View Full Version : Talking About Why The PROTECT IP Act Is Bad News...

06-02-2011, 02:54 AM

06-02-2011, 10:33 PM
I swear, the French legislature could be introducing a bill to require ISPs retain all data users transfer (including decrypted passwords) for no less than thirty days and there wouldn't be a single post of condemnation on RPFs.

Oh wait.

06-03-2011, 12:03 AM
A friend of mine wasn't into politics when I met him, but he surprised me today by sending me this and asking if I had any comments on it. guess I corrupted him :D


Senator Cardin,
I am writing you in regards to some grave concerns I have regarding S. 968 - Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011 (PROTECT IP.) There are three major concerns in regards to this bill. The first has to do with the impact this bill would have on freedom of speech and civil liberties, the second with the technical aspects and impact on the current Internet infrastructure, and lastly the overall effectiveness this bill will actually have on preventing threats to intellectual property.
I believe this bill would set a dangerous precedent if it becomes a law. In the past, you have stated that you support an open and free Internet. This bill would give the US government the ability to censor websites deemed as copyright infringing by the office of the attorney general. PROTECT IP provides several ways to enforce this censoring, including ordering an Internet Service Provider (ISP) to prevent a Domain Name System (DNS) resolution directed at the infringing site, the required prevention of financial transactions with the infringing site, as well as the required removal of links to the infringing site from search engines such as Google, Yahoo, and Microsoft BING. Under this act, any of the aforementioned entities can be held liable for damages if they do not comply with the orders to remove access to the infringing site. If this bill is passed, it could pave the way for other, more restrictive legislation on Internet use under the pretenses of national security or copyright infringement. In the past, there have been legitimate websites that have had their domain names seized without warning by the Department of Homeland Security Immigrations and Customs Enforcement directorate (DHS/ICE) under 18 U.S.C. 981and 2323. These seizures were performed again, without warning, and without providing a warrant or even a notice to the owners of the domains that were deemed infringing. I am glad to see that the PROTECT IP act requires the Attorney General to provide notice to the registered owner of the affected domain. This section should also provide the owner of a domain an exact list of the infringing materials, their locations, and a set "grace period" of time to remove the items before any other action is taken.
Secondly, the methods described in this bill for DNS filtering could severely compromise Internet and network security. An upcoming extension to DNS, called DNSSEC, encrypts DNS records, making them more secure. DNSSEC's main objective is to protect consumers and sites from so-called "Man-in-the-Middle" attacks, in which a malicious person intercepts a digital conversation and then pretends to be a trusted source, obtaining confidential and secure data. The site redirection envisioned in Section 3(d)(II)(A)(ii) of this bill is inconsistent with DNSSEC. The US Government and private industry have identified DNSSEC as a key part of a wider cyber security strategy, and many private, military, and governmental networks have invested in DNSSEC technologies. The DNS provisions would undermine the universality of domain names, which has been one of the key enablers of the innovation, economic growth, and improvements in communications and information access we have seen in the last two decades with the boom of the global Internet. One potential exploit of this system is individuals setting up "rogue" DNS servers that would allow a user to circumvent the established DNS filtering, but also allowing the server operator to intercept or redirect traffic for their own malicious uses.
Finally, I believe the provisions in this bill would not effectively combat theft of intellectual property. There are four points in the DNS resolution process not covered by this bill: end user software, off shore DNS servers, the actual content providers, and the Internet access to the content. In regards to end user software, there was an add-in, or third party modification released for Firefox, a popular Internet browser which blatantly circumvented the DHS/ICE domain seizures by directly pointing to the Internet Protocol (IP) address of the infringing sites. Purely removing the DNS entries to a site does not remove the site itself, it merely removes the ability to access the site via an easily typed or remembered name. For example, the Google search engine can be accessed by navigating to http://google.com in one's web browser, but also by entering The second address is simply the IP address of the website and completely avoids using DNS at all. In addition, a user can manually point their computer or browser to an off-shore or international DNS server, which would continue to resolve the infringing website, as it does not fall under the jurisdiction of the US Government. In regards to the content providers, this bill does not seek to shut down the sites that are deemed to be providing illegal services, only to prevent the simplest form of navigation to them. Instead, I believe the companies who believe their intellectual property is being stolen should seek action against the individual or company providing the content instead of relying on the government to restrict access. The final issue is the actual Internet access to the content. As I have mentioned, the DNS system merely allows the translation of a name or word into an IP address, making the site easier to access. This bill does not provide a method of actually removing the access to the material or the removal itself.
Overall, I believe this bill provides an ineffective, and potentially dangerous method of protecting private sector industries from intellectual property theft. Again, this bill allows the government to censor the Internet as well as forcing private sector companies to do the same. The methods used to accomplish this are not only poorly contrived, but potentially could create critical vulnerabilities in the infrastructure of the Internet. Please vote no to this bill and continue to stand for a free and secure internet as you have in the past.