Silicon Shecky

Infosec Practitioner

Connect

SOPA/PIPA: What Happens Now?

By Leave a Comment

This week there was protesting going on about SOPA and PIPA. The real question is, what happens now?

Congressmen are removing their support. the people who introduced the bills are removing the DNS blocking provisions. What more needs to happen is the question that they will ask.

First, lets start with this, a politicians promise is like a prostitute’s kiss. It is slimy and is not something you can believe. The fact that non of the congressmen who have backpedaled have given any clue as to what they now find objectionable outside of their constituents not liking the bill, is a worrisome sign. One that shows that they don’t really want to back off, and they are putting on a face until the fervor dies down. This is why we need to press the advantage right now to get these bills changed.

Karl W. Palachuk rightly claims in a Facebook post that 99% of the people who signed the petitions don’t know much about the bill. He though, like a lot of the people for the bills, try to make it about infringing versus not infringing. That is not the real problem. People like him who say that not supporting SOPA/PIPA is akin to being a pirate yourself are short sighted and wrong. The real issues are Cybersecurity, letting the foxes (RIAA/MPAA) guard the hen house, and no oversight. The Censorship angel is being used as a way to disguise these other issues that have been brought up.

For instance, there is a provision in SOPA that “bars the distribution of tools and services designed to get around such blacklists.” This is dangerous because sites such as Tor, which is used by people in places such as China and Iran to get around their firewalls, could create problems for VPNs, which could be used by people who work for multinational companies to get around the blacklists, and encryption which would prevent people from seeing what you are requesting on the net. Heck, to bypass some of the blocking/filtering, you could just modify your hosts file. Does that make every operating system illegal under SOPA?

Also think about this. The punishments in SOPA do not fit the crimes. Overbearing on the fines front, making these crimes a felony and setting jail times longer than those who beat up their wives or kids is just not right.

Now to further the argument, there is the Megaupload takedown which happened yesterday. this 2 year investigation with international cooperation sets a standard for taking down sites that are helping pirate stuff knowingly. Yes they have servers on American soil, but they are a multinational company, and Kim Dotcom was arrested in New Zealand. That right there shows that the DCMA combined with current law can take down pirates.

Yes Piracy is a problem. Then again its always been a problem. Should we shut down libraries because people might not (and do not) return books thereby getting them for free. Heck they read them for free through the library. You can get movies, music all of it for free from a library. Why not shut them down? The point being that no matter what, there will be it. I have yet to see confirmable numbers on what it actually is doing to the entertainment industry, but with the amounts of money the execs get pain in bonuses, it really can’t be hurting them too much.

You can go to sites like ArsTechnica.com and find a wealth of information about SOPA and PIPA, what they could do with the laws, extreme examples such as I have posted, and more. There is a wealth of good information out there, and people do need to actually take time to make educated decisions about these sorts of laws.

Finally, think about this. How often do the worst case scenarios come true? Look to the past, see what controversial laws have been enacted without oversight, and how they have been abused over the years. See what groups like the RIAA and MPAA have done in playing the role of Chicken Little (Cassette Tapes, VCRs etc..) over the years, and how they have been proven wrong. We have to decide at some point our own future and not let it get silently dictated to us by a bunch of corporate goons.

We Hear But Do Not Listen

By Leave a Comment

People don’t listen. I recently did a little test on my personal Facebook account. I posted a quote from a Republican candidate, said how the quote sounded like Pre-WWII Nazi propaganda and waited. I was not disappointed as people pointed to only part of the statement.

It was an interesting experiment that confirmed what I feared. Most people see and hear only what they want to, and are blind to the rest.  So what does this have to do with the world of IT? Plenty. think about when you deal with a customer/client/user. Do you only hear party of what they are saying,or do you hear the whole thing? Is the client only hearing certain things you are saying? Where is the disconnect and how can one get past it?

Now this disconnect is shown in all its glory with SOPA and PIPA. Congress is listening to the entertainment industry. the refuse to hear what the tech industry has to say. It is a sham that could make us more unsecure. The techniques of domain blocking they are talking about are not only used by oppressive regimes to control what their citizens can see on the Internet, but is used by the very same people that they are trying to stop.

Think about this, you get an e-mail from what looks like a legitimate source, and get sent to a good forgery of the website. The link showed the right address, until you really dig into it. Next thing you know, you have become a victim of identity theft. This is the sort of misdirection that SOPA and PIPA use. Redirecting and falsifying the DNS records. This is what DNS-Sec, which has been years in the making, is supposed to curb or stop.

The RIAA and MPAA, who are so knowledgeable and innovative in the tech world that they are still trying to avoid it, swear that these laws won’t harm security and won’t damage DNS-Sec. Yet the experts who have been DENIED a chance to talk to the committees about the technical issues, are saying the exact opposite. Congress still won’t listen.

Don’t get me wrong, as much as I don’t like the RIAA and MPAA for overextending copyrights so that they don’t have to innovate, they have a right to want help in controlling piracy of their work. To me its not for the Artists who make millions of dollars, but for the lowly engineers, the secretaries, the people who make normal wages and want to keep their jobs. Yes piracy is not as big as it once was, and as more and easier legitimate means come to get entertainment, it goes down. Also, you will never be able to completely stop it. The pirates always find a way around things.

In a world where Identity Theft is a larger problem than Piracy, where something such as DNS-Sec and other security measures that are impacted or killed by bills such as SOPA and PIPA, what is the right solution. SOPA and PIPA definitely are not.  Feel free to e-mail this to your congressmen and senators, for them hearing from us, the people who employ them, is the only way to truly stop it.