There are so many scary parts to SOPA, it's taking some time to pull out all the pieces. One of the scarier parts of SOPA that isn't found in PROTECT IP, is the addition of a form of an "anti-circumvention" rule, which makes it illegal to try to get around any blockade on the US government's blacklist. Like the DMCA's dreadful anti-circumvention clause, this one is also vague and overly broad -- and would create problems for all sorts of legal services. The EFF is listing out some perfectly legal services that would suddenly be in legal crosshairs
In this new bill, Hollywood has expanded its censorship ambitions. No longer content to just blacklist entries in the Domain Name System, this version targets software developers and distributors as well. It allows the Attorney General (doing Hollywood or trademark holders' bidding) to go after more or less anyone who provides or offers a product or service that could be used to get around DNS blacklisting orders. This language is clearly aimed at Mozilla, which took a principled stand in refusing to assist the Department of Homeland Security's efforts to censor the domain name system, but we are also concerned that it could affect the open source community, internet innovation, and software freedom more broadly:
- Do you write or distribute VPN, proxy, privacy or anonymization software? You might have to build in a censorship mechanism — or find yourself in a legal fight with the United States Attorney General.
- Even some of the most fundamental and widely used Internet security software, such as SSH, includes built-in proxy functionality. This kind of software is installed on hundreds of millions of computers, and is an indispensable tool for systems administration professionals, but it could easily become a target for censorship orders under the new bill.
- Do you work with or distribute zone files for gTLDs? Want to keep them accurate? Too bad — Hollywood might argue that if you provide a complete (i.e., uncensored) list, you are illegally helping people bypass SOPA orders.
- Want to write a client-side DNSSEC resolver that uses multiple servers until it finds a valid signed entry? Again, you could be in a fight with the U.S. Attorney General.
This is how the Great Firewall of China works as well -- by threatening service providers who don't help block with the idea that they might be liable if they don't figure out "some way" to block things. Then everyone scrambles to censor well beyond what is required under the law, just to avoid liability. The end result of this will make the internet significantly less secure. VPN providers will go out of business or be severely limited. This is exactly the opposite of the direction we should
be moving in.