SOPA and the Future of Internet Governance

Posted in: IP Law

So what was all that fuss about?  SOPA, PIPA, Internet Blackout Day, front page stories in newspapers all across the country, eight million or so emails pouring into the White House, two million #sopa tweets, and 10 million signatures added to online petitions opposing the bills—followed, of course, by the announcement that these various legislative proposals for combating online copyright and trademark infringement had all been taken off the table “for further study.”

As Larry Downes noted in Forbes, “Internet users have revolted before in the face of earlier efforts to regulate their activities, but never on this scale or with this kind of momentum.”

What happened?  How did it happen?  And does it matter?

I’m not sure anyone can yet say exactly what happened or how it happened.  But whatever it was—a spontaneous, grassroots outpouring of opposition to an attack on Internet freedom of expression?  A bunch of information junkies who’ve gotten hooked on free music and free movies sticking it to The Man?  A plot by the giant technology companies to show Washington who’s boss?—I’m here to tell you that it matters, and it matters a great deal.

It matters because the Internet matters. If the events of the Arab Spring didn’t finally persuade everyone of that, I can’t imagine what would or will.  And it matters because SOPA would have done serious damage to the technical infrastructure that allows the Internet to do the remarkable things that it does—as I’ll discuss further below.

(I should point out here that SOPA, the “Stop Online Piracy Act,” was only one of the bills advancing through Congress recently dealing with online infringement.  Others included PIPA (“Protect IP Act”), COICA (“Combating Online Infringement and Counterfeits Act”), and the incredibly-acronymed E-Parasite Act, “Enforcing and Protecting American Rights Against Sites Intent on Theft and Exploitation.”  Though the bills differed in certain details, they all shared the same basic structure and were afflicted by the same problems; for the sake of convenience and clarity, I will use the term “SOPA” in this column to refer to this whole suite of bills.)

And it matters even more because the law enforcement regime that SOPA would have put into place reflects an approach to the problems of “Internet law” and “Internet governance” that is outmoded, unworkable, and unjust.

SOPA’s Objective

SOPA’s objective was straightforward:  to reduce or eliminate access to websites “dedicated to infringing activities” and operating outside of U.S. borders—for example, offshore websites offering copyrighted music or movies for download, or selling counterfeit Omega watches, all without authorization from the rights holders.

It’s a worthwhile goal; nobody can deny that there are an enormous number of such sites, that many of them make a great deal of money by trampling on the legitimate rights of copyright and trademark owners, and that the consequent damage to those rights holders is substantial.

This problem of offshore infringement arises from two very basic characteristics of the global network: First and most obviously, digital information can be reproduced at nearly zero cost, and with nearly 100% accuracy, making it a simple matter to do something that was for all intents and purposes impossible a mere twenty or thirty years ago:  to produce, say, 100,000 copies of the motion picture “Avatar” while you are on your coffee break, and with a lower outlay of funds than is required to pay for your cappuccino.

Second, physical location in realspace—the world of atoms and tangible matter—bears no relationship whatsoever to accessibility or to proximity in the world of bits.  In realspace, it’s harder to do business in London if you’re in Lima than it is if you’re in Liverpool, and it’s harder to cause harm in Seattle from Seoul than from Spokane. But in the world of bits, that’s just not true anymore; web servers in all of those cities are effectively “equidistant” from one another, as “close to,” and as accessible to, a user anywhere on the global network as the server down the street.

That’s the good news.  The bad news is that our realspace legal infrastructure is, just as one would expect it to be, built for the world of atoms.  (How could it have been otherwise?)  Our realspace legal system reflects this fundamental feature of the real world within which it was designed to operate:  physical location and physical proximity matter.  They are indispensable components of many inquiries central to the way realspace law operates, such as determining “jurisdiction,” or “citizenship,” or the “locus” of a contract or a tort, or dozens of other similar questions.  In our realspace legal world, as in realspace, “distance” between actors matters; the more physically distant the relevant actors are from each other, the more difficult it is, generally speaking, to enforce one’s law upon the other.

The disconnect between these two worlds—one in which physically distant actors can have a very substantial impact (good or bad) upon you or your property, and one in which it is difficult to bring law to bear upon those very actors—is at the heart of the problem that SOPA is trying to solve.

It’s a profoundly difficult problem.  Some of us saw it coming, twenty years ago or so.  An enormous amount of creative and innovative thinking is going to be required if we are to solve it in a sensible way.

SOPA does reflect some creative and innovative thinking; indeed, it embodies a radical new plan for the way that law enforcement will proceed on the Net.  But the new plan is deeply flawed, and would set us on precisely the wrong course for dealing with this difficult challenge.

How SOPA Would Work: A Brief Explanation

SOPA targets the activities of “foreign infringing websites,” but it doesn’t impose any sanctions on the offending websites, on the servers on which those websites are hosted, or even on the operators of those websites.  Instead, SOPA imposes its sanctions on the domain names used by those websites.

More specifically, SOPA authorizes courts to “seize” the domain names used by the offending sites via actions in rem—that is, actions that are brought against “property” and not against the persons owning or using the property.  By deeming domain names to be property, SOPA’s in rem actions thereby avoid the messy problem of trying to assert personal jurisdiction over the foreign actors or the foreign servers that are involved in a given dispute.

Under SOPA, judges could issue orders to any U.S. Internet Service Provider (ISP)—a category that includes hundreds of thousands of entities, from giants like Comcast, Verizon, and AT&T to any business or educational institution, however small, that offers Internet access to users—requiring the removal of the offending websites’ domain names from the ISP’s “routing tables,” the databases of Internet domain names and Internet addresses that are used by all ISPs to get messages from one place to another over the Net.

The Impact on the Internet If SOPA Became Law

Every day, the Internet accomplishes an astonishing feat, many hundreds of billions of times over:  it takes an address on a message (like the URL that you type into your web browser, or the email address you put into the appropriate field of an email message), and, from among the seven or eight hundred million machines out on there on the Internet, it finds the right one to deliver it to.  And it does all this in about a second or two.

It is a truly incredible (and largely invisible and unappreciated) feat of engineering, a finely-tuned system (to put it mildly) comprising, among other things, hundreds of thousands of copies of these routing table databases circulating around the Internet from ISP to ISP at all times.  (For a detailed account of how those routing tables, and Internet message routing more generally, work, see Chapter 10 of my book In Search of Jefferson’s Moose:  Notes on the State of Cyberspace.)

All of that complicated engineering is premised on one fundamental principle:  universal addressing.  The routing tables are the same wherever you are; that’s why there’s only one Internet, an Internet that looks the same whether you access it from Brazil or from Boston or from Belarus.

The consequences of court-ordered intervention to selectively remove entries from these routing databases are potentially severe and possibly catastrophic.

Don’t take my word for it; a number of people who know a great deal more about these engineering matters than I do, several of whom were instrumental in creating the original design for the Internet’s domain name system (DNS) and continue to manage and operate critical portions of the DNS infrastructure, have warned about this in no uncertain terms.  In their words, SOPA’s court-ordered manipulation of the domain name system (DNS) would:

  • (a)   be “evaded easily” and would “likely prove ineffective at reducing online infringement”;
  • (b)   “threaten the security and stability” of the Internet, “harming efforts that rely on DNS data to detect and mitigate security threats and improve network performance” and “posing significant risk of collateral damage”; and
  • (c)   “weaken important efforts now underway to improve Internet security [by] enshrining and institutionalizing the very network manipulation that [such security measures] must fight in order to prevent cyberattacks and other malevolent behavior on the global Internet, thereby exposing networks and users to increased security and privacy risks.”

(For more on these subjects, consult their full account.)

As Internet Blackout Day approached, the Obama Administration, finally, got the message.  On January 14, in the face of mounting public pressure, the White House announced that it was reconsidering its support for SOPA, in part because . . .

. . . proposed laws must not tamper with the technical architecture of the Internet through manipulation of the Domain Name System (DNS), a foundation of Internet security. Our analysis of the DNS filtering provisions in some proposed legislation suggests that they pose a real risk to cybersecurity and yet leave contraband goods and services accessible online. We must avoid legislation that drives users to dangerous, unreliable DNS servers and puts next-generation security policies, such as the deployment of DNSSEC, at risk.

Reassuring words—though one might ask why they hadn’t been uttered earlier in the SOPA debate.

But the damage SOPA would impose on the Internet goes beyond this (though this is serious enough), extending beyond the Internet’s technical infrastructure and deep into its legal infrastructure.

SOPA Undermines the Rule of Law

Two of SOPA’s provisions are especially troubling.  First, SOPA authorizes the issuance of these domain-name-removal orders after nothing more than summary ex parte proceedings, proceedings in which only the prosecutor and the judge, and not the individual(s) responsible for the websites’ activities, are present.

What this means is that some Korean, or Brazilian, or Russian website operator wakes up one morning to discover that her domain has been “seized” by the US government, and that ISPs are now removing it from the routing tables and making it, literally, invisible across the Net.  Her website is still up and running—it’s just that fewer and fewer people can reach it.

She can challenge the seizure (once she finds out what happened)—perhaps on the grounds that her website is not “dedicated to infringing activities” at all, perhaps on the grounds that under Korean, or Brazilian, or Russian law her actions are entirely lawful, or perhaps on the grounds that the prosecutor just got it wrong, as prosecutors sometimes do—but she’ll have to come to the United States, and get legal representation, to do so.  (And if she does that, in a little added bit of nastiness, SOPA provides that she will then be deemed to have subjected herself to the personal jurisdiction of the US courts.)

Second, SOPA authorizes a kind of “vigilante enforcement”: Copyright or trademark holders, acting entirely on their own without the intervention even of a prosecutor or a judge, would be able simply to provide written notice to banks, credit card companies, Internet search engines, or Internet advertisers regarding the allegedly infringing conduct of the foreign websites, and the recipients of such notices will then have five days to cease doing any business with the offending website or risk losing an immunity from suit for damages caused by the website’s continuing operation.

Imagine this scenario: “A guy walks into a bank.  He asks to see the branch manager.  He says: “You know Farmer Jones, whose place is just down the road from mine?  He’s been dumping horse manure in my pond, and spoiling it for my livestock.  He’s a nasty SOB.  STOP DOING BUSINESS WITH HIM.  FREEZE HIS ACCOUNT.”

In our realspace legal world, the bank will (and should) refuse.  “We’re sorry, but we can’t just take your word for it,” the bank will say; “Bring us a court order and we’ll comply, but we’re not going to deny Farmer Jones access to our services just because you think he’s acting illegally.”

More to the point, in our realspace legal world, the law surely does not and cannot compel the bank to comply with the demand, or offer it a reward for doing so—which is precisely what SOPA would do.

One of the very small number of truly fundamental principles undergirding our legal system and the Rule of Law itself—a principle enshrined (twice!) in our Constitution—is that you may not deprive anyone (like Farmer Jones) of life, liberty, or property without due process of law.  And due process of law requires that Farmer Jones has a meaningful opportunity to be heard, before a neutral magistrate, in an adversarial proceeding in which you and he each get to present your side of the story, in a forum that can lawfully assert jurisdiction over Farmer Jones and/or his property.

What is most disturbing about SOPA is not just that it would run roughshod over this principle, though it would, and that is disturbing enough; what is most disturbing about SOPA are the justifications proffered by its proponents for doing so.

I’m not aware of any SOPA supporter who argues that SOPA actually does provide foreign website operators with a meaningful opportunity to be heard, before a neutral magistrate, in an adversarial proceeding and in a forum that can lawfully assert jurisdiction over him and/or his property before depriving them of their ability to communicate with millions of Internet users in the United States.  They typically know full well that it does not.

Instead, SOPA supporters argue that the full panoply of procedures comporting with due process isn’t required when courts “seize property” (like a domain name) that is located “inside” United States borders.  And they argue that, in any event, SOPA doesn’t violate the due process rights of foreign website owners because foreign nationals standing outside of U.S. borders don’t have due process rights.

To be fair, their position is not an entirely indefensible one; indeed, there’s precedent to the effect that, as the Supreme Court put it in United States v. Verdugo-Urquidez, “[a]liens receive constitutional protections [only] when they have come within the territory of the United States and developed substantial connections with this country.”

Thus, to SOPA proponents, the proper analogy here is to the Customs Service.  SOPA, they say, simply prevents persons operating outside the United States from entering into our territory and bringing unlawful material—contraband movies and handbags—with them.  Customs agents board and search ships at the U.S. borders all the time, and if they find 100,000 copies of the “Avatar” DVD in the hold, they seize those copies and bring them before a magistrate, who orders their disposal and destruction (with or without the ship owner present).  Nobody complains about due process (or, for that matter, about the ship owner’s First Amendment rights) when this happens.  “Why, then,” SOPA supporters ask, “is everyone so exercised about SOPA?”

SOPA Is Outmoded, Unworkable, and Unjust

To which the answer is:  we’re exercised about SOPA because, as I said earlier, it is outmoded, unworkable, and unjust.  The Customs Service analogy doesn’t work; there are no ships and there are no borders, no “French” or “Brazilian” or “American” parts of the Internet, but rather a single global network.

We can, if we wish, impose borders onto the network, through legislative enactments like SOPA, creating an “American” portion of the Internet, while the Brazilians create a “Brazilian portion,” the Australians an “Australian portion,” and so on.  But why would we want to do that?  Why would we want the Internet to look like the map of the world in 1950 or 1975, when its power derives precisely from the fact that it is a single global network, accessible to, and allowing communication among, all of the world’s peoples?

SOPA is unworkable because the network architecture virtually guarantees that evasion will be widespread and rather simple to accomplish; tools that allow websites to instantaneously alter their domain names and redirect traffic to the new sites without any special action on a user’s part are already widely available, and will surely become more so if this approach becomes commonplace.  Thus, SOPA will not stamp out copyright infringement on the Internet; indeed, it probably won’t even make much of a dent in copyright infringement.  If there are 50,000 pirate websites out there and SOPA somehow managed to close half of them down, that would still leave us with 25,000 bad guys.  And in the world of bits—where information is infinitely reproducible at virtually no cost—25,000 bad guys can do just as much damage to your intellectual property as 50,000 bad guys can.

Finally, SOPA is unjust.  Perhaps we are not required to provide due process to those residing outside our borders, but that hardly means that we shouldn’t choose to do so.  The Constitution of the United States, remember, doesn’t bestow the right to due process upon us; it says that the government won’t take away the due process rights we all already have by virtue of the fact that we are human beings.  That is the principle on which we should begin building a just legal regime for our new online global society.

Copyrighted works are important, culturally and economically, and they are worth protecting.  They are not, however, sacred objects that we should protect at any cost.  The damage SOPA would do is immense, and the benefits it would provide would be negligible.  R.I.P., SOPA.  May your sleep be long and untroubled, and may you not rise, as I fear you will, from your grave to haunt us again any time soon.

Posted in: IP Law, Technology Law

23 responses to “SOPA and the Future of Internet Governance”

  1. Peter says:

    Well said. Really intersting!

  2. cdoscope says:


  3. […] To put it in blunt terms, SOPA would have helped to legally enact a powerful form of online censorship at the whims of the government and major corporations. Here are some consequences of the bill had it come to pass (and more here and here): […]

  4. Copyright Alliance says:

    It’s our hope that
    articles such as these prompt thoughtful assessment of best approaches for
    solving these very real problems. While both SOPA and PIPA are no longer on the
    immediate legislative horizon, it is worth noting a few corrections.


    We wholeheartedly agree
    with Prof. Post that “copyrighted works are important, culturally and
    economically, and they are worth protecting,” but want to set the record
    straight regarding the proposed legislation’s handling of due process. Both
    SOPA and PIPA would have required a court order issued under rules of civil procedure.
    Neither permitted any sort of “customs seizure” or private remedy without a
    court order. In fact, the bills would not have allowed the seizure of websites
    at all. Instead, a judge would have formally decided whether sties in question
    met the definitions in the bill, after which certain US entities would have been
    directed to cease doing business with the sites.


    With respect to the idea
    that IP addresses would be removed from internet routing tables, that was not
    the case. In early versions SOPA required the widely used DNS filtering, not
    the removal of an IP address, but by the day of the protest, that provision had
    been removed from the bill.

    Finally, the other
    legislation mentioned is less relevant to this discussion as COICA was
    introduced in a previous Congress and E-Parasites was never introduced.    

  5. SOPA and the Future of Internet Governance | Gov 2.0 | says:

    […] fixed; background-position: 50% 0px; background-color:#; background-repeat : no-repeat; } – Today, 7:51 […]

  6. Geoff Middleberg says:

    Professor Post takes a very serious, critical look at the online piracy measures that were debated in Congress. It is important to note however, that none of these pieces of legislation would have broke with centuries of precedent regarding due process. This is respected in many of the online piracy bills that were debated. Any final compromise should also emphasize due process because if this country is going to protect intellectual property, it must do it in a effective manner but in a way that punishes the true wrongdoers in our society. 

  7. End SOPA » SOPA not part of cybersecurity bill, spokesman says – says:

    […] StandardAftermath Of The MegaUpload ShutdownManila BulletinWashington Examiner -Justia Verdict -Northern Iowanall 20 news […]

  8. End SOPA » The right to censor – El Paisano says:

    […] Greatest Show on Earth 2.0Northern IowanBusiness Insider -Manila Bulletin -Justia Verdictall 30 news […]

  9. Excellent read and one of the best backgrounders on SOPA that I have seen to date.

  10. Excellent read and one of the best backgrounders I’ve seen on SOPA to date.

  11. Why the era of online piracy is over – Southgate News Herald | teensterbeat says:

    […] ShutdownManila BulletinInternet laws a sledgehammer approach to privacySydney Morning HeraldJustia Verdict -Stanford Progressiveall 29 news […]

  12. More “For the Moment Final”** Thoughts on SOPA - I Hate Paypal » I Hate Paypal says:

    […] has settled a bit, what was that all about?” variety.  So I did.  The original is published here:  By virtue of […]

  13. […] by the end of the day the story featured on the front pages of newspapers across the country, 10 million people had signed online petitions against the bills and the White House had received 8 million emails […]

  14. LindaM says:

    “Copyrighted works are important, culturally and economically, and they are worth protecting.  They are not, however, sacred objects that we should protect at any cost. ”

    I wish people would focus more on this obvious aspect rather than the technicalities of internet censorship.

    Copyright is supposed to help innovative thinkers and artists thrive. Yet today, copyright lasts for 70 years after the author’s death! How on earth is this protecting the cultural and economic value of authorship, rather than the lecherous business interests of parasites who insert themselves between creators and their audience?

    We simply cannot wash all that away with the handwaving that “copyright is important and worth protecting”.

  15. Anonymous says:

    “It’s a worthwhile goal; nobody can deny that there are an enormous number of such sites, that many of them make a great deal of money by trampling on the legitimate rights of copyright and trademark owners, and that the consequent damage to those rights holders is substantial.”
    No. No. No. NO!
    The “rights” of the “rights holders” are not legitimate.  They use DRM to enforce “rights” that are not granted them by copyright law.  They bribe Congress to get eternal extensions of copyright terms in violation of the Constitution.  They abuse copyright law to stifle competition and silence critics.  They sign false DMCA takedown notices “under penalty of perjury” with complete impunity and demand crippling damages for trivial infractions.  They make false statements about copyright law on every DVD and under an FBI banner, no less!
    They lie about the damage to their business, insanely inflating the computations, while actual damages are minimal or even negative.
    The only problem with copyrights is the insane power that has been granted “rights holders” over the last few decades, the massive corruption of the “media industry”  and the enormous continuing damage these “rights” do to artists, culture and society.

  16. Michael Martinez says:

    This is absolute nonsense.  Everything you say would come to pass with SOPA already exists under current US law and international agreements: seizure of domain names through the courts, blocking domains through DNS services (except Google’s, which doesn’t allow filtering — which is why many American Internet Service Providers won’t use their Public DNS), and arresting people for criminal infringement.

    Of course, these measures can only be enacted against AMERICAN Websites (which are clearly identified under US law) .  It’s the foreign Websites that make millions of dollars off of advertising (such as Google’s AdSense) that are evading the reach of American intellectual property rights owners that are creating the worst problem.

    And, in fact, many American business sites have complained often about the “scrapers” that steal their own content and then use it to create contextual saddles for advertising (such as AdSense).  These bills would have aided those American Websites in shutting down the illicit use of their content by forcing the advertising services (such as Google) to cut off the flow of money to those infringing sites.

    The safe harbor provisions in the bills would have ensured that typical Website operators and their users would not be prosecuted or face any legal action — similar to the safe harbor provisions that protect these Websites under existing laws that are being used to prosecute criminal infringers such as MegaUpload, child pornography, terrorism, and organize crime sites.

    As for the ridiculous assertion that SOPA would deny due process to anyone, it in fact creates that very due process — just as every other US law that authorizes seizure of property and arrest for organized criminal activity, allowing the accused to have their day in court.  You might as well complain that the local police don’t go to court to get a warrant to deliver a speeding ticket to people on the highway.

  17. Robert says:

    Quite a remarkable piece of work. One of the best SOPA/PIPA, etc. explanations to date. Congratulations to Prof. Post. I intend to share this with my network. Thank you.

  18. Why we must stop ACTA | The Daily Organ says:

    […] by the end of the day the story featured on the front pages of newspapers across the country, 10 million people had signed online petitions against the bills and the White House had received 8 million emails […]

  19. Karl Heideck says:

    Are you ok…? I think you should take a breath and read a little more closely.

  20. […] background-position: 50% 0px; background-color:#222222; background-repeat : no-repeat; } – Today, 10:52 […]

  21. Guest says:

    Did you even understand a word of this article the way it is meant to be understood… a piece of advice…. criticizing others when you don’t understand a word of their intellect only proves that ’empty vessels make most noise’, if you understand the meaning of the idiom that is..

  22. Kody says:

    Excellent read. Thanks!