Tag Archives: law

Explaining SOPA

A lot of people are concerned about SOPA, the Stop Online Piracy Act. There are plenty of pages that say that it will destroy the Internet, but very few that explain clearly exactly why. It has also become clear that the politicians writing the law have no idea how the Internet actually works. So here is my attempt to explain it all.

Let me start by explaining DNS, using a situation that doesn’t involve computers, that hopefully anyone can understand.

Imagine a server on the Internet as being like an office building in 1973. No computers. No mobile phones. Just an office building with an expensive business phone line, internal phones connected by wires, and a receptionist with switchboard and a single phone line connected to the outside world.

The server has an IP address. That’s like the office building’s telephone number.

The web sites on that server are like the people who work in the office building. So talking to John Smith is like reading John Smith’s web site.

Now, when your web browser connects to John Smith’s web site, it looks up the IP address of the site, connects to the web host, and requests John Smith’s web site via HTTP. The request is then routed to the appropriate page.

That sounded complicated, so let’s translate it into our telephone analogy:

When you want to talk to John Smith, you look up the phone number of the building he works in, call that number, and ask to talk to John Smith, and you’re put through to him.

Note that unrelated people can work in the same office with the same phone number used to contact them. This is just like the Internet, where there can be multiple unrelated web sites on the same server at the same IP address. What about the different pages of a web site? Well, those are like talking to the owner of the web site about different topics.

OK. Next problem: DNS is distributed. How do we explain that?

Well, at work in 1973, when I want to know somebody’s telephone number, I look in my address book. If it’s not there, I look the number up in the company telephone directory, and make a copy in my address book so I’ll find it quicker next time. If the number isn’t in the company directory, I get the big telephone directory from the phone company, and look in that. If it isn’t there, I call directory assistance, and they look in the really big master telephone directory that has every number in the country. And so on.

DNS is like that. If your computer knows the IP address of a web site because it has used it recently, it just goes ahead and connects, makes the call. Otherwise, it asks your ISP if they have the IP address. If they don’t, your request for the IP address gets forwarded up to a higher level server, until we get to the so-called root servers, which are like the phone companies’ multi-volume master directories.

There are a few technical details not addressed by this analogy, but it’s close enough to explain basically how the system works.

So, now we can talk about the proposed SOPA legislation, the Stop Online Piracy Act.

The basic idea of SOPA is that if someone is accused of copyright violation, all the ISPs in America are required to block access to that person’s web site.

Put like that, it might sound quite reasonable. That’s probably how music and film industry lobbyists explain it to politicians. The problems become clear when you rephrase it for 1973 technology.

People are taping LPs, and giving tapes to friends who call them up on the phone and ask for a copy. So, if someone is accused of taping LPs, we will cut off the phones of the business he works at and remove his name from the phone directory.

Hopefully if you think about that for a moment, some obvious problems spring to mind. I’m going to talk about a few of them.

The first problem is that word “accused”. SOPA does not require any independent investigation. It does not require a lawsuit, or a trial, let alone a conviction. All that’s needed is for Polymer Records to accuse John Smith of taping their albums.

You might think that record companies can be trusted. Well, you might think that if you aren’t a musician, anyway. If you do, I’d suggest reading about some of the abuse of the Digital Millennium Copyright Act, DMCA. Just this last week, Universal Music Group have been issuing takedowns on YouTube for video recordings they don’t own the rights to. You might think it would never happen to you, but if you’ve ever uploaded a video of your kids singing Happy Birthday, well, that’s actionable copyright violation. The owners of The Birthday Song, Warner Brothers, collect about $2 million per year from demanding payment from people who sing it.

The second problem is this: Even if the record company is right, what about all the other people who work in the same office building? How are they going to do their work and earn a living?

A single IP address can host literally thousands of web sites, owned by people who are total strangers to each other. Blocking an IP address takes all those sites offline.

That’s not the only weapon against the Internet authorized by SOPA, though. It also allows for DNS-level blocking. That is, rather than taking out every single web site hosted at a particular IP address, it just takes out every page hosted at the same domain. Going back to our telephone analogy, when John Smith is accused of copying LPs, his name is struck from the telephone directory.

Our analogy fails somewhat here. On the Internet, a single name like Flickr or YouTube can represent tens of thousands of people. So the problem of ‘collateral damage’ isn’t eliminated, only reduced.

But the analogy does make clear a more constitutional issue: In what way is it any of the government’s business what the phone company prints in the telephone directory? If I want to run a telephone directory business with ads for dodgy massage parlors, it’s none of the government’s business. Or in Internet terms, if I choose to publish the information that happyendings.com is at IP address 2001:db8:0:1 then the First Amendment requires that I be free to do so.

There are technical issues too. At the moment, a lot of effort is going into making the Internet more secure by preventing DNS spoofing. Like crooks who put card skimmers on ATMs, DNS spoofers put fake entries in the Internet’s ‘telephone directory’, so that when you think you’re contacting the bank, you’re actually contacting a web server they own. They then collect your username and password, and use those to drain your account.

The solution is called DNSSEC, secure DNS. It uses digital signatures to ensure that only DNS entries signed by your bank will be accepted by your browser. If the signed and verified entry is missing from the directory, your computer goes out and probes servers around the world until it finds one that can provide signed and verified information.

The problem, of course, is that this is utterly incompatible with SOPA. If the government orders that happyendings.com be removed from the Internet, a computer with secure DNS will detect that the “No such web site” reply is not signed by the company that owns the domain. It will try other DNS servers, including those outside the USA and beyond US government control, until it gets a true answer.

So for SOPA’s DNS filtering to work, DNSSEC has to be abandoned or blocked. Which means that online fraudsters will carry on having a free pass to put digital ‘card skimmers’ on your bank’s web site.

Hopefully you’ve followed all that. Please feel free to quote any or all of it in letters to your elected representatives. And now, a little irony to chuckle over.

Earlier this month, a Russian web site compiled a database of around 20% of the IP addresses using BitTorrent file sharing, along with the details of the files they were downloading. Investigation soon revealed something interesting. Someone at Sony Pictures movie studio had downloaded illegal copies of “Conan The Barbarian”, a movie owned by indie studio Lions Gate Entertainment. They had also downloaded Beavis and Butthead, owned by Viacom. Meanwhile, NBC Universal’s IP addresses had downloaded pirate copies of HBO’s “Game of Thrones”, and Fox Entertainment had pirated Paramount’s “Super 8”.

If SOPA were already in effect, Sony, Fox and NBC could have found their corporate web sites forced offline, with no trial, no notice, and no comeback. Do they realize this, or are they counting on the law not being enforced against them?

US vs UK

A US court has ruled that authorities cannot force people to incriminate themselves by divulging their encryption passwords.

This is in marked contrast to the UK, where the Regulation of Investigatory Powers Act (RIPA) makes it a crime to decline to hand over all your incriminating files if the police demand it. If the case doesn’t involve national security, you can be put in jail for two years. If it does, five years.

Of course, the authorities would only use that power if absolutely necessary to fight terrorism, right? Well, the first person to fall afoul of section III of RIPA was an animal rights protester. She claims she didn’t have any encrypted files.

Got any old encrypted e-mails for which you no longer have the key? The RIPA has no limit, they can demand keys for files years old. Lost or forgotten the key? Someone sent you something encrypted with the wrong key? Off to jail you go.

Good news for slackers

AP reports:

Saying surfing the web is equivalent to reading a newspaper or talking on the phone, an administrative law judge has suggested that only a reprimand is appropriate as punishment for a city worker accused of failing to heed warnings to stay off the Internet.

In his decision, Spooner wrote: “It should be observed that the Internet has become the modern equivalent of a telephone or a daily newspaper, providing a combination of communication and information that most employees use as frequently in their personal lives as for their work.”

He added: “For this reason, city agencies permit workers to use a telephone for personal calls, so long as this does not interfere with their overall work performance. Many agencies apply the same standard to the use of the Internet for personal purposes.”

This is something I’ve been saying for a while in the periodic arguments over whether businesses should try and lock down the Internet to only “approved” sites. Do the same businesses search employees at the door to make sure they don’t bring in newspapers, magazines or mobile phones? Generally not. (If you work for the NSA, your mileage may vary.)

Slacking is a time-honored tradition. If you ban the Internet, people will spend their time talking about last night’s TV, making paper planes, or whatever.

Now, get back to work.

Netflix class action lawsuit redux

I just got a phone call from one of the lawyers involved in the Netflix class action lawsuit I wrote about a while back. Apparently my letter had caught his attention, and he wanted to discuss my objections to the proposed settlement in more detail. It turned out to be quite an interesting conversation.

I explained that the first issue was that I felt the proposed settlement gave far too much benefit to the legal firm, rather than the allegedly wronged customers of Netflix. I said that I understood that law firms took class action cases on a speculative basis, and that fines had to be large enough to hurt the companies sued, but that it seemed excessive for the wronged customers to get 1 month of better service that they would then have to cancel to avoid paying more, while the law firm got over $2 million cash.

He said that the settlement was the product of compromise, and that having to opt out of the increased service after a month was the way Netflix wanted it. I said that I didn’t doubt that, but that in the past Netflix had sent me a bonus DVD one month, as a reward or compensation for something I forget. So clearly there were other ways to compensate customers.

He said that yes, Netflix had done that, but that it had resulted in so many customer service queries from people not reading the accompanying explanation, and presumably worried that they had been silently upgraded, that Netflix had vowed never to do anything that way again. I conceded that it seemed entirely plausible to me that I was just atypical of the average Netflix consumer, in that I’m not easily confused by a bonus disc and I hate opt-out arrangements.

He mentioned that he’s had the same objections from many people writing to opt out. I’m guessing they’ve been surprised by the level of response. Maybe they’re calling partly to check up that the people opting out really do understand what they’re opting out of, and haven’t been suckered by a chain e-mail or something.

We also talked about the fundamental issue of why the lawsuit had been brought in the first place. I explained that I felt it was fairly frivolous to start with: in the real world, reasonable people understand that when something is advertised as ‘unlimited’, there are in fact usually some limits. The example I picked was an ‘all you can eat’ restaurant—when you pay for ‘all you can eat’, and the restaurant closes while you’re still eating, that’s not a reason to sue. “All you can eat” is not necessarily meant in a pedantic literal sense, and neither is “Unlimited DVD rentals”.

The counter-argument put to me was that the real issue wasn’t the lack of unlimitedness, but the alleged unfairness. It wasn’t that Netflix couldn’t actually deliver unlimited DVDs, it was that after a certain point, customers who had had fewer rentals that month got sent to the front of the queue—and the heavy customers had the sending of their next discs delayed as a result.

The lawyer said that to use my analogy, it was like the restaurant allowing the people who had had two slices of pizza to cut in line in front of me when I was going to get my seventh or eighth slice.

The thing is, I don’t think that would be particularly unfair. I might not be happy about it if someone grabbed the last slice of vegetarian pizza and I had to wait for a fresh one to be cooked, but I wouldn’t sue them over it. Growing up, at mealtimes the kid who had only had one serving was always given precedence of choice over the one who was on his third helpings.

I mentioned having heard about Netflix giving preferential treatment to low-volume customers ages ago. Again, from my point of view—which admittedly, may be biased by my being a low-volume customer—it seems to make good sense. If John is only getting 1 DVD this month, it’s pretty damn important to make sure he gets the one he wants, quickly. More important, I think, than making sure that Mike’s 8th DVD arrives just as quickly as his 1st.

I also mentioned the allegations a while back about Amazon offering worse prices to people who were regular customers, and similar cases of shops offering preferential treatment to customers who they believe are the most profitable for them. The lawyer talked about how those cases were different; he seemed to be trying to draw a clear distinction but I couldn’t quite grasp his reasoning. Maybe it was some subtle legal point, or maybe he was bluffing.

Anyway, it was all very amiable. I said I would be interested to see the outcome of the lawsuit, and that if it succeeded it would be interesting to see if companies would have to start putting disclaimers up saying something along the lines of “Your price may be worse than the price we’re offering other people, because we don’t think you make us enough money as a customer.”

(Oh, I don’t remember the guy’s name I’m afraid. I’m terrible with names, he said it once at the start and I completely forgot what it was by the end of the discussion.)

Foxes guarding the henhouse?

The 9/11 Commission recommended setting up an organization to help safeguard civil liberties. Sure enough the Bush administration has gone ahead and created a President’s Board on Safeguarding Americans’ Civil Liberties.

Ignoring for the moment the issue that civil liberties should, constitutionally, be protected for everyone and not just US citizens, I thought it would be interesting to take a look at the people who are being put in charge of safeguarding your freedoms.

  • The Deputy Attorney General, James B. Comey.

    Quote from Comey: A court of the United States has no jurisdiction…to enjoin the president in the performance of his official duties.

    He also explained at length why he thought it was right that Jose Padilla was thrown in a military jail indefinitely and not allowed to talk to a lawyer, even though he is a US citizen and was not officially charged with any crime. Comey’s position was overruled by the Supreme Court, thank goodness.

  • The Assistant Attorney General (Civil Rights Division), R. Alexander Acosta.

    Acosta seems to be one of the Good Guys, having (amongst other things) defended a Muslim student’s right to wear her head scarf at school.

  • The Assistant Attorney General (Office of Legal Policy), Daniel J. Bryant.

    Bryant is a strong supporter of a Constitutional amendment to ban flag-burning. Need I say more?

  • The Under Secretary for Border and Transportation Security at the Department of Homeland Security, Asa Hutchinson.

    Hutchinson was formerly head of the DEA, that bastion of concern for the civil liberties of the individual. He pushed the “drugs support terrorism” angle, and favored intensifying the War On (Selected) Drugs. He also supports Constitutional Amendments to ban flag burning and allow official school prayer, and supports banning abortion and gay adoption.

  • The Assistant Secretary for Information Analysis at the Department of Homeland Security, General Patrick Hughes. He was a member of the 9/11 Commission, and wrote a series of articles on the theme of global threats to the USA and its interests abroad, for various audiences. His major focus in recent years has been building a massive information sharing network to ensure that law enforcement, homeland security and private contractors at federal, state and local level share information freely, so I’m sure he’ll have something to say about preserving your privacy.

  • The Assistant Secretary (Policy), Directorate of Border and Transportation Security, part of the Department of Homeland Security; that would be a Mr C. Stewart Verdery, I believe.

    Quote from his nomination speech: We all remember well the bipartisan effort which spawned a host of responses to the terrorist attacks, including the PATRIOT Act and the creation of the Transportation Security Administration. Those days exemplified the kind of public service which is truly gratifying.

    His department is responsible for visa policy, and is pushing biometric passports—including forcing foreign countries to use biometric passports if they wish to take part in US visa waiver programs.

  • The Officer for Civil Rights and Civil Liberties at the Department of Homeland Security, Daniel W. Sutherland. He’s another of the good guys, having written in favor of immigration reform and against mandatory biometric national IDs.

  • The Privacy Officer at the Department of Homeland Security, Nuala O’Connor Kelly. She was the Chief Privacy Officer for…wait for it…DoubleClick. Joking aside, though, she seems to be on the side of light.

  • The Counsel for Intelligence Policy, Department of Justice, James A. Baker III. You might recognize that name if you’ve seen Farenheit 9/11. He’s the Senior Counsel for the Carlyle Group, the 10th largest defense contractor in the US, heavily tied to ENRON and the Bin Laden family. He even has a bio page on the George Bush Foundation web site.

  • The Under Secretary for Enforcement, Department of the Treasury, Stuart Levey. Coincidentally, he’s was a partner in James Baker’s law firm.

  • The Assistant Secretary (Terrorist Financing), Department of the Treasury, Juan Zarate. His job focus has been on stopping the flow of cash to terrorists—while assuring Muslim charities that Bush administration policies were not intended to hurt them.

  • The General Counsel, Office of Management and Budget. I think that’s Raymond J. McKenna. His office is part of the General Services Administration, responsible for helping to improve government efficiency by providing office space, office supplies, technology, and services.

    I must confess to being unclear why he’s on this particular committee.

  • The Deputy Director of Central Intelligence for Community Management, Larry C. Kindsvater. He’s strongly in favor of reorganizing the US intelligence system, which is probably why he was picked.

  • The Chair of the Privacy Council at the Federal Bureau of Investigation. I can’t find any record of a Privacy Council at the FBI; a search of their web site produces 0 hits.

  • The General Counsel for the Central Intelligence Agency. These are the people who advise the CIA on the legality of their assassinations, foreign government coup attempts, and drug running.

    The CIA OGC web site doesn’t provide any information naming anyone who works there. They do mention that you can’t work for the CIA OGC in any capacity without a Top Secret clearance, polygraph test, and 6 month background screening. I believe the current General Counsel is still Scott W. Muller. Interestingly, Muller had no intelligence background before getting the job; his background was investigating white collar crime.

    Muller apparently thinks the PATRIOT Act didn’t go far enough. As he said at his nomination hearing:

    Well, let me start, Senator, by saying that I think the changes that were made in the U.S.A. Patriot Act were clearly necessary in light of the events of September 11 and I think have gone a long way toward creating at the operational level the kind of sharing and collaboration that this Committee and the Intelligence Community and the Bureau and law enforcement think need to occur. There’s a lot of work left to be done.

  • The General Counsel for the National Security Agency. I believe this is still Vito T. Potenza, though obviously it’s very hard to find any information on who the NSA’s General Counsel is, or even who Mr Potenza is.

  • The Under Secretary of Defense for Intelligence, Stephen Cambone. The Center for American Progress describe his qualifications as a fierce loyalty to Donald Rumsfeld and an unshakeable right wing ideology and note that he was responsible for sending Major General Geoffrey Miller to Iraq with orders to find more effective ways to interrogate prisoners.

  • The General Counsel of the Department of Defense, William J. Haynes II

    Mr Haynes is the man who wrote the infamous memo listing “interrogation techniques” (i.e. torture) authorized for use at Guantanamo Bay, and was also involved in numerous other dubious legal arguments.

  • The Legal Adviser at the Department of State, James H. Thessin. I can’t find much of anything about him.

  • The Director of the Terrorist Threat Integration Center, John O. Brennan, a 23 year CIA veteran. His is the department which is supposed to glue together all the other departments and make sure that the left hand knows what the right hand is doing. It’s also the department that was blamed for embarrassing inaccuracies in the 2003 “Patterns of Global Terrorism” report. It was initially released to a fanfare of congratulation, as it showed that deaths from terrorist activity had fallen thanks to the Bush “War on Terror”. Then, the spurious figures were quietly revised to show that things had actually gotten worse. Brennan explained the errors by saying that their computers were too old and they were understaffed.

So, there we have it. Not a totally one sided panel, but definitely stacked carefully in a particular direction.

“Step away from the marshmallows!”

Last year, teachers’ aide Hope Clarke went vacationing in Yellowstone National Park. While she was there camping out, she was slightly negligent—she failed to put away a sealed bag of marshmallows after sipping hot chocolate around the campfire. This is viewed as bad behavior because, as we all know from TV, food attracts bears eager to steal pick-a-nick baskets. Perhaps bears can smell marshmallows through plastic, I don’t know. Anyway, rules are rules, and for her food storage crimes Ms Clarke was handed a fine for $50.

The next year, Hope Clarke booked a cruise ship vacation on Carnival’s ship “Fascination”. Little did she know that the wheels of justice were slowly turning back on dry land…

A federal database had flagged Clarke’s name, saying that she had never paid her $50 fine. A warrant for her arrest was issued automatically. Her devious cruise ship vacation was soon investigated by federal agents, and the dragnet began to tighten…

At 06:30 in the morning as the ship returned to port, federal agents burst into Hope Clarke’s cabin. They had traced her whereabouts and knew all about her chocolate and marshmallow crimes, and they immediately put her in handcuffs and turned her over to federal marshals. She was photographed, fingerprinted, and thrown into jail. That afternoon she was dragged into court in leg shackles.

It was at that point that U.S. Magistrate Judge John O’Sullivan noted that he had a copy of Clarke’s original citation on paper as part of the filings for the case, and it said that she had paid her $50 fine before leaving the park, as everyone fined in Yellowstone is required to do.

The Assistant US Attorney considered the matter, and conceded that there were some “discrepancies” surrounding the case. He suggested to the judge that Ms Clarke be released temporarily, and told to return at a later date to clear up the matter.

The judge ordered Clarke released, and apologized to her. A mere 2 hours later, after almost 9 hours in custody, Clarke was released. She was reunited with her fiancé, who admitted that he was the fiend who had left the marshmallows out. In fact, the only reason the feds had Hope Clarke’s name to start with, was that she’d used her credit card to pay the fine.

Sources: Billings Gazette, South Florida Sun Sentinel, etc.

PATRIOT II

More about the sequel to the “PATRIOT” act: it’s called the Domestic Security Enhancement Act. Amongst the planned improvements to the legal system:

  • Law enforcement to be able to wiretap you for up to 48 hours without needing a warrant or court order.

  • New ‘secret subpoenas’, where you can be compelled to testify and also prohibited from revealing to anyone that you’ve been served a subpoena.

  • New search warrants, valid throughout the USA, to be issued if police accuse you of computer hacking.

  • Using encryption in any way while committing a felony will add 5 years to the sentence.

  • DNA database of suspected terrorists, and any non-citizens suspected of associating with organizations declared as terrorist.

  • All consent decrees which limit state law enforcement surveillance, and which date from before 9/11, to be terminated at a stroke.

  • US citizens can be expatriated (have their citizenship terminated) if they are deemed to be supporting declared terrorist organizations, based on their actions.