Yes, all the attention these days about the Sony hack is on the decision to not release The Interview
, but it still seems like the big story to come out of the hack is the sneaky plans of the MPAA in its bizarre infatuation with attacking the internet. We've already covered the MPAA's questionably cozy
relationship with state Attorneys General (to the point of both funding an investigation into Google and writing documents
for those AGs to send in their names), as well as the continued focus on site blocking
, despite an admission that the MPAA and the studios still don't have the slightest clue about the technology implications of site blocking.
Last week, TorrentFreak noted the various options
that were under discussion by the MPAA for blocking sites, and now The Verge has published more information
, including the analysis by MPAA's favorite hatchetmen lawyers at Jenner & Block about how site blocking might work in practice
[pdf] by breaking DNS.
For years, actual
technology experts have explained why DNS blocking is a really bad idea
, but the MPAA just can't let it go apparently. It's just, this time, it's looking for ways to do it by twisting existing laws, rather than by getting a new SOPA-like law passed.
To understand the plan, you have to first understand the DMCA section 512
, which is known as the safe harbor section, but which includes a few different sections, with different rules applying to different types of services. 512(a) is about "transitory digital network communications" and basically grants very broad liability protection for a network provider who isn't storing anything -- but just providing the network. There are good reasons for this, obviously. Making a network provider liable for traffic going over the network would be a disaster
for the internet on a variety of levels.
The MPAA lawyers appear to recognize this (though they make some arguments for getting around it, which we'll get to in a follow-up post), but they argue that a specific narrow attack via DMCA might
be used to force ISPs to break the basic internet
by disabling entries in their own DNS databases. The trick here is twisting a different part of the DMCA, 512(d), which is for "information location tools." Normally, this is what's used against search engines like Google or social media links like those found on Twitter. But the MPAA argues that since ISPs offer DNS service, that DNS service is also an "information location tool" and... ta da... that's how the MPAA can break DNS. The MPAA admits that there's an easy workaround for end-users -- using third-party DNS providers like OpenDNS or Google's DNS service -- but many users won't do that. And
the MPAA would likely go after those guys as well.
At the same time, even this narrow limitation on ISPs’ immunity could have the salutary effect of requiring ISPs to respond to takedown notices by disabling DNS lookups of pirate sites through the ISPs’ own DNS servers, which is not currently a general practice. Importantly, the argument for such a requirement need not turn on the Communications Act, but can instead be based on the DMCA itself, which expressly limits ISPs’ immunity to each “separate and distinct” function that ISPs provide. See 17 U.S.C. § 512(n). A reasonable argument can be made that DNS functionality is an “information location tool” as contemplated by DMCA Section 512(d) and, therefore, that ISPs are required, as a condition of the safe harbor, to cease connecting users to known infringing material through their own DNS servers. Should this argument hold – and we believe that it has a reasonable prospect of success – copyright owners could effectively require ISPs to implement a modest (albeit easily circumvented) form of DNS-based site blocking on the basis of only a takedown notice rather than litigation.
In short, since DMCA takedown notices apply to "information location tools," but not to "transitory network communications," the MPAA would like to argue that just the DNS lookup functionality is an information location tool -- and can thus be censored with just a takedown notice
. This is both really slimy
(though brilliant in its nefariousness) and insanely dangerous for the internet and free speech
. We see so many bogus DMCA takedowns of basic content today, and here the MPAA is looking to effectively, and sneakily expand that to whole sites
by misrepresenting the law (badly).
DNS is not an "information location tool" in the sense of a search engine. It's the core underpinning of how much of the internet works. At no point in the 16 years the DMCA has been around has anyone made an argument that the DNS system was covered by the "information location tools" definition. Because that's clearly
not what it was written to cover. The MPAA's lawyers (in this "confidential" memo) appear to recognize that this argument doesn't fully make sense because of that, but they seem to think it's worth a go:
To be sure, the argument is not guaranteed to succeed, as unlike a “pointer” or “hyperlink text,” DNS provides a user’s browser with specific information (IP routing information) that the user has requested by other means (alphanumeric internet addresses), as opposed to providing the user with an active interface allowing the user to request information online, as they might from a clickable page of search results. But at least in the literal sense, DNS appears to fit within the list of Section 512(d) functions and a reasonable argument can be made that DNS is more like a “directory” than the provision of “routing” and should be treated accordingly under the statute as a Section 512(d) function rather than a Section 512(a) function.
Pushing this argument would raise many of the problems found with the original DNS-breaking proposal in PIPA/SOPA. It would raise even more
serious questions about the First Amendment and prior restraint. Effectively, it would be moving the definition of "information location tool" down the stack, such that rather than requiring the removal of access to the specific infringing content, it would require removal of access to an entire site based on a single accusation of infringement
. Someone uploaded an infringing video to YouTube? Under this interpretation, the MPAA can force Verizon to make YouTube disappear from the internet
for all users relying on Verizon's DNS. The censorship implications are massive
here, especially with no
court proceeding at all. This wouldn't require anything in court -- just a single takedown notice, of which copyright holders send millions. Rather than sending all those notices to Google and getting them delisted from search, copyright holders could turn the firehose towards Verizon, AT&T and Comcast, and basically take down half the internet on their say so alone. Yes, sites could counternotice, but ISPs would have 10 business days in which they can keep sites off their DNS entirely.
The results would be insane
And that doesn't even touch on the technical
havoc this would wreak. As we've noted earlier, the MPAA admits it's not clear on the technical implications of this plan, but let's just point back to Paul Vixie's discussion of how SOPA/PIPA would break the internet
by mucking with the core DNS functionality, no matter how it was implemented.
What this goes back to is the core purpose of DNS, which is merely to translate a URL into a numeric equivalent to connect. It's not
an information location tool for helping people "find" information -- it's just the basic plumbing of how the internet works. It's how basically all pieces of the internet expect
to work. If
you put in a URL here, then
DNS returns the proper IP addresses to follow through there. Breaking that, effectively fracturing the internet, and creating a patchwork of different DNS systems would create a huge list of problems not easily fixed.
And, yet, because the MPAA can't figure out how to adapt to the times, it appears to be willing to give it a shot. Because, hey, it's better than innovating.