Sophos Cloud Optix
A new piece of American legislation, SOPA (Stop Online Piracy Act) has been getting a lot of attention the last few weeks. The purpose of the bill is to put a dent in online piracy by allowing the US government to dictate ISPs block access to sites hosting copyrighted materials.
The US Congress seems to have a huge misunderstanding of how the internet works and is looking more and more to simply be following the wishes of the entertainment industry.
It’s not that I don’t believe in copyright or that copyright holders don’t have the need to enforce their rights (Sophos included), but doing so at the expense of free speech is going too far.
Let’s start with the fact that it wouldn’t work.
Asking service providers to maintain a list of blocked DNS names and to prevent their customers from gaining access would be a gargantuan effort.
People seeking to illegally obtain copyrighted materials would simply point their DNS resolvers at publicly available services in other jurisdictions.
OK, so we tell ISPs they must also block the IP addresses of offending websites. Pirates will simply use services like Tor, BitTorrent or offshore VPN services that again will subvert the US government controls.
Having the ability to take away anyone’s speech without a court order will have a chilling effect on the internet. Only innocent people will pay the price, thieves will simply outmaneuver.
What does this have to do with security? Well monkeying with DNS and intentionally making it dysfunctional will hamper real efforts at providing a safer online experience.
As pointed out in a paper by Steve Crocker, David Dagon, Dan Kaminsky, Danny McPherson and Paul Vixie it would have serious security ramifications:
- Filtering DNS will drive people seeking copyrighted content to configure their computers to use non-US DNS servers, likely on advice of the pirates. These servers could be used to perform all sorts of man-in-the-middle and phishing attacks greatly increasing the threat surface.
- ISPs will lose critical insight into botnet activity and other network security issues. Many service providers are able to analyze DNS traffic to determine which customers may be infected, or which systems may be participating in denial of service attacks.
- Having DNS resolve to incorrect addresses will break DNSSEC and will hamper its adoption. This law would have people be redirected to a page warning them of the dangers of piracy. If DNSSEC is in use, they would get nothing and not know why the page isn’t coming up. DNSSEC is considered by many to be an important tool for preventing man-in-the-middle attacks and a key part of the US government’s strategy for a more secure internet.
I won’t even go into the danger of collateral damage when you take entire DNS entries offline, nor the ability for people to abuse the rules to intentionally create a denial of service condition for websites they don’t like.
SOPA is not going to end piracy, and to be fair our energy would be a lot better spent on stopping the deluge of scams and malware victimizing millions of Americans rather than helping to protect a few multi-billion dollar media companies.
so completely – obviously – unfit for purpose, and so unanimously, globally, criticised and opposed by ALL informed individuals, organisations and companies EXCEPT the handful of multi-billion dollar vested interests behind it that there is simply no possibility – none – that the US Government is dong this in good faith. it is absolutely clear and obvious that they are either in the pockets of the media corps. OR using SOPA and PIPA as an excuse for censorship. or both. it seems they don't even care that this is so transparent! they are making a power grab. we must stop it – we cannot give away free speech.
Here's the truth:
"The bills would require ISPs, when served with a court order, (!!!) to refuse to allow their Domain Name Servers to be used to bring subscribers to illegal websites, basically the equivalent of a back alley market selling stolen jewelry not being listed in the Yellow Pages."
Please note: there would have to be a Court Order…. from a Court, in response to due process. It's not something the Government does.
Why, Chester, do you write "WITHOUT A COURT ORDER" when SOPA says 'WHEN SERVED WITH A COURT ORDER"?
Here's a legal analysis of whether or not SOPA is censorship, and it was performed by someone not affiliated with the Copyright Alliance.
http://www.readwriteweb.com/enterprise/2011/11/le…
Opponents of these bills argue that a user intent on patronizing illegal sites can circumvent the ISP’s Domain Name Server block by discovering the rogue site’s Internet address on Internet discussion forums or by reconfiguring their computer to point to an alternative DNS server that exists beyond the court’s jurisdiction. This, they say, will result in so many people circumventing the system that the Internet will break.
There is no evidence, however, that large numbers of people will slow their service or jeopardize their security by acting in that manner. It is worth noting that many of the same critics of filtering rogue sites today made the same argument about the “DNS Helper”-like services – that they would trigger a mass exodus of users from their ISP’s DNS services and break the Internet. It simply did not happen.
Find out more factual information here: http://blog.copyrightalliance.org/2011/11/the-fac…
At bottom, the bill’s opponents claim that the security risks associated with the possibility that subscribers might abandon their ISP’s Domain Name Server in favor of unscrupulous overseas services outweighs the demonstrable harm to consumers, jobs and U.S. businesses caused by the currently unabated flourishing of rogue sites. This is not an engineering assessment. It is a value judgment about what deserves protection and what does not."
Don't we already have something similar in the UK? The IWF published black-lists of sites which all ISPs are required to block.
It's only a small step from the laudable aims of blocking child abuse sites to blocking file-sharing sites, news sites who don't pay Rupert a fee, sites which criticize the government…
Before we know it, people in China will be feeling sorry for us!
I don't care whether the vested interests who are behind this are "multi-billion dollar" companies or not. The amount of money they have or don't have is of no concern to me, and that's not the part of this SOPA idiocy that's wrong.
The part that's wrong is that they're trying to BUY this stupid legislation from corrupt legislators who are willing to whore themselves for such paid influence. The fact that it has even gotten this far is proof enough for me. No honest legislator with half a brain and even a minimal sense of concern for personal liberties would write such a bill, let alone vote for it.
It's my personal opinion that censorship most likely is not one of the motivations behind SOPA. But I have zero uncertainty that if this moronic legislation passes, the command-and-control mentality that inevitably uses all the coercive power available to it WILL use SOPA for censorship. Power corrupts, and the kind of people who seek it have neither the moral character nor the wisdom NOT to use it.
@anon: Free speech? Is illegally downloading copyrighted material now referred to as "free speech"?
@ the author: This may not be the ideal way to try and approach the problem of piracy, which btw has put almost all of my friends in the music biz out of work, but how about suggesting some alternatives??? If this is something that will only affect innocent people as you say, please provide better ideas to limit piracy!!!
Thanks for siding with the right-to-privacy crowd vs. McAfee/Kaspersky/Symantec's "nothing to hide" load of horse pucks.
I doubt that anyone is actually saying that downloading copyright material illegally is freedom of speech. It's theft, and can't be described any other way. As someone who makes a living in the computer industry my livelihood is based on IP and I fully support the idea that companies have a right, and an obligation to protect there own IP.
This type of legislation has far reaching consequences that are not obvious. Also this type of legistation fundamentally doesn't work. There are many ways to avoid the protections offered, and most people that will be interested in finding the copyright material will know how to bypass them.
Additionally even if this sort of legislation worked perfectly, and there was no way to bypass it, it won't stop peer to peer piracy. BitTorrent works by downloading a file, which does not contain any copyright material. This is hosted on a web page, but because the torrent file itself doesn't contain any copyright material it shouldn't be subject to the legislation. Then users connect to each other directly using a peer to peer client and share bits of the file. ISP's can guess by analysing your traffic that you MAY be using peer to peer sharing, but not with any level of certainty, and there is no way for them to determine what you are sharing, unless they assemble the download themselves which would result in them being guilty of piracy themselves. We can't simply block all BitTorrent traffic because there are legitimate uses for the protocol.
The issue of free speech really comes into force when you consider how internet hosting works. Most web sites are located in data centres from hosting companies. These companies host thousands of web sites mirrored at few locations. A single destination IP can be the same for a vast array of web sites. If one site in the server farm were to be guilty of hosting even a single piece of copyright material, the result of this legislation, when functioning 100% correctly, would take out hundreds of web sites.
Consider this, have a look at YouTube. The amount of copyright material that can be found there is huge. TV Shows, Movies, etc. If this legislation comes into play, then YouTube must be blocked. Now consider who owns YouTube… How many people have found a picture on the internet and put it on a personal web page? Unless you have a signed release from the original photographer, then you are in violation of copyright law, and your web site, along with any other web sites on that server or behind that same IP are taken out.
Piracy is a social problem, not a technology problem. As a business consultant I see companies constantly try to implement technology solutions to social issues, and it never works. The battle to prevent online piracy has been waging for the better part of twenty years. Each attempt to block one avenue of piracy results in another, bigger one opens up. BBS's, UseNet, Napster, iMesh, BitTorrent. The solution to the problem needs to be convincing people not to want to pirate IP rather then trying to take draconian efforts to stop everyone who may or may not be committing piracy.
This argument is really no different then smoking legislation. We tried for many years passing legislation against smoking. Banning it in locations, raising taxes, etc. None of these had much of an impact on smoking levels. Once the focus shifted to making smoking less social smoking level have plummeted. And yes I was a smoker, I knew it was bad for me, heck I delivered oxygen to people with emphysema, then lit up. In the end I quit because I decided I didn't want to do it any more.
Piracy is a problem, no doubt or argument about it; however piracy is a complex problem. Legislation like this, and it's companion which I believe has a title to the effect of "Protect IP" seek to provide overly simple, one size fits all solutions.
@Flange and Rowena Cherry :
Check how effective US law enforcement would be according to Ofcom: http://krykeywebradio.wordpress.com/2011/08/10/uk…
@Rowena Cherry and Flange:
Here is a constructive solution based on a research on what to do to minimize the piracy, and its not what US is proposing. Columbia University also prepared a PDF for the details thirsty: http://piracy.ssrc.org/the-report/
http://www.thinq.co.uk/2011/3/15/cutting-prices-o…
@SomeGuy,
Cutting prices????
Some of my colleagues sell their e-books for $0.99 and they are ripped off. They give the first book in a series away free for a limited time, and they are ripped off. Freetards request the rest of the series free, also.
I'm sorry but that argument strikes me as totally self-serving… and disingenuous. The problem is that internet users feel a sense of entitlement to entertainment. They paid for the ipad (Kindle, whatever) and they feel that content should be free.
Kindle users openly say that they'd like more value for money, even on a $0.99 e-book, so they "share" and "lend" it as much as they possibly can, and join sites that pay them (money) to share/lend/loan the book they purchased a license to read.
Amazon users share accounts, so up to 10 of them can share an account using a disposable credit card, so all 10 of them can "share" the same e-book that one of them purchased a license to read.
Facebook hosts private groups of Kindle users who email to one another illegal copies of e-books.
Cutting prices will not stop piracy.
@ Rowena Cherry :
You never borrowed a book from a friend?
You never purchased second hand books for your kids, yourself or friends?
Why selling and sharing paper books is legal then?
And why suddenly sharing ebook is so wrong?
Also we are not talking here about personal experience but global situation.
Main piracy is around movies, music and games. Games can cost as much as $60. In many countries $60 is what people earn per week or two.
Call Of duty Modern Warfare 3 cost to make and promote was around $50-70ml. Total sale after 5 days was around $775ml. To date overall sale is around $1.1 billion.
I suppose they could go a bit lower with price.
@Rowena Cherry :
P.S.
No law will stop the piracy. I doubt there is or will be a technology to permanently stop it.
As per @Tom's post:
"…Piracy is a social problem, not a technology problem. As a business consultant I see companies constantly try to implement technology solutions to social issues, and it never works. The battle to prevent online piracy has been waging for the better part of twenty years. Each attempt to block one avenue of piracy results in another, bigger one opens up. BBS's, UseNet, Napster, iMesh, BitTorrent. The solution to the problem needs to be convincing people not to want to pirate IP rather then trying to take draconian efforts to stop everyone who may or may not be committing piracy.
This argument is really no different then smoking legislation. We tried for many years passing legislation against smoking. Banning it in locations, raising taxes, etc. None of these had much of an impact on smoking levels. Once the focus shifted to making smoking less social smoking level have plummeted. And yes I was a smoker, I knew it was bad for me, heck I delivered oxygen to people with emphysema, then lit up. In the end I quit because I decided I didn't want to do it any more.
Piracy is a problem, no doubt or argument about it; however piracy is a complex problem. Legislation like this, and it's companion which I believe has a title to the effect of "Protect IP" seek to provide overly simple, one size fits all solutions. "
If SOPA and PIPA is passed…
It will override the "safe harbor" of DMCA over the internet.
There is indeed other solutions other than this SOPA and PIPA.
These bills may kill the open internet by using too much of a censorship.
You know, it is sometimes, against freedom of expression.
SOPA and PIPA will kill the liberty of the Web instead of killing piracy.
It's like killing pests by burning the whole fields using bombs.