February 24, 2018

LaBrea Unavailable Due To Illinois SuperDMCA

Tom Liston, the author of the award-winning LaBrea security software, has announced that he will no longer make LaBrea available, because of concerns over the Super-DMCA, which has already become law in his native Illinois.

Network administrators can use LaBrea to set up a kind of virtual tarpit that entangles attempts by outsiders to scan their networks. (Network scanning is the online equivalent of walking down a hallway and trying to turn all of the doorknobs you find.) LaBrea uses a clever bit of indirection to trap scanners. Unfortunately, that indirection involves concealing the source and destination addresses of some network packets, so it raises Super-DMCA concerns.

I’m sure the supporters of the Super-DMCA in Illinois didn’t know that network scanning can be frustrated by a subtle method involving the concealment of packet addresses. They didn’t mean to ban LaBrea. But they may have done so accidentally. That’s what happens when you enact overbroad technology regulation.

Carve-Outs

This week, the MPAA reportedly has narrowed its Super-DMCA legislation yet again, this time to add special carve-outs to protect ISPs and telephone companies. This is supposed to improve the bill.

Actually, the carve-outs probably make the bills worse. One of the principal criticisms of the previous version is that it was too tilted in favor of communication service providers – a category that includes ISPs and telcos. Tilting the bill even further, by giving ISPs and telcos special protections, won’t resolve the problems with the bills.

In general, the existence of specialized carve-outs is a warning sign that a bill is overbroad. A carve-out is necessary when a bill’s original language is so broad that it would impact common, legitimate practices. Perhaps, in theory, we could enumerate all of the legitimate practices that would be banned by an overbroad bill and then create a carve-out for each one. In practice, though, this just isn’t going to happen. What will happen instead is that important interest groups, such as large established industries, will get their carve-outs, and others won’t. And the technologies of the future – the ones that haven’t been invented yet – won’t have anyone to speak on their behalf, and so won’t get the carve-outs they need.

A basic tenet of software engineering is that it’s better to get the design right in the first place than to do a sloppy job and patch up the problems later. Patched designs tend to be buggier and less robust than solidly built ones, because patched designs tend to fail whenever something unexpected happens. Apparently this principle applies to law as well as to code.

The MPAA's Latest

Some assertions demand a detailed rebuttal, and others just speak for themselves.

A story by Louis Trager in today’s Washington Internet Daily quotes MPAA Vice President Vans Stevenson on their next revision of the Super-DMCA:

Anyone who opposed the bills must be “against shoplifting laws that would punish someone from stealing a movie at Blockbuster,” [Stevenson] said. The measure is a test of “whether you subscribe to the moral compass this country was founded on,” he said.