SOPA and network architecture

The media frenzy over the Stop Online Piracy Act and the Protect IP Act (SOPA and PIPA respectively) appears to be finally dying down after last week’s Internet blackout, mostly due to the shocking news regarding the shutting down of Megaupload. While I publicly expressed some misgivings about the focus of the current debate,  it is undeniable that with regards to SOPA and PIPA, there is indeed room for concern outside of the U.S about the two pieces of legislation (not to mention concern inside that country), as it is very possible that SOPA and PIPA could have serious extraterritorial consequences. This has been a point that has been constantly repeated in the last few days, but the danger is much graver than anyone thinks. See, the existing network architecture of the Internet relies heavily on the United States, and any legislation that affects the core would have cascading consequences elsewhere. Allow me to elaborate.

In network theory, there is a concept called centrality which measures the importance of a node in any given network. This is calculated by the number of links a node has to neighbouring nodes, the shortest number of paths to other nodes in the network, and the average shortest path. A node is said to be central in a network if it is linked to a large number of other nodes, if it can be connected to other nodes quickly (the six degrees of separation phenomenon), and if the average distance to other nodes is short. When plotting charts describing networks, central nodes can be sometimes easily identified like in this chart, where blue indicates more central nodes:

Node and hub centrality is an important indication that there is a power law at work in a network, as high concentration of centrality in some nodes may give rise to a scale-free network, where some nodes are more important than others. The Internet is a scale-free network (here is where I plug my book if you want to read more about the subject, wink, wink), so centrality comes into play in two ways. There is the physical network, the wires, routers and hubs that make up its physical architecture, and then there is also a logical level of centrality. I would class the DNS system and Internet governance to be important aspects of the logical Internet. It should be no surprise to anyone to learn that any way you look at the Internet, the U.S. is extremely central. Take for example this picture of the global submarine cable network (from this excellent website):


This is just one aspect of the large dominance that the U.S. has in the Internet’s infrastructure. Things get even more interesting when you look at the logical architecture, where the U.S. has managed to remain considerably ahead of other countries. While anyone can become an Internet server by just installing web server software into any computer connected to the Web, you need a registrar if you want a domain name that resolves in the system (such as technollama.co.uk). Most top level domains are registered in the United States (.com, .org, .net, .biz), and statistics show that the U.S. is the country with the most domain names registered under its jurisdiction, with 78,453,258 as of last week.

Country-wise Domains Distribution: Domain Names by Country of Purchase

Rank Country Domains
1 United States 78,453,258
2 Germany 6,481,160
3 United Kingdom 4,617,854
4 China 4,502,381
5 Canada 3,869,783
6 France 3,271,896
7 Japan 2,483,667
8 Australia 2,405,261
9 Spain 1,589,942
10 Netherlands,The 1,372,323

The closest second country is Germany with over six million. In fact, not even combining the rest of the countries can you reach the total of domains registered in the U.S. A similar picture emerges with regards to hosting, that is, where content is actually placed in a server. For example, while this blog’s domain name was registered by a UK provider, it is hosted by a U.S. company (and I assume that the content is actually held there). 9 out of the top 10 hosting companies are American, and  of these, the largest host in the world is GoDaddy (WildWestDomains in the chart). The end result is a skewed map of the world, where whatever happens in the United States affects the Internet disproportionately. Take what happened to Megaupload, while the company was registered in Hong Kong, and most of its operations ran from New Zealand, its .com domain was registered to an American company named DotRegistrar, based in Washington state. Similarly, the site had also hired some of its hosting services in the States, where at some point it had leased more than 1,000 servers to companies like Carpathia Hosting and Cogent Communications. This state of affairs opened up Megaupload to enforcement by American authorities, which is precisely what took place.

One does not need to know anything about networks to know that DNS registration and hosting are the Achilles heel of both pirating and legitimate sites. However, centrality has an important lesson to teach us with regards to the dangers of SOPA and PIPA in other ways. Imagine that most digital lockers, torrent trackers and other sites operating in the shadier side of the Web were to move shop and get out of the U.S. as fast as you can say “Conspiracy to Commit Racketeering“, but that the North American country retains its centrality in the Web’s architecture. This is precisely where SOPA wants to step in, as it would create several dispositions that would try to get to websites that are currently outside of the U.S. jurisdiction, namely, are registered and hosted elsewhere in the world. The most controversial norm in SOPA (of which there is talk of being removed), was contained in s102, which stated that:

“A service provider shall take technically feasible and reasonable measures designed to prevent access by its subscribers located within the United States to the foreign infringing site (or portion thereof) that is subject to the order, including measures designed to prevent the domain name of the foreign infringing site (or portion thereof) from resolving to that domain name’s Internet Protocol address. Such actions shall be taken as expeditiously as possible, but in any case within 5 days after being served with a copy of the order, or within such time as the court may order.”

This would have established a filtering responsibility for ISPs and other intermediaries against alleged copyright infringers. The problem with such a feature when introduced in such a central country is that it could perfectly trickle downstream to other physical and logical clients elsewhere, which would mean that SOPA would be used to filter content to all of us. There are already lots of national filtering systems enacted in countries around the world, but none of these is as central to the workings of the Net as the Land of the Free. Seen from an architectural perspective, countries like China are large Intranets, which is why it was so easy for Egyptian authorities to shut down all Web access during that country’s revolution. The U.S has an entirely different role to the network, so anything that is filtered there could end up being filtered in places that have never heard of SOPA, be it justified or not. I cannot imagine that this is a bug and not a feature, some in the copyright industries seem determined to export this draconian model.

The optimist in me wants to believe that we have seen the last of SOPA and PIPA. Unfortunately, Megaupload proved that things are about to get bumpier. “Squad leaders, we’ve picked up a new group of signals. Enemy fighters coming your way.”