Six Things Wrong with SOPA

America is moving to censor the Internet. The PROTECT IP and Stop Online Piracy Acts have received considerable attention in the legal and tech world; SOPA’s markup in the House occurs tomorrow. I’m not opposed to blacklisting Internet sites on principle; however, I think that thoughtful procedural protections are vital to doing so in a legitimate way. Let me offer six things that are wrong with SOPA and PROTECT IP: they harm cybersecurity, are wildly overbroad and vague, enable unconstitutional prior restraint, undercut American credibility on Internet freedom, damage a well-working system for online infringement, and lack any empirical justification whatsoever. And, let me address briefly Floyd Abrams’s letter in support of PROTECT IP, as it is frequently adverted to by supporters of the legislation. (The one-word summary: “sellout.” The longer summary: The PROTECT IP letter will be to Abrams’ career what the Transformersmovie was to that of Orson Welles.)

  1. Cybersecurity – the bills make cybersecurity worse. The most significant risk is that they impede – in fact, they’d prevent – the deployment of DNSSEC, which is vitally important to reducing phishing, man-in-the-middle attacks, and similar threats. Technical experts are unanimous on this – see, for example, Sandia National Laboratories, or Steve CrockerPaul Vixie / Dan Kaminsky et al. Idiots, like the MPAA’s Michael O’Leary, disagree, and simply assert that “the codes change.” (This is what I call “magic elf” thinking: we can just get magic elves to change the Internet to solve all of our problems. Congress does this, too, as when it includes imaginary age-verifying technologies in Internet legislation.) Both bills would mandate that ISPs redirect users away from targeted sites, to government warning notices such as those employed in domain name seizure cases. But, this is exactly what DNSSEC seeks to prevent – it ensures that the only content returned in response to a request for a Web site is that authorized by the site’s owner. There are similar problems with IP-based redirection, as Pakistan’s inadvertent hijacking of YouTube demonstrated. It is ironic that at a time when the Obama administration has designated cybersecurity as a major priority, Congress is prepared to adopt legislation that makes the Net markedly less secure.
  2. Wildly overbroad and vague– the legislation (particularly SOPA) is a blunderbuss, not a scalpel. Sites eligible for censoring include those:
      • primarily designed or operated for copyright infringement, trademark infringement, or DMCA § 1201 infringement
      • with a limited purpose or use other than such infringement
      • that facilitate or enable such infringement
      • that promote their use to engage in infringement
      • that take deliberate actions to avoid confirming high probability of such use

    If Flickr, Dropbox, and YouTube were located overseas, they would plainly qualify. Targeting sites that “facilitate or enable” infringement is particularly worrisome – this charge can be brought against a huge range of sites, such as proxy services or anonymizers. User-generated content sites are clearly dead. And the vagueness inherent in these terms means two things: a wave of litigation as courts try to sort out what the terminology means, and a chilling of innovation by tech startups.

  3. Unconstitutional prior restraint – the legislation engages in unconstitutional prior restraint. On filing an action, the Attorney General can obtain an injunction that mandates blocking of a site, or the cutoff of advertising and financial services to it – before the site’s owner has had a chance to answer, or even appear. This is exactly backwards: the Constitution teaches that the government cannot censor speech until it has made the necessary showing, in an adversarial proceeding – typically under strict scrutiny. Even under the more relaxed, intermediate scrutiny that characterizes review of IP law, censorship based solely on the government’s say-so is forbidden. The prior restraint problem is worsened as the bills target the entire site via its domain name, rather than focusing on individualized infringing content, as the DMCA does. Finally, SOPA’s mandatory notice-and-takedown procedure is entirely one-sided: it requires intermediaries to cease doing business with alleged infringers, but does not create any counter-notification akin to Section 512(g) of the DMCA. The bills tilt the table towards censorship. They’re unconstitutional, although it may well take long and expensive litigation to demonstrate that.
  4. Undercuts America’s moral legitimacy – there is an irreconciliable tension between these bills and the position of the Obama administration – especially Secretary of State Hillary Clinton – on Internet freedom. States such as Iran also mandate blocking of unlawful content; that’s why Iran blocked our “virtual embassy” there. America surrenders the rhetorical and moral advantage when it, too, censors on-line content with minimal process. SOPA goes one step farther: it permits injunctions against technologies that circumvent blocking – such as those funded by the State Department. This is fine with SOPA adherents; the MPAA’s Chris Dodd is a fan of Chinese-style censorship. But it ought to worry the rest of us, who have a stake in uncensored Internet communication.
  5. Undercuts DMCA – the notice-and-takedown provisions of the DMCA are reasonably well-working. They’re predictable, they scale for both discovering infringing content and removing it, and they enable innovation, such as both YouTube itself and YouTube’s system of monetizing potentially infringing content. The bills shift the burden of enforcement from IP owners – which is where it has traditionally rested, and where it belongs – onto intermediaries. SOPA in particular increases the burden, since sites must respond within 5 days of a notification of claimed infringement, with no exception for holidays or weekends. The content industries do not like the DMCA. That is no evidence at all that it is not functioning well.
  6. No empirical evidence – put simply, there is no empirical data suggesting these bills are necessary. The content industries routinely throw around made-up numbers, but they have been frequently debunked. How important are losses from foreign sites that are beyond the reach of standard infringement litigation, versus losses from domestic P2P networks, physical infringement, and the like? Data from places like Switzerland suggests that losses are, at best, minimal. If Hollywood wants America to censor the Internet, it needs to make a convincing case based on actual data, and not moronic analogies to stealing things off trucks. The bills, at their core, are rent-seeking: they would rewrite the law and alter fundamentally Internet free expression to benefit relatively small yet politically powerful industries. (It’s no shock two key Congressional aides who worked on the legislation have taken jobs in Hollywood – they’re just following Mitch Glazier, Dan Glickman, and Chris Dodd through the revolving door.) The bills are likely to impede innovation by the far larger information technology industry, and indeed to drive some economic activity in IT offshore.

The bills are bad policy and bad law. And yet I expect one of them to pass and be signed into law.

Lastly, the Abrams letter: Noted First Amendment attorney Floyd Abrams wrote a letter in favor of PROTECT IP. Abrams’s letter is long, but surprisingly thin on substantive legal analysis of PROTECT IP’s provisions. It looks like advocacy, but in reality, it is Abrams selling his (fading) reputation as a First Amendment defender to Hollywood. The letter rehearses standard copyright and First Amendment doctrine, and then tries to portray PROTECT IP as a bill firmly in line with First Amendment jurisprudence. It isn’t, as Marvin Ammori and Larry Tribe note, and Abrams embarrasses himself by pretending otherwise. Having the government target Internet sites for pre-emptive censorship, and permitting them to do so before a hearing on the merits, is extraordinary. It is error-prone – look at Dajaz1 and And it runs afoul of not only traditional First Amendment doctrine, but in particular the current Court’s heightened protection of speech in a wave of cases last term. Injunctions affecting speech are different in character than injunctions affecting other things, such as conduct, and even the cases that Abrams cites (such as Universal City Studios v. Corley) acknowledge this. According to Abrams, the constitutionality of PROTECT IP is an easy call. That’s only true if you’re Hollywood’s sockpuppet. Thoughtful analysis is far harder.

Cross-posted at Prawfsblawg.

2 Responses to “Six Things Wrong with SOPA”

  1. Well written article Derek. I particularly liked your concept of the “magic elf”. Congress doesn’t need to concern itself with inherent problems in its legislation because magic elves (perhaps Santa’s elves working in the off season) will magically create new technology that doesn’t exist thereby solving a public burden hoisted onto a bill to appease some industry that hired heavy weight lobbyist.

  2. While you bring up good points regarding the flaws of SOPA, I can’t help but wonder if you are cognizant of the problems in defending a copyright claim. SOPA is likely a reaction by copyright holders to the fact that existing laws provide no substantive protection. To me, SOPA is like the sledgehammer that a person resorts to in frustration. Forgive my following musings.

    Up until a few years ago I did not handle any copyright issues and also felt that existing laws like the DMCA were overly broad. However when I began to volunteer to assist individual copyright holders whose works were infringed, often for profit, my attitudes drastically changed.

    I see many of SOPA’s provisions as almost mirroring my clients’ frustrations in my volunteer work.

    For example, the SOPA criteria cited here as being “wildly overbroad and vague” perfectly encapsulates most of the piracy sites I found my clients’ works on. Language such as “primarily designed,” “with a limited purpose,” “facilitate or enable,” “promote,” aptly describes most of the sites where the copyright infringement took place, which often described themselves as “pirates,” “free and no cost,” etc. I found was that there were literally thousands of sites where individual pirates gathered on to post and distribute links to infringing works hosted on file locker sites. As for these file lockers, they are not structured like Drop Box and such, but rather have a pay scheme that paid uploaders based on the amount of downloads from that file. These piracy sites operate much like a black market, and easily fall into each of SOPA’s criteria. Of course, the problem is legitimate sites, like Flickr, Drop Box, also fall into SOPA’s criteria.

    I also understand where the language “take deliberate actions to avoid,” comes from. One question is whether liability should attach to a service provider when repeated infringement occurs. The DMCA, for all its problems, also provides an incentive for sites to look the other way. Even if they have been alerted hundreds of times that an individual site or user is the source of infringement, they are only required to act on an individual basis. What I found was that responses would only be restricted to each single case of alleged infringement, so that effectively the source of the infringement was shielded; only his or her individual acts were dealt with under the DMCA. Thus the individual source of infringement is left to repeat such activities. They are also only required to act within a “reasonable” period of time, which I found to vary from a few days to a few months. In a few cases Google actually sent an initial response over 6 months after an initial notice.

    Another issue is at what point do requirements become unduly burdensome that they nullify a copyright holder’s rights? For example, DMCA notices work reasonably well when there are only a handful of infringements, but given the nature of how things spread, this requirement becomes unworkable when one infringement exponentially multiples. When an entire website is devoted to hosting and publishing infringing works, is it reasonable to hold the copyright holder responsible for filing tens of hundreds or thousands of individual notices for every single infringement on the site? Is it reasonable when the same infringement pops up on the same site repeatedly even after being taken down, so that effectively it becomes a repeating cycle? The existing scheme makes pursuing a copyright claim effectively a useless endeavor, even when fair use is not at issue. Attempting discovery, subpoenas, communicating, filing in multiple jurisdictions, etc., is so costly in terms of time and finances that it is Sisyphean game of whack a mole. This becomes literally impossible for overseas infringement. The effect is that copyright laws aren’t really useful when it comes to online infringement. The temptation then is to somehow go after the entire site itself.

    The reality is that there is now an inherent conflict in what copyright laws are on paper, and what they actually do in reality. On one hand are traditional notions of what is protected, and on the other hand is the reality that for a copyright holder, actually attempting to exercise those rights is nearly impossible.

    The major flaw with SOPA and attempts to strengthen copyright protections is one big question: how do you differentiate what is legitimate use and from what is not? From the copyright holder’s perspective, how do you fashion a system that does not require the copyright holder to go bankrupt when attempting to exercise their rights? Although I and a few others served as volunteers for independent small artists, the time we spent on these cases was quite costly. Even though I am an attorney, I can see how pointless and costly it is in some cases to have everything reviewed by a court. In theory it is laudable, in reality it is unworkable. Perhaps there should be an expedited process with a new type of court set up to handle IP and copyright matters, providing procedural protections with faster responses? Perhaps the writers of SOPA should have focused on this amongst many other things…

    In any case, I think a helpful exercise would be to view these issues from both sides of the aisle, and I would strongly encourage people to see how things play out from the perspective of a copyright holder who attempts to resort to existing laws. I am no expert, but my own volunteer experiences have left me as exasperated as my clients. SOPA should be put on hold, but a realistic alternative should take its place, one that provides actual and not theoretical relief, and especially one that does not simply bandage the issue for another decade.

    The most frustrating thing for my clients, small artists and writers, was their notion of what their rights as a copyright holder were on paper, and what little protection those laws actually afforded them in real life, especially when others profited from their work.