There has been no greater advocate against cyber espionage and its influence on worldwide markets than Richard Clarke. As a former White House advisor on cyber security, his extensive insight and access has allowed Mr. Clarke a vantage point few others have had. In a discussion below, Clarke describes how China, specifically, is participating in one of the largest thefts in intellectual property (IP) the world has ever seen. Because most companies fail to recognize the seriousness of advanced threats, many never realize they’ve been breached until months or years after being initially compromised. As a result, terabytes of intellectual property are funneling out of the corporate door and into the hands of competing companies and governments. By failing to have an advanced threat protection solution, companies are giving years of IP over for a minimal cost to them. Richard Clarke explains:

Bit9: Is China still considered the dominant nation state when it comes to state-sponsored cyber-attacks? We’ve heard they are involved in the Nortel hacking incident that some are alleging helped bring the company to bankruptcy. Where does Russia fit into the mix? And regarding these nation-state attacks, are there any new methods or strategies that have emerged of late that concern you?

Mr. Clarke: China is engaged in a widespread, global industrial espionage net. Russia is equally, if not more capable, but seems to be doing more targeted attacks. The Chinese and Russian attacks are both persistent. Meaning after you think you’ve eliminated their presence on your networks, they are still there.

Bit9: What is your take on the recent cyber-attacks in the Middle East? Stuxnet was a high profile event last year. What is concerning you these days about cyber activity in the Middle East?

Mr. Clarke: Since December, Arab-Israeli tensions have been spilled onto the region’s fiber optic cables. Citizen hackers on both sides have engaged in tit-for-tat raids on Israeli, Saudi and other regional computer networks. I believe what we’re seeing is large scale “hacktivism,” not terrorism. No one has died and, so far, nothing has blown up. Moreover, it seems that most of the attack methods have been relatively unsophisticated – I noted this in an opinion piece in the Wall Street Journal on February 16. However, this ongoing hacktivism has reached a point that should cause nations to act.

If the hackers decide that identity theft and website defacement aren’t enough and wish to cause disruption and destruction, as some have threatened, they may be able to access controls for electric power grids, oil pipelines, and water systems due to inadequate security on these systems. Once physical damage occurs, a crisis could quickly escalate, which would involve governments retaliating against each other with both cyber and conventional weapons. Middle Eastern governments should act to control their citizen hackers and better protect their own critical networks, or they may eventually be dragged into unwanted conflict.

Bit9: There have been two recent high profile breaches in the United States. The Chamber of Commerce had a serious hack in which data was stolen on the people and companies that work with Chamber of Commerce, and Symantec’s Source Code was stolen recently. What is your take on these two hacks and do they indicate that there may be a bigger wave of high profile hacks coming up?

Mr. Clarke: The Chamber of Commerce attack probably didn’t yield any valuable information to the attacker, but it’s similar to other attacks done by Chinese entities who probe any organization that may affect US/China policy. The attempt to get Symantec’s source code is part of a pattern of hackers attacking the defenders (like the RSA breach) – that is, hackers going after software companies that create cybersecurity applications, a trend that I expect will continue.

Bit9: Intellectual Property (IP) has emerged as the primary target for today’s hackers – we’re seeing it right now with Nortel. Can you talk about this evolution in cyber-attacks and why should it concern CSO’s and CISO’s?

Mr. Clarke: In a knowledge economy, the most valuable assets that a company may have are its intellectual property, trade secrets, research and development data, and plans for new products and services. The industrial espionage that we are seeing is targeting that sort of information to beat us to market, to allow competitors in China and elsewhere to bring products to market more cheaply, and to eliminate their R&D costs by simply using ours. A company’s ability to protect such sensitive information will be directly correlated to how competitive it will be in the marketplace. The recently revealed decade-long campaign against Nortel is a perfect example of this. It illustrates the persistence of the malicious actors engaged in industrial cyber espionage and the risks of corporate complacency in the face of this threat.

A case study in what happens when you don’t take security seriously

Recent reports in the Wall Street Journal and other media outlets have described how the now-defunct Nortel Networks was a victim of sustained and pervasive cyber espionage hacking dating back to at least 2000. There are many lessons to be learned from this debacle.

Let’s start with the obvious problem of disclosure; both internally and externally. In Boston, we have a tendency to drop “r”s from our vernacular (e.g. “Pahk the cah in Hahvahd Yahd”), which is rather fitting when we talk about Nortel – or should I say, “No tell.” According to Brian Shields, a former Nortel employee working on the investigation of the security incidents, “No-tell” Networks essentially buried their head in the sand when it came to understanding the impact of their security breach. In addition to not taking the problem seriously, it is unclear whether they disclosed the extent and nature of the problem to prospective buyers when selling off their $4.5 billion worth of patents.

Not to sound cynical, but don’t you think it might have given buyers some pause to know that what they are purchasing could be in the hands of a competitor or adversary for nearly a decade prior? In No-tell’s defense, from the news being reported, it’s likely that upper management didn’t really have a clue of the extent or severity of the problem. How could they when their response, to first learning of the breach in 2004, was to simply change the passwords of the affected accounts (including their top executives and CEO)? Imagine someone breaks into your home, steals your wallet, all of your valuables and personal financial information, and your response is to simply change the locks on your front door?

I’m not saying that the cyber breach directly led to Nortel’s downfall as a major player in the telecommunications field, but it’s plausible. At best, the apparent “see no evil, speak no evil” attitude that Nortel executives took regarding the potential theft of their critical business plans and technology is a good indicator of how they might have dealt with other problems facing the once-giant corporation. Ignorance is bliss… if by bliss you mean no longer having to worry about preserving your company, its employees, or its intellectual property.

Folks, cyber espionage is real and it has been going on for decades. Ignore it at your own (and your employees’) peril. Many folks on the outside may look at this, and other recent security incidents, and say that this is rare and people in the security industry and media are over-hyping it. But anyone who has experienced it from the inside knows the truth. There are enemies who are actively targeting companies’ intellectual property on a daily basis, and the theft of your core assets causes very real financial loss, not to mention loss of consumer and market confidence. Information Week just posted 8 lessons you can learn from the Nortel breach. I won’t detail it here, but I recommend reading it.

China, or at least parties operating within China, have been implicated in the Nortel breach. China has been implicated in dozens of major security breaches in just the past year. I have written extensively about nation-state, and specifically, China-sponsored cyber espionage and how this threat is different from more traditional cybercrime. Naysayers will say that people are simply using China as a scapegoat or to generate hype, and that given the nature of the Internet, there is no way to be 100% sure who is perpetrating an attack. It has been reported that the Chinese embassy in Canada has said that China’s government “strictly prohibits” hacking. Oh. Well then I stand corrected. All is well. Pay no attention here. Even though China operates one of the world’s strictest controls and monitoring over their Internet, surely they can’t possibly know about the widespread, large scale, and sophisticated hacking coming from systems within their country? Let’s not dwell on who might be perpetrating the largest theft of intellectual property in the history of mankind. Let’s not consider that bands of independent hacker groups really have no way to benefit from the theft of corporate business plans, patents, manufacturing techniques and all sorts of intellectual property that has been stolen over the years – unless they are working either under the guidance of a larger entity capable of capitalizing on this data, or they are selling this information to such entities.

Actually, that’s just another way to bury our heads in the sand. It matters. It matters because understanding the attacker helps us understand their motivations, their techniques, and their capabilities. It matters because it enables us to have an honest and open discussion about providing a proper response to the threat landscape. Now I’m not saying China is responsible for all cyber espionage. But there is enough evidence over the years to conclude they are directly or indirectly responsible for most, and that matters.

So what happens if you’re someone like me? You’ve just gone to dinner, taken a cab back home, paid the cab fare, closed the door, and just as the cab takes off you feel the lonely and empty pocket that’s usually home to your smartphone. You chase after the cab, but as the cab fades further away the impact of what you lost on that mobile device begins to grow and loom over your head. It becomes more than a phone, because now you haven’t just lost a piece of hardware, you’ve lost your photos, videos, and perhaps your wallet. Not to mention control over what emails have been seen, text messages sent, and contacts you recently interacted with. 

So what happens if your phone is your wallet? With Google’s new service/app Google Wallet – which the app was launched back in September – anyone with a Nexus S 4G phone on Sprint can do just that. And by utilizing the app with the device’s Near Field Communication (NFC) ability, this can allow supporting vendors to wirelessly access your banking information.

But what happens if your unlocked phone was left with a less-than-angelic cabby? Lucky for me, my phone was locked, but others might not be. Because of this, this cabby could perhaps access your banking information through a new security loophole found in Google Wallet.

According to Joshua Rubin, a senior engineer with Zvelo, a security research firm, Google Wallets PIN authorization can be easily bypassed. The app labeled “Google Wallet Cracker” can record and access the four-digit PIN required to launch the app, giving anyone with possession of a stranger’s lost/stolen phone – and modest technological know-how – the ability to steal vital information from that particular user. Google did acknowledge the issue and is currently working to resolve the reported problem, but the implications are still concerning. So far the reach of Google Wallet begins and ends with one device on one network (Nexus S 4G on Sprint if you forgot), but this will likely change very soon.

Consider the trend. Mobile payments will continue to increase over the next year, with the possibility of this feature integrating across more phones and within business practices. We’ve already seen mobile payment apps like Square, which allows businesses to accept payments on their tablets or phones. But in the future, with corporate credits cards now on company/personal devices, protecting intellectual property, banking information and company payment history could be a big concern with loopholes in popular third-party systems.

In fairness, mobile payments through smart devices do actually provide the “possibility” for greater security. Traditionally, a stolen credit card offers no security protection and requires the original owner to call and report the incident. The bigger security issue is that most – if not all – user data is residing in one spot, with several apps, that hold sensitive data, asking you to authorize the app only once. Whether the solution is additional security at the operating system layer or more responsibility from the app vendors to better secure their PINs, we all need to be cautious about how fast we let our smartphones become “smart,” at least until we really understand the security implications.

**Joshua Rubin upon discovering the vulnerability did alert Google before publishing the reported issue. Google is currently working on a fix and update. 

Anonymous may be falling victim to their very name. Because of it, it allows them the freedom to become larger than they otherwise could independently – while also protecting them from the obvious legal repercussions. But what’s more important within this group, is how the media has blown out this larger than life perception of the organization – yes it’s becoming that. But now, they’re essentially egging on a group more consumed with PR attention than what most would deem hacktivism.

In light of this, we’ve recently seen Anonymous hack into several law enforcement agencies websites (Boston and Salt Lake City to name two), gain access to informants and tipsters, and go further into sensitive data related to drug crimes, personal information and listen in on FBI internal communications. They have even called on shutting down the social giant Facebook as well – for what, who knows?

Gone are the days when Anonymous could loosely associate its hacking efforts with a cause. A new day for Anonymous is rising and it’s a day when the group itself may be unable to control its own message. Perhaps falling victim the same way the individuals they look to disrupt did – too big too fast. Luckily – insert sarcasm – we have CNN to help focus their message.

Recently, Anonymous perpetrated some denial-of-service attacks against web sites belonging to the FBI, Department of Justice, as well as the RIAA and MPAA, lashing out in retaliation over the FBI's shutting down of Megaupload.com, a popular file-sharing website.  The mainstream media, however, has gotten the analysis of the situation a great deal more wrong than usual.

Really, this is War?

CNN catapulted cable journalism to prominence by breaking new ground in its Gulf War coverage some twenty years ago, and should be able to recognize a war when they see one.  They seem to have totally lost perspective on what war is, however, using that term many times during prime news coverage (Wolf Blitzer's show, Friday) to describe this action by Anonymous.

These actions are much more comparable to Occupy Wall Street protests than to actual war.  When protesters link arms across a street, or handcuff themselves to doors, gates, or cars, they're denying other people access to buildings or thoroughfares.  This is denial-of-service and usually we don't get that worked up about it when reported.  Does anybody think the FBI and DOJ rely on their websites for internal operations?  Were field operatives and lawyers unable to pursue their cases because their PR machine was offline for a few hours?

Please, folks.  I know Anonymous breaks into stuff sometimes, they cause damage, and that's illegal and wrong.  The DDOS stuff is arguably more illegal than it is wrong.  Let's start making a distinction between hacktivism and cyber-terrorism; can we agree on that?

By the way, a great deal of media's important failure to grasp basic facts centers around the distinction between denial-of-service attacks and actual infiltration.  That's an important distinction, but we'll save that for another post.

Media Dups:  It's not about Hacking!

The media also fell into a huge trap, and an old one.  Think about this question for a second, what is Anonymous actually about?

Have an answer?  If you said, "hacking,” you got it wrong.  Hacking is secondary for Anonymous, it's a tool.  What is Anonymous really after?  What are they much better at? PR!

They're after attention, and they're very very good at this.  They're so good at it that I entertained the humorous notion to myself that they might not have even hit a single keystroke to affect this DOS attack.  All they needed to do was get enough journalists and bloggers in a lather to get them to DOS the sites.  In reality, it probably helped get the job done - with journalists constantly pinging these websites every couple minutes to see if the sites were still down.  I'll bet these sites got more legitimate hits in a single hour than they usually get in a whole year!

Well, it turns out I was half right.  Anonymous apparently went even further and purposely tricked curious netizens into taking part in the attack – so much for media savvy.  Really, congress can obviously do plenty of damage through ignorance, but media seems equally willing to embrace it for the sake of ratings and buzz.

Same as the Old Boss

Probably the simplest evidence that the media is a naive and unwitting hand puppet for groups like Anonymous, is the fact that this sort of thing has been going on for a long time.  One of the favorite pastimes of modern hacking groups that started emerging in the 90's, is manipulation of the media through propaganda and misinformation.  If it's a psyops technique that the military has ever deployed, there's probably a shadowy version of it going on underground.  Why do they do it? Well mostly for fun and this has been true for quite some time.

The sad thing is, the media never seems to catch on.  As a friend of mine likes to say, <heavy sigh>.

After three years, Chrome is finally on Android – but there’s a caveat. Most will have to wait for their Android device to run the OS’s latest operating system Ice Cream Sandwich (Android 4.0, ICS) or purchase a more modern device that has ICS already on it to enable this app. Once again, the Android faithful will have to wait for manufacturer’s to push out the latest flavor of Android – something users have grown accustomed to.

The reason for the harsh segregation of Chrome Beta on Android, is that Chrome uses ICS’s hardware acceleration that’s built into it. To most, hardware acceleration may sound like a good thing, but to others who have grown accustomed to waiting on Android updates, it can seem like waiting in line for a rollercoaster that only ends up breakdown when you’re next in line – just a little bitterness from a guy who waited nine months on Gingerbread (Android 2.3).

Another issue revolving around this is that only 1 percent of Android devices run the latest OS. That means only individuals with rooted devices or the Galaxy Nexus, Nexus S, Nexus S 4G, Xoom, and Asus' Transformer Prime will be able to acquire the app. Yikes.

Chrome on Android is great, but Google has once again isolated the majority of its audience. Many would love to be using ICS and Chrome, but can’t because of Google’s current update model. Aside from the centrally managed “pure Google” phones Galaxy Nexus, Nexus S, and Nexus S 4G, the rest have to wait for our manufacturers to push out updates. Most of these folks (manufacturers), being more preoccupied with moving you from phone-to-phone as opposed to pushing out the latest and greatest OS – which they usually manipulate to differentiate anyways. All of this leaves us with a less secure Android OS and prevents progress. We did a report on the "Orphan Android" problem, highlighting these risks and security vulnerabilities back in November. 

Another issue: No Flash… ever. This may make some cringe, but Adobe nixed Flash for mobile back in November. It only makes sense Flash would be an afterthought, and probably helps from a security perspective, but several competing mobile browsers offer Flash built-in – including the stock browser that Android currently ships with. This means using the stock browser – not Chrome – to surf Flash-enabled sites.

Call me bitter or a realist, but isn’t it time Google figured out how to get newer Android products to its customers? ICS and Chrome being two of them? Google’s Android open-source project has been a success in large part because of its open source concept, but doesn’t that mean Google owes us something more? Not everyone can or does want a Nexus model phone, so what happens to the rest of us who fall in this bucket? Do we look elsewhere or do we pray and hope? ICS where are you?

The threat landscape is changing. Cyberthreats pose a more common and severe obstacle to most of us than traditional terrorism now. This does not mean – going forward – that real ground-level threats should be ignored or belittled, and of course these threats pose physical harm as opposed to digital ones. Nonetheless, cyberthreats need a larger acknowledgment as a viable problem in the coming years. Cyber War is not a current problem for the U.S., but it very well could be in the future as more states play a role in hacking opposing countries’ corporations and businesses to influence markets in their favor.

Yesterday, FBI Director Robert Mueller and National Intelligence Director James Clapper, testified at the annual Worldwide Threat hearing regarding future threats the country faces. He estimated that cyberthreats will surpass terrorist threats in the near future. Saying, “Down the road, the cyberthreat, which cuts across all [FBI] programs, will be the number one threat to the country.”

So how is this affecting you now? Well currently, several countries are participating in corporate espionage. China, one of the main power players within this practice, is funneling intellectual property by the tera and petabytes from U.S. companies. Richard Clarke, former advisor to the president on cyber security, discussed in a recent video interview about China’s new influence in hacking U.S. companies (VIDEO).

Because hacking is largely an invisible threat, most corporations do not take security seriously. Many never realize they’ve been hacked and if they do, it’s usually months – sometimes years – after being breached. What we are seeing is that corporations are forced to take it seriously when they are informed by the U.S. Government – usually the FBI – that their data and intellectual property has been stolen. This threat doesn’t just pose a threat to corporations either, defense contractors need to take the threat seriously as well and outfit their IT ecosystem to protect against the advanced threat.

“The cyberthreat is one of the most challenging ones we face,” Clapper said. “Among state actors, we’re particularly concerned about entities within China and Russia conducting intrusions into U.S. computer networks and stealing U.S. data.  And the growing role that non-state actors are playing in cyberspace is a great example of the easy access to potentially disruptive and even lethal technology and know-how by such groups.”

In the past year, we’ve seen high-level breaches like RSA, seen Symantec’s source code stolen, and even over 100 million records stolen from Sony PlayStation’s online network – just to name three. It’s time for Corporate America to take security seriously, and focus on protecting the most important part in the viability of their company: their intellectual property. 

Solers Inc., a leading information technology solutions provider for U.S. government agencies, is now utilizing Bit9 Parity Suite, designed to protect their customers from advanced threats. One of the challenges in today’s industry is recognizing how: threats operate, populate your servers and endpoints, and exfiltrate your intellectual property (IP).

Sure, “known threats” can be protected by traditional antivirus solutions, but what about a malformed PDF with executable files embedded within it? What happens when a malicious attachment arrives in the marketing departments email from the VP of marketing? It looks real and seems real, but expecting each user operating on an endpoint to scan for trust on each email/attachment – which could be thousands of employees equaling thousands of endpoints – is a little unrealistic.

One of the main problems in IT Security is: Problem Exists Between Keyboard and Chair (PEBKAC). Virtually meaning people are dumb – thanks Dan Brown. Because it’s impossible to control everyone, corporations need to build trust in the applications they’re running. Here’s where Application Whitelisting comes in. With Bit9 Parity Suite’s Application Control, Solers was able to provide configurability and flexibility in their environment. Because Bit9 Parity Suite also provides the most flexible Application Whitelisting on the market, Solers was able to confidently secure their endpoints and servers with Parity Suite while providing a workable environment for their employees.

“Before deploying Bit9 Parity Suite, we struggled to find a balance between keeping our infrastructure secure and giving our developers the freedom they needed to approve software on their own,” explained Mike Nutbrown, who has recently been promoted to director of information security at Solers.

So what if you could trust your software, attachments and servers? What if you could detect your company's risk with real-time sensors and reduce actionable events from millions to dozens? What if you could protect against the Advanced Persistent Threat (APT)? And what if you could measure the success and functionality of all of this? Well, like Solers, you can. Click here for more details for a 5-day trial of Bit9 Parity Suite. We protect the world’s leading brands. 

With the recent suspension of the SOPA and PIPA bills, the latest story in the Federal government’s war on Internet piracy was the shutdown of file-sharing site Megaupload.com. But did the FBI go too far? Now anyone who knows a little bit about Megaupload, knows that the site did carry a ton of illegal content – but is this the site’s fault or its users?

So what is Megaupload? Essentially the site offered a storage locker – in the cloud – to upload content that gave users un-policed access to post whatever they wanted. In certain cases, several used the site to post illegal content, with most of it being publicly accessible. Once posted, the content could be downloaded by anyone searching for it. This could be music, movies, television shows or applications. This provided a seemingly endless stream of content users could acquire for free without repercussions or payment.

The site had to know its days were numbered, but a shutdown and arrest of Kim Dotcom, Megaupload founder, may have been a bit overboard. In fact, the details of the arrest involve a police raid utilizing helicopters, Dotcom locking himself in the safe room of his 25,000 square-foot mansion with a sawed-off shotgun, while the police cut him out of the room to make the arrest. This all happened during a raid that seemed more like a scene from a nerd-ier version of Scarface than anything else. Someone should have told Dotcom that sawed-off shotguns are illegal in laser tag.

Maybe the recent arrest of Dotcom and the shutdown of Megaupload – and its sister site Megavideo – are proof that the U.S. government may not need SOPA or PIPA to protect copyrights? The flawed Digital Millennium Copyright Act (DMCA), enacted in 1998, gives lawmakers the authority to remove the presence of illegally posted content, without going as far as shutting down the site itself. Nonetheless, a shutdown of Megaupload was still accomplished. This was due in large part because the site had actively advertised its illegal content. Now even though the site was based in China, its .com domain still meant it fell under U.S. jurisdiction. SOPA however, would allow lawmakers to venture further, shutting down U.S. access to foreign domains as well as domains falling under U.S. jurisdiction.

It’s a slippery slope. We’re reaching an age where the definition of copyright infringement is blurred. If Megaupload is illegal, how is YouTube not? It’s a classic argument of who’s to blame? If the bank leaves the safe doors open and someone walks in and steals your money, is it the banks fault or the thief? Most would say both, but what if the bank never promised any level of protection? Or should they?

Upon hearing of the shutdown, it’s hard to defend the site, but also equally hard to keep the impending-doom light from going off regarding the future of my favorite websites – Google Music or YouTube to mention a couple.

As Internet-wide panic exploded over the weekend, several other sites have either revoked U.S. access or stopped file sharing indefinitely. FileSonic, one of the top file-sharing sites, has suspended all file sharing. Maybe this is what the government wanted? SOPA and PIPA fell by the wayside so maybe this is their next-best option? It’s hard to tell, but I believe the Internet is heading in the right direction. It’s just about getting there with only bumps and bruises and not broken bones. 

I remember my father, a retired physician, railing against government attempting to legislate on medical matters, an area in which they demonstrated little to no understanding.  I didn't have a full appreciation for the sort of legislative blunders congress was truly capable of until SOPA and PIPA.

In short, the Stop Online Piracy Act (SOPA, congress) and PROTECT IP Act (PIPA, senate) bills try to placate the Big Media industry, which claims that Piracy is rampant and causing significant financial harm to the industry.  This claim, particularly that piracy is causing great financial harm to the music and movie industries is credibly disputed, however.  I won't bombard you with links on the matter, except to point you to eff.org for a good place to start.

However, not only is the goal of SOPA (and PIPA) possibly misguided, but the means for enforcing the controls on online piracy are incredibly irresponsible.  This is not to say that congress is acting out of ill will, collusion or self-interest (necessarily), but at the very least out of an abundance of ignorance.  Why?  What harm do these bills pose?

Tampering with How the Internet Works

These bills attempt to legislate how the Internet works.  Last I heard, the brilliant minds who crafted and refined the Internet over years are not working as congressmen.  What the geniuses in D.C. have decided in their rampant technological naiveté amounts to surgery on the Internet with a spoon.  These laws would require service providers (you’re likely familiar with Comcast or Verizon) to block offending sites from being listed in the global name registry called DNS.  This would be something like having your business removed from the Yellow Pages (back when people actually used the YPs).  Worse, like other egregious examples of technical legislation like the DMCA, there is little or no due process when complaints are filed.  Basically, you’re guilty until proven innocent.  It’s a little hard to grasp based on these abstract descriptions, but take the example of Youtube.  If some copyright holder files a complaint that someone has posted their copyrighted material, the resulting actions effectively shut Youtube down for some period of time, until the matter could be resolved.  In Youtube’s case, it would simply be decimated, effectively never online.  Would this stop piracy?  No.  Would it stop a great deal of the Internet you’ve come to rely on from working?  YES!

Ignorance is Bliss

Probably the most worrying thing about the SOPA debacle is congress’ willingness to legislate out of willful ignorance.  In 1995, congress made the ill-advised move to dismantle the Office of Technology Assessment.  This is exactly the independent body that could have provided congress with the clear-headed and technically aware perspective needed to kill these bills before they saw the light of day.

Backlash

Now that these bills have made it so far through the legislative process, there has been a growing backlash among the tech community.  Wikipedia shut down most of the English version of their site (though you could still get the content if you knew where to find it), and Google and many many others either shutdown or modified their sites in protest of these bills.

Anybody with some knowledge of these matters knows that these bills are a bad idea.  As technically informed citizens, we must tell congress to put an end to ignorance-based legislation.

Before starting I want to address first that this is my opinion and not that of my employers. With that said, here we go.

Today Wikipedia, Reddit and 10,000 additional websites have gone black to raise awareness of two impeding bills: The Stop Online Piracy Act (SOPA) the PROTECT IP Act (PIPA). Several other sites have created petitions (the largest being Google) to help fight these bills. So what’s the issue? Essentially there are two at play. Keeping the Internet free, but somehow protect against the onslaught of websites that are providing copywrited content for nothing.

For instance, under this new legislation the music video you watch on YouTube for free would otherwise require YouTube itself or whoever is posting it to acquire consent from the original content provider. What could follow is having any real tiebacks from additional links posted on blogs, websites, or social media platforms to become illegal – or unnecessarily hard to accomplish. This could essentially kill SEO currently and where it might end up. In the end, all you will be left with is a mundane list of articles with no real interactivity. This could disrupt Google, Reddit, Wikipedia, Facebook, and thousands of other websites business models. In turn, muzzling the Internet through censorship. 

This could cripple open source projects across the web, give law enforcers new powers to enforce filters on the Internet, and block access tools to get around such filters. The bill will not remove pirate sites, but merely lay down cones in the road in which to navigate around. This hurts true job creators within the web industry like Google. The Mountain View Company has already mentioned – in their blog – on how to combat pirate sites by attacking their funding.

I can think back to the old Encyclopedia Britannica on compact disk and how limited that was to where we have gone. It’s not because this resource was not valuable, but it offered no room for growth - that is unless you purchased updates.

So let’s face it. We’re spoiled. We live in a world where updates are automatic and in large part for free. Most of them go unnoticed because they are just assumed – with Wikipedia coming to mind. But what it offers is the idea of rapid growth through a community of knowledge. It may take a village to raise a child, but a community can educate the world. Why would we stop this? I agree that protecting content and its producers needs to be address, but the way the bill is written offers moderate resolution for maximum consequences. If you agree, sign Google's petition here: https://www.google.com/landing/takeaction/.