Why SOPA / PIPA wont work

Published Date |

Why SOPA & PIPA wont work

The Stop Online Piracy Act (SOPA) and the Protect IP Act (PIPA) bills are before the House and Senate respectively. These bills are well-intentioned attempts to stop the theft of intellectual property through foreign-based websites. Intellectual property is an important form of property that is protected in our Constitution. Some foreign websites violate copyrights by offering free copies of movies and software from their websites. This activity it illegal and these bills are meant to stop this online piracy.

The method these bills will use to stop online piracy will not work. Most likely they will damage the usefulness of the Internet.

First, understand how internet protocols work

All web addresses are actually composed of numbers. This string of numbers is called the Internet Protocol or IP address. The domain name (or URL) is its common text name so it’s easier for humans to understand. Typically, a domain name resolver translates the common text name into the IP. For example, a domain name like “heritage.org” is translated into “93.184.221.133.”

The problem with both of these bills is they require an intermediary to get in between this translation. In other words a website operator like Comcast could be ordered by a court what IP address a domain name will translate to.

The Internet is somewhat dangerous and always has been

The current protocols of the Internet do not have an “authentication” function. The Internet is designed to move information effectively and efficiently from one place to the next, but it does not have a general security system in place to warn people when their traffic is being hijacked.

Hijacking can occur in two ways:

It is feasible “technically speaking” to intercept traffic via a “man-in-the-middle” attack. This is where someone gets in the middle of a conversation and hijacks it by making independent connections with the victims. From the middle vantage point, messages can be relayed between the victims, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the malicious “man-in-the-middle”.

It is possible to “spoof” a website. For example, your request to connect to your bank at “wellsfargo.com” is maliciously redirected to a phony “wellsfargo.com” website and your login information is collected.

These are known dangers and have been. For many years, the engineers responsible for the specifications of Internet traffic (the Internet Engineering Task Force, or IETF) have been aware of this vulnerability—which costs millions of dollars every year in theft—and they have been working on a solution.

Internet security measures already proposed

The solution is set of technical specifications adopted by the IETF that uses the acronym DNSSEC, which stands for Domain Name System Security Extension. This allows a user to confirm the authenticity of a domain name. Pursuant to DNSSEC, every website will have a certificate of authenticity that will verify that the site is, in fact, the site it purports to be. So, once DNSSEC is deployed, a “security resolver” function in the browser would be able to check the authenticity of the registration of the “wellsfargo.com” website that your browser is accessing and give the user either a confirmation that the website is the real wellsfargo.com or a warning that its authenticity could not be verified.

Interfering with the Internet

SOPA and PIPA do not attack pirates directly—mostly because they are offshore and outside U.S. jurisdiction—SOPA and PIPA look at law-abiding Internet Service Providers (ISPs) like Comcast and use them as the enforcement mechanism. Both SOPA and PIPA would allow the Attorney General to secure court orders that would require ISPs to prevent Internet traffic from going to pirating websites once the pirating website is known

Keep in mind that a new website can be created in a day. Our legal system would have to catch a pirated website and alert Comcast and they would have to block the domain name in less than a day. The US legal system has never moved that fast.

These bills would essentially allow the Attorney General to order ISPs to do something similar to what DNSSEC is trying to prevent: and that is to block an attempt to reach a website.

In effect an ISP, like Comcast, would intercept all website traffic and make sure it is directed to the correct address.

Government interception and checking each click will be troublesome.

The blocking function is likely to slow down domain-name resolution for the entire Internet. If American law establishes the principle of permitting DNS filtering, other countries will as well, and the concept of a universal addressing system will be degraded.
By disrupting the DNS resolution system, it will be slower. We can really have no idea of the extent of the consequences of mandating that each click to a domain address must be checked to determine if it should be blocked. This would only add complexity to the Internet addressing function and make it more likely malicious efforts to “block and redirect” traffic would succeed.

Will SOPA/PIPA accomplish its goal?

No. Even if the Attorney General obtained a blocking order that stopped Comcast from sending data to a pirate website, it is relatively easy to work around the block—remember, the World Wide Web was designed to be flexible. We can reasonably predict that a many “redirector” domains would soon spring up, many of them linked to ISPs outside the United States and outside the Attorney General’s jurisdiction. Downloadable programs would be available to use those redirectors. Indeed, one such program, known as “DeSOPA,” has already been developed and can be downloaded as a Mozilla Firefox extension.

Some experts refer to this filtering as a “whack-a-mole” approach.[1] The requirements are sufficiently easy to evade so additional legislation will later need to be passed to try to make writing, downloading, and using programs to avoid a SOPA/PIPA mandate illegal. That is another effort doomed to failure.

These bills put Congress in the business of managing the Internet in ways that will have unanticipated consequences. A working domain-name system is like a working mailing address—the rest of the system depends on it. If the addressing system is compromised, software will not work, queries will not be answered, and emails will not be received. Once you go down the road of allowing (or ordering) the functionality of domain-name filtering (even for a “good” purpose), you create the potential for restricting domain-name access for a host of other purposes.

Dr. Leonard Napolitano of Sandia Labs put it in his letter to Congress, the bills:

Are unlikely to be effective.
Would negatively impact U.S. and global cybersecurity and Internet functionality.
Would delay the full adoption of DNSSEC and its security improvements over DNS.

SOPA/PIPA Good Intentions but Dangerous Flaws

SOPA and PIPA would not work and the bills violate the fundamental principle of universality that makes the Internet function as a global communications system.

Finally, consider if this functionality were deployed, the ease with which censorship could occur and taxation would increase.

This article was inspired by an article written by Paul Rosenzweig for The Heritage Foundation.My goal has been to add some graphics and simplify some of the explanations in order to reach a larger audience and inform them of these dangerous bills.

Annual website checkup

Published Date |

Your website should be given an annual checkup, just like your car gets a regular tuneup and you see the dentist and doctor regularly (a-hem!)

Doing this at least once a year will ensure that your website is able to generate leads and sales for you.

1. 1. 1. 1. Review your contact info.
        Make sure that your company address, phone and fax numbers are still correct. Update statements that say things like "In business for 10 years". You'll want to increment the number.
      2. Check generic email addresses for accuracy. If you have an email like This e-mail address is being protected from spambots. You need JavaScript enabled to view it. test it to make sure that the correct people are still receiving these where you expect to.
      3. Review and test your contact forms. Similar to the generic email addresses, make sure that forms on your website are sending email correctly to the address you expect them to. If they aren't, you're likely losing sales.
      4. Review your outgoing messages. If you have automatic messages sent when someone registers, requests info, or makes a comment, make sure that the information in the outgoing email is still correct and that the email arrives successfully in the visitors inbox.
      5. Update copyright and/or privacy policy statements. If you have a copyright notice on your site, make sure it’s not outdated. If you have a privacy policy, review it to make sure it accurately describes your current policy toward handling your customers’ personal information.
      6. Test all outgoing links on your website. Broken links reflect badly on your company and frustrate your visitors. Here is an automatic tool to check website links on the W3C website.
      7. Check any passwords on your site. If the password section no longer works you're frustrating your registered members. If you have an admin area to your website make sure you can still get in. Also, make sure that you change the password if an employee who had access is no longer with you.
      8. Do an overall review of your website. Check every page to ensure it is accurate and current. Look at the website and decide if new sections should be added or if you need to update the design to improve your professional image.

Cheers