's also because without this protection, accusations are a weapon that can be leveled at anyone, based on grudges, unpopular political opinions, anything at all. The way that accusations of witchcraft were used to terrorize women in puritan New England, or accusations of counter-revolutionary ideas were used to terrorize people in communist countries.)
The blacklist won't be restricted to real copyright violations. Once you establish a blacklist there's pretty much no way it won't be used for censorship, repression, and harassment of legitimate sites.
For domestic sites, the blacklist cuts off their sources of income. But for foreign sites, it's even worse: the blacklist would force all American ISPs and DNS servers to prevent the URL from resolving, blocking the site from being seen at all by anybody inside the USA. This is much the same as the way China prevents its citizens from seeing foreign sites like Wikipedia and Blogger.
Again, there's no requirement that the copyright holder prove the site is infringing, and no chance for the site owners to defend themselves in court. The copyright holder just goes to the Attorney General and gets a court order saying "block this", and then all the ISPs are forced to block it.
How long before this gets abused to censor sites for reasons that have nothing to do with copyright infringement? Say some foreign news site like the BBC or Al-Jazeera publishes a story critical of the U.S. government. The government makes a bogus claim of copyright infringement and uses their new blacklist powers to block the BBC or Al-Jazeera from the American internet. Now the U.S. government is controlling what its citizens are allowed to see and hear from other countries.
This is why it's so dangerous to let the government have the power of a national blacklist. Even if the stated purpose of the blacklist is to fight copyright infringement, it is a giant invitation to censorship.
Another small but terrible detail of the bill is that it criminalizes software that would let people get around the blacklist. Software written by American free-speech advocates to help, say, Chinese people get around government censorship of the internet could now, ironcially, be illegal in America.
90 legal professors have signed a letter calling PROTECT IP unconstitutional because it supresses speech without an adversarial hearing -- i.e. the accused gets no chance to defend themselves in court before being blacklisted off the internet.
The letter says the law "represents the biggest threat to the Internet in its history".
We have to fight this thing.
American Censorship Day
The internet blacklist bill I wrote about has sailed through judiciary hearings. This was unsurprising because the hearings were stacked with three witnesses in favor and only Google allowed to represent the opposition.
Several internet organizations declared Wednesday the 16th "American Censorship Day" and used it to launch the counteroffensive. Mozilla put a snippet on our home page with a black censor bar over the Firefox logo to point people at an action page. Our webdev team did a bang-up job of putting that together really fast. Thank you webdev!
Tumblr alone geneated over 87,000 calls to congress in one day.
I called both senators and my congresswoman on Wednesday and was surprised how fast it was to get through and leave a message with a staffer. They don't keep you on hold forever like the bank or the telephone company. The staffers will take your message for the congressperson politely and without arguing.
I also wrote a letter that I sent to Senator Boxer, Senator Feinstein, and Congresswoman Eshoo today. Here it is; if you like it, please feel free to use it as a basis for your own letter to your senators/congressperson.
Dear [Senator Boxer/Senator Feinstein/Congresswoman Eshoo],
I'm a citizen of California and a professional in the Internet industry. I'm writing to express my alarm and dismay at the "PROTECT IP" act that went through the senate judiciary committee this week, and its House version, "SOPA". I strongly urge you to either oppose it or to introduce some changes.
I understand the need to enforce copyright law, but the way the bills are currently written, they give too much power to copyright holders and to the Attorney General to ban websites from the Internet without due process of law. I fear these powers will be used for blacklisting and censorship of completely legal and legitimate websites. SOPA/PROTECT IP needs to be modified to ensure that it is only used to go after lawbreakers. Operators of legitimate websites need to have a chance to defend themselves before being blacklisted off the internet.
As I understand the bills, they would empower the Attorney General, at the request of copyright holders, to put websites on a blacklist which all ISPs would be required to block, and to do this without any adversarial hearing.
As an American who believes in free speech, I don't think our government should be building a national blacklist to block websites from american citizens AT ALL. That's the sort of thing I would expect to see China or Iran imposing on its citizens, and I would expect the United States of America to be criticizing them for it -- not building one of our own!
But if you think that copyright infringement is so serious that we need to resort to building the Great Firewall of America to fight it, then at least give the accused site owners the right to a trial before kicking them off of the internet. Otherwise, if we give the Attorney General the power to unilaterally ban sites without trial, what guarantee do we have that this power will be used only for fighting copyright infringement? It's a small step from there to political censorship of any foreign sites the U.S. governemnt doesn't want citizens to see.
The site owner should have the right to a trial before the government censors their site from the internet. The burden of proof needs to be on the accuser and the accused needs a chance to defend themselves in court. That's the only way we can be sure this power is used only for its intended purpose of enforcing copyright law and doesn't become a tool of censorship.
Besides free speech issues, as someone who works in the internet industry, I'm alarmed at how much legal risk this bill creates for website owners. PROTECT IP/SOPA would make website owners like me liable for any copyright infringement done by our users. Under PROTECT IP/ SOPA a single file posted to a site by a single user would be enough for an entire internet domain to be blacklisted and all its funding cut off. And all of this just on the word of the copyright owner -- they wouldn't even have to prove in court that their copyright had been violated!
I had been planning to use the Internet to launch a startup company of my own, but how can I do so knowing that my entire company could be wiped off the internet by the actions of a single malicious or ignorant user? There's no way that Facebook, Twitter, YouTube, Blogger, Wikipedia, or any number of other internet success stories ever could have gotten off the ground under such a law. They relied on the safe harbor provision of the DMCA, which gives sites acting in good faith a chance to comply with the copyright holder's wishes and remove infringing files before being threatened with legal action. This compromise has worked well for the last 15 years while the Internet has flourished. SOPA/PIPA would end safe harbor and increase the legal risk beyond what small businesses could bear.
Internet businesses are one of the few sectors launching successful startup companies and creating jobs in this grim economic climate, but SOPA/PIPA would shut all that down -- or drive entrepreneurs to build their companies overseas.
We can protect the rights of copyright holders while still maintaining a free Internet. SOPA/PIPA must be modified to ensure that it will be used only for fighting copyright infringement and will not be abused for censorship, repression, or harassment of legitimate sites and legal content.
[Senator/Congresswoman], please either add such protections to the bill, or vote against it.
-- Jonathan Xia
Palo Alto, California
We may be starting to turn the tide. There are hopeful signs. The EFF is cautiously optimistic. The Business Software Alliance, which previously supported the bill, is now backpedaling.
Ron Wyden from Oregon has put a hold on the bill, promising to filibuster it if it gets that far. You can even sign up to have him read your name as one of the opponents during his filibuster (hey, it's better than reading the phone book).
Nancy Pelosi has swung over to our side, and Ron Paul is also opposing it. (Nancy Pelosi and Ron Paul -- is that weird or what? This is one of those issues that doesn't break down cleanly along partisan lines. Sometimes, oddly enough, it's the "centrists" of both parties who are the most authoritarian.)
Here's a roundup of progress against SOPA.
But this is no reason to stop now! We need to redouble our efforts and we need to get personally involved.
Don't assume this is just going to go away. The House and Senate are planning to vote on SOPA/PIPA before the end of the year, and the bill still seems to have majority support. If we all zone out and ignore this thing, it's going to pass, and free speech on the internet will never be the same. In the name of enforcing copyright law, the US government will set up a national blacklist of sites blocked at the DNS level, the same as what China and Iran use to keep information away from their citizens.
The internet industry pretty much unanimously opposes SOPA, but it's an industry unfortunately concentrated in a few congressional districts, and it shares the same two senators as Hollywood. We're at a geographical disadvantage. To have any chance of stopping SOPA we need people all over the country to show their opposition, not just nerds in California.
The Senate is threatening to bring the Senate version, the PROTECTIP act, to the floor on Tuesday. So that's the next round of the fight. Mozilla's trying to get everybody to call their senators on Tuesday the 29th (tomorrow). You can sign up here.
I know that I have friends who read this blog in Florida, New York, New Jersey, Connecticut, Oregon, and Illinois, and I'm sure you all know people in even more states. Please, please, please, call or write to your senators and your congressperson. Go here to put in your ZIP code and find their contact information.
Congress wants your ISP to spy on you
I was just about to write a blog post about CISPA, the Cyber Intelligence Sharing and Protection Act, aka the latest terrible idea by a Congress that doesn't understand the Internet but heard the word "cyberterrorism" and freaked the fuck out.
I called Anna Eshoo's office today and found out she was already going to vote against it, so that's good. I was going to write a blog post and urge you to call or write your representative and tell them to vote against CISPA.
But then I found out that they voted on it early, sneaking it through with minimal debate when nobody was paying attention. It passed the House this afternoon. Those bastards!
CISPA overrides all existing privacy laws, encourages ISPs and email providers and websites to report your private information to the NSA and other unaccountable government agencies without a search warrant, and gives them total immunity to liability for any privacy invasions they commit. All of this applies as long as it's done in the name of fighting "cybersecurity" threats which the bill defines so vaguely that it could be used to mean anything. Like the PATRIOT act and the warantless wiretaps, it's another step closer to a total surveillance state where innocent citizens are routinely spied upon by our government. Even if these "cybersecurity" threats are real, is there any reason we couldn't fight them with the laws we already have? I have yet to hear any proponents make the case for why the law needs to be changed - only hand-waving and alarmism.
Read more about the details of CISPA at the EFF, Forbes, or Ars Technica.
The White House has said they'd veto it, but they said they'd veto NDAA too, and they didn't, so I wouldn't take their word for anything.
But it hasn't passed the Senate yet, so that's our best chance to stop it. Call and email your senators and tell them you want your 4th Amendment back.
Just sent this to both my senators
Hello Senator [Boxer|Feinstein],
Please do not allow the Cybersecurity Act of 2012 (S 3414) to strip away privacy protections from US citizens. I strongly believe that individualized information (such as contents of emails) should require a search warrant for government agents to access. Surely we can find a way to enhance security of power plants and other critical infrastructure against cyber-attacks without violating the spirit of the 4th amendment!
I urge you to vote against amendments by Sen. John McCain (and others) that would strip privacy protections from the Cybersecurity Act. When companies do share information with the government as part of a cyber-security investigation, it should go to a civilian agency, and not to the NSA or other military departments. I do not believe it should be standard operating procedure for the US military to operate against American citizens on American soil.
I also urge you to vote for Franken-Paul amendment. Citizens should not be deprived of the right to seek legal action against companies that have violated their privacy.
The cybersecurity legislation you are considering this week has huge implications for privacy and civil liberties and I will be closely watching your votes.
(Please feel free to copy and send to your own senators!)
Information about the Cybersecurity Act here - it's basically the Senate version of CISPA, which passed the House already.
Most of the bill is entirely reasonable stuff about beefing up security standards at power plants and other places a malicious hacker could cause massive damage. The troubling part is that it overturns a lot of existing privacy law, and makes companies immune to prosecution for violating your privacy if they hand the data over to the NSA and/or military.
Cybersecurity Act defeated for now
The Cyber Security Act failed to get cloture and Congress is going on summer vacation, so it seems dead in the water for now.
This is a bit frustrating, as some of the stuff in that bill is good and needed; my preferred outcome would be for it to have been amended to remove the spying-on-citizens stuff and then passed. But I'll take any victory I can get.
I wish internet activists could take the credit for this one, but it seems the bill was really just the latest victim of standard Republican operating procedure since 2010 : automatically filibuster anything the Democrats want to do, no matter if it's good or bad, even if it's a policy Republicans suppor themselves! Because getting bills passed might make Obama look good, and stopping that is more important than national security. Barf.
Meanwhile the Democratic Party showed once again that it doesn't give a shit about civil liberties. With only a few exceptions (like my hero Ron Wyden of Oregon), Democrats supported the bill including its domestic spying provisions. Just as they were happy to renew the Patriot act and pass the NDAA with its indefinite-detention-without-trial provisions.
Both sides were already at the point of sticking completely unrelated poison-pill amendments (having to do with gun control and banning abortions in Washington DC) into the bill before it failed.
So, um, hooray for democracy?