SOPA is a Red Herring

Via Adam Curry's blog

-----

As usual, the bought and paid for self-fulfilling tech press is missing the elephant in the room. 

The blogosphere discussion surrounding a self-imposed 'blackout' of "key" websites and services that we apparently can't live without, is scheduled for this wednesday. All in protest of proposed legislation in the house and senate. 

I submit this is a big fat red herring. 

First some background: 

Actually there are 3 pieces of legislation; the Stop Online Piracy Act (SOPA) the Protect Intellectual Property Act (PIPA) and the Online Protection and Enforcement of Digital Trade Act (OPEN,) which is currently in draft form, initially proposed by Darrel Issa (R) who will be holding a hearing on Wednesday regarding the strong opposition to DNS 'tampering' as a punitive measure against foreign registered websites infringing on intellectual property and trademarks of US companies within the borders of the United States. 

I have read all three pieces of legislation (its a hobby) and can confidently say that not only are they pretty much identical in scope. The key differences are that only SOPA proposes the DNS 'tampering', which would allow US officials to remove an infringing website's DNS records from the root servers if deemed to be operating in defiance of Intellectual Property and Trademark law, effectively rendering them unfindable when you type in a corresponding domain name website address. 

The boundaries of what is legal and not is not actually contained in any of the bills, as they all universally refer to mainly the Lanham Act. All of it tried and true legislation. Nothing new there. 

All three bills further provide language that will allow justice to forbid US based financial transaction providers, search engines and advertising companies from doing business with a 'website' that is found to be guilty of infringement. 

Of the three proposals, OPEN appears most fair to all parties in any dispute, by requiring a complainant to post a bond when requesting an investigation of infringement in order to combat frivolous use of the provisions available. 

The outrage over SOPA's DNS provisions is justified, but misdirected, Congress is already backpedaling on including it in any final legislation and even the Administration's own response to the "We the People Petitions on SOPA" included an firm stance against measures that would affect the DNS infrastructure: 

We must avoid creating new cybersecurity risks or disrupting the underlying architecture of the Internet. Proposed laws must not tamper with the technical architecture of the Internet through manipulation of the Domain Name System (DNS), a foundation of Internet security. Our analysis of the DNS filtering provisions in some proposed legislation suggests that they pose a real risk to cybersecurity and yet leave contraband goods and services accessible online. We must avoid legislation that drives users to dangerous, unreliable DNS servers and puts next-generation security policies, such as the deployment of DNSSEC, at risk.

Without the DNS clause, it would appear perfectly logical that the government pursue action against websites that attempt to cash in on fake products and stolen intellectual property of it's people. 

The entire reason for even trying to get a DNS provision into law is because it is nearly impossible to track down the owner of a website, or domain name, through today's registration tools. 

A whois lookup on a domain name merely provides whatever information is given at time of registration, and there is no verification of the registrant. 

So, here's what the press has missed; 

During all the shouting about SOPA and proposed blackouts to 'protest', the organization that actually runs the DNS root servers, ICANN, the backbone of the web, has been quite busy in plain view on changing the game, in favor of the government. 

It's been highly underreported that ICANN is now accepting submissions for new gTLD's, or 'generic top level domains'. 

Without getting into all the details of what that means, other than possibly hundreds if not thousands of new domains like .shop .dork .shill and .drone that you will be able to register vanity domain names under, ICANN has come up with a new requirement upon registration: 

You must verify who you are when you register a new domain name, even an international one.

So, if I pay GoDaddy or any other outfit my $9 for curry.blog and have it point to my server at blog.curry.com, I will have to prove my identity upon registration. Presumably with some form of government approved ID. 

This way, when OPEN or perhaps a non-NDS-version of SOPA is passed, if you break the rules, you will be hunted down, regardless of where you live or operate since this also includes international domain names. 

The Administration like this approach as well. Just read the language from the International Strategy For Cyberspace document [pdf]: 

In this future, individuals and businesses can quickly and easily obtain the tools necessary to set up their own presence online; domain names and addresses are available, secure, and properly maintained, without onerous licenses or unreasonable disclosures of personal information.

onerous licenses and unreasonable disclosures of personal information clearly indicates you will have to provide verification of your identity, which in today's world is not a requirement. 

"Hey Citizen, if you have nothing to hide, what are you worried about?" Just follow the rules and all will be fine. I don't think I need to explain the implications of this massive change in internet domain name policy and to your privacy. 

The term for this new type of registration is Thick Whois and you'll be hearing about it eventually, when the so called 'tech press' stops their circle jerking around the latest facebook/google/twitter cat fights and actually starts reporting on things that matter. 

Until then, feel free to make your google+ facebook and twitter icons all black, as your faux protest is futile. The real change, that of your privacy online, is being made in plain sight by former Director of the National Cyber Security Center of the Department of Homeland Security Rod Beckstrom, current CEO of ICANN. Shill anyone? 

This topic was originally discussed on the No Agenda Podcast of Janury 15th 2012. 

Disclaimers: I am not a lawyer, nor am I a journalist. I am not distracted by shiny gadgets. 

[related post: SOPA:Follow the Money]