This written testimony by PK Deputy Legal Director Sherwin Siy for the Senate Judiciary Committee hearing on "Targeting Websites Dedicated To Stealing American Intellectual Property" is available as a PDF.

Statement of Sherwin Siy
Deputy Legal Director, Public Knowledge

Before the
United States Senate
Committee on the Judiciary

Hearing on:
Targeting Websites Dedicated To Stealing American Intellectual Property

February 16 , 2011

Chairman Leahy, Ranking Member Grassley, and members of the Committee:

Thank you for the opportunity to have our testimony included in the record. Public Knowledge has been closely involved in many of the legal and policy debates surrounding online access and digital copyrights, and we are particularly concerned with ensuring that copyright enforcement mechanisms work with, and not against, free speech and the technical requirements of the Internet.

Introduction

In regulating copyright, the law is regulating a form of speech. Addressing these issues in the context of the Internet—a potent outlet for free speech of all sorts—adds additional delicacy to these undertakings.  Any technical mechanism that can be used to remove infringing content can be abused to remove disfavored, but constitutionally protected, speech. Any legal remedy that can enjoin the distribution of content can be misapplied or misused in the restraint of speech. This means that both technical and legal measures must be narrowly tailored both in their defined targets for action, and in the scope of the effects of their remedies.

Proposed remedies against online infringers must also take into account the evolving nature of the Internet and the businesses that rely upon it. Overbroad mechanisms can chill not only speech, but also investment in new distributed technologies.

Remedies also must take into account the technical structure of the Internet and its in-built dependencies and limitations. Certain technical objectives can only be achieved at a cost to innocent users' use of the Internet, while others can open up cybersecurity vulnerabilities.

Tailoring Solutions Accurately

The perfect solution to online infringement would act instantaneously, be 100% effective, and would never adversely affect any lawful use or user. The perfect solution would prevent infringement that originated beyond U.S. borders, without acting extraterritorially, affecting cybersecurity, or inviting international controversy.  Such a perfect solution, however, does not now exist, and seems unlikely to arise in the future. However, we cannot, in seeking faster and more effective methods, shirk the constitutional obligations to narrowly tailor remedies and provide adequate due process before restraining speech.

Targeting Bad-Faith Actors

This focus on speech is not tangential to copyright enforcement. While there are obvious and notorious infringers whose electronic communications are composed entirely of infringing works, there are also countless other online presences whose infringement status is being hotly debated. YouTube, an established website used by several members of this Committee, is still engaged in litigation over the basic legality underpinning its operations. Less-established sites also face potential liability, whether they provide forums for individuals to share news, ideas, and other content, or seek to improve our ability to store and access our own data.  In the end, some of these sites may fall afoul of copyright law despite good intentions. Others are eventually vindicated in court, with their legal status being found to match their good faith actions.

If the Committee is seeking a more immediate remedy to online infringement than what can be provided by civil litigation or criminal prosecution, then a narrower subset of alleged infringers should be targeted than all those who meet the definition of criminal infringement. Currently, many good faith actors can easily find themselves within this definition, especially given the replicable nature of Internet communication. A video-sharing site like YouTube or an online music locker could be distributing or making thousands of copies of works in a single day. If those copies are found to be infringing, the site would then be meeting the section 506(a)(1)(B) prong for criminal infringement. Rather than have its assets seized and its business choked off immediately, such a company should have the ability to defend itself in court.

Limiting Collateral Damage in Enforcement

The remedies included in any proposed solution to online infringement should also be narrowly tailored so as not to affect non-infringing subdomains, users, or uses of targeted sites or domains.
For example, imagine an infringing site located on a subdomain, piratesite.blogplace.com.  This infringing site is hosted unknowingly by a larger, general-purpose blog host, Blogplace.com.  A remedy requiring the registrar that sold Blogplace its domain name to shut down the domain would affect not only the infringing site, but also all of the other users who hosted sites on Blogplace. The same overbreadth problem would occur should the remedy target the operator of the .com registry.

As an additional problem, websites are not the only aspects of Internet communication that would be derailed by a domain seizure. Any email addresses housed on a domain would be unusable and unreachable. This would deprive the user of an important means of communication, necessary whether or not his email account was relevant to the infringing activities present on the same domain's website.

Ensuring Due Process

The legal structure of the remedies is as important as the scope of their application. As noted above, alleged infringers should have the ability to avail themselves of defense in a court of law. Should there be a need to stop the operations of the allegedly infringing site, an injunction or restraining order could be issued through standard procedures, with parties given the opportunity to make the case to a judge regarding the balance of harms, the public interest, and the likelihood of their success on the merits of an infringement action. By issuing an order directly to the accused party, clearly legitimate activities could continue while the activities at issue are suspended during litigation.

This stands in contrast with methods both proposed and currently being used. Recent actions by law enforcement against accused infringing sites have seized domain names under civil forfeiture statutes that were intended to apply broadly to physical goods—cash currency, contraband, stolen goods, or machinery used in the commission of a crime. Domain names differ from physical goods in several important ways. For one, the seizure of a domain name prevents its use as a communications medium, unlike most physical goods. A domain is used as a contact point for speech (including email addresses as well as websites) in ways that most physical property is not. Secondly, unlike physical property, there is no chance that a domain name can be hidden or disposed of before a trial. The domain will be exactly where it was throughout the entire procedure, viewable by the authorities so long as it is active. Any usage of it can be monitored or enjoined until a resolution of the case on the merits.

International Implications

In seeking solutions to online infringement, particular note has been made of the fact that many online infringers locate their operations overseas. The global nature of the Internet has made it easy for information to flow through national borders. In most cases, this is to everyone’s benefit—news from independent sources can reach populations, citizens can exchange political ideas, and creativity and innovation can spread and grow rapidly. A downside of this ease of exchange, however, is that it can be difficult to enforce national laws in a medium designed for international information exchange.

However, recognizing the limits of direct legal jurisdiction does not mean that solutions must be based in alterations of Internet architecture. Attempts to make a global network align neatly with jurisdictional boundaries can be limited in effectiveness, stability, or both. Furthermore, unique sensitivities of foreign policy are bound up in any approach Congress may take in manipulating communications with foreign-based entities.

International Sensitivities and Risks of Technical Retaliation

For example, the United States’ historic leadership in information technology has resulted in large parts of basic web and Internet operational infrastructure being housed within the United States and subject to U.S. jurisdiction. Many other countries, friends and foes alike, remain leery of this special relationship between the U.S. government and Internet governance. Attempts to enforce U.S. jurisdiction upon foreign businesses—for whatever good cause—through this situation may exacerbate tensions in the Internet governance space, renewing calls for some other body to manage these tasks. Whether any successor body would have the same commitment to free speech is an open question.

Actions against websites based jurisdictionally upon their use of a U.S.-based registry or registrar could likewise invite territorial escalation. Many U.S.-based sites and businesses use foreign-housed registries, such as .ly, the country code domain for Libya, or use registries that have foreign offices and points of contact. Using registries as a point of attachment for local law invites other countries to do the same, seizing domains that violate local ideas of public order or morality, defamation, or political correctness.

Maintaining a Consistent Message on Internet Freedom

Solutions based on directing U.S.-based Domain Name System (DNS) providers to route traffic away from particular domains raise further problems. The globally-coordinated routing systems of the DNS have been long used because of their consistency and reliability.  While it is possible to direct the largest in-country DNS providers to fail to resolve certain domain names, doing so effectively creates a national blacklist for a domain. Doing so sets a country’s users apart from the rest of the world, balkanizing the DNS. Other countries that have done the same, for various reasons of censorship or nationalistic impulses, are criticized for this behavior. There is no fundamental reason that each country could not simply designate its own DNS providers to resolve domain names differently, so that a user who types “senate.gov” in Manila might reach the Philippine Senate, rather than the U.S. Senate. Citizens in countries that limit access to the press might direct browsers to washingtonpost.com, wsj.com, or bbc.co.uk to find not independent news sources, but state-controlled propaganda arms instead.

As many other countries develop their information infrastructure, we can see them facing the choice between an American and a Chinese approach to Internet traffic. Increasing the mechanisms by which our government directs the flow of that traffic blurs the distinctions between that stark choice.

Cybersecurity Considerations

Country-specific limitations on DNS providers will create cybersecurity risks as well. Users unable to reach a growing list of sites with their current DNS providers can easily use another one. If domestic DNS providers are made unreliable, users will seek out foreign providers, many of which may not meet the same standards of security as major domestic providers. Actively unscrupulous providers can also redirect users’ traffic at will, leaving computers vulnerable to phishing, viruses, and other forms of fraud and computer intrusion. Subverted systems can further be “recruited” by botnets to attack other, unrelated systems. Currently, such security threats are reduced due to a lack of incentives for users to switch DNS providers. Forcing a fragmentation of DNS resolution creates new reasons for users to seek out new services, many of them posing grave cybersecurity risks.

Conclusion

None of this is to suggest that the protection of copyrights is unimportant. However, this Committee must recognize that the same technical and legal tools that can be used to protect copyrights can, if applied overbroadly or poorly, can stifle legitimate speech and information. Nor are problems of legal jurisdiction and speedy prosecution usually best remedied by altering the nature of various technical systems. Much more rides upon the technical and organizational realities of the Internet than streaming videos—the same network operations that make infringing streaming easy also underpin the security of e-commerce, the exchange of global free speech and conversation, and the reliability of daily communication.  Any attempt by Congress to affect the technological workings of the Internet must take into account the way those vital interests rely upon its structure, and ensure that those values are not harmed.

This written testimony by PK Deputy Legal Director Sherwin Siy for the Senate Judiciary Committee hearing on "Targeting Websites Dedicated To Stealing American Intellectual Property" is available as a PDF.

Statement of Sherwin Siy
Deputy Legal Director, Public Knowledge

Before the
United States Senate
Committee on the Judiciary

Hearing on:
Targeting Websites Dedicated To Stealing American Intellectual Property

February 16 , 2011

Chairman Leahy, Ranking Member Grassley, and members of the Committee:

Thank you for the opportunity to have our testimony included in the record. Public Knowledge has been closely involved in many of the legal and policy debates surrounding online access and digital copyrights, and we are particularly concerned with ensuring that copyright enforcement mechanisms work with, and not against, free speech and the technical requirements of the Internet.

Introduction

In regulating copyright, the law is regulating a form of speech. Addressing these issues in the context of the Internet—a potent outlet for free speech of all sorts—adds additional delicacy to these undertakings.  Any technical mechanism that can be used to remove infringing content can be abused to remove disfavored, but constitutionally protected, speech. Any legal remedy that can enjoin the distribution of content can be misapplied or misused in the restraint of speech. This means that both technical and legal measures must be narrowly tailored both in their defined targets for action, and in the scope of the effects of their remedies.

Proposed remedies against online infringers must also take into account the evolving nature of the Internet and the businesses that rely upon it. Overbroad mechanisms can chill not only speech, but also investment in new distributed technologies.

Remedies also must take into account the technical structure of the Internet and its in-built dependencies and limitations. Certain technical objectives can only be achieved at a cost to innocent users' use of the Internet, while others can open up cybersecurity vulnerabilities.

Tailoring Solutions Accurately

The perfect solution to online infringement would act instantaneously, be 100% effective, and would never adversely affect any lawful use or user. The perfect solution would prevent infringement that originated beyond U.S. borders, without acting extraterritorially, affecting cybersecurity, or inviting international controversy.  Such a perfect solution, however, does not now exist, and seems unlikely to arise in the future. However, we cannot, in seeking faster and more effective methods, shirk the constitutional obligations to narrowly tailor remedies and provide adequate due process before restraining speech.

Targeting Bad-Faith Actors

This focus on speech is not tangential to copyright enforcement. While there are obvious and notorious infringers whose electronic communications are composed entirely of infringing works, there are also countless other online presences whose infringement status is being hotly debated. YouTube, an established website used by several members of this Committee, is still engaged in litigation over the basic legality underpinning its operations. Less-established sites also face potential liability, whether they provide forums for individuals to share news, ideas, and other content, or seek to improve our ability to store and access our own data.  In the end, some of these sites may fall afoul of copyright law despite good intentions. Others are eventually vindicated in court, with their legal status being found to match their good faith actions.

If the Committee is seeking a more immediate remedy to online infringement than what can be provided by civil litigation or criminal prosecution, then a narrower subset of alleged infringers should be targeted than all those who meet the definition of criminal infringement. Currently, many good faith actors can easily find themselves within this definition, especially given the replicable nature of Internet communication. A video-sharing site like YouTube or an online music locker could be distributing or making thousands of copies of works in a single day. If those copies are found to be infringing, the site would then be meeting the section 506(a)(1)(B) prong for criminal infringement. Rather than have its assets seized and its business choked off immediately, such a company should have the ability to defend itself in court.

Limiting Collateral Damage in Enforcement

The remedies included in any proposed solution to online infringement should also be narrowly tailored so as not to affect non-infringing subdomains, users, or uses of targeted sites or domains.
For example, imagine an infringing site located on a subdomain, piratesite.blogplace.com.  This infringing site is hosted unknowingly by a larger, general-purpose blog host, Blogplace.com.  A remedy requiring the registrar that sold Blogplace its domain name to shut down the domain would affect not only the infringing site, but also all of the other users who hosted sites on Blogplace. The same overbreadth problem would occur should the remedy target the operator of the .com registry.

As an additional problem, websites are not the only aspects of Internet communication that would be derailed by a domain seizure. Any email addresses housed on a domain would be unusable and unreachable. This would deprive the user of an important means of communication, necessary whether or not his email account was relevant to the infringing activities present on the same domain's website.

Ensuring Due Process

The legal structure of the remedies is as important as the scope of their application. As noted above, alleged infringers should have the ability to avail themselves of defense in a court of law. Should there be a need to stop the operations of the allegedly infringing site, an injunction or restraining order could be issued through standard procedures, with parties given the opportunity to make the case to a judge regarding the balance of harms, the public interest, and the likelihood of their success on the merits of an infringement action. By issuing an order directly to the accused party, clearly legitimate activities could continue while the activities at issue are suspended during litigation.

This stands in contrast with methods both proposed and currently being used. Recent actions by law enforcement against accused infringing sites have seized domain names under civil forfeiture statutes that were intended to apply broadly to physical goods—cash currency, contraband, stolen goods, or machinery used in the commission of a crime. Domain names differ from physical goods in several important ways. For one, the seizure of a domain name prevents its use as a communications medium, unlike most physical goods. A domain is used as a contact point for speech (including email addresses as well as websites) in ways that most physical property is not. Secondly, unlike physical property, there is no chance that a domain name can be hidden or disposed of before a trial. The domain will be exactly where it was throughout the entire procedure, viewable by the authorities so long as it is active. Any usage of it can be monitored or enjoined until a resolution of the case on the merits.

International Implications

In seeking solutions to online infringement, particular note has been made of the fact that many online infringers locate their operations overseas. The global nature of the Internet has made it easy for information to flow through national borders. In most cases, this is to everyone’s benefit—news from independent sources can reach populations, citizens can exchange political ideas, and creativity and innovation can spread and grow rapidly. A downside of this ease of exchange, however, is that it can be difficult to enforce national laws in a medium designed for international information exchange.

However, recognizing the limits of direct legal jurisdiction does not mean that solutions must be based in alterations of Internet architecture. Attempts to make a global network align neatly with jurisdictional boundaries can be limited in effectiveness, stability, or both. Furthermore, unique sensitivities of foreign policy are bound up in any approach Congress may take in manipulating communications with foreign-based entities.

International Sensitivities and Risks of Technical Retaliation

For example, the United States’ historic leadership in information technology has resulted in large parts of basic web and Internet operational infrastructure being housed within the United States and subject to U.S. jurisdiction. Many other countries, friends and foes alike, remain leery of this special relationship between the U.S. government and Internet governance. Attempts to enforce U.S. jurisdiction upon foreign businesses—for whatever good cause—through this situation may exacerbate tensions in the Internet governance space, renewing calls for some other body to manage these tasks. Whether any successor body would have the same commitment to free speech is an open question.

Actions against websites based jurisdictionally upon their use of a U.S.-based registry or registrar could likewise invite territorial escalation. Many U.S.-based sites and businesses use foreign-housed registries, such as .ly, the country code domain for Libya, or use registries that have foreign offices and points of contact. Using registries as a point of attachment for local law invites other countries to do the same, seizing domains that violate local ideas of public order or morality, defamation, or political correctness.

Maintaining a Consistent Message on Internet Freedom

Solutions based on directing U.S.-based Domain Name System (DNS) providers to route traffic away from particular domains raise further problems. The globally-coordinated routing systems of the DNS have been long used because of their consistency and reliability.  While it is possible to direct the largest in-country DNS providers to fail to resolve certain domain names, doing so effectively creates a national blacklist for a domain. Doing so sets a country’s users apart from the rest of the world, balkanizing the DNS. Other countries that have done the same, for various reasons of censorship or nationalistic impulses, are criticized for this behavior. There is no fundamental reason that each country could not simply designate its own DNS providers to resolve domain names differently, so that a user who types “senate.gov” in Manila might reach the Philippine Senate, rather than the U.S. Senate. Citizens in countries that limit access to the press might direct browsers to washingtonpost.com, wsj.com, or bbc.co.uk to find not independent news sources, but state-controlled propaganda arms instead.

As many other countries develop their information infrastructure, we can see them facing the choice between an American and a Chinese approach to Internet traffic. Increasing the mechanisms by which our government directs the flow of that traffic blurs the distinctions between that stark choice.

Cybersecurity Considerations

Country-specific limitations on DNS providers will create cybersecurity risks as well. Users unable to reach a growing list of sites with their current DNS providers can easily use another one. If domestic DNS providers are made unreliable, users will seek out foreign providers, many of which may not meet the same standards of security as major domestic providers. Actively unscrupulous providers can also redirect users’ traffic at will, leaving computers vulnerable to phishing, viruses, and other forms of fraud and computer intrusion. Subverted systems can further be “recruited” by botnets to attack other, unrelated systems. Currently, such security threats are reduced due to a lack of incentives for users to switch DNS providers. Forcing a fragmentation of DNS resolution creates new reasons for users to seek out new services, many of them posing grave cybersecurity risks.

Conclusion

None of this is to suggest that the protection of copyrights is unimportant. However, this Committee must recognize that the same technical and legal tools that can be used to protect copyrights can, if applied overbroadly or poorly, can stifle legitimate speech and information. Nor are problems of legal jurisdiction and speedy prosecution usually best remedied by altering the nature of various technical systems. Much more rides upon the technical and organizational realities of the Internet than streaming videos—the same network operations that make infringing streaming easy also underpin the security of e-commerce, the exchange of global free speech and conversation, and the reliability of daily communication.  Any attempt by Congress to affect the technological workings of the Internet must take into account the way those vital interests rely upon its structure, and ensure that those values are not harmed.