As you read this, please keep in mind that I say it all with a track record of nearly 14 years of being proactive and having a zero-tolerance policy towards criminal activity and network abuse on our system. We have great relationships with Law Enforcement Agencies both here in Canada and abroad. We are always helpful and (usually) happy to answer questions, and help LEA understand the complexities and nuances of the internet. We’ve had the good fortune to meet some really intelligent and clued in cybercrime units. We participate in numerous communities in combating .net abuse and cybercrime.
I finally got around to reading the text of the Stop Online Piracy Act (SOPA) today. While the ostensible intentions are to combat online piracy and the sale of counterfeit goods, the bad news is that the legislation contains elements which basically puts every single domain registered under generic TLDs under the authority of the United States Attorney General.
We have already seen in cases of the ICE domain seizures, improper takedowns and overreach resulting in the takedown of tens of thousands of websites when a single one was the target.
How does this affect you?
Our objections to SOPA are very similar to our objections to Verisign’s recent proposal which contained overly broad takedown powers and could be used to assert US law (and “requests”) on all domain holders internationally.
We consider SOPA far more pernicious because it is possibly to become US law, rather than a policy implemented by a private company (albeit one that holds a monopoly on large tracts of internet namespace).
SOPA differentiates between “domestic” and “foreign” domain names, but the definition of “domestic” basically includes all domains registered under any of the gTLDs (generic Top Level Domains), because their respective Registry operators are US-based entities:
(3) DOMESTIC DOMAIN NAME- The term `domestic domain name’ means a domain name that is registered or assigned by a domain name registrar, domain name registry, or other domain name registration authority, that is located within a judicial district of the United States.
All domains under .com, .net, .org, and .biz are “assigned by” a domain name registry in the United States. Verisign, Public Interest Registry and Neustar respectively. Afilias is incorporated in Ireland, however they are operationally in the US. And at the end of the day, all domain names exist in namespaces assigned by ICANN, which is a California corporation.
So basically this means everything. Any domain, any TLD, anywhere, can be cutoff at the knees by the US Attorney General issuing a court order against a service provider, registrar or registry. (Although they may find it more difficult to assert beyond the generic TLDs. ICANN cannot for example, operationally takedown a domain inside some given ccTLD, the way Verisign or some other gTLD registry could simply yank any domain’s nameserver records out of the rootzones.)
Perhaps for the scope of this discussion, only gTLDs are at risk. This means you can probably ignore all of this unless your domain is under com/net/org/biz/info, or you use a US-based registrar, service provider or your website is ever visited by anybody from the United States.
Where This Is Going.
If this becomes law, it’s a short stretch from SOPA to NODA (No Online Dissent Anywhere) and if you think I’m a nutcase for saying so, I’d like to remind everybody what happened just over a year ago, when US politicians were tripping over themselves to shut down wikileaks (a royal fiasco in which this company was embroiled) and to this day, they have not been charged with a crime anywhere.
Many of the “dirty tricks” employed against Wikileaks would be enshrined in law under SOPA (and someday, NODA):
- A requirement that service providers block access to offending domains, including that they stop resolving their DNS
- Search engines to purge search results for offending domains
- Payment processors to sever ties to offending domains
And they added an extra provision that it will be an offense to knowingly create a service or system to provide a workaround to a banned domain or host. So for example, they would no longer have to hassle Mozilla to remove that firefox plugin that lets you reach ICE blocked websites, it would be illegal to make it or distribute it.
While this is an Online Piracy law, it already contains additional “enhancements” under Title 2: Additional Enhancements to Combat Intellectual Property Theft:, namely:
- SEC. 201. STREAMING OF COPYRIGHTED WORKS IN VIOLATION OF CRIMINAL LAW.
- SEC. 202. TRAFFICKING IN INHERENTLY DANGEROUS GOODS OR SERVICES.
- SEC. 203. PROTECTING U.S. BUSINESSES FROM FOREIGN AND ECONOMIC ESPIONAGE.
Where All This Ends
Even if ICANN is officially against SOPA (Former chairman Vint Cerf wrote a good letter opposing it), failure on ICANN’s part to oppose SOPA would mean catastrophic failure in their mission of overseeing the namespace to the benefit of all stakeholders.
If this happens, there needs to be a serious conversation around a topic so incendiary, so heretical that I will probably become persona non-grata within domain policy circles for saying it, but I’m going to say it:
The Internet RootZone would have to be administered by a non-US Entity instead of ICANN.
The reason why is because the internet root is held together largely through two things:
- Consensus
- Convention
As all of the world’s peoples, businesses and websites come increasingly under the jurisdiction and law of a single country, Consensus will fragment. The internet root will have to be under the stewardship of an honest broker who can respect the rights of all sovereign interests as they relate to the internet.
Otherwise, it ends with a split internet root, if we’re lucky. If not, it ends with a completely Balkanized one, because while it may not be the case now, as this escalates (and I suspect it will), it will pose intolerable risk to non-US entities of all stripes.
Already we get business from companies whose stated corporate IT policy is to not use US based servers to hold email or route web traffic. I’m not talking about torrent hosts, whistleblowers and fake Rolex vendors. We’re talking large enterprise entities whose legal departments find even the theoretical legal ability for Homeland Security to monitor their corporate communications simply intolerable.
While I’m not complaining about the extra business, I still smell trouble on the horizon.
If you found this post of interest and would like to subscribe to the author’s Domain Insights mailing list, sign up here.
I’m with you on this Mark. There is a lot of stuff going on that I don’t perticularly like taking place on the internet, but I realize that I’m just one person of millions that use the net.
charlie
What actions would you recommend people take here? I’ve called my representative. I’m interested in moving business away from supporters of SOPA, but some comes at great cost (e.g. moving domains from godaddy to someplace like namecheap or here, where I currently buy my new domains).
Hi Ivan,
I’ll refer you to Mark’s post on Elephant-gate early in 2011. https://www.easydns.com/blog/2011/04/04/career-ending-moments-in-celebrity-ceo-ism-or-howto-transfer-your-domain-away-from-godaddy/
Overall, it comes down to balancing your business and ethics, and deciding if a few dollars extra a year (or more, depending) are worth being consonant with your ethics, or if the cost is too prohibitive. It’s a lot like the decision we made when we decided to start moving towards a greener business model. It means some extra expenses, like going with Bullfrog, but we consider it a fair business cost for being what we consider good corporate citizens. YMMV, obviously, and everyone’s decisions have to be their own, and we can’t really make recommendations. There are a bunch of boycott sites out there at this point that offer suggestions and email templates, and so on. They can probably act as a jumping-off point for any actions you want to take.
And this will have about as much effect as the huge hug and cry about bailouts for banksters – NONE AT ALL. Complain away, it will do you NO GOOD AT ALL. Congress pays absolutely NO ATTENTION to anyone but their corporate sponsors.
Really interesting read. It’s a disgrace that this bill even exists.
I read more onto from JeepersMedia who explains the bull in this. I am pretty sure it wont pass now, too many have stood up in the fight for our Freedom.
Congratulations on an excellent article, Mark. Many people understand that “something’s wrong” and this article goes far in breaking it down.
I’d like suggest that you arrange for the making of a video incorporating your comments and maybe those of other respected people in the field. It is the most natural means of communicating important issues and making topics more approachable.
You split an infinitive (“to not use”) in the second-to-last paragraph. (“… IT policy is to not use US based servers …”)
Yes, yes we did. We’re rebels that way.
Arnon (an easyPerson)
This whole SOPA deal needs to just go away… I understand both sides of the issue but I just can’t side with SOPA supporters.. Gotta be a better way for both sides to get what they want..
Easy Arnon,
No doubt you split the verb intentionally, as a subtle way of communicating to GrammarNazi that EasyDNS will not be held hostage to nonsensical rituals, such as taking theoretical prohibitions from the Latin language (ie splitting a single word) and applying those to English.
We readers appreciate that Mark’s incisive mind is not so easily distracted from the essence of important issues.