SOPA and PIPA. In Spanish, one is the word for soup. The other means pipe (or refers to sunflower seeds). Pretty tame stuff. Combine them together, and you have sunflower seed soup served in a pipe.
In English, though, they’re the reason why a good portion of the Internet has blacked out today in protest. SOPA is an abbreviation for “Stop Online Piracy Act” and PIPA stands for “Protect IP Act,” with the IP referring to “intellectual property.”
As the names imply, both of these bills have the purported goal of stopping online piracy. This, though, is not why the bills are being protested. After all, most people, including myself, are in agreement that piracy is a problem and something must be done about it, be it the illegal sale of movies or the illegal manufacture of pharmaceutical drugs. (The Motion Picture Association of America supports the bills as does Pfizer. Politicol News provides a list of the bills’ supporters.)
You have your detractors, but it’s my opinion that most people support copyright holders’ rights.
SOPA and PIPA, though, are not the way to go, at least not in its current state. These bills are so badly legislated that its effects go beyond copyright and piracy issues. It’s already been noted the chilling effects SOPA and PIPA would have on free speech, on due process, and even on international law.
In fact, the blackout has attracted so much attention and media coverage that I don’t feel that I could add to the general subject.
Instead, let me illustrate how the two bills could affect a company such as AlertBoot, a managed encryption services company that is growing as an SMB and that still retains its entrepreneurial spirit.
Freezing Out Entrepreneurship
As a cloud-based encryption software provider, it’s hard to believe that AlertBoot would ever fall under the auspices of SOPA and PIPA. After all, we don’t provide content. And we don’t link to content. We protect it.
As a cloud-based data security solution company, we are also working on offering other services that complement encryption: secure on-line backups — because, let’s face it, backups are an integral part of good data security practices — and secure document sharing and collaboration, which is one way of ensuring that sensitive data do not fall into the wrong hands.
These up-and-coming offerings are, as I mentioned already, complementary to what we already do. They’re also an outgrowth of what we already do. Had our business not revolved around using the cloud to deploy disk encryption software for laptops, desktops, external drives, etc., there’s a good chance we wouldn’t be exploring and building out services in this space.
What does this have to do with SOPA and PIPA? Well, for one, as a data security company, we know the value of encryption, and apply it liberally to everything we do.
We also know that a big, if not the big, reason why a client would choose to migrate to the cloud is linked to privacy: as the service provider, we’ve got to guarantee that no one, including us, can access our clients’ data without their authorization. You could say we learned from the Dropbox controversy.
So, we encrypt everything to ensure that only authorized people can access the content in the cloud. This runs counter to SOPA and PIPA because, if the bill is passed, AlertBoot will need to police the content of our customers. And yet, we are locked out by design.
I guess one way around it is not to start the project to begin with.
Leading to a Less Secure Environment
The other solution to this legal conundrum, then, lies in not locking ourselves out. Creating a backdoor of some sort, if you will. Problems abound with such an approach.
First, what company would store its sensitive data with another that, by law, has to police the former’s information? Patrolling the clouds for copyrighted content means reading through each and every file. A company like salesforce.com — an online customer relationship management software provider — couldn’t possibly exist in its current state with SOPA and PIPA. In fact, I doubt such a company could have possibly launched to begin with: the content of customer databases are jealously guarded secrets. The mere hint that some outsider will go through one’s database would be enough to kill the project.
Google’s free email service stands, perhaps, as the antithesis to my argument above. After all, ads are displayed based on the content of the email you have received (in Google Apps for Business, the default setting for ads is to not serve them. This doesn’t mean there isn’t an engine running the background analyzing content, though), and many businesses have elected to sign up despite the implications of content monitoring.
But, many in the same position have decided not to use it due to the same implication. Plus, Google has to continuously assure its clients that no human ever reads the content of emails. My understanding is that, for as far as user privacy is concerned, there is no monitoring going on. Google wouldn’t be able to make such a claim if the current SOPA and PIPA bills pass as they are. I wouldn’t be surprised if there was an exodus, planned or instant, from Google Apps for Business if the bills were to pass.
Second, the problem with a backdoor is that the same backdoor that allows us to gain access to clients’ content has the potential to become the vector for a data breach. As the passing year has shown, the last thing you want in your web presence is a weakness that hackers can exploit, be it those with financial misappropriation in mind or part of an online activist collective.
There were incidents like Sony’s data breach, where the weakness was traced to fixes and patches that had been available for a while, meaning Sony was in the wrong, even if it was the victim. But there were also incidents where non-script kiddie hacking skills were required, such as the HB Gary breach, where traditional hacking and social engineering were the foundation of the successful data breach.
A backdoor is a very serious, potential risk no matter form it takes. It’s one of the reasons why the US government was finally dissuaded from passing a law requiring crypto vendors to install backdoors into their algorithms: there was no way of knowing who would eventually exploit it. (The issue pops up during times of imminent danger, but so far, sanity has prevailed).
While SOPA and PIPA are not directly advocating a less secure computing environment, its language forces the industry to take a road towards either a less dynamic, vibrant environment or one that is inherently hazardous. This, in an era where people are clamoring for a safer computing environment.
Ripe for Abuse
Of course, such arguments are countered with the usual “legitimate sites and business need not fear. The bills target those that are actively profiting from piracy.” If that’s true, why not make it clear under the law? Why have it written so broadly that it’s raising all this ruckus? And, what makes you a legitimate business?
Such palliative assertions are cold comfort for those who fall victim to the underbelly of legislation and political machinations. And, you can expect machinations. After all, companies abusing and bending the law for its own private goals is not news.
Heck, forget about bending the law; sometimes you they’re the law unto themselves. Here’s a case where Universal Music Group claims that they can take down whatever content they want from YouTube, even if it’s not theirs.
Or, take as an example the link I provided earlier, about the UK student who is being extradited to the US. His offense? Creating a page that linked to pirated material (and profiting from visitors to his page on their way to some other site). I’m not about to debate the merits of the case. It’s quite obvious that the student in question has a, ahem, wild streak.
I’d like to merely point out that there are many companies that essentially do the same thing and potentially link to the same sites, but their content coverage is broader that pirated content. Yes, I’m talking about search engines, the Googles, Bings, and Yahoo!s of the world. How come they’re allowed to continue with business as usual while some guy is arrested? Is it because the kid didn’t have his papers in order, because he hadn’t registered himself as a legitimate business owner?
The fact that all of his links lead to pirated content is irrelevant. Currently, that’s not a crime. Under SOPA and PIPA, it will be. One could say that he was rubbing it in the copyright holders’ noses. That’s not a crime, either.
In fact, I’d say that he was doing some nose-rubbing and showing copyright holders where they could find the people who were hosting pirated material. From this point of view, the kid should have been thanked for consolidating a list of sites for content owners to go after.
Obviously, SOPA and PIPA were not behind the student’s arrest. These are bills, after all. But, the above stories are evidence of how broadly written laws can be abused. And there are many such stories.
AlertBoot: Against SOPA and PIPA
SOPA and PIPA place an inordinate amount of power in the hands of a minority that have shown less-than-admirable qualities from time to time, the issue of who’s in the right notwithstanding.
While laws targeting piracy are needed, the current bills are — in our view — not the answer. Allowing SOPA and PIPA to become law as-is will be a Pyrrhic victory of sorts, unable to stem the tide of piracy while dragging down budding and growing industries along with it.
AlertBoot is against SOPA and PIPA.
If you’re in agreement, visit this page and let your voice be heard.