Senator Patrick Leahy yesterday introduced the "Combating Online Infringement and Counterfeits Act" (COICA). This flawed bill would allow the Attorney General and the Department of Justice to break the Internet one domain at a time — by requiring domain registrars/registries, ISPs, DNS providers, and others to block Internet users from reaching certain websites. The bill would also create two Internet blacklists. The first is a list of all the websites hit with a censorship court order from the Attorney General. The second, more worrying, blacklist is a list of domain names that the Department of Justice determines — without judicial review — are "dedicated to infringing activities." The bill only requires blocking for domains in the first list, but strongly suggests that domains on the second list should be blocked as well by providing legal immunity for Internet intermediaries and DNS operators who decide to block domains on the second blacklist as well. (It's easy to predict that there will be tremendous pressure for Internet intermediaries of all stripes to block these "deemed infringing" sites on the second blacklist.)
COICA is a fairly short bill, but it could have a longstanding and dangerous impact on freedom of speech, current Internet architecture, copyright doctrine, foreign policy, and beyond. In 2010, if there's anything we've learned about efforts to re-write copyright law to target "piracy" online, it's that they are likely to have unintended consequences.
This is a censorship bill that runs roughshod over freedom of speech on the Internet. Free speech is vitally important to democracy, which is why the government is restricted from suppressing speech except in very specific, narrowly-tailored situations. But this bill is the polar opposite of narrow — not only in the broad way that it tries to define a site "dedicated to infringing activities," but also in the solution that it tries to impose — a block on a whole domain, and not just the infringing part of the site.
We note that the DMCA already gives copyright owners legal tools to remove infringing material piece-by-piece, and to obtain injunctions requiring ISPs to block certain offshore infringing websites. The misuse of the existing DMCA provisions have had a tremendously damaging impact on fair use and free expression. By comparison, COICA streamlines and vastly expands this; it would allow the AG to shoot down a whole domain including all the blog posts, images, backups, and files underneath it. In other words, it's not just possible but probable that a great deal of legitimate, protected speech will be taken down in the name of copyright enforcement.
It is designed to undermine basic Internet infrastructure. When a user enters "eff.org" into their web browser, what responds is a domain name system server that tells the users' browser where EFF's website is located on the Internet. This bill would have the Attorney General prevent the players in that domain name system (possibly including your ISP) from telling you the truth about a website's location.
And it's not clear what a user would see in this situation — would it look like a "404 message," that simply says a site or page could not be found, without explaining why? Would users receive some kind of notice clarifying that the site they were seeking was made inaccessible at the behest of the government? Generally speaking, the bill forces all the Internet "middlemen" to act as if a part of the Internet doesn't exist, even though that page may otherwise be completely available and accessible.
COICA sends the world the message that the United States approves of unilateral Internet censorship. Which governments deny their citizens access to parts of the Internet? For now, it is mostly totalitarian, profoundly anti-democratic regimes that keep their citizens from seeing the whole Internet. With this bill, the United States risks telling countries throughout the world, "Unilateral censorship of websites that the government doesn't like is okay — and this is how you do it."
The bill's imbalances threaten to complicate existing laws and policies. The bill includes poorly drafted definitions that threaten fair use online, endanger innovative backup services, and raises questions about how these new obligations on Internet intermediaries are intended to fit with existing US secondary liability rules and the DMCA copyright safe harbor regime. Moreover, it seems easy to get on the blacklist — the bill sets up a seemingly streamlined procedure for adding domains (including a McCarthy-like procedure of public snitching) — but in contrast, it seems difficult to get off the list, with a cumbersome process to have a blacklisted domain removed.
And what do we get in exchange? Not much, if the goal is to actually limit unauthorized copying online. The bill gives the government power to play an endless game of whack-a-mole, blocking one domain after another, but even a relatively unsophisticated technologist can begin to imagine the workarounds: a return to encrypted peer-to-peer, modified /etc/hosts files (that don't rely on the domain name system for finding things on the Internet), and other tools, which will emerge and ensure that committed pirates have a way to route around the bill's damage to the DNS system.
To us, COICA looks like another misguided gift to a shortsighted industry whose first instinct with respect to the Internet is to try to break it. There are still many questions to be answered, but one thing is for sure — this bill allows the government to suppress truthful speech and could block access to a wealth of non-infringing speech, and the end result will do little to protect artists or mollify the industries that profit from them. Stay tuned for more analysis, information, and steps you can take to fight Internet censorship.