Archive for the ‘Telecom, Internet & Information Policy’ Category
‘Destroy America’ = Suspicion Fail
News that incautious comments on “tweeter” got British tourists excluded from the United States had Twitter alight yesterday. (Paperwork given to one of the two, on display in this news story, refers to the popular social networking site as a “Tweeter website account,” betraying some ignorance of what Twitter is.)
It’s a good chance to review how suspicion is properly—and, here, improperly—generated.
The Department of Homeland Security has been vague as yet about what actually happened. It may have been some kind of “social media analysis” like this that turned up “suspicious” Tweets leading to the exclusion, though the betting is running toward a suspicious-activity tipline. (What “turned up” the Tweets doesn’t affect my analysis here.) The boastful young Britons Tweeted about going to “destroy America” on the trip—destroy alcoholic beverages in America was almost certainly the import of that line—and dig up the grave of Marilyn Monroe.
Profoundly stilted literalism took this to be threatening language. And a failure of even brief investigation prevented DHS officials from discovering the absurdity of that literalism. It would be impossible to “dig up” Marilyn Monroe’s body, which is in a crypt at Westwood Memorial Park in Los Angeles.
I testified to the Senate Judiciary Committee in 2007 about how one might mine data for terrorists and terrorism planning, in terms that apply equally well to Twitter banter and to any criminality or wrongdoing. For valid suspicion to arise, the information collected must satisfy two criteria:
(1) It is consistent with bad behavior, such as terrorism planning or crime; and (2) it is inconsistent with innocent behavior. In . . . the classic Fourth Amendment case, Terry v. Ohio, . . . a police officer saw Terry walking past a store multiple times, looking in furtively. This was (1) consistent with criminal planning (“casing” the store for robbery), and (2) inconsistent with innocent behavior — it didn’t look like shopping, curiosity, or unrequited love of a store clerk. The officer’s “hunch” in Terry can be described as a successful use of pattern analysis before the age of databases.
Similarly, using the phrase “destroy America” is consistent with planning to destroy America. (You want to be literal? Let’s be literal!) But it’s also consistent with talking smack, which is innocent behavior. These Tweets fail the second criterion for generating suspicion.
Twitter is nothing if not an unreliable source of people’s thinking and intentions. It’s a hotbed of irony, humor, and inside jokes. Witness this Tweet of mine from yesterday, which failed to garner the social media guffaw I sought (which is why I link to it here). Things said on Twitter will almost never be suspicious enough to justify even the briefest interrogation.
Other facts could combine with Twitter commentary to create a suspicious circumstance on extremely rare occasions, but for proper suspicion to arise, the Tweet or Tweets and all other facts must be consistent with criminal planning and inconsistent with lawful behavior. No information so far available suggests that the DHS did anything other than take Tweets literally in the face of plausible explanations by their authors that they were using hyperbole and irony. This is simple investigative incompetence.
If indeed it is a “social media analysis” program that produced this incident, the U.S. government is paying money to cause U.S. government officials to waste their time on making the United States an unattractive place to visit. That’s a cost-trifecta in the face of essentially zero prospect for any security benefit. I slept no more soundly last night knowing that some Brits were denied a chance to paint the town red in L.A.
In case it needs explaining, “paint the town red” is archaic slang. It does not imply an intention or plan to apply pigments to any building or infrastructure in Los Angeles, whether by brush, roller, or spray can.
Sunlight Before Signing, Year Three
In last night’s State of the Union speech, President Obama called for tax law reforms he says we need. Cato scholars have their doubts about much of what was in the speech, but my interest was piqued by the fact that he said, “Send me these tax reforms, and I will sign them right away.”
You see signing them “right away” would again violate his 2008 campaign promise to post the bills sent him by Congress online for five days before signing them.
That’s a cheeky point, but it is time to focus on campaign promises and their honesty. The beginning of President Obama’s fourth year in office is roughly the beginning of his campaign for another term.
When I first began tracking President Obama’s Sunlight Before Signing promise, I joked with friends that it was career gold because I could write hundreds of blog posts for the next four years without thinking a new thought. Well, it’s not quite that good. This is post thirty-six in the SBS series.
(Each character in that last sentence was a link to a previous post. You can spend a whole day reviewing them!)
Last Thursday, January 19th, was the end of President Obama’s third year, so it’s time to review how he’s been doing with Sunlight Before Signing. It was the president’s first broken promise, and at the mid-point of the term he had popped just above 50% in his compliance.
How has he done in the ensuing year?
Well … meh.
SOPA and Skepticism
Over at Libertarianism.org I have a new blog post on the lesson the technology community should have learned from their campaign against SOPA.
Imagine you’re an expert in some field of technical knowledge. Your field impacts quite a lot of people but most of them don’t understand the details the way you do. One day, Congress proposes legislation called the Make Things Better Act, which, its sponsors say, will make things better.
But wait. The Act happens to deal with exactly the field you’re knowledgeable about. And you know what? It won’t make things better. In fact, it will make things far, far worse. Not only will it make things worse, but any benefits the legislation does create will accrue exclusively to a small but powerful interest group.
So you and your other technically-minded friends mobilize against the Make Things Better Act and, through coordination and outcry, succeed in killing it. Two days later, Congress proposes another piece of legislation called the It’s Good for the Children Act. Except this time the law deals with an area outside your expertise. If you applied the lesson learned from the Make Things Better Act, you might react to this new proposal with skepticism. After all, when you were in a position to evaluate what Congress was really up to, you discovered that it wasn’t working in the interests of the American public but, instead, of a tiny and powerful minority. Couldn’t it be possible the new bill is just be more of the same?
Most likely, though, based on the way people typically react in these situations, you won’t apply that lesson. Instead you’ll say, “Boy this new law is great because my favored political party wrote it and, well, it’s good for the children.”
SOPA/PIPA: Harbinger or Aberration?
He’s not unrestrained, but Larry Downes sees the remarkable downfall of legislation to regulate the Internet’s engineering as a harbinger of things to come. Jerry Brito, meanwhile, tells us “Why We Won’t See Many Protests like the SOPA Blackout.”
They’re both right—over different time-horizons. The information environment and economics of political organization today are still quite stacked against public participation in our unwieldy federal government. But in time this will change. Congress and Washington, D.C.’s advocacy and lobbying groups now have some idea what the future will feel like.
The Second-Day Story on U.S. v. Jones
Does a more careful reading of the Supreme Court’s decision in U.S. v. Jones turn up a lurking victory for the government?
Modern media moves so fast that the second-day story happens in the afternoon of the first. The Supreme Court ruled unanimously Monday morning that government agents conduct a Fourth Amendment search when they place a GPS device on a private vehicle and use it to monitor a suspect’s whereabouts for weeks at a time. Monday afternoon, a couple of commentators suggested that the case is less a win than many thought because it didn’t explicitly rule that a warrant is required to attach a GPS device to a vehicle.
Writing on the Volokh Conspiracy blog, George Washington University law professor Orin Kerr noted “What Jones Does Not Hold.”
The Court declined to reach when the installation of the device is reasonable or unreasonable. … So we actually don’t yet know if a warrant is required to install a GPS device; we just know that the installation of the device is a Fourth Amendment “search.”
And over on Scotusblog, Tom Goldstein found that “The Government Fared Much Better Than Everyone Realizes“:
[D]oes the “search” caused by installing a GPS device require a warrant? The answer may be no, given that no member of the Court squarely concludes it does and four members of the Court (those who join the Alito concurrence) do not believe it constitutes a search at all.
So there is a constitutional search when the government attaches a GPS device to a vehicle, but the Court conspicuously declined to say that such a search requires a warrant. Do we have an “a-ha” moment?
The Megaupload Chilling Effects Hit
As I noted on Friday, the seizure of popular cyberlocker Megaupload demonstrates that, even without controversial new legislation, our government already has extraordinarily broad powers to take down U.S.-registered websites (including any site in the .com and .org domains) before anyone has been tried for illegal conduct, let alone convicted. While the evidence presented in the indictment charging Megaupload’s executives with criminal racketeering and copyright infringement certainly seems damning, I also worried about the broader chilling effect such seizures could have on cloud storage services generally.
It didn’t take long for those effects to become apparent. The cyberlocker Filesonic has now disabled file sharing functionality: Users can still upload files for personal storage, but can’t create public links to enable others to access those files. (Though I’m not sure what prevents someone from simply creating a dummy account, uploading files, and then publicly posting the login information.) Another cyberlocker, Uploaded.to, is just blocking all traffic from U.S. Internet addresses, though it’s not at all clear how much legal protection that’s likely to afford them. You can hardly blame them for being skittish: The Megaupload indictment suggests that the U.S. government considers a wide array of cyberlocker business practices to be ipso facto evidence of criminal intentions, even though there are arguably legitimate reasons for many of them. Yet the government doesn’t think it has to wait for a trial, or give the folks who run a site an opportunity to explain their practices, before seizing an entire domain—which would be an effective death sentence for many startups.
If you think all cyberlockers are nothing more than piracy tools, and there’s no legitimate reason to make use of cloud storage for anything but personal backups, this might sound like an entirely healthy development. It’s a little more worrying to those of us who see many valid reasons that law abiding individuals—even those who lack contracts with major record labels and movie studios, or the funds and tech savvy to run their own servers—might want to share large files with friends and colleagues, or distribute them to the general public.
To be sure, such services aren’t going to vanish entirely. Established corporations like Google have sophisticated filter algorithms that can help identify copyrighted content—though those are trivially defeated by file compression and encryption—and large, well paid legal teams to handle copyright compliance and fend off lawsuits, like the one Google’s own YouTube continues to fight with content behemoth Viacom. The question is whether these are the only companies we want offering such services. Is the market for cloud-based platforms that enable sharing (which is one of the big selling points of cloud computing) a market we’re prepared to see effectively closed off to startups that can’t preemptively police every user-uploaded file to Hollywood’s satisfaction? Because that is the predictable effect of a regulatory environment where investors know a nascent site can be summarily yanked offline by a district judge who thinks a Tumblr is some sort of gymnastics aficionado.
If you’re only thinking about current, known uses of the Internet, this might not seem like that big a deal: Why do we need lots of different platforms for sharing large files? But then, just a few years ago it was hard to envision why we might want a platform for sharing streams of 140-character messages (“Just a bunch of people gabbing about what they had for lunch, ho-ho-ho!”) or a platform where anyone, not just Professional Content Creators, could upload short videos (“Amateur videos? Sounds like an excuse to steal movies!”) or half the other technologies that are so profoundly shaping 21st century life.
The last innovation is always safe. That’s why it’s easy to claim concrete examples of the harm regulation might do are hyperbolic fearmongering: Nobody’s going to shut down YouTube or Twitter now, because we’ve already seen the incredible value creation they enable, even if they also make it a bit easier to infringe copyrights. And anyway, the success stories eventually get big enough to afford their own fancy lawyers. It’s the next platform that we risk strangling in the cradle, because every new medium starts out recapitulating old media content before it becomes truly generative. Early radio is full of people reading newspapers and books out loud. Early TV and film looks like what you get when someone points a camera at a stage play.
File lockers still look like nothing but piracy tools to a lot of people, because most of us aren’t yet generating and sharing gigabytes worth of content on a daily basis. But it doesn’t take a whole lot of imagination to imagine a world where that’s not at all the case, a world where cheap, ubiquitous, powerful computing and rising bandwidth and falling storage costs make collaborative creation of high definition sound, video, and—who knows—maybe entire 3D environments a nigh universal recreational activity. (Like TV has been for the last couple generations, only with fewer dead brain cells.)
That world can be run by Google and Sony and a few other behemoths capable of negotiating byzantine licensing deals (and filtering protocols), with incumbents ill-disposed to see the value in anything that isn’t easily shoehorned into their existing business models. Or we can have a more dynamic, open world where someone with a cool idea for a platform can give it a try without spending more money on lawyers than servers first. The interesting, important question isn’t—as regulatory advocates want to make it—whether Megaupload should go out of business. Odds are it will and should, after a proper trial. It isn’t even whether sites like Rapidshare or Hotfile ought to follow suit. The interesting, important question is whether we’re going to have a legal climate that’s capable of giving rise to the second kind of cultural ecosystem, or one that’s only hospitable to the first kind.
“Jones”ing for a Fourth Amendment Upgrade
Today’s unanimous Supreme Court ruling in United States v. Jones makes it clear that government installation and use of GPS tracking devices is a Fourth Amendment “search”—but it may be the concurring opinions, rather than Justice Scalia’s majority opinion, that are most significant for Americans’ privacy in the 21st century.
As Jim Harper notes, Justice Scalia ruled on the relatively narrow grounds that installing the tracking device involved physical intrusion on the suspect’s property, triggering Fourth Amendment protections. Yet as Justices Alito and Sotomayor observe in separate concurrences—and as I pointed out in a previous post on this case—there are plenty of means for tracking a target’s location in public that don’t require such intrusion. One of the most popular with law enforcement is cell-phone tracking, either by means of a court order demanding records from the phone company directly, or through the use of devices known as “Stingrays” or “Triggerfish.” There’s also the use of license-plate recognition cameras, and even aerial surveillance drones. The broader question that’s crucial to determining the extent of our privacy rights in the long term, then, is the one Scalia’s opinion pointedly declines to reach: Does prolonged, technologically-assisted location surveillance impinge on a citizen’s “reasonable expectation of privacy,” even when it does not require physical intrusion?
Justice Alito, joined by three other justices, says that it can indeed—and in this case, did. The placement of a tiny device on the undercarriage of a car parked in a public place, Alito argues, does not sufficiently “interfere” with a suspect’s property interests to constitute a Fourth Amendment “seizure,” nor is it a “search” until police activate and begin monitoring the device. If the police had simply slipped a business card into the tire, after all, the physical intrusion would be too minor in itself to count as an actionable trespass. Instead, Alito insists, it is necessary to proceed to the harder question of whether such intensive location monitoring violates our reasonable social expectations of privacy, even as we move around in public. Though the concurrence is reluctant to say exactly when that expectation is breached, Alito notes that round-the-clock surveillance over a full month would be so costly to carry out by conventional physical observation that it exceeds what reasonable people expect—and so triggers the Fourth Amendment’s warrant requirement.
Perhaps most intriguing is Sotomayor’s brief concurrence. For Sotomayor, either the property rationale relied on by Scalia or the “expectations” analysis deployed by Alito would suffice to find a Fourth Amendment violation here. That’s crucial, because it means that there are at least five votes on the current Court for the view that we have some Fourth Amendment protection against intensive, high-tech location tracking, even in public, and even when the method doesn’t require physical intrusion. Yet even more important than that may be this passage:
More fundamentally, it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties. [...] This approach is ill suited to the digital age, in which people reveal a greatdeal of information about themselves to third parties in the course of carrying out mundane tasks. People disclose the phone numbers that they dial or text to their cellular providers; the URLs that they visit and the e-mail addresses with which they correspond to their Internet service providers; and the books, groceries, and medications they purchase to online retailers. [...] But whatever the societal expectations, they can attain constitutionally protectedstatus only if our Fourth Amendment jurisprudence ceases to treat secrecy as a prerequisite for privacy. I would not assume that all information voluntarily disclosed to some member of the public for a limited purpose is, for that reason alone, disentitled to Fourth Amendment protection.
This is a pretty big deal. Fourth Amendment scholars have been warning for decades—and with increasing alarm—that modern communications technology could turn constitutional privacy protections into an empty formality if we’re regarded as waiving those protections whenever we “expose” information to a third party. It is inherent to the nature of the Internet and mobile telecommunications, after all, that almost everything we do online—and, increasingly, much that we do offline as well—leaves a trace in the vast databases of one corporation or another.
Sotomayor’s concurrence signals a recognition that we need to move beyond what privacy scholar Daniel Solove has called “The Secrecy Paradigm,” which assumes that whatever is not totally secret (or very nearly so) is effectively “public.” In other words, if your Internet provider has a record of every Web site you visit, there’s no invasion of privacy when the government decides to have a look at the list. At least one Justice, evidently, recognizes that this is an indefensible inference—and one hopes she’s not alone.
U.S. v. Jones: A Big Privacy Win
The Supreme Court has delivered a big win for privacy in U.S. v. Jones. That’s the case in which government agents placed a GPS device on a car and used it to track a person round-the-clock for four weeks. The question before the Court was whether the government may do this in the absence of a valid warrant. All nine justices say No.
That’s big, important news. The Supreme Court will not allow developments in technology to outstrip constitutional protections the way it did in Olmstead.
Olmstead v. United States was a 1928 decision in which the Court held that there was no Fourth Amendment search or seizure involved in wiretapping because law enforcement made “no entry of the houses or offices of the defendants.” It took 39 years for the Court to revisit that restrictive, property-based ruling and find that Fourth Amendment interests exist outside of buildings. “[T]he Fourth Amendment protects people, not places” went the famous line from Katz v. United States (1967), which has been the lodestar ever since.
For its good outcome, though, Katz has not served the Fourth Amendment and privacy very well. The Cato Institute’s brief argued to the Court that the doctrine arising from Katz “is weak as a rule for deciding cases.” As developed since 1967, “the ‘reasonable expectation of privacy’ test reverses the inquiry required by the Fourth Amendment and biases Fourth Amendment doctrine against privacy.”
Without rejecting Katz and reasonable expectations, the Jones majority returned to property rights as a basis for Fourth Amendment protection. “The Government physically occupied private property for the purpose of obtaining information” when it attached a GPS device to a private vehicle and used it to gather information. This was a search that the government could not conduct without a valid warrant.
The property rationale for deciding the case had the support of five justices, led by Justice Scalia. The other four justices would have used “reasonable expectations” to decide the same way, so they concurred in the judgement but not the decision. They found many flaws in the use of property and “18th-century tort law” to decide the case.
Justice Sotomayor was explicit in supporting both rationales for protecting privacy. With Justice Scalia, she argued, “When the Government physically invades personal property to gather information, a search occurs.” This language—more clear, and using the legal term of art “personal property,” which Justica Scalia did not—would seem to encompass objects like cell phones, the crucial tool we use today to collect, maintain, and transport our digital effects. Justice Sotomayor emphasized in her separate concurrence that the majority did not reject Katz and “reasonable expectations” in using property as the grounds for this decision.
Justice Sotomayor also deserves special notice for mentioning the pernicious third-party doctrine. “[I]t may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties.” The third-party doctrine cuts against our Fourth Amendment interests in information we share with ISPs, email service providers, financial services providers, and so on. Reconsidering it is very necessary.
Justice Alito’s concurrence is no ringing endorsement of the “reasonable expectation of privacy” test. But he and the justices joining him see many problems with applying Justice Scalia’s property rationale as they interpreted it.
Along with the Scalia-authored Kyllo decision of 2001, Jones is a break from precedent. It may seem like a return to the past, but it is also a return to a foundation on which privacy can be more secure.
More commentary here in the coming days and weeks will explore the case’s meaning more fully. Hopefully, more Supreme Court cases in coming years and decades will clarify and improve Fourth Amendment doctrine.
FBI Reminds Us Government Already Has MegaPower to Take Down Websites
Online activists were still busy celebrating a successful day of protest against proposed (and now shelved) Internet censorship legislation when the Justice Department pulled the popular cyberlocker site Megaupload offline Thursday, and indicted its owners on charges of criminal copyright infringement. It was a serendipitously timed demonstration of two important facts.
First, the U.S. legal system is perfectly capable of reaching criminal suspects overseas. Megaupload is incorporated in Hong Kong, and its CEO was arrested (along with three employees) in New Zealand. That’s significant because supporters of laws like the Stop Online Piracy Act (SOPA) and PROTECT-IP Act (PIPA) typically claim they’re helpless to do anything about overseas sites by more conventional means, necessitating aggressive new enforcement powers with streamlined hearings that give short shrift to due process. Now, if the people behind Megaupload are, in fact, guilty of criminal activity—and the indictment certainly looks damning—the government will have the opportunity to prove it beyond a reasonable doubt before a jury, which will also get to hear any exculpatory facts or arguments the defendants are able to offer. It can be a slow process, but it’s also how we’re supposed to do things in the United States: we don’t just issue orders branding people or sites as “rogues,” we convict them.
Second, if you’re worried about the government taking down U.S.-registered sites, which include any site in the .com and .org domains, wherever their servers might be located, then SOPA and PIPA aren’t really what you should be concerned about: the government already has that power under the PRO-IP Act of 2008. There are good reasons SOPA and PIPA attracted more attention: Instead of “seizing” domains directly at the registry, they would have imposed blocking and filtering obligations on thousands of ISPs and search engines, creating a whole host of technological and security problems. There was also the private right of action, which seemed more susceptible to abuse by overzealous copyright owners who were able to find a friendly judge. But the central power of the government to shut down web domains is already there in PRO-IP, and has been used to seize hundreds of sites already—wrongfully in at least some cases. Incidentally, those absurdly inflated phony statistics I wrote about earlier this month—the ones the Government Accountability Office has debunked, which even the content industries have finally stopped using—were heavily cited as evidence for why PRO-IP was needed, featuring prominently in press releases by the bill’s authors.
The owners of Megaupload don’t seem like particularly sympathetic characters, but the abrupt seizure of the domain before trial ought to give us a bit of pause. The site was plainly used to enable an enormous amount of copyright infringement—and judging by the indictment, the site’s operators appear to not only have known about this, but encouraged it in order to bolster their ad revenues. But that doesn’t mean that’s all the site was used for. Plenty of people made legitimate use of the site for cloud storage, or to (legally) share large files with friends, family, or colleagues. Indeed, no small number of major-label recording artists declared in song that they used the site for just such purposes. Journalist Adam Penenberg tweeted this morning that he was in the habit of using the site to share recordings of his interviews with a transcription service. If you Google around, of course, you’ll mostly see evidence of the more illicit uses—but that’s because people don’t post a link publicly on the Internet when they’re trying to share a file in a more limited way. Taking the entire domain down has affected all those legitimate uses along with the illicit ones.
“You could use it at a specific event. You could use it at a shooting-prone location…”
That’s NYPD Commissioner Ray Kelly touting a new technology called “terahertz imaging detection” to a local news outlet.
Terahertz radiation is electromagnetic waves at the high end of the infrared band, just below the microwave band. The waves can penetrate a wide variety of non-conducting materials, such as clothing, paper, cardboard, wood, masonry, plastic, and ceramics, but they can’t penetrate metal or water. Thus, directing terahertz radiation at a person and capturing the waves that bounce off them can reveal what is under their clothes without the discomfort and danger of going “hands-on” in a search for weapons. Many materials have unique spectral “fingerprints” in the terahertz range, so terahertz imaging can be tuned to reveal only certain materials. (In case you’re wondering, I got this information off the top of my head…)
Will the machines be tuned to display only particular materials? Or will they display images of breasts, buttocks, and crotches? The TSA’s “strip-search machines” got the moniker they have because they did the latter—until the agency tardily re-configured them.
Then there’s the flip-side of not going “hands-on.” Terahertz imaging detection doesn’t natively reveal to the person being searched that law enforcement has picked him or her out for scrutiny. A pat-down certainly lets the individual know he or she is being searched, positioning one to observe and challenge one’s treatment as a suspect. Terahertz imaging lacks this natural—if insufficient—check on abuse.
So terahertz imaging is not just a “hi-tech pat-down.” Its potential takes what would be a pat-down and makes it into a secret, but intimate, visual examination—a surreptitious strip-search. Pat-downs and secret strip-searches are very different things, and it is not necessarily reasonable, where a pat-down might be called for, to use terahertz imaging.
And that brings us to the fundamental problem with Commissioner Kelly’s proffer to use this technology at a “specific event” or at a “shooting-prone location.” These contexts do not create the individualized suspicion that Fourth Amendment law demands when government agents are going to examine intimate details of a person’s body and concealed possessions.
It is certainly possible to devise a terahertz imaging device and a set of use protocols that are constitutional and appropriate for routine, domestic law enforcement, but Commissioner Kelly hasn’t thought of one, and I can’t either.
Consider the dollar costs and potential health effects of terahertz imaging detection, it might just be that the pat-downs pass muster far better than the high-tech gadgetry.
What’s Next for SOPA and PIPA?
With popular sites all over the Internet “going dark” to protest well-intentioned but ill-considered antipiracy legislation, the Stop Online Piracy Act and PROTECT-IP Act are shedding supporters faster than Anthony Weiner on a Twitter spree. But as I explain in a Cato podcast today, neither is dead yet: Rep. Lamar Smith has pledged to continue marking up SOPA next month, and PIPA is still set for a cloture vote next week.
In a huge about-face, given their prior intransigence on this point, both have said they’re prepared to remove, at least temporarily, an onerous and controversial provision to require DNS blocking of accused “rogue sites,” which is an encouraging sign. But if DNS blocking was the worst piracy-fighting proposal on the table, it’s hardly the only one.
The Justice Department and private copyright owners can still seek to have entire foreign sites branded as infringers, triggering an array of remedies that would still deter technological investment and innovation, and still impose serious burdens on American companies and ordinary Internet users. Contrary to the claims of SOPA and PIPA supporters, copyright holders have often been perfectly able to sue the foreign “rogue sites” they cite as evidence new legislation is needed… the problem is that sometimes, they lose. Instead of all that messy litigation, SOPA and PIPA would establish one-sided hearing mechanism that mocks true due process. Any site a single friendly judge deems “rogue” would still be starved of advertising and subscription revenue. American search engines and other “information location tools” would still have to filter their content to redact any links to the shunned site. As Wikileaks has learned, repressive regimes have long known, and the Supreme Court acknowledged in Citizens United, economic regulation can silence speech (and run afoul of the First Amendment) as effectively as overt censorship.
That means we’re bound to see many more stories like the one entrepreneur Dmitri Shapiro tells: His innovative company Veoh won repeated copyright lawsuits filed by movie studios, but was still killed off by the cost of litigation. SOPA and PIPA will ensure that future lawsuit targets lack the means to fight back—which almost certainly means they’ll never get off the ground in the first place.
Such fears are hardly “hypothetical,” as Rep. Smith likes to argue, given industry’s ugly history of abusing copyright law to squelch competition and criticism. Remember, at the end of the day, that the market position of major studios and record labels is very much bound up with their control of traditional distribution channels. Artists don’t need to be signed to a major label in order to record a great album—but they’re key to marketing the album and getting it into stores.
Any large platform that gives creators an easy way to reach audiences directly, or gives consumers easier mobile access to their legal content, will inevitably do two things: It will enable some amount of copyright infringement, because that’s what digital communications technologies tend to do, and it will cut out incumbent middlemen by circumventing their distribution channels. Industry complains loudly (and often rather dishonestly) about the first effect; the more serious long term threat to their business models is the second.
We’ve already seen a decade of futile efforts to stop unauthorized circulation of copyrighted materials online by “cracking down” ever harder. More new regulations aren’t likely to do the job—but the collateral damage they inflict will keep rising. As a recent and very thorough study by the Social Science Research Council argues, and Netflix has already shown within the United States, the most effective remedy for piracy is to make content easily available online at an attractive price. Since it’s become a “political fact” that we Must Do Something Right Now to reduce online infringement, why not try that?
The Internet Is Not .gov’s to Regulate
Imagine that Congress passed a law setting up a procedure that could require ordinary citizens like you to remove telephone numbers from your phone book or from the “contacts” list in your phone. What about a policy that cut off the phone lines to an entire building because some of its tenants used the phone to plot thefts or fraud? Would it be okay with you if the user of the numbers coming out of your phone records or the tenants of the cut-off building had been adjudged “rogue” users of the phone?
Cutting off phone lines is the closest familiar parallel to what Congress is considering in two bills nicknamed “SOPA” and “PIPA”—the “Stop Online Piracy Act” and the “PROTECT IP Act.”
Julian Sanchez has vigorously argued several points about these bills. Here, I’ll try to describe what they try to do to the Internet.
Simplifying, every computer and server has an IP (or “Internet Protocol”) address, which is a set of numbers that uniquely identify its location on the Internet. The IP address for the server hosting Cato’s Spanish language site, elcato.org, for example, is 67.192.234.234.
Now, these numbers are hard to remember, so there is a system that translates IP addresses into something more familiar. That’s the domain name system, or “DNS.” The domain name system takes the memorable name that you type into the address bar of your computer, such as elcato.org, and it looks up the IP address so you can be forwarded along to the IP address of your choice.
One of the major ideas behind SOPA and PIPA is to cut Internet sites that violate copyright out of the domain name system. No longer could typing “elcato.org” get you to the Web site you wanted to visit. Much of the debate has been about the legal process for determining whether to strike out a domain name.
But preventing a domain name lookup doesn’t take the site off the Internet. It just makes it slightly harder to access. You can prove it to yourself right now by copying “67.192.234.234″ (without the quotes) and plugging it into your address bar. (The Internet is complicated. Some of you might be directed to other Cato sites.) Then come back here and read on, por favor!
The government would require law-abiding citizens to “black out” phone numbers—or Internet service providers to do the same with domain names—for this little effect on wrongdoing? It doesn’t make sense. The practical burdens on the law-abiding Internet service provider would be large. “Blacking out” an entire building—just like a Web site—would cut off the lawful communications right along with the unlawful ones. It’s through-the-looking-glass information control, with enormous potential to obstruct entirely lawful communications and impinge on First Amendment rights.
Which is why many Web sites today are “blacking out” in protest. In various ways, sites like Craigslist.org, Wikipedia, and many others are signaling to their visitors that Congress is threatening the core functioning of the Internet with bills like SOPA and PIPA. And threatening all of our freedom to communicate.
The Internet is not the government’s to regulate. It is an agreement on a set of protocols—a language that computers use to talk to one another. That language is the envelope in which our communications—our First-Amendment-protected speech—travels in hundreds of different forms.
The Internet community is growing in power. (Let’s not be triumphal—government authorities will use every wile to maintain control.) Hopefully the people who get engaged to fight SOPA and PIPA will recognize the many ways that the government regulates and limits information flows through technical means. The federal government exercises tight control over electromagnetic spectrum, for example, and it claims authority to impose public-utility-style regulation of Internet service provision in the name of “net neutrality.”
Under the better view—the view of freedom behind opposition to SOPA and PIPA—these things are not the government’s to regulate.
Cato on Facebook
Cato on Twitter
Cato on Google+
Cato on YouTube
