Veterans of the legislative process have often been heard to observe that the one law that never gets repealed is the law of unintended consequences. That is, new laws not only often fall short of their intended effect but also produce negative fallout. The classic example is the 18th Amendment to the U.S. Constitution, otherwise known as Prohibition, which fell far short of curbing alcohol consumption from its ratification in 1919 to repeal in 1933 but gave a huge boost to organized crime.
This past week, ICA joined in with major registries, registrars, ISPs, search engines, and other Internet players to discuss the ongoing trend to look toward DNS blocking as a cure-all for illegal online activities. The purpose of the meeting, held under the auspices of the Center for Democracy and Technology (CDT), was to review what’s already being done to address IP infringement, child porn, phishing and pharming, malware, botnets, and all the other ills that propagate across the Net as well as to share views on the legal and technical issues raised by S. 3804, Senator Leahy’s proposal to block offending domains here and abroad.
What quickly became clear is that all these Internet participants already work to stem these harms in a variety of ways:
• Registries and registrars respond swiftly to court orders to take down domains, and will act on their own if a domain threatens their own stability and security.
• Registries and most registrars already have their own acceptable use policies that are acted upon when a domain is harboring illegal activity.
• Registrars respond quickly to takedown orders generated under the Digital Millennium Copyright Act, and will generally assist a complainant in identifying the hosting company if the website is not on their own servers.
• Child porn sites are shut down swiftly upon notice from law enforcement or the National Center for Missing and Exploited Children.
• The Departments of Justice and Homeland Security already have the power to seize domains as assets of criminal organizations.
So there are already effective laws on the books and a variety of cooperative efforts that do a pretty good job of addressing the IP infringement that is the focus of S. 3084. One thing Congress often does is rush to make new law before conducting meaningful oversight over, and encouraging effective enforcement of, the many laws already on the books.
Participants in the CDT meeting also discussed the unintended consequences that could flow from enactment of a law like S. 3084. Ironically, it could undermine ongoing efforts to enhance cybersecurity and provide new tools to the very criminal organizations that profit from the illicit activities being targeted. The negative fallout could include:
• Delaying the implementation of DNS Security (DNSSEC) by undermining the required “chain of trust”.
• Incentivizing a wide range of websites that could fall afoul of the bill – including Web 2.0 sites based on user-generated content – to utilize registrars outside the U.S.
• Encourage the use of web browser plug-ins that resolves to alternative DNS systems that route around the attempted blocking. Some of these alternate DNS routers could even be provided by criminal organizations that use the lure of free content to make millions vulnerable to more nefarious cybercrimes.
This technical fallout could ultimately lead to a “fractured root” and make the Internet less stable and more subject to exploitation by bad actors.
Then there are the international political implications, with U.S. legislated domain blocking undermining Secretary of State Clinton’s push to expand Internet freedoms in repressive nations, and providing potential ammunition for the ITU’s quest to have greater sway over the Internet.
The current status of the legislation is that an evolving “manager’s amendment” may be voted upon by the Senate Judiciary Committee on November 18th. Meantime, the House Judiciary Committee is said to be drafting its own version and it is rumored to contain a private right of action. Given that the legislation covers a very broad swath of companies providing Internet services, the prospect of thousands of private lawsuits, rather than just a handful of actions brought by U.S. attorneys, makes it even more necessary to tighten up the legislative language. This debate looks certain to carry over to the new Congress in 2011.
We are not saying that there’s no need at all for new laws in this area, nor are we saying that the negative fallout will outweigh any positive benefits. But there is ample precedent to believe that domain blocking will be no more effective in curbing the unauthorized online distribution of IP than all the other avenues than have been tried in the past.
Unintended consequences need not be unforeseen consequences. And the best way for Congress to avoid foreseeable fallout is to proceed in “regular order” and hold hearings before voting. The basic questions that should be asked are:
• Do we really need to add to existing law and regulation and ongoing cooperative efforts?
• What is the likelihood that the new law will be effective in addressing the targeted problem?
• What are the potential downsides and can they be limited?
Pursuing IP content piracy has already been a decade-long game of whack-a-mole. Too sharp a blow in the wrong place risks breaking the Internet to the detriment of legitimate players and the benefit of bad actors. Congress needs to proceed with caution.