Collateral Damage In IP Enforcement: PROTECT IP Under Fire

Mark Kohras is a JD candidate at Osgoode Hall Law School.

A new IP enforcement bill making its way through the US Senate has been sparking a surprising amount of controversy. It has received opposition from many prominent groups, including DNS experts, law professors, venture capitalists and even major newspapers. The creatively entitled Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act (otherwise known as PROTECT IP) is the next step in a sequence of attempts to control the current tide of IP infringement on the internet.

These efforts started with the creation of the notice and takedown system in the Digital Millennium Copyright Act (DMCA) that allowed copyright owners a simple and expedient way to remove infringing content on the internet by contacting the hosting web pages directly, bypassing the need for an injunction and significantly reducing the time and costs involved in IP enforcement.

However, this approach proved somewhat insufficient. While an effective means of removing infringing content from US-based websites, those hosted oversees are not subject to American laws. Given the global nature of the internet, Americans could continue to access infringing content online through foreign websites, and US-based copyright owners and law enforcement would have to resort to legal procedures in the websites host country to stop them. This presented a problem, not only because of the costs, but because copyright law can differ widely on the international scene. What is infringing in one country may not be in another. What the US needed was a way to affect Americans access to foreign websites directly, and the answer came in the form of PROTECT IP.

PROTECT IP will grant the US Department of Justice (DOJ) the ability to blacklist websites that are deemed “dedicated to infringement”. Search engines would be required to remove the website from their listings and American domain name system (DNS) servers would be required to re-direct users to a DOJ website instead of allowing them to access the website, theoretically making it much harder to find the website. The DOJ and copyright owners can also prevent advertising and payment processing companies from working with an infringing website, thereby cutting off potential revenue streams.

The act initially received unanimous approval from the Senate Judiciary Committee and was scheduled for a vote before the full senate, but has subsequently hit a series of roadblocks. A day after the legislation was passed out of committee, Senator Ron Wyden placed a hold on the act, stating that he agrees with the goal of combatting online infringement, but he is “not willing to muzzle speech and stifle innovation and economic growth to achieve this objective”. A hold effectively prevents the senate from voting on the bill unless the hold is removed by the senator who placed it or it is overturned by a three-fifths supermajority vote.

The bill has also received strong opposition from many groups. A group of leading experts on the internet domain name system have written a whitepaper that outlines key objections to the proposed filtering system. Chief among them is the provision of PROTECT IP that requires redirecting to a DOJ website would conflict with DNSSEC, a security measure designed specifically to prevent this type of redirecting.

A website on the internet is located at a numerical IP address roughly corresponding to its geographical location on the internet. For the ease of convenience, website owners can register a domain name that is associated with their IP address. When a user enters a domain name into their web browser (i.e. www.iposgoode.ca) the browser contacts a domain name server which tells the browser the IP address associated with the domain and allows the browser to find the appropriate website.

A common tactic known as DNS poisoning is to hack a DNS server to display an incorrect IP address. Anyone who connected to the server looking for the IP address of a website (for example, their local bank) would instead be routed to a false website of the hackers' choosing, made to look similar to the real website in order to trick users into revealing sensitive information. While DNSSEC would prevent this type of attack, it would be unable to determine which redirections were due to a legal internet blacklist and which ones were caused by hackers. This would make it impossible for internet service providers (ISPs) to implement DNSSEC while remaining compliant with PROTECT IP.

The DNS experts also point out how easy it is to bypass this type of redirection. Since the bill only targets domain names and not IP addresses, websites would still be accessible simply by typing in the IP address directly. For an even simpler approach, users can point their computers to DNS servers outside of the US, or use available tools to bypass the blacklist altogether.

More recently there have been concerns from a group of over a hundred notable law professors opposing the act. Their letter outlines concerns that the act may be unconstitutional. Since the act allows for websites to be censored without an adversarial hearing, it amounts to prior restraint and is a violation of the first amendment. Prior restraint is when the government suppresses material before a judge has made a final determination that the material is unlawful, and is presumptively unconstitutional.

They also expressed concern that this move will send a message to other countries that it is acceptable to censor “content from the global Internet, regardless of where it may have originated or be located, in service of the exigencies of domestic law.” This stems from the provision preventing search engines from linking to infringing websites. Conceivably, the provision would allow the DOJ to insist that major search engines filter search results for all users regardless of whether they are located in the US. This could result in American law preventing search engines outside of the US (or local versions of search engines, such as www.google.ca) from linking to websites located outside of the US.

Overall, PROTECT IP has a laudable goal. Copyright infringement on the internet is a widespread problem. However, efforts for IP enforcement should be tailored to ensure they do not result in even greater collateral damage. Given the ease to which these measures can be circumvented, the US should be careful to ensure that it does not lose more than it gains.