For the past few decades, the entertainment industry has been pushing for the ability to control what websites Americans can access online. Those of you who were around in 2012 may remember SOPA/PIPA – a disastrous attempt to enlist the entire online ecosystem, from payment processors to ISPs, to choke off pirate websites – that failed only after massive grassroots pushback. But the same players are back, hot off a wave of site-blocking experiments in Europe, and ready to try again.
A note up top: We’ve been following this for a while. Most of these discussions have taken place behind closed doors; the only publicly available text is a bill introduced by Representative Zoe Lofgren earlier this year. There are, however, at least two other draft bill proposals in the discussion, both from Republican offices. Here’s what we’re worried about, what we’ve seen, and what we’re trying to stop.
Site blocking 101: How is this supposed to work, anyway?
Rightsholders’ reasoning is pretty straightforward: Most sites that provide unauthorized content are located overseas, which makes it difficult-to-impossible to drag the operators into a U.S. court. The next best thing to shutting those websites down at the source is conscripting someone who is subject to U.S. court jurisdiction to block traffic to and from the offending websites. SOPA/PIPA took a shotgun approach, creating liability for everyone from broadband providers to payment processors to ad services if they failed to choke off disfavored websites. This time, the discussion is a bit narrower, focusing almost exclusively on DNS resolvers.
If you’re unfamiliar with DNS resolvers, never fear. There are plenty of detailed write-ups out there, but all you need to know is that DNS acts as a kind of telephone book for the internet, translating URLs (useful to humans) into IP addresses (useful to computers). Site blocking at this level would involve forcing DNS resolvers to de-list the targeted URL, and prevent the return of IP addresses or other information that the network needs to route the traffic.
This can create some problems.
Technical Problems: It’s Infrastructure, Stupid
Broadly speaking, DNS resolvers fall into two categories: internet service providers, and everyone else, referred to as “alt” (or global) DNS resolvers.
The overwhelming majority of DNS resolution – authoritative estimates place it at over 90% – is handled by broadband ISPs. When a broadband provider sets up service at your home or office, it selects itself as the default DNS resolver. It’s an easy setting to change, but most people never bother. This “sticky default” means that for most users, their broadband company is the one resolving and routing their traffic.
The remaining 9% or so of DNS resolution is done by “alt-DNS” providers, which sit on the web and aren’t tied to a geographic footprint. Google’s DNS lookup (famously at IP address 8.8.8.8) and Cloudflare (1.1.1.1) are two of the biggest providers, but they’re not the only ones; major tech companies like Cisco, Qualcomm, and Huawei provide DNS resolution services, as do smaller groups like OpenDNS and Quad9. There are plenty of reasons people might prefer alt DNS resolvers, including security, parental controls, and speed at routing certain kinds of traffic.
The problems with ISPs and DNS blocking
For one thing, internet service providers should not be policing the behavior of their users, and – as the Trump administration acknowledges – definitely should not be copyright cops. Second, if you’re an ISP – particularly a small, rural, or Tribal service without teams of lawyers or engineers on call – editing your DNS resolver on the fly is no small matter. These are the same broadband providers currently fighting for their livelihoods as broadband deployment funds are drying up; they simply have other things to worry about.
Some proposals have tried to ease the burden by exempting any ISP that serves less than 1% of the U.S. broadband market. Out of thousands of providers, only 30 serve more than 1% of the population; and only 10 serve more than 5%. That’s a start, but it’s still a big burden on those in the 1-5% bracket, who are pushing to connect more and more Americans in low-income and rural areas. Unlike the old Communications Assistance to Law Enforcement Act (CALEA), which made some attempt to reimburse providers for the cost of making sure law enforcement can still tap your phone line or internet connection, proponents of site blocking expect the providers to largely eat the cost. That means increasing the cost of broadband that too many already can’t afford.
The problem with Alt-DNS blocking
Alt-DNS resolvers run one global DNS registry. This means that when they de-list something, they cannot, as a rule, limit the geographic reach of a block they impose through their DNS service. If a blocking order is issued in the United States, it doesn’t just apply in the U.S.; it applies globally. Alt-DNS resolvers are understandably hesitant to take this step because of their global user base, and the tension has caused significant problems in Europe, where many DNS services (including big names such as Cisco and Qualcomm) have opted to pull out of the market entirely rather than comply with blocking mandates. The notable exception to this is Google, which spent considerable money and engineering time building up its own proprietary technology to try and cabin where blocks apply. Google has made it abundantly clear that, given the cost to develop it, this is not a technology other companies can easily replicate, and Google is not interested in sharing.
Also, because alt-DNS resolvers are opt-in systems, their users tend to be more tech savvy than the average consumer. This presents a somewhat predictable problem; if you know how to use an alt-DNS server to begin with, you likely already know how to change that server (or use a VPN, or virtual private network) to evade a block. Research bears this out: A study by French industry research group IFOP, in collaboration with the French anti-piracy agency ARCOM, found that when alt-DNS users attempted to access a site but were met with a block notice, only 2% of them actually gave up. The other 98% simply turned to other methods, such as VPNs. If this seems extreme on its face, remember that these figures are coming from the French cultural ministry, one of the most pro-rightsholder institutions in the world, and therefore a huge supporter of site blocking. Even the most diehard pro-content organization cannot sugarcoat the reality that alt-DNS blocking Does. Not. Work.
Including alt-DNS services tends to create massive problems wherever it’s tried. As detailed in a recent study by the Internet Infrastructure Coalition, France, Spain, Germany, and Italy have all pushed blocking orders against alt-DNS resolvers. The results have bordered on farce. Italy’s “Piracy Shield” has blacked out everything from Cloudflare’s entire CDN network to the whole Google Drive productivity suite. Spain blocked the entirety of Cloudflare’s networks, denied it ever happened, and then did it again.
So, to recap: including alt-DNS resolvers creates massive overblocking risks, strains infrastructure, and captures – at most – a negligible volume of traffic. Yet in all the proposals we’ve seen, alt-DNS services are explicitly included as subjects for blocking orders. Why?
Partly it’s a power grab by content producers, who have explicitly stated that they do not care what the cost is or who’s footing it, so long as they have their rights even marginally more protected. The other reason, though, is speed; the push is coming from the House Judiciary Committee, which handles intellectual property issues. Broadband and internet access, on the other hand, is the purview of the Energy and Commerce Committee (in the U.S. House) and the Commerce, Science, and Technology Committee (in the U.S. Senate). Including alt-DNS resolvers makes the bill more “technology neutral,” and arguably keeps it outside of E&C’s reach. Why do they want that? Sending a bill through multiple committees of jurisdiction may produce better, more balanced legislation, but it also prolongs the process. Right now, the content industries want to get this done fast, at the expense of good policy.
Abuse and censorship risks
Assume, for a moment, that the frameworks proposed actually worked. Even in that scenario, the ability to block anyone in the United States from viewing a certain webpage is an authoritarian’s fever dream. Like every system that allows private actors to control what others can see or hear, it’s a question of when – not if – this power will be used for something other than its intended purpose. To illustrate, it helps to game out a hypothetical scenario.
A whistleblower website launches. The website features leaked contracts, emails, and other files that expose fraud, corruption, and improper coordination with authorities. The activists behind the site choose to publish it anonymously to preserve their safety and protect themselves from retaliation. The exposed parties, upon discovery of the website, immediately request a court order blocking access to it.
Supporters, of course, dismiss these concerns as speculation. But we know from long experience that parties will cheerfully use the notice-and-takedown provision of the Digital Copyright Millennium Copyright to suppress speech they do not like. Given a more powerful tool to suppress critical speech, why on Earth wouldn’t parties abuse it in the same way?
What makes a website foreign? Supporters of site-blocking argue that site-blocking is a last resort against sites located outside of the United States and therefore unreachable by a standard copyright injunction. But how do you determine a “foreign” website from a domestic one? In every proposal, a website is treated as foreign if rightsholders, after a “reasonably diligent” search of public information, cannot determine that its operators are based in the United States. Any anonymously operated website is treated as a foreign actor.
What makes a site “piratical”? All proposals use some variation on the same test; if the site is “primarily designed or primarily provided for purpose of infringing copyright,” “has no commercially significant purpose other than infringing copyright,” or (in some instances) “is intentionally marketed by or at the direction of the operator to promote use in infringement of copyright,” it is considered a pirate site. Because contracts and communications are protected by copyright, any publication of documents without authorization constitutes infringement. A whistleblower site would thus be subject to a blocking order.
Who could object? The website operator could unmask themselves and come forward, but that’s unlikely. The judge could, if she was otherwise aware of the website, deny the blocking order. But the judge is under no obligation to verify (or even investigate) any claims made in the petition, and is expected to take the petition at face value.
The only other entities that could object to an obvious misuse of the blocking system would be those entities tasked with enforcing it – ISPs and DNS resolvers. However, services have interests separate from those of their users, and have no desire to be caught in the middle of a politically sensitive issue like moderating controversial content. It’s easier for those services to just take it down without considering the internet user’s side.
One consistent theme among all the proposals that have been put forward is that the public has no role in these proceedings. An occasional nod has been made toward allowing private parties to flag for the court that they have accidentally swept in sites other than the ones targeted, but this does nothing to protect against misuse.
What’s the penalty for bad faith misuse? None. The farthest any proposal has gone has been to subject bad faith actors to potentially being charged with perjury, which any practicing lawyer will tell you is something that the Department of Justice simply doesn’t bother doing (unless you’ve pissed them off for other reasons).
Can this kind of abuse really happen here? It might seem unlikely… until you consider that Canada’s site-blocking regime was used to shut down access to a website that called for a boycott of a popular book chain because of its CEO’s stance on the war in Gaza. So the answer is: YES, it can happen here.
What do we need?
Glad you asked. We need policymakers to avoid, or oppose, site blocking bills that create these specific harms:
First, the U.S. cannot be the arbiter of internet access for the entire world. Global blocks are a red line; you cannot sincerely complain about nationwide injunctions while promoting a system of global injunctions. When the absolute best scenario is “resolvers pull out of the market or allow themselves to be bought out by Google in order to comply with the law without global blocks,” you’ve gone very, very wrong.
Second, internet service providers are not copyright cops. Merely providing internet service (or DNS lookup) does not, under any stretch of logic, “facilitate infringement.” (We’re hopeful that the Supreme Court will finally clarify this point in an upcoming case, but until then, it bears repeating anyway.)
Third, there need to be meaningful penalties and deterrence against misuse. Any system this powerful needs to have proportionally devastating consequences for abusers to discourage censorship. “Possibly getting dinged on a perjury charge if the Justice Department feels like it” isn’t enough; significant fines, requiring petitioners to post meaningful bond, or other measures need to be included to keep the process honest. Legitimate litigants are not small, fly-by-night actors; if they want to play, they need to be able to put skin in the game.
- Fourth, the public needs to have a way to stop abusive orders before they’re issued. Right now, the only way to get a site out from under an order is for the operators to unmask themselves and show up in court. This is, for obvious reasons, not a viable solution for operators who wish to remain anonymous in the face of a bad faith attack.
Although we’ve been advocating tirelessly for these improvements, we have very little hope that any of them will be incorporated.
Now is not the time to introduce a new, abuse-prone tool that can be used to silence reporting and limit what users see online. Congress needs to focus on the numerous real crises that Americans face – not create a tool that can easily be used to censor and silence those who disagree with the powerful.