The widespread internet blackout yesterday in protest at unbalanced legislation being rushed through the US Congress was dramatic and notable. I did have some questions though on why it was important to the open source community. The way the laws have been framed by their proponents makes them look as if they are all about file sharing and specifically music and video sharing. However, the problem with them is they create badly-bounded new powers that are likely to exploited in ways that fall outside the frame.
The SOPA and PIPA draft legislation that sparked the protest has plenty of other criticisms levelled against it, but I believe the threat to open source projects arises from a slightly different angle. I've previously asserted that you can spot bad legislation when it targets technology instead of the people using it. The US Digital Millennium Copyright Act helps illustrate the problem.
When the DMCA was discussed, it was claimed by the legislators who wrote it that it would be used against copyright counterfeiting. Despite this, the DMCA provides a tool for the chilling of free speech and creative activity that has nothing to do with copyright counterfeiting. Extensive evidence has been collected at the Chilling Effects Clearinghouse that DMCA processes are frequently abused.
In some cases (such as the many incidents of automated take-down notices being sent to YouTube users who post videos whose descriptions sound as if they are commercial files), the problem is that the cost of abusing the DMCA is low so it's economic to shoot first and answer questions later. In other cases, the problem is deeper, such as in the case of Universal Music using a DMCA takedown to limit reporting of a case critical of them.
In an even more extreme example of abuse, when an after-market supplier tried to make compatible toner cartridges for Lexmark printers, Lexmark tried to use the DMCA to prevent them competing. In this case, the victim was sufficiently well resourced to appeal, but the very fact Lexmark was able to use the DMCA to mount an attack showed that the concerns about the scope of its drafting at the time it was passed were well founded.
Yet in the context of SOPA and PIPA, the DMCA is viewed as a fondly-remembered exemplar. SOPA and PIPA use a powerful tool exploited by the DMCA in a new way. The DMCA offered "safe harbor" - that is to say, it allowed third parties like ISPs and hosting companies to gain protection from potential DMCA prosecution by acting voluntarily on complaints. A recent TED Talk by Clay Shirky provides an excellent and accessible explanation of why "safe harbor" leads to chilling effect. The new legislation does something similar, but takes it much further, allowing a complaint to trigger a cascade of pre-emptive measures against its target.
Protected from liability, these third parties are likely to take coarse measures to suspend the targets of complaints summarily, leaving them to prove their innocence later. The cascade of consequences goes far beyond the content in question, taking in host, DNS, financing through payment sites and credit cards, and in fact anything that a complaint can creatively assert is material to the case.
This has obvious issues. Robert H Tiller, the executive responsible for IP at Red Hat, told me "Internet freedom is part of the foundation of the open source movement, and it continues to be critical to the success of open source. The threat of overbroad liability for Internet activity is likely to chill the collaboration that is necessary for successful projects, and that's a good reason to oppose the legislation. In addition, I think that free (meaning without risk of legal liability) communication is a deeply ingrained value in the open source community, and ill-conceived limitations on such freedom are ones that the community cannot accept."
I'd go further than Tiller. I fully expect open source communities to be the targets of complaints they are violating the rights of proprietary companies at times when they are vulnerable. The lack of consequences for abusing the legislation means that such complaints will be easier to make and harder to fix. The only way to avoid them would be to avoid all US-based resources; almost impossible given the tangled mesh of dependencies in the Internet era.
This is why I was pleased for OSI to stand against SOPA and PIPA. I believe both draft bills are deeply flawed in the way they create over-powerful tools that can be freely abused in anti-competitive ways. Like Senator Ron Wyden, I believe we have to keep on expressing our expert opposition to the bad thinking in these bills. I hope the inevitable law that gets created in their place will be much, much better and will be crafted in conjunction with experts from the open source communities.