by Constantine von Hoffman

SOPA is a Major Security Problem and Congress Doesn’t Care

Dec 20, 20113 mins

Tech companies and security experts oppose law that seems drafted with no knowledge of how the internet actually operates.

Congress has changed its “mind” (try not to be too surprised) and says it will now move ahead with hearings about the Stop Online Privacy Act (SOPA) just two days after it said it was tabling the matter until next month. While the press coverage has been about free speech issues, SOPA is definitely a security problem as well.


SOPA and the Protect IP Act (PIPA), another piece of legislation, both want to crack down on internet pirating – a goal every bit as laudable as the measures themselves are flawed. The bills would require companies to monitor user content, limiting the use of pictures, video and audio and other media. One problem that is it is pretty much impossible to tell the difference between an ISP interfering with a connection because of a court order and a hacker interfering prior to an attack.

Internet security savants Dan Kaminsky, Paul Vixie, Steven Bellovin, Jon Callas, David Ulevitch, Richard Clayton,  L. Jean Camp, Ben Laurie and Chris Morrow, joined with 75 other major internet inventors and pioneers in an open letter to Congress objecting to the bill:

Censorship of Internet infrastructure will inevitably cause network errors and security problems. This is true in China, Iran and other countries that censor the network today; it will be just as true of American censorship. It is also true regardless of whether censorship is implemented via the DNS, proxies, firewalls, or any other method. Types of network errors and insecurity that we wrestle with today will become more widespread, and will affect sites other than those blacklisted by the American government.

Despite the fact that the bills are also opposed by Yahoo, Facebook, Twitter, eBay, AOL, Google, Microsoft, Intel, Adobe and Apple, Congress seems determined to act on them. There has been a lot of very well-funded lobbying for the bill from Hollywood — the Motion Picture Association of America (MPAA) and movie studios themselves. (It is worth noting that two of the congressional aides who helped draft the bill recently got jobs with the MPAA and the National Music Publishers’ Association, another supporter.)

The bill is being debated with all the finesse and intelligence we’ve come to expect from Congress. So far opponents have been all but non-existent in the hearings and DNS and security issues brushed aside. Here’s how a Washington Post reporter described them.

This is terrifying to watch. It would be amusing — there’s nothing like people who did not grow up with the Internet attempting to ask questions about technology very slowly and stumbling over words like “server” and “service” when you want an easy laugh. Except that this time, the joke’s on us.

The leaders in the fight for the bill are Reps. Lamar Smith (R-Tex), Bob Goodlatte (R-VA) and Mel Watt (D-NC). If they are your reps and you think the bill is as dangerous as I do, then now would be a good time for you or your company to pick up the phone.