Get on your SOPA box

Jan. 18, 2012
Why online piracy should be important to corporate & IT security departments

Protecting intellectual property isn't a new concept for security executives; in fact, it has been one of their major marching orders for decades. So, to the corporate physical and IT security teams in the United States, the Stop Online Piracy Act (SOPA) and the Protect IP Act (PIPA) aren't such a bad thing.

Just as the security director for Calloway Golf Clubs, for example, is obsessed with keeping Chinese-made knockoffs out of the marketplace; so too is the security director for the National Basketball Association (NBA) obsessed with keeping foreign websites from streaming every hoops game for free on the Internet.

The problem many website operators and sensible Americans have with the online piracy legislation is the fact that Congress is trying to use a broad sword for enforcement instead of a precision scalpel. Opponents argue that the bills will give content and IP owners too much power to go after websites they decide are infringing on their rights. Though the bills are ostensibly targeted only at foreign websites, critics contend that legitimate U.S. websites will inevitably be forced to undertake costly and impractical monitoring of their sites to ensure compliance with SOPA and PIPA -- which is also an issue for the cybersecurity professionals in our industry.

Thus, major websites like Wikipedia have been blacked out today in protest of these bills. Google has done everything it can -- pull up Google's homepage today and you will see a big black censorship bar over their logo -- to call attention to the bills and rally support against them.

The originally proposed bill would allow the U.S. Department of Justice, as well as copyright holders, to seek court orders against websites accused of enabling or facilitating copyright infringement. Depending on who makes the request, the court order could include barring online advertising networks and payment facilitators from doing business with the allegedly infringing website, barring search engines from linking to such sites, and requiring Internet service providers to block access to such sites. The bill would make unauthorized streaming of copyrighted content a crime, with a maximum penalty of five years in prison for ten such infringements within six months.

"These new laws would give the US government and private business incredible censorship powers that would have effects globally, damage the Internet's security and discourage innovation and investment worldwide," Mozilla -- one of the many blacked out websites on Wednesday -- claimed in a statement.

Imagine what that legislation would do to a website like -- truly a bastion of copyright infringement. It would effectively shut it down. And let's face it, many of us regularly visit these websites that are illegally providing intellectual content -- from NFL games, to full-length motion pictures, to the latest Lady Gaga songs (hence the outcry from Joe Public). It's obviously a huge issue for those of you tasked with protecting intellectual property.

One analysis by the Institute for Policy Innovation ( concludes that global music piracy causes $12.5 billion of economic losses every year, 71,060 U.S. jobs lost, a loss of $2.7 billion in workers' earnings, and a loss of $422 million in tax revenues, $291 million in personal income tax and $131 million in lost corporate income and production taxes.

Obviously, it's a major problem; however, there must be a way to shut down those who thumb their noses at U.S. piracy laws while preserving the openness of the Internet. Again...the scalpel instead of the broadsword.

A recent statement signed by Office of Management and Budget IP Enforcement Coordinator Victoria Espinel, U.S. Chief Technology Officer Aneesh Chopra, and National Security Staff Cybersecurity Coordinator Howard Schmidt addressed this issue:

"While we believe that online piracy by foreign websites is a serious problem that requires a serious legislative response, we will not support legislation that reduces freedom of expression, increases cybersecurity risk, or undermines the dynamic, innovative global Internet," the statement reads.

"This is not just a matter for legislation. We expect and encourage all private parties, including both content creators and Internet platform providers working together, to adopt voluntary measures and best practices to reduce online piracy."

The lesson here is that the private sector -- namely, the IT security industry -- needs to step up and provide a more harmonious way to get this done. Because when you leave the job of protecting intellectual property in the hands of Congress or the government, you get protests, blackouts, outcry and a general feeling of opposition to an idea that should be embraced.

Editor's Note: To learn more about the technical details of how SOPA and PIPA will affect general Internet security, check out the white paper, Security and Other Technical Concerns Raised by the DNS Filtering Requirements in the PROTECT IP Bill, located at: