SOPA and our 2010 Circumvention Study

Daniel Castro of The Information Technology  & Innovation Fund recently published a paper supporting the Stop Online Privacy Act (SOPA) currently being debated in congress.  In that report, he claims that research performed by us supports the domain name system (DNS) filtering mechanisms mandated by SOPA.  This claim is a distortion of our work.  We disagree with the use of our study to make the point that DNS-based Internet filtering works and that we should therefore use it as a means of stopping websites from distributing copyrighted content.  The data we collected answer a completely different set of questions in a completely different context.

Among other provisions that seek to control the sharing of copyrighted material on the Internet, SOPA, if enacted, would call upon the U.S. government to require that Internet service providers remove from their DNS servers the names of any sites that either infringe copyright directly or merely “facilitate” copyright infringement.  So, for example, the government could require that ISPs remove the name “twitter.com” from their DNS servers if twitter.com was not being sufficiently aggressive in preventing its users from tweeting information about places to download copyrighted materials.  This practice is known as DNS filtering.  DNS filtering is one of the most common modes of Internet-based censorship.  As we and our collaborators in the OpenNet Initiative have shown over the past decade, practices of this sort are used extensively in autocratic countries, including China and Iran, to prevent access to a range of sites offensive to the governments of those countries.

Opponents of SOPA have argued that the DNS filtering, even though it will have a number of harmful effects on the technical and political structure of the Internet, will not be effective in preventing users from accessing the blocked sites.  Mr. Castro cites our research as evidence that SOPA’s mandate to filter DNS will be effective.  He quotes our finding that at most 3% of users in certain countries that substantially filter the Internet use circumvention tools and asserts that “presumably the desire for access to essential political, historical, and cultural information is at least equal to, if not significantly stronger than, the desire to watch a movie without paying for it. Yet only a small fraction of Internet users employ circumvention tools to access blocked information, in part because many users simply lack the skills or desire to find, learn and use these tools.”

In our report, we looked at three sets of censorship circumvention tools: complex, client-based tools like Tor; paid VPNs; and web proxies.  We estimated usage of those three classes of tools. We used reports from the client tool developers, a survey to gather usage data from VPN operators and used data from Google Analytics to estimate usage of web proxy tools. Counting all three classes of tools, we estimated as many as 19 million users a month of circumvention tools. Given the large number of users in China, Iran, Saudi Arabia and other states where filtering is endemic, this represents a fairly small percentage of internet users in those countries; 19 million people represents about 3% of the users in countries where internet filtering is pervasive.  We actually believe that 3% figure is high, as some of the tools we study are used by users in open societies to evade corporate or university firewalls, not just to evade government censorship.

We stand behind the findings in our study (with reservations that we detail in the paper), but we disagree with the way that Mr. Castro applies our findings to the SOPA debate.  His presumption that people will work as hard or harder to access political content than they do to access entertainment content deeply misunderstands how and why most people use the internet.  Far more users in open societies use the Internet for entertainment than for political purposes; it is unreasonable to assume different behaviors in closed societies. Our research offers the depressing conclusion that comparatively few users are seeking blocked political information and suggests that the governments most successful in blocking political content ensure that entertainment and social media content is widely available online precisely because users get much more upset about blocking the ability watch movies than they do about blocking specific pieces of political content.

Rather than comparing usage of circumvention tools in closed societies to predict the activities of a given userbase, Mr. Castro would do better to consider the massive userbase of tools like bit torrent clients, which would make for a far cleaner analogy to the problem at hand.  Likewise, the long line of very popular peer-to-peer sharing tools that have been incrementally designed to circumvent the technical and political measures used to prevent sharing copyrighted materials are a stronger analogy than our study of users in authoritarian regimes seeking to access political content.

Second, our research has consistently shown that those who really wish to evade Internet filters can do so with relatively little effort.  The problem is that these activities can be very dangerous in certain regimes.  Even though our research shows that relatively few people in autocratic countries use circumvention tools, this does not mean that circumvention tools are not crucial to the dissident communities in those countries.  19 million people is not large in relation to the population of the Internet, but it is still a lot of people absolutely who have freer access to the Internet through the tools.  We personally know many people in autocratic countries for whom these tools provide a crucial (though not perfect) layer of security for their activist work.  Those people would be at much greater risk than they already are without access to the tools, but in addition to mandating DNS filtering, SOPA would make many circumvention tools illegal.  The single biggest funder of circumvention tools has been and remains the U.S. government, precisely because of the role the tools play in online activism.  It would be highly counter-productive for the U.S. government to both fund and outlaw the same set of tools.

Finally, our decade-long study of Internet filtering and circumvention has documented the many problems associated with Internet filtering, not its overall effectiveness.  DNS filtering is by necessity either overbroad or underbroad; it either blocks too much or too little.  Content on the Internet changes its place and nature rapidly, and DNS filtering is ineffective when it comes to keeping up with it.  Worse, especially from a First Amendment perspective, DNS filtering ends up blocking access to enormous amounts of perfectly lawful information.  We strongly resist the claim that our research, and that of our collaborators, makes the case in favor of DNS-based Internet filtering.

Links:

Mr. Castro’s report may be found here:

http://www.itif.org/publications/pipasopa-responding-critics-and-finding-path-forward

with the reference to our work on p. 8.

The study that is being misused by Mr. Castro is here:

http://cyber.law.harvard.edu/publications/2010/Circumvention_Tool_Usage.

The  findings of our decade-long studies are documented in three books, published MIT Press and available freely online in their entirety at:

http://access.opennet.net/

– Rob Faris, John Palfrey, Hal Roberts, Jill York, and Ethan Zuckerman

DDoS Report, in the Wake of Wikileaks, Cablegate, and Anonymous

The Wikileaks/Cablegate story has long-term implications for global society on very many levels.  (See JZ’s excellent FAQ on Wikileaks, co-developed with Molly Sauter.)  One is our shared understanding of the Distributed Denial of Service (DDoS) attack phenomenon.  The incidence of DDoS has been growing in recent years.  It links up to important threads to emerge from our OpenNet Initiative work in studying the ways in which states and others exert measures of control on the open Internet.  (Consider, for instance, the reports from ONI on Belarus and Kyrgyz election monintoring, which broke new ground on DDoS a few years ago, led primarily by our ONI partners Rafal Rohozinski, Ron Deibert, and their respective teams).

We are issuing a new report on DDoS today, which we hope will help to put some of these issues into perspective.  For an excellent blog entry on it, please see my co-author Ethan Zuckerman’s post.

After initial publication of State Department cables, Wikileaks reported that their web site became subject to a series of DDoS attacks that threatened to bring it down.  These attacks are simple in concept: multiple computers from around the world request access to the target website in sufficient numbers to make the site “crash.”  It turns out to be hard for most systems administrators to defend against such an attack.  And it turns out to be relatively easy to launch such an attack.  Computers that have been compromised, through the spread of computer viruses, are available for “rent” in order to launch such attacks. In a study that we are releasing this morning, we found instances where the “rent” of these machines is suggested by the round numbers of attacking machines and the precise durations of the attacks.

In the face of these attacks, Wikileaks decided to move its web site to safer ground.  Large-scale web hosts, particularly “cloud computing” service providers, can resist DDoS attacks.  Wikileaks did what one might reasonably suggest to, say, a small human rights organization in an authoritarian regime, where they fear attack from the state or others.  Wikileaks moved to the Amazon.com cloud.  Shortly thereafter, apparently in the face of pressure, Amazon decided to stop serving Wikileaks’ web site, and cut them off.  Wikileaks found a “James Bond-style” bunker in Sweden which agreed to host them — presumably despite pressure to take the site down.

The DDoS story took another major turn in the Wikileaks narrative when Anonymous launched a series of attacks on sites perceived to have been unhelpful to Wikileaks in the post-Cablegate aftermath.  These DDoS attacks raised the specter of cyberwarfare, much discussed in policy circles but all of a sudden on the front page of major newspapers.  Depending on political viewpoint and other factors, people I’ve talked to seemed to see these retribution DDoS attacks as different in their implications from the initial DDoS attacks on Wikileaks itself.

There have been relatively few studies of DDoS as an empirical or a policy matter.  We are releasing a report today, (which I’ve co-authored with Hal Roberts, Ethan Zuckerman, Jillian York, and Ryan McGrady), that describes DDoS and makes a series of recommendations in light of what we’ve found.  It’s funded by a generous grant from OSI.  Regardless of whether you consider DDoS to be criminal behavior, the next wave in cyberwarfare, an acceptable form of protest, or all of the above, we hope you’ll read and give feedback on the report.

Google in China

I’m looking forward to a day of watching the fallout from the Google-China-HK announcement yesterday. I give Google an enormous amount of credit for the approach that they are taking; it’s a worthy effort to meet what they consider their human rights obligations while seeking to engage in the China market, both of which are laudable. I’ll be surprised, though, if the Chinese government doesn’t decide fairly promptly to block the redirects from Google.cn to the uncensored Hong Kong site, though.  This chess-game also demonstrates the importance of (and challenges inherent in) the work of the Global Network Initiative, of which Google is a member, along with Microsoft and Yahoo!

(For more info: See generally the OpenNet Initiative site, blog, research papers, and so forth online.  There’s also a chapter on this issue, written by our colleague Colin Maclay, in the forthcoming OpenNet Initiative book called Access Controlled, due out within the month from MIT Press, as there is in our previous book, Access Denied, available online.  Here’s a piece in which I make a cameo on CNN on Google and China, one of many video-clips on this topic.  And Rebecca MacKinnon’s blog is always informative on these topics.)

NYT story on Iran Elections and Technology, with Linkage to Green Dam

The New York Times’ Brian Stelter and Brad Stone have a very thoughtful piece in the paper today about the changing role of censorship in an Internet age, with references to ONI work. The final point, made in the story by Ethan Zuckerman, draws an appropriate connection to the Green Dam story in China from a few weeks ago.

ONI Releases Green Dam Software Analysis

At the OpenNet Initiative, we’ve spent much of this week looking hard at the Chinese Green Dam software that the state is asking all PC manufacturers to ship with their hardware. The analysis highlights — and confirms — a variety of problems with the software.

As we argue in this ONI Bulletin, this announcement is a big deal and augurs poorly for the development of the Internet and its usage in China.  “As a policy decision, mandating the installation of a specific software product is both unprecedented and poorly conceived. In this specific instance, the mistake is compounded by requiring the use of a substandard software product that interferes with the performance of personal computers in an unpredictable way, killing browsers and applications without warning while opening up users to numerous serious security vulnerabilities. The level of parental control over the software is poor such that this software does not well serve parents that wish to the limit exposure of their children to Internet content.”

Spamdog Millionaire: Social Media Spam and Internet Filtering

Our friends at StyleFeeder have offered up some great data about the geographic sources of social media spam on their tech blog.  The background: Philip Jacob, the founder of StyleFeeder, is a long-time anti-spam advocate, while also being a careful guy who doesn’t want to ruin the Net in the process of fighting nuisance online.  At StyleFeeder, they are seeing a growing number of posts about illegal movie downloads, pharaceuticals, adn the usual spammy subjects.  Along with his colleagues, he’s developed a tool called Assassin to identify the source of the posts and get rid of them on the StyleFeeder site.  In the process, they’ve noticed that the vast majority comes from India (with the US next, Pakistan as a distant third, and China weighing in over 5% in fourth place).

The rest of the post examines a familiar ONI-style question: wouldn’t it be much easier for a US-based site simply to filter out users from India, Pakistan, and China, for instance?  After all, it’s a for-profit company, with no revenues being generated through these markets.  Much to their credit, Phil and co. are taking a different path.

Phil’s post ends with a great research question: “How widespread is this kind of blocking by startups who are susceptible to the armies of computer-literate Indian social media spammers? I’m wondering what other small companies do when faced with annoying users in countries that aren’t part explicitly part of their target markets. If our experience is representative, this challenge may be more widespread than most people realize.”  In the ONI world, we study state-mandated Internet filtering.  It’s a dream to be able to figure out how frequently corporate actors in one part of the world are filtering content in another on their own, for simple business reasons.

(My disclosures: I hold equity in Stylefeeder and am an unpaid member of its board of advisors.)