Critics of the Stop Online Piracy Act (H.R. 3261) have had an impact. A manager’s amendment has been offered by Lamar Smith, R-TX, the Judiciary Committee chairman. I was critical of the first version. Here’s my take on the new version.
This version contains several provisions aimed at the security concerns raised about the first version. The new bill insists that it is imposing no technology mandate and that it should not be construed to impair the security of the domain name system or the network of an ISP that receives an order. And it whittles away at the original requirement that ISPs must “block and redirect” visitors to pirate sites. Now, the ISPs are only obliged to block those efforts, not to redirect the subscribers to an alternative site that warns against piracy. ISPs also get a safe harbor that allows them some assurance that they don’t have to redesign their networks to carry out the blocking.
Unfortunately, the new version would still do great damage to Internet security, mainly by putting obstacles in the way of DNSSEC, a protocol designed to limit certain kinds of Internet crime. Today, it’s not uncommon for crooks to take over Internet connections in hotels, coffee shops and airports — and then to direct users to fake websites. Users sent to a fake banking site are prompted to enter account and password data, which is used to loot the account. DNSSEC prevents such attacks by giving each website a signed credential that must be shown to the browser by the domain name system server before the connection can be completed.
That’s a great idea, but crooks will predictably try to override it. Their best bet is to claim that the website doesn’t have a signed credential – a claim that will be plausible at least during the transition to DNSSEC. What should a browser do if a website says it doesn’t have a signed credential yet? The site might be telling the truth, or it might be a fake site backed by a DNS server that’s been tampered with. To find out, the browser needs to ask a second DNS server, and if that server doesn’t give an answer, a third and a fourth server until it gets an answer. That’s the only way to keep criminals from blocking the real DNS credentials and offering their own.
Unfortunately, the things a browser does to bypass a criminal site will also defeat SOPA’s scheme for blocking pirate sites. SOPA envisions the AG telling ISPs to block the address of www.piracy.com. So the browsers get no information about www.piracy.com from the ISP’s DNS server. Faced with silence from that server, the browser will go into fraud-prevention mode, casting about to find another DNS server that can give it the address. Eventually, it will find a server in, say, Canada. Free from the Attorney’ General’s jurisdiction, the server will provide a signed address for piracy.com, and the browser will take its user to the authenticated site.
That’s what the browser should do if it’s dealing with a hijacked DNS server. But browser code can’t tell the Attorney General from a hijacker, so it will end up treating them both the same. And from the AG’s point of view, the browser’s efforts to find an authoritative DNS server will look like a deliberate effort to evade his blocking order.
The latest version of SOPA will feed that view. It allows the AG to sue “any entity that knowingly and willfully provides …a product … designed by such entity or by another in concert with such entity for the circumvention or bypassing of” the AG’s blocking orders.
It’s hard to escape the conclusion that this provision is aimed squarely at the browser companies. Browsers implementing DNSSEC will have to circumvent and bypass criminal blocking, and in the process, they will also circumvent and bypass SOPA orders. The new bill allows the AG to sue the browsers if he decides he cares more about enforcing his blocking orders than about the security risks faced by Internet users. Indeed, the opaque language about “another in concert with such entity” makes perfect sense in the context of browser extensions. It allows the AG to sue not just browsers but also add-ons with this feature.
OK, that’s the law. Now imagine you are Microsoft, or Google, or Apple, or Mozilla. The DNSSEC guys come to you and ask you to implement DNSSEC. It won’t increase your revenue, they admit, but it will make the Internet much safer for your users. You want to be a good internet citizen, so you think maybe you should devote some precious code-writing resources to the cause. But first you ask your lawyers whether they foresee any problems.
“Well, yes,” they’d have to say. “If you add code to the browser that implements DNSSEC, you’ll have to add code that circumvents criminal hijackings of the DNS system. And that code can be declared illegal by the Attorney General pretty much whenever he likes. You can litigate about it, of course, but if you lose, the AG can shut down all shipments of your browser until it’s been revised to the satisfaction of his staff and their advisers in Hollywood.”
Faced with that advice, would you implement DNSSEC?
Neither would I.
In fact, I wouldn’t even allow the DNSSEC guys to write an extension that implemented their protocol. And so, by poising a sword of Damocles over the browser companies, SOPA will kill DNSSEC.
Let’s hope that the opposition to SOPA hasn’t punched itself out against the first version of the bill, because this version is badly in need of a knockout punch.
SecurityGeek says:
Thank you, Stewart Baker, for a lucid explanation of the risks of SOPA. This is exceptionally clear, and as a bonus, gets the technical details right, too. I really appreciate the work you did to explain this highly technical subject to a non-technical audience. You are a gifted writer.
(Is this the first time I’m agreeing with a blog post from Stewart Baker? Can it be?)
December 14, 2011, 10:03 pmInstapundit » Blog Archive » STEWART BAKER: SOPA Rope-A-Dope. says:
[...] STEWART BAKER: SOPA Rope-A-Dope. [...]
December 14, 2011, 11:22 pmAnonymous Coward says:
I just want to make one point about this:
While it’s true that in general it’s not a good idea to enshrine specific technology mandates into the law, in this case there is something separate and distinct going on: In order to implement effective blocking using technology, it would be necessary to make the internet fragile.
The DNSSEC issue is only one example of the general problem. The general problem is that to block something is to make it unavailable. That is naturally at odds with designing a network to have high availability. Every good feature that makes for high availability is one that has to be undone before a block can be effective. If packets that do not reach their destination are resent using a different route until they do, it is insufficient to block “the” route, you have to block all routes. Which may be not at all practical.
In essence, you would have to create a network that contains a manageable collection of discrete points of control where blocking can be imposed, and where if it is, no red flags are raised and no countermeasures are taken. That architecture will be inherently less secure and less reliable because the points of control become points of failure. If they malfunction or are caused to malfunction then some or all sites that ought not to be blocked may be blocked. If bad people break in, they can block whatever they want. Malware authors can prevent users from reaching anti-malware sites. Terrorists and foreign agents can block people from accessing public safety information during an attack, or make certain information unavailable in the period before an election.
It seems to me there ought to be a better way to handle the issue. (Like having the local law enforcement in the countries where these “rogue” site operators actually live put them in handcuffs.)
December 14, 2011, 11:43 pmSecurityGeek says:
FYI, here is another recent op-ed that raises similar points:
Mandates can’t alter facts
December 15, 2011, 12:45 amhttp://thehill.com/blogs/congress-blog/technology/199435-mandates-cant-alter-facts
Today's Tom Sawyer says:
I’m in the same boat you are. However, if I ever needed an indication that SOPA threatened the internet itself, Stewart Baker opposing the same bill as the “privacy luddites” is prima facie evidence thereof.
December 15, 2011, 1:55 amDavid says:
What, exactly, is the “just block”, as opposed to “block and redirect”, supposed to solve? Either way, a company can require a third party’s site to be made inaccessible to viewers on nothing more than its say-so.
December 15, 2011, 9:01 amJoe T. Guest says:
We spend a lot of time talking about the tradeoff between civil liberties and security. You have to admire the entrepeneurial spirit of Congress, which has seen fit to bundle civil liberties and security in a single tidy package, to sell to RIAA and the MPAA in exhange for a single year’s worth of campaign contributions.
It’s not shocking that Congress sells us out; what is shocking is how incredibly cheaply they do it.
December 15, 2011, 9:40 amJoe T. Guest says:
We spend a lot of time talking about the tradeoff between civil liberties and security. You have to admire the entrepeneurial spirit of Congress, which has seen fit to bundle civil liberties and security in a single tidy package, to sell to RIAA and the MPAA in exhange for a single year’s worth of campaign contributions.
It’s not shocking that Congress sells us out; what is shocking is how incredibly cheaply they do it.
December 15, 2011, 9:40 amSchnoerkelman says:
Sorry this is somewhat off topic but perhaps not completely.
It seems the DOJ, likely as a result of the Climategate II email release, “have sent a request to WordPress to preserve ‘all stored communications, records, and other evidence in your possession regarding the following domain name(s) pending further legal process: http://tallbloke.wordpress.com, http://noconsensus.wordpress.com, and http://climateaudit.org (“the Accounts”) from 00:01 GMT Monday 21 November 2011 to 23:59 GMT Wednesday 23 November 2011.’” and British “Metropolitan Police, the Norfolk Constabulary and the Computer Crime division” have cooperated by seizing computers at one of the blogger’s homes.
The reason I feel this isn’t completely off topic is that the seizure affects a third party (the blogger) in another country in an attempt to determine if a crime has been committed. The blogs, I think it is safe to say, were not a party to the potential crime and are involved merely because the archives were posted to those sites.
December 15, 2011, 9:51 amNAME REDACTED says:
Every version needs to die and never come back.
December 15, 2011, 11:14 amWe need a wall of separation between the government and the internet.
Sigivald says:
It’s hard to escape the conclusion that this provision is aimed squarely at the browser companies
I find it trivial to escape that conclusion.
I think the problem is that you have the idea at some level that the people drafting this bill have the slightest idea how DNS works, let alone about DNSSEC, and thus you assume it has to be aimed at the browser makers [or add-in publishers], because that’s the obvious way that DNSSEC lets you get around it, if you know anything about DNSSEC and the web.
Problem with that reading, though, is that lawmakers don’t.
My reading of that clause is that it refers to an idea they had (with, for lawmakers, an admirable level of foresight, by which I mean, “it’s the obvious result of the rest of the law”), that someone would start selling software explicitly designed to let you find sites blocked by a SOPA order.
IE, a notional “PirateWare*” tool, either a special browser, or an add-in, or an OS patch to do it automatically in the resolver or whatnot, that is, in the words of that provision, designed to circumvent specifically SOPA piracy takedowns.
(* I’m not in marketing. Can you tell?)
That normal DNSSEC browser behavior would have the effect of doing so is not the same as being designed to circumvent those orders – your own explanation and all the writeups by the DNSSEC designers explaining the motivation prove that the system was not designed to circumvent a SOPA takedown.
That it will do so handily doesn’t change that it was not “designed” for “the circumvention or bypassing” of such orders.
I just don’t see the litigation risk as that significant – Microsoft and Apple and Google all have big, big pockets and can fight back (with PR campaigns about how the government doesn’t care if your bank website is faked… which I expect might have popular resonance). Big bankrolls combined with internet expert testimony And public opinion? That makes me think the US Attorneys or the AG wouldn’t even go there in the first place, let alone have a hope of succeeding.
(They might manage to intimidate the Mozilla Foundation, in theory, simply because they’re smaller and poorer, but that will fail if any other browser maker can publish DNSSEC support without being nailed.)
(That said, I agree that SOPA is hopeless from a technical and practical standpoint, in terms of doing what it wants without worse side-effects.
I just don’t think the case for the “nobody could/would implement DNSSEC” argument is that strong.
Note also [ironically, if we take the anti-DNSSEC arhument seriously] that the US Government has been rolling out DNSSEC on its domains for years.
That fact seems, to me, to strengthen the idea that the Government is not intending to attack DNSSEC with the SOPA provision, and certainly I’d expect that to be brought up in any notional litigation; if DNSSEC is, as the Government itself said by mandating it, a mere security validation tool, it would be very difficult to argue that it’s also inherently “designed” to circumvent a SOPA takedown.)
December 15, 2011, 1:20 pmUS.gov Clamps Down on the Internet says:
[...] (JM): This is an incredibly important issue, and there’s more on it at The Volokh Conspiracy, which explains some of the practical ramifications of the SOPA. Because of Eugene Volokh’s [...]
December 15, 2011, 3:09 pmAlan says:
Still seems to me the biggest problem with SOPA is its attack on due process – that the government should never be causing harm to citizens without at least the attempt to provide fair adjudication, through an independent court system, that the harm to society of not doing so is greater. Why is this aspect discussed so little?
December 15, 2011, 3:30 pmRaul Rytas says:
Understandable. I’m having trouble telling the difference as well.
December 15, 2011, 4:22 pmMalvolio says:
Sssh! If they notice that bug, they’ll fix it. As it is, the first court to see such a takedown can toss out the whole law.
December 15, 2011, 4:27 pmpjz says:
>Eventually, it will find a server in, say, Canada. Free from the Attorney’ General’s jurisdiction, the server will provide a signed address for piracy.com, and the browser will take its user to the authenticated site.
“The Net interprets censorship as damage and routes around it.” –John Gilmore
December 15, 2011, 5:20 pmWhy Hayek Would Hate SOPA | Cato @ Liberty says:
[...] of deliberation and consensus-building. Often, that makes the process necessarily quite slow. As former assistant DHS secretary and NSA general counsel Stewart Baker observes, the vital DNSSEC standard, designed to secure the Internet addressing system and guard against [...]
December 15, 2011, 5:52 pmGiant Frog says:
That’s only the part you know about – we still have the best politicians that money can buy.
Like this one? (Except that it’s free).
December 15, 2011, 7:04 pmTed S. says:
Wouldn’t SOPA have a severability clause?
December 15, 2011, 11:03 pmTatil says:
Litigation risk is significant considering making those changes will not bring in any revenue, but definitely sizable expenses to implement and test the software. Now litigation and political risk is bebing added to the picture.
You may think that litigation would be an overreach by the AG, but the secure browsers will make IP blocking completely ineffective. AG and the Congress people will at least lean on the software houses (a la Lieberman leaning on Amazon to kick out Wikileaks) even if prosecution remains the last option. It seems software and networking companies are reluctant to make these changes already, so there will be one more reason “not to do it for the next release, let’s think about it next time.”
December 16, 2011, 12:31 pmDear Congress, It’s No Longer OK To Not Know How The Internet Works | Motherboard « Ye Olde Soapbox says:
[...] SOPA-Rope-a-dope (volokh.com) [...]
December 16, 2011, 3:28 pmTuesday says:
What if the user knows the IP address for the site she’s trying to reach? Does she still need DNSSEC?
What’s to prevent her from maintaining a list of IP addresses for her favourite sites?
What if she does not use a shared DNS cache? What if she uses her own?
Does she still need DNSSEC?
What if someone is tampering with her DNS traffic, and modifying the answers? Does DNSSEC protect her from this?
December 16, 2011, 8:18 pmThe case against SOPA/”Protect IP” says:
[...] My Cato colleague Julian Sanchez argues that a bill rapidly moving through Congress would give far too much power to authorities to close down websites without due process, yet would be readily circumvented by actual IP pirates. More: Sanchez/Cato, BoingBoing, Declan McCullagh (software execs blast proposal), Derek Bambauer/Prawfs (”Six Things Wrong With SOPA”), Stewart Baker/Volokh. [...]
December 16, 2011, 8:30 pmStop Online Piracy Act Vote Delayed « Internet toolbox says:
[...] But a host of security researchers and tech policy experts, including Stewart Baker, the former Department of Homeland Security policy director, said the plan “would still do great damage to internet security.” [...]
December 17, 2011, 1:42 pmSeanp2k says:
>”Faced with that advice, would you implement DNSSEC?”
December 17, 2011, 3:16 pmHell yes I would, and then I’d distribute it via torrents with magnet links. The internet will overcome any censorship put in place by any government.
John David Galt says:
This seems to me an easy problem to solve technically. The Attorney General’s office would simply get a credential as a Certification Authority, and would order all US DNS servers to publish its own signed DNSSEC record which says that piracy.com is a server the Justice Dept. controls. As a side benefit (from their point of view), anyone who attempts to visit piracy.com and reaches the Justice Department’s server will leave log records of his visit that can be traced to the originating computer.
Of course, much like common efforts to entrap dope dealers, this effort will entrap only the most naive Internet users. Serious users will access piracy.com proxy servers located outside the US, or will simply go to its IP address rather than the domain name. But there are a lot more technically naive people than programmers out there.
December 17, 2011, 3:27 pmIF SOPA (Internet Censorship) PASSES IN THE USA, WHAT IS THE WORK-AROUND?? HERE’S AN IDEA.. | Political Vel Craft says:
[...] SOPA-Rope-a-dope (volokh.com) [...]
December 17, 2011, 3:28 pmRichard Bennett says:
Sorry, but Baker’s picture is too vague. He says: “Faced with silence from that server, the browser will go into fraud-prevention mode, casting about to find another DNS server that can give it the address.”
This gives the impression that the browser asks a random set of DNS servers for an answer every time a user mistypes a domain name, without any control over which servers it checks and where they’re located. I don’t think this is the case. It’s normal DNS behavior to try as many servers as the user (or the DHCP, more typically) has configured IPv4 to check. If all of these servers are legitimate, there’s no possibility of checking a rogue DNS or a pirate DNS.
In the case where DHCP can’t be trusted to return legitimate DNS servers, it may be necessary for the user to supply his own list in some way. If this is the case, it’s not remotely possible that the user’s choice of servers would be taken as an attempt by the browser to circumvent SOPA.
If a company creates a pirate DNS and markets it as a SOPA-circumvention tool there are some possible implications under SOPA, of course. But we’re not in the realm of free speech in that scenario, unless you regard prohibition of unauthorized sale of copyright material as prior restraint.
The arguments against SOPA continue to have the form: “If the law were to do something completely different from what it actually does, it would be bad, so I oppose it.”
Come on.
December 17, 2011, 5:23 pmIdentityMeme.org » Blog Archive » Seems we can all just GetYourCensorOn ..or we can go after SOPA and ProtectIP/PIPA says:
[...] SOPA-Rope-a-dope (by Stewart Baker) http://volokh.com/2011/12/14/sopa-rope-a-dope/ [...]
December 17, 2011, 5:23 pmRichard Bennett says:
Yup.
December 17, 2011, 5:27 pmFight SOPA. « turnings :: daniel berlinger says:
[...] should favor the Stop Online Piracy Act, better known as SOPA, or H.R. 3261. It’s a big new can of worms that will cripple use of the Net, slow innovation on it, clog the courts with lawsuits, employ [...]
December 17, 2011, 5:37 pmSOPA Hearing DNS Filtering Discussion « High Tech Forum says:
[...] Stewart Baker echoes Seltzer’s fanciful interpretation of anti-circumvention on The Volokh Conspiracy, a libertarian law blog. His argument, like [...]
December 17, 2011, 6:10 pmSOPA Hearing DNS Filtering Discussion « High Tech Forum says:
[...] the comments, a reader explains how to do secure blocking with DNSSEC: This seems to me an easy problem to solve technically. The Attorney General’s office would [...]
December 17, 2011, 6:10 pmHow SOPA will destroy Internet security | Matias Vangsnes says:
[...] in concert with such entity for the circumvention or bypassing of” the AG’s blocking orders. SOPA-Rope-a-dope(via Interesting People)Share this post Tweet Read more Copyfight security sopa web [...]
December 17, 2011, 6:45 pmBartimaeus says:
“The Net interprets censorship as damage and routes around it.” –John Gilmore
…d@m, you beat me to it.
December 17, 2011, 6:56 pmAnonymous Coward says:
John David Galt says:
What you’re proposing is not consistent with what SOPA says. It would require the legislation to mandate that browser and operating system vendors include the Attorney General’s certificate in the list of certificate authorities, for all domains. Other countries would balk at allowing the US Attorney General free reign to redirect all websites to its own servers, so its certificate would not be included in browsers and operating systems for those countries. And since the only difference between the two English language versions of a browser or operating system would be the (from a user’s perspective useless and undesirable) Attorney General certificate, no one would have any incentive to choose the US version containing the certificate.
You are also ignoring the fact that DNS servers are recursive. It is not the case that each of the thousands of local DNS servers directly contact the main root servers; they form a sort of tree where smaller servers contact somewhat larger servers which contact even larger servers which ultimately contact the root servers. (This prevents the root servers from being overloaded with requests.) The tree crosses national boundaries arbitrarily. If a non-US DNS server asks a US DNS server for the address of one of these sites, it won’t accept the Attorney General’s certificate and DNSSEC will fail. If a US DNS server asks a non-US DNS server, it will receive the pirate site’s IP address (which is also signed by a valid certificate) instead of the fake one inserted by the Attorney General, and provide it to US users.
On top of all that, this method (as you already alluded) is like a map for pirates to avoid it: If the entries forged by the Attorney General are signed by a special certificate then anyone will be able to write extraordinarily trivial code that will cause any DNS entry that comes back signed by the Attorney General’s certificate to be automatically looked up using a non-US DNS server instead. Such a thing would be an expected feature of any browser for non-US users, since those users would not have the Attorney General’s certificate installed, and if they mistakenly (because of the breaking of the way DNSSEC is supposed to work) got a DNS entry signed by the US Attorney General despite not being in the US then they would want it to be handled properly in much the same way as Stewart Baker describes. And of course, then no one would use the browsers meant for the US market because they have only a disadvantage to the user over those written for non-US users.
Richard Bennett says:
This is ignoring the fact that SOPA blocks entire sites and not specific content. A blocked site may contain both protected speech and pirate material, and the desire to evade the block in order to reach the protected speech is completely justifiable.
This is a straw man. People are criticizing both what it would actually do and what it can be expected to cause people to do in order to steer well clear of its provisions.
December 19, 2011, 2:59 amHow SOPA’s ‘circumvention’ ban could put a target on Tor | Brian's Blog Site says:
[...] to escape the conclusion that this provision is aimed squarely at the browser companies,” he wrote in a blog post. “Browsers implementing DNSSEC will have to circumvent and bypass criminal blocking, and in [...]
December 21, 2011, 4:33 pmHow SOPA’s ‘circumvention’ ban could put a target on Tor says:
[...] to escape the conclusion that this provision is aimed squarely at the browser companies,” he wrote in a blog post. “Browsers implementing DNSSEC will have to circumvent and bypass criminal blocking, and in [...]
December 21, 2011, 5:31 pmHow SOPA’s ‘circumvention’ ban could put a target on Tor | Partners In Sublime says:
[...] to escape the conclusion that this provision is aimed squarely at the browser companies,” he wrote in a blog post. “Browsers implementing DNSSEC will have to circumvent and bypass criminal blocking, and in [...]
December 21, 2011, 6:55 pmWes Groleau says:
Facebook contains copyright violations–block it!
People are using a DNS Server in France to resolve Facebook–block France!
People are using a proxy in Australia to get to France–block Britain!
People are ….
December 22, 2011, 2:47 pmGarrett says:
As a person with a networking background, this is a terrible idea. However, I’m even more bothered that this idea wasn’t just tossed out the window the first recess that a lawyer could get to somebody on the committee dealing with the proposed laws and tell them that this blatantly violates 1st amendment doctrine in regards to freedom of the press. And, since Congress is clueless about technology, admits it, and then happily comments about it anyways, I figure I’ll happily carelessly comment about the law.
Based on limited research a long time ago:
MINNEAPOLIS STAR v. MINNESOTA COMM’R OF REV., 460 U.S. 575 (1983)
* A tax on paper/ink clearly targeted at newspapers is unconstitutional. Equivalence: legislating what somebody can and cannot do with their own web server “modern press” should also be considered unconstitutional.
Brandenburg v. Ohio
* From wikipedia: Mere advocacy of the use of force, or of violation of law (in this case, by a Ku Klux Klan leader) is protected by the 1st Amendment free speech clause.
Equivalence: If I have a right to argue that we should go out and kill black people, I ought to have a similar right to tell you that a guy down the street is giving away/making available copies of content. Or, instead of the guy down the street, the guy at example.com.
New York Times v. United States
* Pentagon Papers case.
If the New York Times cannot be prohibited from publishing classified materials during and about a current war, you shouldn’t be able to be stopped from hosting material which violates copyright until a hearing has been held which decides a proper action, remuneration and punishment for such action, after-the-fact.
Okay – the equivalence is a little bit better in my head than on paper, but I still think that a fair bit of it still holds.
December 28, 2011, 9:29 pmAn Artist’s Guide To SOPA | Outside The Box Music says:
[...] Stewart Baker former NSA analyst and advisor to the President on national security issues is against…. Even in version 2.0. In order to implement SOPA, would require that IPS bypass or circumvent a security protocol in network technology called DNSSEC. DNSSEC verifies the identities of a web site or domain name. DNSSEC is designed to protect networks from forged Domain Name Service(DNS) data or DNS cache poisoning. The DNS data then becomes unreliable, corrupt or poisoned and rapidly proliferates throughout the Internet. Ironically, in it’s desire to neutralize IP piracy, SOPA could enable DNS or network piracy. [...]
January 9, 2012, 1:33 amGeeks to Testify (Finally!) About SOPA Blacklisting Implications | Daves Ultimate Deals says:
[...] Among those scheduled to testify are Stewart Baker, the former Department of Homeland Security policy director, who has said SOPA “would still do great damage to internet security.” [...]
January 9, 2012, 7:40 pmGeeks to Testify (Finally!) About SOPA Blacklisting Implications | Matias Vangsnes says:
[...] are Stewart Baker, the former Department of Homeland Security policy director, who has said SOPA “would still do great damage to internet security.”Also slated to testify is DNS expert Dan Kaminsky of DKH. Putting false information into the DNS [...]
January 10, 2012, 5:06 amCopyright Lawyers Oppose SOPA … And Say It Won’t Even Work | Independent News Hub says:
[...] Stewart Baker, former NSA General Counsel and Head of Cyber Policy for DHS [...]
January 10, 2012, 6:19 amCopyright Lawyers Oppose SOPA and Say It Won’t Even Work - The Swash says:
[...] Stewart Baker, former NSA General Counsel and Head of Cyber Policy for DHS [...]
January 10, 2012, 9:38 amRep. Smith Waters Down SOPA, DNS Redirects Out | deltabluks.tk says:
[...] Among those summoned are Stewart Baker, a former Bush administration Department of Homeland Security policy director, who has said tinkering with the Domain Name System “would do great damage to internet security.” [...]
January 13, 2012, 7:23 pm