A Close Look at SOPA

Jonathan Zittrain, Kendra Albert and Alicia Solow-Niederman

This document is a guide to the Stop Online Piracy Act as proposed in the United States House of Representatives. Stop Online Piracy Act (SOPA), H.R. 3261, 112th Cong. (2011). It represents our notes as we sought to understand exactly what it does and how it does it — along with our corresponding sense for why its principal mechanisms make for poor law.  Our aim is for this analysis to be useful to anyone wanting to understand the Act — whatever his or her point of view may be on technology or intellectual property policy.

According to its advocates, SOPA will strengthen copyright in the United States by establishing a number of public and private tools to hinder infringement by international “rogue” sites previously unreachable by U.S. law. The Act also includes a number of independent provisions targeting the sale and dissemination of prescription drugs and military materials and equipment.

1. Copyright enforcement against websites, foreign & domestic.

The bulk of SOPA is a set of public and private mechanisms intended to give American copyright holders tools to combat offshore infringers. The Attorney General’s office, when armed with a court order (the granting of which doesn’t appear to have a standard beyond the Act’s definitions – the court “may” grant an order when requested Id., at § 102(c)), will be able to demand the elimination of access and funding to infringing sites on behalf of copyright holders. When acting alone, copyright holders can use these mechanisms to cut off funding.

Public Remedies (H.R. 3261, 112th Cong. § 102 (2011).)

SOPA gives tools to the U.S. Attorney General to combat “foreign infringing sites.” Id., at § 102. The definition of this term is unusual; a site with a domain name registered outside the U.S. (e.g. through a non-U.S. domain name registrar) seems to count as “foreign,” even if it’s run by an American company and hosted on U.S. soil. Id., at § 101(5)-101(8).  As an initial matter, the site must be “U.S. directed,” although virtually all sites not actively blocking U.S. IPs would fall under this category. See id. at § 102(a)(1). Infringement does not need to be direct, and instead may be imputed on sites that merely “facilitat[e] the commission” of copyright infringement . Id. at § 102(a).  The order can ask the operator of the targeted site to “cease and desist from undertaking any further activity as a foreign infringing site.” Id. at § 102(b)(5), and then the Attorney General can send additional copies of the order to “similarly situated entities” with permission of the Court – that is, others can fall under the Court’s power without previously having been given notice of a proceeding against them.  Id. at § 102(c)(1).

But these provisions are likely not the real force of the law, as fully overseas infringing sites may try to ignore a U.S. court order.  The law’s real force is focused domestically. Once a foreign infringing site has been made the subject of a court order, the Attorney General may apply the court order not only at the site but at American companies that occupy the space between the infringing site and an American end user’s browser- specifically, service providers, search engines, payment network providers, and advertising networks. Id. at § 102(c)(2). The court order may require these entities to take all “technically feasible and reasonable measures” to prevent access or payments to foreign infringing sites. Id. Those intermediaries would, it appears, not have been given notice or otherwise involved in the proceeding by which the Attorney General obtained the original order that would then bind them.

There are a number of specifics mentioned in the bill as “technically feasible and reasonable measures.” H.R. 3261 at § 102(c). For service providers ¹, this includes “measures designed to prevent the domain name of the foreign infringing site (or portion thereof) from resolving to that domain name’s IP address” Id. at § 102(c)(2)(A)(i). DNS blocking is one of the techniques that China uses to prevent access to dissident websites, and has serious technical ramifications. Sandia National Laboratories publisheda letter, after being asked for comment, characterizing the proposed DNS filtering as “whack-a-mole.” ISOC also released a paper detailing how DNS blocking would undermine the Internet architecture. Under a SOPA-based order, Internet search engines are to prevent an allegedly infringing site from being served to users as a direct hypertext link. Id. at § 102(c)(2)(B). Payment providers (like MasterCard or PayPal) must stop completing payment to the payment account used by the site. Id. at § 102(c)(2)(C). Finally, advertisers must complete three separate actions: cut off any ads that they were serving to the site, cut off any advertisements for the site served on other websites, and finally, cut off payments stemming from advertisements. Id. at § 102(c)(2)(D).

SOPA critics point to the vagueness of the phrase “technically feasible and reasonable measures” when questioning the burden the Act will place on intermediaries. An elephant in the room is whether this requirement would necessitate active monitoring of all content to prevent access to previously-noticed infringing sites and/or content. It is notable that payment providers and advertising companies alone are explicitly exempt from having a “duty to monitor” future infringing activity. H.R. 3261 at 102(c)(2)(D)(ii). The Act is silent on whether service providers and search engines have a duty to monitor, which, by implication, may be said (and surely would be argued) to render such a duty.

SOPA encourages such a broad reading by granting immunity to parties who act to limit access to copyrighted materials and by reserving the possibility of litigation for parties that fail to act. See id. at § 102(c)(5)(A). The Attorney General may bring an action for injunctive relief – essentially a further court order – against third parties for not complying with the first court order. Id. at § 102(c)(4)(A)(i). Injunctive relief may also be sought against any entity that provides a product or service designed (or marketed) to circumvent the procedures proposed under SOPA. Relief is to be limited to injunctive mechanisms, and SOPA by itself does not appear to impute infringement on a non-complying service provider, search engine, or payment network. Still, when faced with immunity for action or litigation against the Justice Department for inaction, it is plausible  that technology companies would be highly motivated to overcensor. Worse, the kinds of circumvention tools supported within human rights communities and by the U.S. government as part of its Internet freedom initiatives against authoritarian censorship are precisely the tools targeted for elimination under SOPA.

The overwhelming controversy regarding SOPA’s public remedies (that is, those initiated by the Attorney General rather than a private party) regards the provision allowing a court to order a service provider–essentially an unwitting middleman–to take all “technically feasible and reasonable measures” to block an infringing site. Id. at § 103. The Act’s most fervent critics often point to this element when stating that SOPA has the potential to kill the Internet as we know it, placing the fate of interoperability in the hands of technically unsophisticated judges. Only slightly less fervent critics note that this provision would align federal Internet policy with China and like-minded regimes. While the current statute is limited to copyright infringement, the concern is that it establishes an architecture for widespread – indeed, nationwide – technical implementations of censorship.^[2]

Private Remedies (H.R. 3261, 112th Cong. § 103 (2011))

SOPA further provides what it calls a “Market-Based System to…Protect U.S. Property.”  H.R. 3261 at § 103.  This “market-based system” is a private mechanism by which an IP holder can pressure payment network providers and Internet advertising services to cease all transactions with “sites dedicated to theft of U.S. property.” See id.

This private remedy does not use the “foreign infringing sites” terminology from the public mechanism. Id. at § 102(a). Here the ultimate infringers are described as sites “dedicated to theft of U.S. property.” Id. at § 103.  The statutory definition goes beyond what the label colloquially suggests. For example, a site may be branded as “dedicated to theft of U.S. property” if it simply “is taking, or has taken, deliberate actions to avoid confirming a high probability” of the use of the site for copyright infringement. Id. at § 103(a)(ii).
An American copyright holder can therefore approach a payment processor or advertising network and demand that it do whatever is technically feasible and reasonable to prevent sites it deems “dedicated to theft of U.S. property.”  Id. at § 103.  Unlike in the public remedy, the copyright holder can only seek to cut off payments from payment providers and advertisers. Id.

The threshold for a private corporation giving such a notice is presumably lower than the court order standard in the public remedy.  As such, this is arguably SOPA’s most powerful element and one positioned to be applied in a particularly overbroad way.  Under the Digital Millennium Copyright Act of 1998, which has an analogous private system of notice-and-takedown, there are countless well-intentioned actors, yet some rightsholders have nonetheless overreached (both intentionally and unintentionally). Under SOPA, payment and advertising companies will have a tremendous incentive to cooperate with a stream of private requests for reasons such as the inconvenience of or inability to evaluate the rightsholder’s claims.  Unlike the public remedy, the private remedy allows the alleged infringer to provide counter notification to the third party,³ after which the third party can presumably decide whether or not to comply.  H.R. 3261 at § 103(b)(5).

It is important to note that SOPA provides a cause of action, including attorney’s fees, for parties damaged by a knowing, material misrepresentation made in conjunction with the private enforcement mechanisms’ notice and counter-notice provision.  Still, the third party must comply within five calendar days from the initial notice.  Id. at § 103(b).  The turnaround time, taking into account legal advice and the alleged infringer’s counter-notice, is extremely tight. Any intellectual property counsel can attest that those limits will be difficult to navigate, especially without exempting holidays and weekends, which turn out to be when such notices are often sent.

As with the public remedy, the payment and advertising companies are immune from liability if they cut off funding to a site or entity in accordance with SOPA.  Should a payment or advertising company not comply, the rightsholder may then seek injunctive relief against the non-complying third party.  H.R. 3261, 112th Cong. § 103(c) (2011).

Issues Common to Both Public and Private Remedies

Industry lobbyists and other supporters argue that SOPA is designed specifically to combat “foreign rogue sites.”  The image they draw is of brazenly obviously illegal sharing and downloading, such as the Pirate Bay and its brethren.  Yet “foreign infringing sites” and sites “dedicated to the theft of U.S. property” could include almost any website registered outside of the United States that allows user-generated content.  Requiring American third parties to take all “technically feasible and reasonable” efforts to block such sites, prospectively in some cases, is equally vague.  If this legislation were only aimed at the Pirate Bays of the world, the language could and would be much tighter. In many instances, statutory language is vague for a reason: to afford maximum leverage by one party intent on invoking a law over whoever is subject to the law.

Immunity for Voluntary Action

Even without instigation by the Attorney General or rightsholders, alleged infringers may find their sites blocked and their funding cut off without any sort of due process.  SOPA grants payment providers, Internet search engines, advertising services, service providers, and domain name registries immunity from suit for voluntarily acting in a manner consistent with the public and private mechanisms against a site that they “reasonably believe” is a foreign infringing site or dedicated to the theft of US property.  H.R. 3261 at § 104.  Even with no copyright holder notifying them that their rights are being violated, all of these actors can take down or stop serving revenue to sites, as long as they are consistent with terms of use.  Id.

Likewise, payment providers, Internet search engines, advertising services, service providers, and domain name registries are also not liable for taking action against sites they believe are “endangering public health.”  Id. at § 105.

2. “Notorious foreign infringers” and U.S. investors ((H.R. 3261, 112th Cong. § 107 (2011).)

The U.S. IP Enforcement Coordinator, along with various agency heads, will identify “notorious foreign infringers” who are causing “significant harm to holders of IP rights in the US”, soliciting suggestions from the public and rights holders.  Id. at § 107(a)(1).  This information will be made into a report to Congress, which will examine and analyze various methods of combating IP rights violations, including and up to prohibiting such sites from raising capital in the United States.  Id. at § 107(b)(5).  While SOPA does not directly prohibit such investment, the spectre of such a ban may lead to a chill in investor confidence in countless internet startups, even those that may only distantly be thought of as enabling copyright infringement, such as social networks or content creation platforms.

3. Amendments to existing criminal copyright laws

Criminal penalties for streaming. (H.R. 3261, 112th Cong. § 201 (2011).).

While most of SOPA’s IP treatment revolves around the third-party-based enforcement mechanisms outlined above, the Act also does refine a number of existing IP laws.  Most notable among the many changes, SOPA calls for the criminalization of public performance copyright infringement.  H.R. 3261 at § 201.  This provision is specifically targeted at digital streaming and provides criminal penalties for streaming copyrighted material with ten or more views and a retail value of $2,500.  Id. at § 201(b).  This sweeping and vague change could categorize millions of Americans as criminals.  Prosecutorial discretion thus determines whether these long prison terms are applied fairly.  The colorful advocacy at http://freebieber.org/ is, at its core, pointing out the implications of this inexplicably broad provision: the videos that teenage Justin Bieber posted of himself singing songs by his favorite artists do indeed appear to qualify as felonies under the Act.  This is a particular irony, since those videos launched Bieber’s career as a musician – exactly the people the Act is intended to protect.

Additional criminal penalties (H.R. 3261, 112th Cong. § 202-203 (2011).).

SOPA amends 18 U.S.C. §  2320 to add the importation, export, or participation in the manufacture of counterfeit drugs to the list of criminal activities.  Id. at § 202(1)(a)(iii).  It also increases the penalties for the production or distribution of counterfeit products that result in serious bodily harms from twenty years to life in prison.  Id. at § 202(2)(a).  SOPA further increases the penalties for manufacturing or distributing counterfeit goods to the military (or in a way that may harm national security).  Id. at § 202(3).

SOPA also amends 18 U.S.C. § 1831(a) to increase penalties for individuals or organizations committing economic espionage.  Id. at § 203.

4. Protecting IP rights abroad

In what would potentially be a significant increase in the United States diplomatic corps and its activities, SOPA requires the Secretary of State and of Commerce to ensure diplomatic missions or embassies have “adequate resources” to pursue “aggressive support of enforcement action against violations of intellectual property.”  H.R. 3261 at § 205.  It would further require the diplomatic corps to make best efforts to see that foreign countries honor existing intellectual property treaties.  Id. at § 205(a)(2).
Under SOPA, special intellectual property attachés hired by the Director of the Patent and Trademark Office will work from within embassies or diplomatic missions to advance United States intellectual property policy goals in general and specifically to reduce intellectual property infringement.  Id. at § 205(b).

Conclusion

Others have weighed in on why SOPA makes for poor public policy and is an ill-considered technical intervention.  In this paper we’ve hewed closely to simply reviewing it as legal doctrine.  On those terms, its vague language and undue granting of law-like powers to private parties without sufficient public protections make it worthy of a firm “no” vote. SOPA is both overly strong and overly broad; overly strong in the collection of remedies provided, and overly broad for the problems it is attempting to take on.

Jonathan Zittrain is a member of the boards of the Electronic Frontier Foundation and the Internet Society.  Both organizations have weighed in on this bill. However, the opinions expressed above are his (and our) own.

Notes:
1 “As used in subsection (a), the term “service provider” means an entity offering the transmission, routing, or providing of connections for digital online communications, between or among points specified by a user, of material of the user’s choosing, without modification to the content of the material as sent or received.” 17 U.S.C. § 512(k).

2 The United States may have already crossed that threshold with our government’s actions regarding Wikileaks.

3 As with the DMCA, counter-notice requires the alleged infringer to consent to U.S. jurisdiction in the matter.