Ars Technica reported yesterday on proposed U.S. legislation, called the Combating Online Infringement and Counterfeits Act (COICA). One of the primary purposes of this bill is to provide a legal mechanism for interfering with the operation of a website that is "dedicated to infringing activities." With a court order, U.S.-based registrars may be ordered to suspend a domain name, and domestic DNS operators may be ordered to stop resolving the domain name. Financial transactions through domestic services (e.g., Visa card processing) can also be suspended.
There are some interesting technical and legal questions in this bill, but the part that interests me is how narrowly focused it is. If Congress is going to establish a mechanism for fighting websites dedicated to illegal activity, why not broaden it beyond copyright infringement (which, by the way, is a civil offense, not a criminal one) and include distribution of malware, phishing, or other criminal activities?
The answer to my rhetorical question can likely be found by following the money. Lobbying by copyright holders and their representatives (e.g., the Recording Industry Association of America and the Motion Picture Association of America, for example) is big business, while we in the malware world have relatively sparse resources dedicated to influencing policy. The reality, though, is that e-crime is a substantial drain on the U.S. economy, and the prescriptive measures in COICA could apply just as easily to e-crime sites as to piracy sites. (Again, I'm leaving aside potential critiques of these prescriptive mechanisms or other aspects of the legislation.)
It would be great to see some broader legislation that draws on the expertise of the law enforcement and tech communities, as well as past judicial precedent, to create a standard framework for taking legal action against any website that is dedicated to illegal activity.