Senator Wyden, a vocal opponent of the PROTECT IP Act in the Senate and Stop Online Piracy Act in the House, has criticized the bills by saying that online piracy “is not an issue where we should use a bunker-buster bomb when a laser beam would do.”
But does the OPEN Act, draft language of which was unveiled last week by Wyden and other opponents of the existing bills, resemble the metaphorical laser beam, or is it more like a World War I dreadnought — expensive, unwieldy, and not very suited to today’s world? 1Wyden’s original metaphor makes little sense to me. On the one hand, “bunker-buster” bombs are used against targets that conventional weapons can’t take out and are designed for high accuracy and minimal collateral damage — precisely the type of remedies creators need online. Laser beams, on the other hand, are currently a long way from being useful as weapons.
Though I’m encouraged that opponents of the existing bills recognize the harm that online commercial piracy causes creators, I think the OPEN Act resembles too much the latter. The definitions are far too narrow — it’s difficult to conceive of any site, even the most egregiously infringing site — that would fall within their scope. Its shift to the International Trade Commission would require a questionable expansion of federal bureaucracy. The resources required to bring a case in front of the ITC would place the bill’s remedies out of the hands of all but the largest copyright holders. All of this for what would amount to little more than a cease and desist letter to ad and payment service providers.
Some more detailed thoughts and questions about the bill:
Comparison to SOPA and PROTECT IP
SOPA and PROTECT IP provide for both actions by the Attorney General and actions by copyright holders, the OPEN Act provides only for actions by copyright holders. One of the major differences between the bills is venue: while SOPA and PROTECT IP actions would take place in federal courts, the OPEN Act specifically provides for such actions to occur in the International Trade Commission, a quasi-judicial, independent federal agency that specializes in unfair trade practices.
Like the private rights of action in SOPA and PROTECT IP, the right of action in the OPEN Act is limited to remedies against advertising providers and payment service providers.
I find some of the support of this change of venue interesting. For example, the EFF writes:
The International Trade Commission (ITC), an independent agency, would be tasked with investigating complaints from content owners. The ITC’s process, one which is currently used in the patent context, is transparent, quick, and effective. Both parties would have the opportunity to participate and the record would be public. The process would include many important due process protections, such as effective notice to the site of the complaint and ensuing investigation as well as the ability to challenge any final permanent injunction in a federal court.
This is interesting because there is little difference in theory between this and a federal court. Court proceedings are transparent and effective and provide due process protections. These kinds of statements are overly simplistic, since they gloss over the differences in practice between the ITC and a federal court proceeding.
I have yet to dive into the differences, but it strikes me as premature to declare an action through the ITC as inherently better or more fair than a court action. Federal courts are governed by the Federal Rules of Civil Procedure, administrative agencies have different procedural rules. Both venues have different rules of evidence. Both have different standards for keeping confidential business information accessible by the public.
And is it true that an action through the ITC would be quicker and cheaper than a court action? According to one article, the average cost of an action through trial at the ITC is $2-3.75 million and takes 15-18 months, while the verge cost of a patent lawsuit through trial in federal court is $3-5 million and takes 2-3 years. It would seem that the ITC is quicker and cheaper, but as the article points out, 95% of patent lawsuits settle or are disposed before reaching trial, bringing the cost and time involved down significantly. Compare that to the ITC, where 40-50% of cases reach trial.
OPEN Act and DMCA
Some critics of SOPA warned that the bill would damage DMCA safe harbors 2For example, David Sohn of the Center for Democracy & Technology has said, “This is a bill that would eviscerate the predictable legal environment created by the DMCA”; Markham Erickson of NetCoalition has said, “Both bills gut the Digital Millennium Copyright Act (DMCA)”; and Corynne McSherry of the Electronic Frontier Foundation has said SOPA “would also threaten to effectively eliminate the DMCA safe harbors.”  — which immunize service providers engaged in certain, specific functions from liability for copyright infringement if they adhere to the provisions of the DMCA.
The OPEN Act looks to address this criticism. It states that a site is not subject to action under the bill if it “engages in an activity that would not make the operator liable for monetary relief for infringing the copyright under section 512 of title 17, United States Code.” This is a roundabout way of saying that if a site qualifies for one of the four DMCA safe harbors cannot be held liable in the ITC.
But what does that mean? The provisions for DMCA safe harbors are complex, and their interpretation has been subject of many court cases since their introduction in 1998. Appeals dealing primarily with the meaning of 17 USC § 512(c)(1)(A)(ii) — so-called “red flag” knowledge — are currently pending in the Second and Ninth Circuits, for example, and may impact how sites like YouTube must operate in order to remain protected under the safe harbor.
The ITC (as far as I can tell) 3Generally, courts in common law systems are bound by stare decisis to follow precedent of all courts above them. Since ITC decisions are appealable to the Federal Circuit, I assume the ITC is bound by Federal Circuit decisions, though I haven’t been able to confirm this.  is bound to follow precedent from the Supreme Court — which hasn’t weighed in on the language of § 512 — and the Federal Circuit — which hasn’t either. The ITC would approach the DMCA from a blank slate. Far from being predictable, this means that guessing how the ITC interprets the DMCA is pure speculation.
But this point may be moot, as the OPEN Act also excludes action against sites that have “a practice of expeditiously removing, or disabling access to, material that is claimed to be infringing or to be the subject of infringing activity after notification by the owner of the copyright or trademark alleged to be infringed or its authorized representative.”
This is like a dystopian version of the DMCA safe harbors. A site can be protected under the OPEN Act even if it directly infringes and directly profits off infringement, so long as it “expeditiously” removes material when it is notified. There are also none of the protections of the DMCA — no counter-notification requirement, no provisions for misrepresenting the contents of a notification.
How Different are the Definitions?
The OPEN Act defines an “Internet site dedicated to infringing activity” as one that “has only limited purpose or use other than engaging in infringing activity and whose owner or operator primarily uses the site to willfully engage in infringing activity.”
Compare this to the definition of an “Internet site dedicated to theft of U.S. property” in SOPA, which would include a site that “is primarily designed or operated for the purpose of, has only limited purpose or use other than, or is marketed by its operator or another acting in concert with that operator for use in, offering goods or services in a manner that engages in, enables, or facilitates” copyright infringement; or a site where the operator “is taking, or has taken, deliberate actions to avoid confirming a high probability of the use of the . . . site to carry out acts that constitute” copyright infringement, or “operates the . . . site with the object of promoting, or has promoted, its use to carry out acts that constitute” copyright infringement “as shown by clear expression or other affirmative steps taken to foster infringement.”
SOPA’s definitions have been criticized as being too vague and broad. 4For example, Ryan Radia of the Competitive Enterprise Institute has said, “The scope of websites encompassed by these provisions appears to be potentially vast”; Parker Higgins of the EFF has said, “the broad definitions and vague language in the bill could place dangerous tools into the hands of IP rightsholders”; Larry Downes of TechFreedom has labelled the definitons as “a new category broadly defined by the bill.” But are the two definitions, though worded differently, really that different?
I wrote earlier how SOPA’s definitions don’t create new liability, only new remedies. Websites that are engaged in the actions described in SOPA would largely be liable for copyright infringment under existing law. SOPA’s definitions explicitly incorporate these principles. The Open Act’s definitions don’t make reference to these principles — but that doesn’t mean they no longer exist.
Here’s one example: under the OPEN Act, action can be brought against a site where the operator “uses the site to willfully engage in infringing activity.” Willful infringement includes both direct and indirect infringement — vicarious and contributory infringement. 5See, for example, Sega Enterprises v. Maphia, 948 F.Supp. 923, 936 (ND Cali 1996), finding willful infringement for contributory copyright infringement. Contributory infringement generally requires that someone has knowledge of direct infringement and materially contributes to the infringement. 6Gershwin Publishing v. Columbia Artists Management, 443 F.2d 1159, 1162 (2nd Cir. 1971). “Knowledge” can mean actual knowledge, but it can also mean willful blindness. 7See In re Aimster Copyright Litigation, 334 F.3d 643, 650 (7th Cir. 2003), “Willful blindness is knowledge, in copyright law… as it is in the law generally.”
The Supreme Court has defined “willful blindness” as taking “deliberate actions to avoid confirming a high probability of wrongdoing.” 8Global-Tech Appliances v. SEB, 131 S.Ct. 2060, 2070 (2011). Coincidentally, Global-Tech was an appeal from a Federal Circuit decision. In other words, a site operator who “uses the site to willfully engage in infringing activity” can include, by definition, a site operator who is “taking, or has taken, deliberate actions to avoid confirming a high probability of the use of the . . . site to carry out acts that constitute” copyright infringement.”
Speculation? Consider this: less than two weeks ago, the ITC reversed an ALJ’s finding that a manufacturer had induced patent infringement based on the Supreme Court’s formulation of willful blindness. 9Commission opinion, In the Matter of Certain Ink Jet Cartridges, No. 337-TA-723, pp. 15-16 (ITC, Dec. 1, 2011).
Another example of where a site operator can willfully engage in infringing activity is by inducing copyright infringement. DMCA safe harbors don’t protect such service providers. 10See Columbia Pictures v. Fung, 2:06-cv-05578-SVW-JC (CD Cali Dec. 21, 2009) “inducement liability and the Digital Millennium Copyright Act safe harbors are inherently contradictory. Inducement liability is based on active bad faith conduct aimed at promoting infringement; the statutory safe harbors are based on passive good faith conduct aimed at operating a legitimate internet business”; Arista v. Usenet, 663 F.Supp.2d 124, 142 (SDNY 2009), “if Defendants … encouraged or fostered such infringement, they would be ineligible for the DMCA’s safe harbor provisions.” Inducement, as described by the Supreme Court in MGM v. Grokster, is promoting the use of a product or service to infringe, “as shown by clear expression or other affirmative steps taken to foster infringement.”
Again, this means that the difference in definitions between the two bills is one of wording: SOPA explicitly incorporates existing principles of liability, the OPEN Act incorporates existing principles implicitly.
More US Control over the Internet?
The following portion of the OPEN Act jumped out at me:
(5) LIMITATION ON INVESTIGATIONS OF DOMAIN NAMES; CONSENT TO JURISDICTION. Notwithstanding any other provision of this section, the Commission may not initiate an investigation under paragraph (1) with respect to a domain name if the operator of the Internet site associated with the domain name
(A) provides in a legal notice on the site accurate information consisting of
(i) the name of an individual authorized to receive process on behalf of the site;
(ii) an address at which process may be served;
(iii) a telephone number at which the individual described in clause (i) may be contacted; and
(iv) a statement that the operator of the site
(I) consents to the jurisdiction and venue of the United States district courts with respect to a violation under section 506 of title 17, United States Code, a criminal offense under section 1204 of title 17, United States Code, for a violation of section 1201 of such title, or a violation of section 2320 of title 18 of such Code; and
(II) will accept service of process from the Attorney General with respect to those violations and the offense set forth in subclause (I); and
(B) upon the filing of any civil action in the appropriate United States district court
(i) for infringement of copyright under section 501 of title 17, United States Code,
(ii) under section 1203 of title 17, United States Code, for a violation of section 1201 of such title, or
(iii) under section 32(1) of the Lanham Act, accepts service and waives, in a timely manner, any objections to jurisdiction as set forth in the statement described in subparagraph (A)(iv).
In short, this portion says that an action can’t be brought against a foreign website if the website owner consents to being sued in the US for copyright infringement. Foreign websites who don’t consent can be sued in the ITC, those who do can be sued in a US court. That means, if the bill passes, a US copyright owner would have the ability to bring legal action against every website in the world.
While I agree that the US and its residents should have some recourse against sites tht engage in US commerce and infringe against US rights, this part of the OPEN Act seems to go overboard in that regard.
Is the OPEN Act Constitutional?
Administrative agencies like the ITC exercise a mix of government functions — executive, legislative, and judicial — but (most) nominally reside in the executive branch. Very few people seriously argue that agencies in general are unconstitutional, but whenever an agency is granted new powers, it’s important to make sure that such a grant is constitutional.
“Separation of powers” and “checks and balances” should be familiar concepts to anyone in the US. Article III of the Constitution establishes an independent judiciary, providing that any judge is appointed for life, keeping judges free from undue influence by the executive or legislative branches.
But the Supreme Court has recognized three exceptions to this rule, where Congress can delegate judicial functions to agencies and courts that don’t provide for life tenure or otherwise aren’t a part of an independent judiciary. Congress can create non-Article III courts to govern U.S. territories, to administer courts-martial, and to adjudicate “public rights.” 11Northern Pipeline v. Marathon Pipe Line, 458 US 50, 64-67 (1982).
As is often the case, the Court didn’t nail down a precise definition of “public rights.” It merely noted:
The distinction between public rights and private rights has not been definitively explained in our precedents. Nor is it necessary to do so in the present cases, for it suffices to observe that a matter of public rights must at a minimum arise “between the government and others.” In contrast, “the liability of one individual to another under the law as defined,” is a matter of private rights. Our precedents clearly establish that only controversies in the former category may be removed from Art. III courts and delegated to legislative courts or administrative agencies for their determination. Private-rights disputes, on the other hand, lie at the core of the historically recognized judicial power.
A much earlier Court provided some examples of cases involving “public rights”:
Familiar illustrations of administrative agencies created for the determination of such matters are found in connection with the exercise of the congressional power as to interstate and foreign commerce, taxation, immigration, the public lands, public health, the facilities of the post office, pensions and payments to veterans. 12Crowell v. Benson, 285 US 22, 51 (1932).
Administrative law judges in the ITC, who would preside over cases arising from this bill, are not Article III judges. The agency doesn’t preside over a U.S. territory or hear cases involving military regulations, so the question is whether cases under OPA involve “public rights.”
The Federal Circuit has heard a constitutional challenge to the ITC involving this question. It upheld the ITC’s authority to adjudicate international patent disputes, saying, “§ 337 and its predecessor provisions represent a valid delegation of this broad Congressional power [the power to regulate commerce with foreign nations] for the public purpose of providing an adequate remedy for domestic industries against unfair practices beginning abroad and culminating in importation.” 13AKZO NV v. US International Trade Commission, 808 F.2d 1471, 1488 (Fed. Cir. 1986).
Assuming the Federal Circuit’s reasoning is correct, I still wonder whether it extends to the new powers the ITC would have. For starters, a website engaging in digital piracy is quite different from a manufacturer importing infringing goods into the US. Online infringement involves unauthorized exercise of the exclusive rights of copyright, not commerce — and copyright has historically been adjudicated in Article III courts, not specialized legislative courts.
In addition, there’s less of a case to be made for copyright as involving “public rights” as there is for patent. A patent grant is a quid pro quo with the public: an inventor is given an exclusive monopoly on an invention in exchange for disclosing to the public the methods of the patent. Copyright includes no such quid pro quo — protection is automatically vested upon creation of a work. 14See Eldred v. Ashcroft, 537 US 186, 214-17 (2003).
Even if constitutional, at the very least, this expansion of agency powers should raise concerns, especially considering the expense that would be involved. Congress should have a little more to go on than speculation about the effectiveness of an agency approach before devoting considerable time and resources to it.
References
↑1 | Wyden’s original metaphor makes little sense to me. On the one hand, “bunker-buster” bombs are used against targets that conventional weapons can’t take out and are designed for high accuracy and minimal collateral damage — precisely the type of remedies creators need online. Laser beams, on the other hand, are currently a long way from being useful as weapons. |
---|---|
↑2 | For example, David Sohn of the Center for Democracy & Technology has said, “This is a bill that would eviscerate the predictable legal environment created by the DMCA”; Markham Erickson of NetCoalition has said, “Both bills gut the Digital Millennium Copyright Act (DMCA)”; and Corynne McSherry of the Electronic Frontier Foundation has said SOPA “would also threaten to effectively eliminate the DMCA safe harbors.” |
↑3 | Generally, courts in common law systems are bound by stare decisis to follow precedent of all courts above them. Since ITC decisions are appealable to the Federal Circuit, I assume the ITC is bound by Federal Circuit decisions, though I haven’t been able to confirm this. |
↑4 | For example, Ryan Radia of the Competitive Enterprise Institute has said, “The scope of websites encompassed by these provisions appears to be potentially vast”; Parker Higgins of the EFF has said, “the broad definitions and vague language in the bill could place dangerous tools into the hands of IP rightsholders”; Larry Downes of TechFreedom has labelled the definitons as “a new category broadly defined by the bill.” |
↑5 | See, for example, Sega Enterprises v. Maphia, 948 F.Supp. 923, 936 (ND Cali 1996), finding willful infringement for contributory copyright infringement. |
↑6 | Gershwin Publishing v. Columbia Artists Management, 443 F.2d 1159, 1162 (2nd Cir. 1971). |
↑7 | See In re Aimster Copyright Litigation, 334 F.3d 643, 650 (7th Cir. 2003), “Willful blindness is knowledge, in copyright law… as it is in the law generally.” |
↑8 | Global-Tech Appliances v. SEB, 131 S.Ct. 2060, 2070 (2011). Coincidentally, Global-Tech was an appeal from a Federal Circuit decision. |
↑9 | Commission opinion, In the Matter of Certain Ink Jet Cartridges, No. 337-TA-723, pp. 15-16 (ITC, Dec. 1, 2011). |
↑10 | See Columbia Pictures v. Fung, 2:06-cv-05578-SVW-JC (CD Cali Dec. 21, 2009) “inducement liability and the Digital Millennium Copyright Act safe harbors are inherently contradictory. Inducement liability is based on active bad faith conduct aimed at promoting infringement; the statutory safe harbors are based on passive good faith conduct aimed at operating a legitimate internet business”; Arista v. Usenet, 663 F.Supp.2d 124, 142 (SDNY 2009), “if Defendants … encouraged or fostered such infringement, they would be ineligible for the DMCA’s safe harbor provisions.” |
↑11 | Northern Pipeline v. Marathon Pipe Line, 458 US 50, 64-67 (1982). |
↑12 | Crowell v. Benson, 285 US 22, 51 (1932). |
↑13 | AKZO NV v. US International Trade Commission, 808 F.2d 1471, 1488 (Fed. Cir. 1986). |
↑14 | See Eldred v. Ashcroft, 537 US 186, 214-17 (2003). |
I don’t see how OPEN is any different than SOPA or PIPA when it comes to neutering DNSSEC. The DNS system is not under control of the United States government (or any single government) by any means, the US Government can not insert trusted entries into everyone’s DNS server. The only to mess with DNS entries thus is by man-in-the-middle type attacks. DNSSEC is designed to frustrate such attacks, and would probably have to be made illegal in the United States.
Since DNS records not under the protect of DNSSEC are not properly signed, you have no way know where the record came from. You don’t know if it’s the valid website’s record, or it’s the US Government messing with the record, or some pharmer trying to steal your identity or something of that nature.
Orly?
So why hasn’t blocking child porn sites ruined DNS?
The DNS filtering provisions in the proposed legislation are completely unrelated to anything having to do with DNSSEC.
Can you explain to me how the DNS filtering provisions could possibly work with DNSSEC?
Can you explain to me how the DNS filtering provisions could possibly work with DNSSEC?
DNSSEC’s only purpose is to prevent against forged DNS resolution data. But SOPA doesn’t concern itself with DNS data or even redirection. All it requires is preventing the resolution. So there’s nothing to authenticate, therefore DNSSEC isn’t even implicated.
That’s could be true. I’ll have to do more research myself.
But really the effectiveness of SOPA depends on how far they want to take SOPA. For instance, what is stopping Joe Filesharer from using DNS servers that aren’t in US’s jurisdiction? This is trivial today and it becomes necessary for filesharing, it will become even more trivial.
In the case of a foreign DNS server, SOPA can do nothing. People who want an uncensored Internet will just migrate to DNS servers in countries that don’t attempt this filtering.
I suppose the US government can force ISPs to look for EVERY “offshore” DNS packet and either drop them all (possibly breaking large portions of the Internet in the process – DNS is an international system) or specially look for naughty CNAME records and specifically drop those, but the kind of hardware to do that effectively will be expensive.
There is also the problem of encryption – DNSSEC doesn’t do it (it’s just a signature), but an encrypted DNS would effectively neuter any tampering attempts. If the government filtering gets bad enough I’m expecting people to start setting up VPNs for encrypted DNS tunnels into countries without Internet filtering. This is similar to how Chinese dissents communicate with the rest of the world, and the Chinese really can’t do anything about it even with the very significant investments they’ve made in Internet filtering technology.
DNS is just the first step. IP Blocking will soon follow.
But about what the Pirates are suggesting? VPNs are the only real solution… and those will only go so far before laws are passed.
The ISP is what serves you the internet… you can’t mosey your way around them, and as such the government is specifically targeting their services. If the DNS Resolve is intercepted, or modified before it reaches your machine… then it won’t matter what your DNS Server is.
See, the government isn’t stupid. They may be old, but they’re getting experts to help them make this as “idiot hacker” proof as possible.
DNSSEC makes modification of DNS records infeasible. They can drop DNS records, but that might signal tampering to the client. VPNs are explictly designed to counter man-in-the-middle attacks. The various ISPs have no idea what is traversing a VPN – the contents are only decrypted at the endpoint nodes.
With the move to IPv6, VPNs will become much more common – the Internet Engineering Task Force feels the that fact that transmission can be tampered with in the middle of the network is a design flaw in the Internet. IPv6 integrates IPSec as a required feature.
Again China which spends significant amount of money to try to censor the Internet isn’t entirely successful. The US government which isn’t a fascist-totalitarian state (yet?) is probably not going to do the same level of filtering as China despite what the entertainment industry wants. My understanding of SOPA is it trivial DNS filtering, very easy to get around even without VPNs – and even so this legalization is incredibly unpopular in the technology and human rights sectors and and probably won’t pass.
The DNS filtering provisions may not intend to have anything to do with DNSSEC, but that is not to say that the legislation is “completely unrelated”.
Stewart Baker (former Assistant Secretary of Homeland Security and a staunch opponent of the SOPA bill) explains the practical problems here:
http://volokh.com/2011/12/14/sopa-rope-a-dope/
The diverse range of people speaking up against SOPA is impressive. I hope that Terry (and you? if you are in agreement with him on this) will take a closer look at their arguments and reconsider the unfortunate support of this awful bill.
The only threat to DNSSEC is DNSSEC itself. That’s why it’s been in development for 16 years without meaningful adoption. And even barring anything approaching significant adoption (which is doubtful), I hope people have to resort to shady foreign DNS servers in their search for infringing material. As long as they are not utilizing American resources to do so, the bill is working as intended.
Which is stupid beyond belief from an engineering perspective.
Oh and if you don’t think any kind of copyright prior restrained can’t be abused, what about this? https://plus.google.com/103207773865797007066/posts/M2yVb5ND3Su
This is UMG to stop filesharing of music or it them UMG attempting to censor journalists? DMCA is highly draconian law that unfortunately passed when the Internet was young. It is is often used as a tool of censorship.
I am not a slouch in matters of engineering (pre-law Bachelors and Masters engineering degrees, and many years of practice in patent law dealing with all facets of technology), but much of the technical discussion surrounding DNS, DNSSEC, VPN, etc. leaves me someowhat in the dark because I have not had the opportunity to sit down one-on-one with experts in this area of technology to discuss just what all of these terms really mean, how they work, how they interrelate, and how the assertions being made by those who express deep and abiding concerns about the technology provisions of all the pending bill would realistically play out in actual practice should any or all of them be implemented into law.
Might there be a reference that strips away the technical jargon and begins to explain in ordinary english understandable by a layman such that the dire predictions/opinions can be evaluated on their merits by both former engineers and others alike?
Wikipedia is a good reference on this sort of thing:
http://en.wikipedia.org/wiki/Domain_Name_System
http://en.wikipedia.org/wiki/IPSec
http://en.wikipedia.org/wiki/VPN
http://en.wikipedia.org/wiki/DNS_cache_poisoning
http://en.wikipedia.org/wiki/DNSSEC
Also some of the fundamentals:
http://en.wikipedia.org/wiki/Cryptography
http://en.wikipedia.org/wiki/Public-key_cryptography
http://en.wikipedia.org/wiki/Cryptographic_hash_function
http://en.wikipedia.org/wiki/Man-in-the-middle_attack
If you prefer a textbook on the subject, Computer Networking by Kurose and Ross contains information on all the above and more. Pretty decent as far as textbooks are concerned.
You want an explanation of SOPA?
Paul Vixie explains at 47:06