Want CNET to notify you of price drops and the latest stories?

Sandia Labs: SOPA will 'negatively impact' U.S. cybersecurity

The Stop Online Piracy Act is "unlikely to be effective," says official from Sandia National Laboratories, part of the U.S. Department of Energy.

Declan McCullagh Former Senior Writer
Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.
Declan McCullagh
3 min read

Add the Sandia National Laboratories, part of the U.S. Department of Energy, to the list of opponents of a controversial Hollywood-backed copyright bill.

Leonard Napolitano, Sandia's director of computer sciences and information systems, warned in a letter that the legislation is "unlikely to be effective" and will "negatively impact U.S. and global cybersecurity and Internet functionality."

Napolitano sent a letter in response to a request for a critique of the Stop Online Piracy Act, or SOPA, from Rep. Zoe Lofgren, a California Democrat who represents the heart of Silicon Valley. Lofgren is leading opposition in the House of Representatives to SOPA.

"If you take a look at this letter from Sandia Labs, I don't see you how you can possibly proceed" with SOPA, Lofgren told CNET.

While Sandia's mission started with nuclear weapons research, it has expanded to include infrastructure security and cybersecurity research. Sandia is owned by the government and operated by a contractor, Sandia Corporation, a subsidiary of Lockheed Martin, with offices in Albuquerque, N.M., and Livermore, Calif.

SOPA, which was introduced last month in the House to the applause of lobbyists for Hollywood and other large content holders, is designed to make allegedly copyright-infringing Web sites, sometimes called "rogue" Web sites, virtually disappear from the Internet.

It would allow the Justice Department to seek a court order against an allegedly piratical Web site and serve that on Internet-related companies including search engines and Domain Name System (DNS) providers. SOPA's opponents include civil libertarians, free-market and libertarian groups, and Google, Facebook, Twitter, Zynga, and other Web companies.

In the last few days, discussions in Washington centering on SOPA and its cousin in the Senate, called the Protect IP Act, have begun to focus more on how the measures would affect U.S. cybersecurity and a set of security improvements to the Internet's domain name system, called DNSSEC.

Rep. Zoe Lofgren, a California Democrat who's leading the opposition to SOPA in the House of Representatives
Rep. Zoe Lofgren, a California Democrat who's leading the opposition to SOPA in the House of Representatives U.S. House of Representatives

At the first House hearing on SOPA yesterday, Rep. Dan Lungren, who heads the Homeland Security subcommittee on cybersecurity, said SOPA might "undercut the real effort that would practically help us secure the Internet" through DNSSEC.

The letter from Napolitano says that one Sandia staff member said that DNS filtering requirements in SOPA was a whack-a-mole approach "that would only encourage users and offending Web sites to resort to low cost workarounds." He added:

There are also potential consequences to DNS filtering that might adversely affect proper functionality of the Internet. In particular, it is possible that the resolution of some domain names could be negatively affected by the filtering of other domain names under the provisions of the these bills. Domain names often rely on other names to be resolved, and the failure of these dependencies can cause partial or complete failure of the dependent names.

Rep. Lamar Smith, the Texas Republican who heads the House Judiciary committee and has sponsored SOPA, did not immediately respond to a request for comment from CNET.

For its part, the Motion Picture Association of America has argued that SOPA's de facto Internet death penalty will not break DNSSEC.

An analysis (PDF) prepared by five Internet researchers this spring lists potential security problems with SOPA. Among them: it's "incompatible" with DNSSEC, innocent Web sites will be swept in as "collateral damage," and the blacklist can be bypassed by using the numeric Internet address of a Web site. The address for CNET.com, for instance, is currently

The paper -- which Sandia's Napolitano said he almost entirely agreed with -- was authored by Steve Crocker, a longtime member of the Internet Engineering Task Force; David Dagon, a post-doctoral researcher at Georgia Institute of Technology; security researcher Dan Kaminsky; Verisign chief security officer Danny McPherson; and Paul Vixie, chairman of the Internet Systems Consortium and principal author of popular versions of the BIND DNS server software.

SOPA, says Lofgren, "is a serious mistake, and I think the letter from Dr. Napolitano is going to" doom it in the House of Representatives.

Last updated 3:20 p.m. PT