Senator Ron Wyden questions ICE about domain seizures

Nate Anderson at Ars Technica reports that Oregon Senator Ron Wyden has noticed ICE's seizure of Internet domains over the last several months, and he is not amused. He has sent the head of ICE ten questions he wants answered regarding the handling of those seizures. It's not the first time Mr. Wyden has spoken out against the governments methods (or proposed methods) of combating copyright infringement. In a story on Politico.com (about the domain seizures) it was also reported that he put the Combating Online Infringement and Counterfeit Act on hold before the end of the last congressional session.

The senator noted that some of the sites taken down might not have done anything illegal. One, rojadirecta.org, is a Spanish site that has been declared legal multiple times by Spanish courts. Another, dajaz1.com, hosted music that had been sent to him for promotional purposes by record executives. Senator Wyden wonders just what type of checking ICE did before taking these domain names. Did they engage in crimes, or did ICE play enforcer for the content providers who provided a list of offending domains? And how does a site that is putting up songs sent to it for that purpose by record executives? Why didn't the site owner provide proof that it had permission to put the songs up? Because it was never offered the chance. The domain was seized without ever notifying owner of dajaz1.com that his site was being accused of illegal activity before the domain was seized.

Ron Wyden has questioned many of the governments efforts to extend it's power to invade citizens privacy. He's tackling problems like the police's ability to track you without a warrant using your cellphone and the true effect of ACTA on U.S law.

Ron Wyden is asking the right questions. What will happen if we tie our laws to the laws of other countries? Is it right to seize the property of others with only the claim of infringement by other parties? What is the real effect of file sharing? Should the police be able to track us without a warrant? All are questions that need careful consideration and thoughtful effort put into finding the answers. But until I heard about Ron Wyden it seemed that no one in Washington was asking them. Ron Wyden seems to remember who he was voted into office to represent.

If only there were more in Washington who did.

What is happening to Intellectual Property law in this country?

The last couple of months have seen interesting developments in Intellectual Property (IP) law. The Combatting Online Infringement and Counterfeits Act (COICA) made it through Committee in the Senate. The Department of Homeland Security (DHS) is being used to enforce IP law by the Department of Justice (DOJ). Internet domains are taken down with no warning to disrupt the sale of counterfeit goods. According to the press release from the DOJ:

The coordinated federal law enforcement operation targeted online retailers of a diverse array of counterfeit goods, including sports equipment, shoes, handbags, athletic apparel and sunglasses as well as illegal copies of copyrighted DVD boxed sets, music and software.

Makes sense and seems reasonable. But they seized at least one search engine that never hosted torrents or knock-off items. That is disturbing. What would happen if DHS suddenly decided to seize Google? Bing? You can find torrents and knock-offs on those sites, too. Shutting down a search engine because you can find pirated movies is like shutting down a library because you can find the formula for TNT.

Historically IP crimes have been civil matters. But recently they have begun to be pressed as criminal offenses. Take a case reported by Wired.com, the case of Matthew Crippen. Crippen is charged with two counts of circumventing DRM on XBox video consoles by installing mod chips that allowed people to run homegrown software, RIPped DVD's, and other 'unofficial' content, although he could have been charged with many more counts. His lawyers are trying to use the recent decision granting jail-breaking the iPhone an exemption under fair use as part of their defense strategy. If they lose he's facing 3 years in jail, although it could have been as long as 10 years.

Why is the Department of Homeland security enforcing copyright law? Why are IP cases being tried as criminal cases? Why are we changing our IP suspects guilty until proven innocent? How can we fix these problems?

Combating Online Infringement and Counterfeits Act makes it out of committee

Public Knowledge reports that the Senate Judiciary Committee has approved COICA. COICA is a nasty piece of legislation that allows a person to get a website taken down by complaining that it is infringing on someone's intellectual property. No hearings, no trials, no investigation necessary. Complain to the ISP of the allegedly offending site, and down it comes. It won't work the way it's intended, and will have little effect on criminals, but it could have a profound effect on legitimate businesses who deal with file storage and encryption. I blogged about some of the problems last month.

Write your senators and representatives. This is important, and could change the face of the internet completely if left unchecked. It's made it out of committee, but it can be stopped short of passing the Senate and be kept out of the House entirely. Find your senator's physical and email addresses here Find your representative's physical and email addresses here.

COICA: RIAA and MPAA at it again?

In the comments on Friday's postI said I might talk about the free speech problems inherent in the administrations desire to wiretap the internet. That's not happening today, although it's still an important topic. Today we are going to talk about COICA, the "Combating Online Infringements and Counterfeits Act". The Electronic Frontier Foundation has a very good resource page, including a list of legitimate and pseudo-legitimate sites that could be taken down using COICA, and a page explaining why.

This bill (S111=3804) does what has never been done in the United States - it censors the internet. Probably in a much more far-reaching manner than expected by the Senate, or by the groups pushing for it. If it is as effective as it's elder brother, the DMCA, it will also have little effect on criminal, but will have far more serious effect on law-abiding citizens.

Actually, this ties in with my concern over the proposal to make the wiretap friendly. Businesses such as Carbonite.com and Mozy.comstore your data encrypted. They cannot access it because they don't have your encryption key. Then there are free sites like Dropbox and Oosah.com. Carbonite and Mozy are for-profit businesses, and presumably can prove that their primary purpose is not sharing pirated music and/or movies. Dropbox and Oosah may have a harder time. And if push came to shove, none of them could prove the files on their servers are not stolen intellectual property - unless they have the ability to decrypt their customers files. So to make COICA work they will have to make the internet wiretap friendly. Except that still won't make COICA work, it will just harm legitimate businesses and services.

If I were into conspiracy theories I'd say we were seeing a two pronged attack. If the RIAA amd MPAA can get COICA passed, the 'wiretap bill' (whatever it will be called) will be passed because it COICA will require it to be able to prove a site's primary purpose is piracy. It could even be made part of COICA. The Fed, the MPAA and RIAA would all get what they want. It wouldn't work the way they expect it to, because the bad guys don't obey the law. Steve Gibson of the Security Now (show transcript)podcast stated the problems well:

Well, and you end up with cat and mouse, too. You end up with those sites that are blacklisted register under a different name. And for a while they're there, until the blacklist catches up with them. And then they move again. I mean, the whole thing is just brain dead. It makes no sense. But we have a problem, and that is that we're dealing with technology that the legislatures probably don't understand. And who knows what the unintended consequences are going to be. But the idea that we're facing state-sponsored censorship of the Internet...

The bill specifies that domain names will be blacklisted. That's wonderful, but blacklisting a domain name may not be enough. The bill does not mention IP addresses, and I don't think those get blocked if the domain name is. If the IP address isn't blacklisted, then the whole thing is an exercise in futility. All the domain name system does is say, "IP address xxx.xxx.xxx.xxx will map to domain name "snickerdoodle.com." If you type in the IP address you'll get to the site, even if the domain name is blacklisted.

When it comes to wiretapping the internet and putting backdoors on encryption, in the same podcast, Steve said:

Now, the problem is, and we said this a little bit at the top of the show, is this is too late. I mean, I completely sympathize with what law enforcement wants to do, with the dilemma they have. But this technology exists. It is in the public domain. It is in open source tools all over the world. It's already escaped. And there's nothing they can do about it.

What Steve is talking about, is that current encryption technology is pretty much uncrackable. The best way to crack it is to use things like rainbow tables and try to find collisions - which mean you find passwords that give the same results. The weaker or more common the password used, the easier it is to crack the encryption. So if you use "Rover" it may not take long to discover it through rainbow tables. "e3'w53eksw;1" may take centuries. That might not be such a big deal if encyrption software was proprietary, with every company creating it's own and keeping the codes and algorithms secret secret. But encryption technology is almost 100% created by people and teams who have given the code and algorithms free and clear for anyone to use. So if we install backdoors in our encryption products, the only people it will have any effect on will be law-abiding U.S. citizens. Criminals and foriegn citizens will not care because they can roll their own encryption software.

I haven't even talked about free speech, but it's late, so I'll leave this here for now.