CNET takes an in-depth look at the controversial Stop Online Piracy Act, backed by Hollywood and opposed by the largest Web companies and civil liberties groups.
Declan McCullaghFormer Senior Writer
Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.
When Rep. Lamar Smith announced the Stop Online Piracy Act in late October, he knew it was going to be controversial.
But the Texas Republican probably never anticipated the broad and fierce outcry from Internet users that SOPA provoked over the last few months. It was a show of public opposition to Internet-related legislation not seen since the 2003 political wrangling over implanting copy-protection technology in PCs, or perhaps even the blue ribbons appearing on Web sites in the mid-1990s in response to the Communications Decency Act.
Consider the concerted protest on January 18 by high-profile Web companies and organizations. Wikipedia's English-language pages, for instance, went completely black, while Google put a big black box over the prominent logo on its home page, with a link to a page from which users could sign a petition entitled "Tell Congress: Don't censor the Web." Street protests have also been scheduled for that date in cities including New York, San Francisco, and Seattle.
As CNET reported in December, Smith, a self-described former ranch manager whose congressional district encompasses the cropland and grazing land stretching between Austin and San Antonio, Texas, has become Hollywood's favorite Republican. The TV, movie, and music industries are the top donors to his 2012 campaign committee, and he's been feted by music and movie industry lobbyists at dinners and concerts.
To learn how SOPA, and its Senate cousin known as the Protect IP Act, would affect you, keep reading. CNET has compiled a list of frequently asked questions on the topic:
Q: What's the justification for SOPA and Protect IP?
Two words: rogue sites.
That's Hollywood's term for Web sites that happen to be located in a nation more hospitable to copyright infringement than the United States is (in fact, the U.S. is probably the least hospitable jurisdiction in the world for such an endeavor). Because the target is offshore, a lawsuit against the owners in a U.S. court would be futile.
The U.S. Chamber of Commerce, in a letter to the editor of The New York Times, put it this way: "Rogue Web sites that steal America's innovative and creative products attract more than 53 billion visits a year and threaten more than 19 million American jobs." The MPAA has a section of its Web site devoted to rogue Web sites. Jim Hood, the Democratic attorney general of Mississippi, and co-chair of a National Association of Attorneys General committee on the topic, recently likened rogue Web sites to child porn.
Who's opposed to SOPA?
Much of the Internet industry and a large percentage of Internet users. Here's the most current list (PDF) of opponents.
On November 15, Google, Facebook, Twitter, Zynga, eBay, Mozilla, Yahoo, AOL, and LinkedIn wrote a letter to key members of the U.S. Senate and House of Representatives, saying SOPA poses "a serious risk to our industry's continued track record of innovation and job creation, as well as to our nation's cybersecurity." Yahoo has reportedly quit the U.S. Chamber of Commerce over the organization's enthusiastic support for SOPA.
The European Parliament adopted a resolution last week stressing "the need to protect the integrity of the global Internet and freedom of communication by refraining from unilateral measures to revoke IP addresses or domain names." Rep. Nancy Pelosi, the House Democratic leader, said in a message on Twitter last week that we "need to find a better solution than #SOPA."
A letter signed by Reps. Zoe Lofgren and Anna Eshoo, both California Democrats, and Rep. Ron Paul, the Republican presidential candidate from Texas, predicts that SOPA will invite "an explosion of innovation-killing lawsuits and litigation." Law professors have also raised concerns. And yes, there is a protest song.
How would SOPA work?
It allows the U.S. attorney general to seek a court order against the targeted offshore Web site that would, in turn, be served on Internet providers in an effort to make the target virtually disappear. It's kind of an Internet death penalty.
More specifically, section 102 of SOPA says that, after being served with a removal order:
A service provider shall take technically feasible and reasonable measures designed to prevent access by its subscribers located within the United States to the foreign infringing site (or portion thereof) that is subject to the order...Such actions shall be taken as expeditiously as possible, but in any case within five days after being served with a copy of the order, or within such time as the court may order.
How is SOPA different from the earlier Senate bill called the Protect IP Act? Protect IP targeted only domain name system providers, financial companies, and ad networks--not companies that provide Internet connectivity.
Because SOPA is broader, even some companies who liked, or at least weren't vocally opposed to, the Senate bill aren't exactly delighted with the House version.
"Verizon continues to look at SOPA, and while it's fair to say that we have concerns about the legislation, we are working with congressional staff to address those concerns," a representative told us.
Tim McKone, AT&T's executive vice president of federal relations, said that "we have been supportive of the general framework" of the Senate bill. But when it comes to SOPA, all AT&T would say is that it is "working constructively with Chairman Smith and others toward a similar end in the House."
What are the security-related implications of SOPA?
One big one is how it interacts with the domain name system and a set of security improvements to it known as DNSSEC.
The idea of DNSSEC is to promote end-to-end encryption of domain names, meaning there's no break in the chain between, say, Wellsfargo.com and its customer. Requiring Internet providers to redirect allegedly piratical domain names to, say, the FBI's servers isn't compatible with DNSSEC.
Rep. Dan Lungren, who heads the Homeland Security subcommittee on cybersecurity, has said that an "unintended consequence" of SOPA would be to "undercut" the effort his panel has been making to promote DNSSEC.
The Sandia National Laboratories, part of the U.S. Department of Energy, has also raised concerns about SOPA, saying it is "unlikely to be effective" and will "negatively impact U.S. and global cybersecurity and Internet functionality." And Stewart Baker, the former policy chief at the Department of Homeland Security who's now in private practice, warned in an op-ed that SOPA "runs directly counter" to the House's own cybersecurity efforts.
An analysis (PDF) of Protect IP prepared by five Internet researchers this spring lists potential security problems. Among them: it's "incompatible" with DNSSEC, innocent Web sites will be swept in as "collateral damage," and the blacklist can be bypassed by using the numeric Internet address of a Web site. The address for CNET.com, for instance, is currently 18.104.22.168.
What will SOPA require Internet providers to do?
A little-noticed portion of the proposed law, which CNET highlighted in an article, goes further than Protect IP and could require Internet providers to monitor customers' traffic and block Web sites suspected of copyright infringement.
"It would cover IP blocking," says Markham Erickson, head of NetCoalition, whose members include Amazon.com, Google, eBay, and Yahoo. "I think it contemplates deep packet inspection" as well, he said.
The exact requirements will depend on what the removal order says. The Recording Industry Association of America says that SOPA could be used to force Internet providers to block by "Internet Protocol address" and deny "access to only the illegal part of the site." It would come as no surprise if copyright holders suggested wording to the Justice Department, which would in turn seek a judge's signature on the removal order.
Deep packet inspection, meaning forcing an Internet provider to intercept and analyze customers' Web traffic, is the only way to block access to specific URLs.
Smith's revised version (PDF) may limit the blocking requirement to DNS blocking. Its "safe harbor" language indicates that not resolving "the domain name of the foreign infringing site" may be sufficient, but some ambiguity remains.
Are there free speech implications to SOPA?
SOPA's opponents say so--a New York Times op-ed called it the "Great Firewall of America--and the language of the bill itself is quite broad. Section 103 says that, to be blacklisted, a Web site must be "directed" at the U.S. and also that the owner "has promoted" acts that can infringe copyright.
Here's how Section 101 of the original version of SOPA defines what a U.S.-directed Web site is:
(A) the Internet site is used to provide goods or services to users located in the United States;
(B) there is evidence that the Internet site or portion thereof is intended to offer or provide such goods and services (or) access to such goods and services (or) delivery of such goods and services to users located in the United States;
(C) the Internet site or portion thereof does not contain reasonable measures to prevent such goods and services from being obtained in or delivered to the United States; and
(D) any prices for goods and services are indicated or billed in the currency of the United States.
Some critics have charged that such language could blacklist the next YouTube, Wikipedia, or WikiLeaks. Especially in the case of WikiLeaks, which has posted internal documents not only from governments but also copyrighted documents from U.S. companies and has threatened to post more, it's hard to see how it would not qualify for blacklisting.
Laurence Tribe, a high-profile Harvard law professor and author of a treatise titled American Constitutional Law, has argued that SOPA is unconstitutional because, if enacted, "an entire Web site containing tens of thousands of pages could be targeted if only a single page were accused of infringement."
What has the response to this language been?
Mozilla, which makes the Firefox Web browser, responded by creating a page saying: "Protect the Internet: Help us stop the Internet Blacklist Legislation." It warns that "your favorite Web sites both inside and outside the US could be blocked based on an infringement claim."
Web sites including Wikimedia (as in, Wikipedia) charged that SOPA is an "Internet blacklist bill" that "would allow corporations, organizations, or the government to order an Internet service provider to block an entire Web site simply due to an allegation that the site posted infringing content." Tumblr "censored" its users' content streams, and reported that its users averaged 3.6 calls per second to Congress through the company's Web site--nearly 90,000 total.
With a bit of HTML from AmericanCensorship.org, a Web site supported by the Free Software Foundation, the Electronic Frontier Foundation, and Public Knowledge, hundreds of Web sites "censored" themselves to protest SOPA. Even Lofgren, from Silicon Valley, has joined the fight-censorship protest.
For their part, the Motion Picture Association of America (MPAA) has been highlighting an analysis it commissioned from First Amendment lawyer Floyd Abrams, a former MPAA attorney, who concluded SOPA is perfectly constitutional. Here's another pro-SOPA rebuttal.
Who supports SOPA?
The three organizations that have probably been the most vocal are the MPAA, the Recording Industry Association of America, and the U.S. Chamber of Commerce. A Politico chart shows that Hollywood has outspent Silicon Valley by about tenfold on lobbyists in the last two years. Here's a CNET article on why the Chamber is so pro-SOPA.
Supporters publicized letters from the National Fraternal Order of Police and the International Association of Fire Fighters lending their weight to the Web-blocking idea. Here are more statements from supporters at the time of SOPA's introduction. And the AFL-CIO sent a representative to testify in support of SOPA at last week's House hearing.
Over 400 businesses and organizations have sent a letter supporting SOPA.
And in the U.S. Congress?
Support for Protect IP is remarkably broad, and for SOPA a little less so. An analysis by the RIAA says that of some 1,900 bills that have been introduced in the Senate, only 18 other bills enjoy the same number of bipartisan cosponsors as Protect IP does.
That puts it in the top 1 percent of most-popular bills, at least for this measurement of congressional enthusiasm. Of Protect IP's sponsors in the Senate, over 60 percent are Democrats.
Here's the list of Senate sponsors of Protect IP--the total is 40 senators. SOPA has only 24 cosponsors, but it hasn't been around as long. Rep. Darrell Issa, a California Republican, has introduced the so-called OPEN Act that would cut off the flow of funds to alleged pirate Web sites without requiring them to be blocked.
Would SOPA block Tor?
Perhaps. In an echo of the 1998 Digital Millennium Copyright Act's anticircumvention section, SOPA targets anyone who "knowingly and willfully provides or offers to provide a product or service designed or marketed by such entity...for the circumvention or bypassing" of a Justice Department-erected blockade.
Legal scholars contacted by CNET said Tor could qualify as a "circumvention" tool, which would allow it to be targeted.
What happens next?
In terms of Protect IP, the Senate Judiciary committee has approved it and it's waiting for a floor vote that has been scheduled for January 24. One hurdle: Sen. Ron Wyden, an Oregon Democrat, has placed a hold on the bill.
During a two-day debate in the House Judiciary committee in mid-December, it became clear that SOPA supporters have a commanding majority on the committee. They're expected to approve it when Congress returns in 2012.
Where it goes from there is an open question that depends on where the House Republican leadership stands. Because the House's floor schedule is under the control of the majority party, the decision will largely lie in the hands of House Speaker John Boehner and his lieutenants.
Another possibility is that there could be further House hearings on the security-related implications of SOPA, a move that would delay a final vote. An aide to House Judiciary Chairman Lamar Smith previously told CNET that there's no indication yet as to any further hearings, but after the committee debate in December, don't be surprised if it happens.
Editors' note: This FAQ was originally published on November 21. It has been updated regularly since then to reflect the latest developments with SOPA.