COICA, the Sequel: Back in Blacklist

Any customer can have a car painted any colour that he wants so long as it is black. - Henry Ford

So the Congress appears to be considering the Combating Online Infringement and Counterfeits Act ("COICA") again. The act would essentially allow the government “to block sites at the domain name (DNS) level” (per Ars Technica) and would impose intermediate liability on credit card companies that did not stop transacting with blacklisted sites.  This (much like a jump to conclusions mat) is a terrible, terrible idea.  

Let’s imagine for a second that there actually exists such a dire piracy problem posed by rogue sites that we need to risk tinkering with the basic structure of the internet.  The government has not done a great job with arbitrary domain seizures, COICA might undermine the safe harbor offered by Section 230 of the Communications Decency Act ("CDA 230"), and DNS intervention will at best be ineffective and at worst threaten the stability of the internet.

I don’t want to rehash the complete debacle that was the US's domain name seizure operation, but it seems to me the government has already shown it shouldn’t be a larger player in the web pull-down game.  A quick summary: the Department of Justice and Immigrations and Customs Enforcement (ICE) seized several domains on the basis of copyright infringement. Problem was . . . foreign courts had ruled that at least some of those sites weren’t infringing. In the rush to pull down these sites, ICE forgot about that whole “due process” thing. And let’s not ignore the fact that arbitrarily pulling down sites naturally raises First Amendment concerns.

COICA looks like it might be an attempt to undo the safe harbor provisions of CDA 230. The basic gist of CDA 230 is that the government, not private ISPs, will be the johnny law of web activity. That is, if there is a website doing bad things, we punish the website, and not the hosting/directing ISP. If COICA increases ISP liability, as some jurists hope, this will naturally change the fundamental relationship of ISPs to their customers. Mandating greater ISP oversight will encourage deep packet inspection and a host of other less-than-comforting behaviors. Domestic government spying has been problematic; I doubt we want to usher in an era of privatized evesdropping.

But it shouldn't take long for the government to realize that DNS redirects won’t work as a means to cut access to blacklisted sites.  Once their sites are blacklisted, the pirates' response would simply be to move to alternate root DNS systems. I would hope that this obvious countermeasure would force Washington not to rely on COICA. And beyond a fracturing of DNS, the COICA domain-pulling regime might also encourage foreign governments to reciprocate and seize domains of American sites.  Indeed, this is an ongoing fear in the face of ICE shenanigans.

I don’t care for much of anything about COICA. Beyond antagonizing our allies, undermining the ISP safe harbor, and threatening the internet itself, the act isn't just half bad -  it's all bad. Hell, I don’t even like the name. I would have hoped that an industry hack could have helpfully suggested the Protecting American Trade and Reducing Infringement of Online Tubes. I mean, what harm could come from a second PATRIOT act? 

Andrew Moshirnia is a third year student at Harvard Law School. Now that he thinks about it, he can see the appeal of a jump to conclusions mat.

(Image taken from,  used with permission of artist Babs Tarr)


Subject Area: