My Love/Hate Relationship with SOPA

I am of two minds regarding the Stop Online Privacy Act (SOPA), currently winding its way through the U.S. Congress. I passionately love SOPA and hate it just as much, both at the same time.

 I've been researching the technical issues and have concluded that Congress has been led down the road to Hell by the bill's proponents. I am persuaded that SOPA and the improvements offered by Domain Name System Security Extensions (DNSSEC) are incompatible. SOPA seems like a white-hat attempt to do black-hat things that will be bypassed easily by criminals. So we spend a lot of money and get a negative return.

Nevertheless, I am in complete sympathy with those who seek to block criminals who are stealing their brands or intellectual property, running online scams, etc. I have written in the past about the need for a "national firewall" capability as a potential defense against cyberwarfare and criminals. Yet, the more I look into it the less feasible it seems. If you have such a proposal, I'd love to hear it.

Beyond Its Design Spec

One of the worst things to happen to a technology product -- and it seems as though this is what always happens if you are popular enough -- is it grows far beyond any usage imagined when it was invented. We end up with a technology being used for things it wasn't designed for, propped up by enough bolt-on fixes to hide some of its flaws.

If this isn't one of the definitions of "kludge" it should be. It is also an even more precise definition of Microsoft Windows, particularly from a security perspective. I am concerned that this also applies to the Internet. Certainly, at this distance in time, if we were to create a new Internet it is pretty easy to think of things to do differently.

Security would be a key area for improvement, but that would include not just data security or Internet infrastructure protection, but also things such as anti-malware, anti-social engineering and, yes, the sort of protections SOPA imagines. All done in a way that is minimally abusive to user rights while being tough on the bad guys. Beyond mere technology, the privacy and human factors may be the more difficult part of building the "secure, honest, truthful" Internet that I imagine.

Just as I really wish Microsoft would have by now tossed Windows in favor of something more modern, I wish the Internet could get a new platform better designed to be humanity's most important mode of commerce and communication. I think a key improvement would be ending anonymity in such a manner that it shuts down criminals without totally ending personal privacy.

Obviously, an easy (and foolproof) way to block online pirates and other miscreants would be welcome. In that context, foolproof means difficult to bypass and equally as difficult to accidentally or purposely use against non-offenders.

SOPA, as it sits, is a wrong answer to the right problem for which no right answer may exist. Maybe the only way to secure the Internet is at the endpoints only, but that gives users too much responsibility for their own Internet health. Sadly, while the Internet itself can be made more secure, SOPA proponents may be unable to find a solution that is both acceptable and hard to defeat.

I think we need to invent a new Internet that won't be such a victim of its own success. Maybe separate consumer and business networks or separate local and global networks? Maybe we don't need such a "worldwide" Web. If the Internet made it hard for me to connect outside the United States, I'd be OK with that if it bought me more protection from malware and attacks.

It seems hopeless to suggest, "All we need to do is build a new Internet," yet that's what I feel really needs to happen. The transition might be transparent to users -- it sure needs to be -- but the platform needs to be more robust to protect us from enemies big and small.

There is a term from aviation safety -- "the tombstone imperative" (yes, a bit of black humor) -- that says things only get fixed when the number of deaths exceeds to cost of solving the problem. I hope it won't end up applying to the Internet as well.