We, the undersigned, have played various parts in building a network called the Internet. We wrote and debugged the software; we defined the standards and protocols that talk over that network. Many of us invented parts of it. We're just a little proud of the social and economic benefits that our project, the Internet, has brought with it.
We are writing to oppose the Committee's proposed new Internet censorship and copyright bill. If enacted, this legislation will risk fragmenting the Internet's global domain name system (DNS), create an environment of tremendous fear and uncertainty for technological innovation, and seriously harm the credibility of the United States in its role as a steward of key Internet infrastructure. In exchange for this, the bill will introduce censorship that will simultaneously be circumvented by deliberate infringers while hampering innocent parties' ability to communicate.
All censorship schemes impact speech beyond the category they were intended to restrict, but this bill will be particularly egregious in that regard because it causes entire domains to vanish from the Web, not just infringing pages or files. Worse, an incredible range of useful, law-abiding sites can be blacklisted under this bill. These problems will be enough to ensure that alternative name-lookup infrastructures will come into widespread use, outside the control of US service providers but easily used by American citizens. Errors and divergences will appear between these new services and the current global DNS, and contradictory addresses will confuse browsers and frustrate the people using them. These problems will be widespread and will affect sites other than those blacklisted by the American government.
The US government has regularly claimed that it supports a free and open Internet, both domestically and abroad. We can't have a free and open Internet without a global domain name system that sits above the political concerns and objectives of any one government or industry. To date, the leading role the US
has played in this infrastructure has been fairly uncontroversial because America is seen as a trustworthy arbiter and a neutral bastion of free expression. If the US suddenly begins to use its central position in the DNS for censorship that advances its political and economic agenda, the consequences will be far-reaching and destructive.
Senators, we believe the Internet is too important and too valuable to be endangered in this way, and implore you to put this bill aside.
The letter is signed by the following:
David P. Reed, who played an important role in the development of TCP/IP and designed the UDP protocol that makes real-time applications like VOIP possible today; former Professor at MIT
Paul Vixie, author of BIND, the most widely-used DNS server software, and President of the Internet Systems Consortium
Jim Gettys, editor of the HTTP/1.1 protocol standards, which we use to do everything on the Web.
Bill Jennings, who was VP of Engineering at Cisco for 10 years and responsible for building much of the hardware and embedded software for Cisco's core router products and high-end Ethernet switches.
Steve Bellovin, one of the originators of USENET; found and fixed numerous security flaws in DNS; Professor at Columbia.
Gene Spafford, who analyzed the first catastrophic Internet worm and made many subsequent contributions to computer security; Professor at Purdue.
Dan Kaminsky, renowned security researcher who in 2008 found and helped to fix a grave security vulnerability in the entire planet's DNS systems.
David Ulevitch, CEO of OpenDNS, which offers alternative DNS services for enhanced security.
John Vittal, Created the first full email client and the email standards.
Esther Dyson, chairman, EDventure Holdings; founding chairman, ICANN; former chairman, EFF; active investor in many start-ups that support commerce, news and advertising on the Internet; director, Sunlight Foundation
Brian Pinkerton, Founder of WebCrawler, the first big Internet search engine.
Dr. Craig Partridge, Architect of how email is routed through the Internet, and designed the world's fastest router in the mid 1990s.
David J. Farber, helped to conceive and organize the major American research networks CSNET, NSFNet, and NREN; former chief technologist at the FCC; Professor at Carnegie Mellon; EFF board member.
John Gilmore, co-designed BOOTP (RFC 951), which became DHCP, the way you get an IP address when you plug into an Ethernet or get on a WiFi access point. Current EFF board member.
Karl Auerbach, Former North American publicly elected member of the Board of Directors of ICANN, the Internet Corporation for Assigned Names and Numbers.
Paul Timmins, designed and runs the multi-state network of a medium sized telephone and internet company in the Midwest.
Lou Katz, I was the founder and first President of the Usenix Association, which published much of the academic research about the Internet, opening networking to commercial and other entities.
Walt Daniels, IBM’s contributor to MIME, the mechanism used to add attachments to emails.
Gordon E. Peterson II, designer and implementer of the first commercially available LAN system, and member of the Anti-Spam Research Group of the Internet Engineering Task Force (IETF).
John Adams, operations engineer at Twitter, signing as a private citizen
Alex Rubenstein, founder of Net Access Corporation. We are an Internet Service Provider for nearly 15 years, and I have served on the ARIN AC.
Roland Alden, Originator of the vCard interchange standard; builder of Internet infrastructure in several developing countries.
Lyndon Nerenberg, Author/inventor of RFC3516 IMAP BINARY and contributor to the core IMAP protocol and extension.
James Hiebert, I performed early experiments using TCP Anycast to track routing instability in Border Gateway Protocol.
Dr. Richard Clayton, designer of Turnpike, widely used Windows-based Internet access suite. Prominent Computer Security researcher at Cambridge University.
Brandon Ross, designed the networks of MindSpring and NetRail.
James Ausman, helped build the first commercial web site and worked on the Apache web server that runs two-thirds of the Web.
Michael Laufer, worked on the different networks they dealt with including the Milnet, other US Govt nets, and regional (NSF) nets that became the basis of the Internet. Also designed, built, and deployed the first commercial VPN infrastructure (I think) as well as dial up nets that were part of AOL and many other things.
Janet Plato, I worked for Advanced Network and Service from 1992 or so running the US Internet core before it went public, and then doing dial engineering until we were acquired by UUNet. While at UUnet I worked in EMEA Engineering where I helped engineer their European STM16 backbone.
Thomas Hutton, I was one of the original architects of CERFnet - one of the original NFSnet regional networks that was later purchased by AT&T. In addition, I am currently chair of the CENIC HPR (High Performance Research) technical committee. This body directs CENIC in their managment and evolution of Calren2, the California research and education network.
Phil Lapsley, co-author of the Internet Network News Transfer Protocol (NNTP), RFC 977, and developer of the NNTP reference implementation in 1986 ... still in use today almost 25 years later.
Stephen Wolff. While at NSF I nurtured, led, and funded the NSFNET from its infancy until by 1994 I had privatized, commercialized, and decommissioned the NSFNET Backbone; these actions stimulated the commercial activity that led to the Internet of today.
Bob Schulman , worked on University of Illinois’ ANTS system in the Center for Advanced Computation in 1976 when ANTS connected a few hosts to the ARPAnet.
Noel D. Humphreys, As a lawyer I worked on the American Bar Association committee that drafted guidelines for use of public key encryption infrastructure in the early days of the internet.
Ramaswamy P. Aditya, I built various networks and web/mail content and application hosting providers including AS10368 (DNAI) which is now part of AS6079 (RCN), which I did network engineering and peering for, and then I did network engineering for AS25 (UC Berkeley), followed and now I do network engineering for AS177-179 and others (UMich).
Haudy Kazemi, Implemented Internet connections (from the physical lines, firewalls, and routers to configuring DNS and setting up Internet-facing servers) to join several companies to the Internet and enable them to provide digital services to others.
Mike Meyer, I helped debug the NNTP software in the 80s, and desktop web browsers and servers in the 90s.
Richard S. Kulawiec, 30 years designing/operating academic/commercial/ISP systems and networks.
Michael Alexander, I have been involved with networking since before the Internet existed. Among other things I was part of the team that connected the MTS mainframe at Michigan to the Merit Network. I was also involved in some of the early work on Email with Mailnet at MIT and wrote network drivers for IP over ISDN for Macintosh computers.
Gordon Cook, I led the OTA study between 1990 and 1992 and since April 1992 have been self employed as editor publisher of the cook report.
Thomas Donnelly, I help support the infrastructure for the world’s most widely used web server control panel.
Peter Rubenstein, I helped design and run the ISP transit backbone of AOL, the ATDN.
Owen DeLong, I am an elected member of the ARIN Advisory Council. I am the resource holder of record on a number of domains. I have been active on the internet for more than 20 years. I was involved in getting some of the first internet connections into primary and secondary schools before commercial providers like AT&T started sponsoring events like Net-Day.
Erik Fair, co-author, RFC 1627, RFC 977, former firstname.lastname@example.org.
Tony Rall, I was involved in providing Internet access to the IBM corporation - from the late 80s until last year. I worked within the company to ensure that Internet access was as "open" and transparent as possible.
Bret Clark, Spectra Access. We are New Hampshire's largest wireless Internet service providers and have built a large footprint of Internet Access for businesses in New Hampshire.
Paul Fleming, Run as33182 as a large hosting provider (5gbps+). develop monitoring software suite.
David M. Kristol, Co-author, RFCs 2109, 2965 ("HTTP State Management") Contributor, RFC 2616 ("Hypertext Transfer Protocol")
Anthony G. Lauck, I helped design and standardize routing protocols and local area network protocols and served on the Internet Architecture Board.
Judith Axler Turner, I started the first NSF-approved commercial service on the Internet, the Chronicle of Higher Education's job ads, in 1993.
Jason Novinger , I was the Network Administrator for Lawrence Freenet, a small wireless ISP in Lawrence, KS.
Dustin Jurman, I am the CEO of Rapid Systems Corporation a Network Service Provider, and Systems builder responsible for 60 Million of NOFA funding.
Blake Pfankuch, Over the years I have implemented thousands if not tens of thousands of webservers, DNS servers and supporting infrastructure.
Dave Shambley, retired engineer (EE -rf-wireless- computers) and active in the design of web site and associated graphics.
Stefan Schmidt, I had sole technical responsibility for running all of the freenet.de / AS5430 DNS Infrastructure with roughly 120.000 Domains and approximately 1.5 million DSL subscribers for the last 9 years and have been actively involved in the development of the PowerDNS authoritative and recursive DNS Servers for the last 4 years.
Dave Skinner, I was an early provider of net connectivity in central Oregon. Currently I provide hosting services.
Richard Hartmann, Backbone manager and project manager at Globalways AG, a German ISP.
Curtis Maurand, founder of a small internet company in Maine in 1994. started delivering low cost broadband to municipalities and businesses before acquired by Time-Warner.
James DeLeskie, internetMCI Sr. Network Engineer, Teleglobe Principal Network Architect
Bernie Cosell, I was a member of the team at BBN that wrote the code for the original ARPAnet IMP. I also did a big chunk of the redesign of the TELNET protocol [addding DO/DONT/WILL/WONT].
Nathan Eisenberg, Atlas Networks Senior System Administrator, manager of 25K sq. ft. of data centers which provide services to Starbucks, Oracle, and local state
Jon Loeliger, I have implemented OSPF, one of the main routing protocols used to determine IP packet delivery. At other companies, I have helped design and build the actual computers used to implement core routers or storage delivery systems. At another company, we installed network services (T-1 lines and ISP service) into Hotels and Airports across the country.
Tim Rutherford, managed DNS (amongst other duties) for an C4.NET since 1997.
Ron Lachman , I am co-founder of Ultra DNS. I am co-founder of Sandpiper networks (arguably, inventor of the CDN) I am "namesake" founder of Lachman TCP/IP (millions of copies of TCP on Unix System V and many other other platforms) Joint developer of NFS along with Sun MicroSystems.
Jeromie Reeves, Network Administrator & Consultant. I have a small couple hundred user Wireless ISP and work with or have stakes in many other networks.
Alia Atlas, I designed software in a core router (Avici) and have various RFCs around resiliency, MPLS, and ICMP.
Marco Coelho, As the owner of Argon Technologies Inc., a company that has been in the business of providing Internet service for the past 13 years.
David J. Bowie, intimately involved in deployment and maintenance of the Arpanet as it evolved from 16 sites to what it is today.
Scott Rodgers, I have been an ISP on Cape Cod Massachusetts for 17 years and I agree that this bill is poison.
William Schultz, for the past 10 years I've worked on hundreds of networks around the US and have worked for a major voice and data carrier. I do not agree with Internet censorship in any degree, at all.
Rebecca Hargrave Malamud, helped advance many large-scale Internet projects, and have been working the web since its invention.
Kelly J. Kane - Shared web hosting network operator. Tom DeReggi, 15yr ISP/WISP veteran, RapidDSL. Doug Moeller, Chief Technical Officer, Autonet Mobile, Inc.
David Boyes, Operations Coordinator, SESQUInet, First mainframe web server, First Internet tools for VM/CMS, Caretaker, NSS1, Caretaker ENSS3, Author, Chronos Appt Management Protocol, Broadcast operator, IETF telepresence, IETF 28/29
Jim Warren, I was one of Vint Cerf’s grad students and worked for a bit on the early protocols for the old ARPAnet ... back before it became the DARPAnet
Christopher Nielsen, I have worked for several internet startups, building everything from email and usenet infrastructure to large-scale clusters. I am currently a Sr. Operations Engineer for a product and shopping search engine startup.
David Barrett, Founder and CEO of Expensify, former engineering manager for Akamai. I helped build Red Swoosh, which delivers large files for legitimate content owners, and was acquired by Akamai, which hosts 20% of the internet by powering the world's top 20,000 websites.
David Hiers, I have designed dozens of Internet edge networks, several transit networks, and currently operate a VOIP infrastructure for 20,000 business subscribers.
Jay Reitz, Co-founder and VP of Engineering of hubpages.com, the 60th largest website in the US with 14M monthly US visitors.
Peter H. Schmidt, I co-founded the company (Midnight Networks) that created the protocol test software (ANVL) that ensured routers from all vendors could actually interoperate to implement the Internet.
Harold Sinclair, design, build, and operate DNS, Mail, and Application platforms on the Internet.
John Todd, I invented and operate a DNS-based telephony directory "freenum.org" which uses the DNS to replace telephone numbers.
Christopher Gerstorff, technician for a wireless broadband internet provider, Rapid Systems, Inc.
Robert Rodgers, Engineer at Juniper and Cisco. Worked on routers and mobile systems.
Illene Jones, I have had a part in creating the software that runs on the servers.
Brandon Applegate, I have worked in the ISP sector since the mid-1990s as a network engineer.
Leslie Carr, Craigslist Network Engineer
Doug Dodds, wrote several pieces of software for ARPANet in the 1970s, including BBN TENEX User Telnet and the HERMES email system.
Jamie Rishaw, Formerly, network architect to Big-10 Universities, the Dalai Lama, NFL and Playboy. Currently active in DNS Security steering and planning, and Global Network Operations.
Jeff Hodges, Protocol Architect: LDAPv3, SAML, Liberty Alliance ID-FF ID-WSF
Bob Hingen, worked at BBN and helped build the Arpanet and early Internet. I have been very active in the IETF and am the co-inventor of IPv6.
David M. Miller, CTO / Exec VP for DNS Made Easy (largest IP Anycast Managed Enterprise DNS Provider in the world by number of domain names served).
Ben Kamen, started an Atari based BBS in 1982 and has worked with networks ever since.
Brian Lloyd, key contributor to the Point-to-Point Protocol (PPP) used by with modems to connect to the Internet; co-wrote the California Department of Education's, K-12 Network Technology Planning Guide in the early 1990s
Steven Back, network administrator for many domain names related to medical studies
Brad Templeton, founder of ClariNet Communications, the world's first ".com" company and the net's first online newspaper; EFF board member.
Edward Henigin, CTO of Texas.net (San Antonio's first ISP founded in 1994), Data Foundry (Data Center outsourcing), Giganews (#1 ranked Usenet provider) and Golden Frog (Encryption service).
With all of this talk about copyright trolls and spamigation, it is easy to get confused. Who is suing over copies of Far Cry and The Hurt Locker? Who is suing bloggers? Who is trying to protect their anonymity? Who is defending fair use? What do newspapers have to do with any of this? In order to cut through the confusion, here’s a concise guide to copyright trolls currently in the wild, with status updates.
Leading the pack for sheer numbers is a Washington, D.C., law firm calling itself the U.S. Copyright Group(USCG), that has filed several "John Doe" lawsuits in D.C., implicating well over 14,000 individuals. This firm has learned one lesson from the RIAA suits: the only group whose bottom line benefits from this kind of mass litigation is the lawyers. As we reported last week, several of the Does in these cases are fighting back in earnest, albeit with mixed results: on the one hand the judge in two of the cases has rejected various efforts to protect the anonymity of the Does, insisting that they cannot file papers anonymously. However, the same judge has issuedorders requiring USCG to justify suing two of the Does in the District of Columbia, as the Defendants claim to have no contacts with the District. Meanwhile, in South Dakota, ISP MidContinent Communications stood up for its customers and moved to quash an improperly issued subpoena for their identities. Last week, a federal judge granted that motion.
Righthaven LLC, which has brought over 130 lawsuits in Nevada federal court claiming copyright infringement, has a different angle, preferring to acquire the copyrights rather than represent the owner. Righthaven focuses on news: it trolls by (a) scouring the Internet for newspaper stories (or parts thereof) originating with the Las Vegas Review-Journal that have been posted on blogs, forums and webpages, (b) acquiring the copyright to that particular newspaper story, and then (c) suing the poster for copyright infringement.
Righthaven demands sums up to $150,000, and uses the threat of these out-of-proportion damages to push defendants into quick settlements. Some attorneys are advising bloggers to simply follow the rule laid down by the Las Vegas Review-Journal's parent company and refrain from quoting anything more than the headline and first paragraph of news articles. Following this advice essentially allows a newspaper to decide what constitutes fair use, a term they are motivated to construe as narrowly as possible. Still others suggest that "the easiest way to avoid copyright infringement claims is to avoid copying," which is true only in the sense that the easiest way to avoid getting robbed is to have no possessions. Quoting, linking, aggregating all involve "copying" and all are integral to any number of perfectly legal creative, often non-commercial, uses of copyrighted works. Indeed, these uses are what makes the internet such a remarkable tool for fostering innovation.
Some Righthaven defendants are fighting back. For example, Democratic Underground, an independent discussion forum that was sued based on a 5-sentence excerpt a user posted on the forum. Democratic Underground filed its Answer and Counterclaim Monday; more on that here. And just last week, a judge in another Righthaven case strongly suggested that a post on another site was protected by the legal doctrines of fair use and implied license.
Then there’s the relative newbies, such as Lucas Entertainment and Mick Haig Productions, both represented by attorney Evan Stone. Lucas has sued 53 BitTorrent users it alleged uploaded and downloaded the Kings of New York, a gay porn movie. After suing the users as “Does,” based on their IP addresses, it promptly subpoenaed the identities of people associated with those IP addresses. Unfortunately, many of those people, who are not comfortable being publicly identified in connection with pornography, will feel they have no choice but to settle rather than having their name publicly disclosed, no matter how meritorious their defenses. Mick Haig upped the ante by suing 670 BitTorrent users, and Larry Flynt Publications has gotten in on the act as well. Subpoenas and threat letters are likely to follow soon.
These lawsuits reflect a business model that depends on two things:
Cookie-cutter litigation tactics, such as filing one lawsuit against thousands of legally unrelated people in a court convenient to the lawyers, even if it means the targets will have to defend themselves thousands of miles from home; or creating a “model pleading” which can be quickly revised with a few new facts to sue a new person. These tactics are crucial: they keep costs down, which in turn boosts profits.
Vulnerable defendants. Many defendants will be eager to settle because they cannot afford the risk of an award of substantial damages if the case went to trial. Others may have strong defenses that would win at trial, but are unable to obtain counsel far from home (e.g., the defendants in the USCG cases, many of whom appear to be located thousands of miles away from the court where they’ve been sued), unable to afford counsel (e.g., the numerous nonprofits and individual bloggers targeted by Righthaven), or afraid of the consequence of having their personal information made public (e.g., the defendants targeted by Lucas Entertainment).
EFF is trying to help by assisting people in finding lower cost or pro bono counsel, allowing people to fight back without the costs of defense bankrupting them. But in the meantime, these lawsuits are causing tremendous collateral damage — to the individuals targeted, to due process, and to the legal profession (which doesn’t need another example of unscrupulous lawyering). To be clear, no one is arguing that copyright owners don’t have a legal right to protect their works. But it’s quite another thing to game the legal system — and waste judicial resources, i.e., your tax dollars — to make a profit.
The New York Times reported this morning on a Federal government plan to put government-mandated back doors in all communications systems, including all encryption software. The Times said the Obama administration is drafting a law that would impose a new "mandate" that all communications services be "able to intercept and unscramble encrypted messages" — including ordering "[d]evelopers of software that enables peer-to-peer communication [to] redesign their service to allow interception".
Throughout the 1990s, EFF and others fought the "crypto wars" to ensure that the public would have the right to strong encryption tools that protect our privacy and security — with no back doors and no intentional weaknesses. We fought in court and in Congress to protect privacy rights and challenge restrictions on encryption, and to make sure the public could use encryption to protect itself. In a 1999 decision in the EFF-led Bernstein case, the Ninth Circuit Court of Appeals observed that
[w]hether we are surveilled by our government, by criminals, or by our neighbors, it is fair to say that never has our ability to shield our affairs from prying eyes been at such a low ebb. The availability and use of secure encryption may offer an opportunity to reclaim some portion of the privacy we have lost. Government efforts to control encryption thus may well implicate not only the First Amendment rights of cryptographers intent on pushing the boundaries of their science, but also the constitutional rights of each of us as potential recipients of encryption's bounty.
For a decade, the government backed off of attempts to force encryption developers to weaken their products and include back doors, and the crypto wars seemed to have been won. (Indeed, journalist Steven Levy declared victory for the civil libertarian side in 2001.) In the past ten years, even as the U.S. government has sought (or simply taken) vastly expanded surveillance powers, it never attempted to ban the development and use of secure encryption.
Now the government is again proposing to do so, following in the footsteps of regimes like the United Arab Emirates that have recently said some privacy tools are too secure and must be kept out of civilian hands.
As the Internet security community explained years ago, intentionally weakening security and including back doors is a recipe for disaster. "Lawful intercept" systems built under current laws have already been abused for unlawful spying by governments and criminals. Trying to force technology developers to include back doors is a recipe for disaster for our already-fragile on-line security and privacy. And like the COICA Internet censorship bill, it takes a page from the world's most repressive regimes' Internet-control playbook. This is exactly the wrong message for the U.S. government to be sending to the rest of the world.
The crypto wars are back in full force, and it's time for everyone who cares about privacy to stand up and defend it: no back doors and no bans on the tools that protect our communications.
Continued good news in the fight to bust bad software patents: the Patent Office has issued an encouraging office action in the reexamination of the C2 patent, one of EFF's "Most Wanted" patents. The C2 patent claims to cover a “Method and Apparatus for Implementing a Computer Network/Internet Telephone System,” broad enough to essentially wholesale claim using the Internet to call someone’s phone.
The Patent Office has agreed with many of the arguments EFF put forth in its petition for reexamination, and preliminarily found the C2 patent invalid as obvious. This first office action is non-final, which means that C2 still has the chance to respond and make its own argument in support of its patent. While this office action is not a final victory, it’s an important first step in busting a patent that stifles innovation and the use of VoIP as a free speech tool, and further cripples the progress of VoIP developers who seek to ease online communications.
This news comes on the heels of two recent cases highlighting the usefulness of reexamination proceedings like the ones that EFF has used in our Patent Busting Project. In one case, a federal district court in Arizona held that a defendant could use evidence of a Patent Office’s reexamination to help defend against a charge of willful infringement. In the other, a federal district court in Florida refused to enforce an injunction issued against a defendant when the patent under which the injunction was issued was cancelled by the Patent Office during a reexamination proceeding.
The C2 patent was one of the ten original Top Ten Patents targeted by EFF’s Patent Busting Project, which combats the chilling effects of bad patents on the public and consumer interests. So far nine patents targeted by EFF have been busted, invalidated, narrowed, or had a reexamination granted by the Patent Office.
Senator Patrick Leahy yesterday introduced the "Combating Online Infringement and Counterfeits Act" (COICA). This flawed bill would allow the Attorney General and the Department of Justice to break the Internet one domain at a time — by requiring domain registrars/registries, ISPs, DNS providers, and others to block Internet users from reaching certain websites. The bill would also create two Internet blacklists. The first is a list of all the websites hit with a censorship court order from the Attorney General. The second, more worrying, blacklist is a list of domain names that the Department of Justice determines — without judicial review — are "dedicated to infringing activities." The bill only requires blocking for domains in the first list, but strongly suggests that domains on the second list should be blocked as well by providing legal immunity for Internet intermediaries and DNS operators who decide to block domains on the second blacklist as well. (It's easy to predict that there will be tremendous pressure for Internet intermediaries of all stripes to block these "deemed infringing" sites on the second blacklist.)
COICA is a fairly short bill, but it could have a longstanding and dangerous impact on freedom of speech, current Internet architecture, copyright doctrine, foreign policy, and beyond. In 2010, if there's anything we've learned about efforts to re-write copyright law to target "piracy" online, it's that they are likely to have unintendedconsequences.
This is a censorship bill that runs roughshod over freedom of speech on the Internet. Free speech is vitally important to democracy, which is why the government is restricted from suppressing speech except in very specific, narrowly-tailored situations. But this bill is the polar opposite of narrow — not only in the broad way that it tries to define a site "dedicated to infringing activities," but also in the solution that it tries to impose — a block on a whole domain, and not just the infringing part of the site.
We note that the DMCA already gives copyright owners legal tools to remove infringing material piece-by-piece, and to obtain injunctions requiring ISPs to block certain offshore infringing websites. The misuse of the existing DMCA provisions have had a tremendously damaging impact on fair use and free expression. By comparison, COICA streamlines and vastly expands this; it would allow the AG to shoot down a whole domain including all the blog posts, images, backups, and files underneath it. In other words, it's not just possible but probable that a great deal of legitimate, protected speech will be taken down in the name of copyright enforcement.
It is designed to undermine basic Internet infrastructure. When a user enters "eff.org" into their web browser, what responds is a domain name system server that tells the users' browser where EFF's website is located on the Internet. This bill would have the Attorney General prevent the players in that domain name system (possibly including your ISP) from telling you the truth about a website's location.
And it's not clear what a user would see in this situation — would it look like a "404 message," that simply says a site or page could not be found, without explaining why? Would users receive some kind of notice clarifying that the site they were seeking was made inaccessible at the behest of the government? Generally speaking, the bill forces all the Internet "middlemen" to act as if a part of the Internet doesn't exist, even though that page may otherwise be completely available and accessible.
COICA sends the world the message that the United States approves of unilateral Internet censorship. Which governments deny their citizens access to parts of the Internet? For now, it is mostly totalitarian, profoundly anti-democratic regimes that keep their citizens from seeing the whole Internet. With this bill, the United States risks telling countries throughout the world, "Unilateral censorship of websites that the government doesn't like is okay — and this is how you do it."
The bill's imbalances threaten to complicate existing laws and policies. The bill includes poorly drafted definitions that threaten fair use online, endanger innovative backup services, and raises questions about how these new obligations on Internet intermediaries are intended to fit with existing US secondary liability rules and the DMCA copyright safe harbor regime. Moreover, it seems easy to get on the blacklist — the bill sets up a seemingly streamlined procedure for adding domains (including a McCarthy-like procedure of public snitching) — but in contrast, it seems difficult to get off the list, with a cumbersome process to have a blacklisted domain removed.
And what do we get in exchange? Not much, if the goal is to actually limit unauthorized copying online. The bill gives the government power to play an endless game of whack-a-mole, blocking one domain after another, but even a relatively unsophisticated technologist can begin to imagine the workarounds: a return to encrypted peer-to-peer, modified /etc/hosts files (that don't rely on the domain name system for finding things on the Internet), and other tools, which will emerge and ensure that committed pirates have a way to route around the bill's damage to the DNS system.
To us, COICA looks like another misguided gift to a shortsighted industry whose first instinct with respect to the Internet is to try to break it. There are still many questions to be answered, but one thing is for sure — this bill allows the government to suppress truthful speech and could block access to a wealth of non-infringing speech, and the end result will do little to protect artists or mollify the industries that profit from them. Stay tuned for more analysis, information, and steps you can take to fight Internet censorship.
Writing software to protect political activists against censorship and surveillance is a tricky business. If those activists are living under the kind of authoritarian regimes where a loss of privacy may lead to the loss of life or liberty, we need to tread especially cautiously.
A greatdealofpost-mortemanalysis is occurring at the moment after the collapse of the Haystack project. Haystack was a censorship-circumvention project that began as a real-time response to Iranian election protests last year. The code received significant levels of media coverage, but never reached the levels of technical maturity and security that are necessary to protect the lives of activists in countries like Iran (or many other places, for that matter).
This post isn't going to get into the debate about the social processes that gave Haystack the kind of attention and deployment that it received, before it had been properly reviewed and tested. Instead, we want to emphasize something else: it remains possible to write software that makes activists living under authoritarian regimes safer. But the developers, funders, and distributors of that software need to remember that it isn't easy, and need to go about it the right way.
Here are a few essential points:
Secure communications tools need a clearly defined model of the privacy threats they defend against, and the way the design addresses those threats needs to be clearly and rigorously specified.
Careful thought needs to be put into user interface design, so that the end users of the system (who may not speak English, nor be sophisticated computer users) have some hope of understanding what threats the software is and isn't defending against. This is hard to do right, but it's very important: in some cases, if a dissident is a major target for a sophisticated government, they probably shouldn't be using networked computers at all.
Writing secure software is much harder than just writing software; it requires a different mindset and a whole extra set of skills and experience. Unless a project includes experienced, competent security engineers, it is almost certain to include bugs that threaten users' privacy (actually, all complex codebases include security bugs, but good security teams will be able to make them rarer and do a better job of mitigating the damage).
Tools need to be thoroughly tested by the computer security community before they are distributed to activists whose lives and liberty are at stake. Fortunately, plenty of well-tested tools are available to provide privacy and circumvention of censorship, including Tor, ssh, VPNs, or Gmail over HTTPS. All of these tools have their own limitations, and need to be used for the correct purposes, but they are the best choices for activists in at least some situations.
Until you're familiar with the extensive research literature on privacy-preserving communications systems, it's probably best to get involved with (or fund) one of the many existing projects that are trying to defeat Internet censorship, before starting your own. The Tor Project is the largest and most organized of these, and is a good place for developers and funders to find work that needs to be done. There are numerous academic groups doing high-quality research, and some of them also build invaluable privacy tools. There are also some small projects that still need a lot of extra work and security auditing, but which may one day provide extremely important tools for dissidents; the "T(A)ILS" project is one good example.
"You will not solicit login information or access an account belonging to someone else."
"You will not . . . let anyone else access your account, or do anything else that might jeopardize the security of your account."
After months of dragnet litigation and intimidation, some of the thousands of “John Doe” Defendants targeted in mass copyright lawsuits filed in the District of Columbia are fighting back in earnest.
The lawsuits are the brainchild of a Washington, D.C., law firm calling itself the "U.S. Copyright Group" (USCG). USCG investigators have identified IP addresses they allege are associated with the unauthorized uploading and downloading of independent films, including "Far Cry" and "The Hurt Locker." Using those addresses, USCG has filed several "John Doe" lawsuits in D.C., implicating well over 14,000 individuals, and has issued subpoenas to ISPs seeking the identities of the subscribers associated with those IP addresses.
Last week, a group of over 40 Doe Defendants targeted in two of the cases filed an omnibus motion to quash a subpoena seeking their identities and to dismiss the cases against them. The Defendants are represented by Carey Lening, Christina DiEdoardo, Tuna Mecit and Bradford Patrick. Echoing arguments EFF raised in an earlier amicus brief, the Defendants explain that USCG has improperly joined together thousands of defendants and has sued those defendants in the wrong court. In addition, Defendants argue that USCG’s gamesmanship violates the normal procedures for large-scale litigation against people located across the country (the Multi-District Litigation rules), resulting in additional costs and burden to the Defendants. Numerous other Does have moved to quash and/or dismiss as individuals as well.
In addition, the judge in one of the cases has issuedorders requiring USCG to justify suing two of the Does in the District of Columbia, as the Defendants claim to have no contacts with the District.
EFF believes USCG's litigation tactics violate basic due process rights, and we’ve been working hard both to call the court’s attention to those violations and help the Does get access to the resources they need to defend their rights. Kudos to the attorneys who have signed on to defend these Does, and to the Defendants themselves for demanding that USCG play by the rules.