If financial services companies have any reservations about being appointed the front-line enforcers for copyright protections under proposed anti-piracy legislation, now would be their time to strike.
On Wednesday, Wikipedia plans to shut down for the day in protest of the Stop Online Piracy Act in the House and its companion Senate bill, the Protect Intellectual Property Act. The bills have been roundly criticized for taking a heavy-handed approach to enforcing intellectual property rights. The outcry has gotten so fierce that several companies that supported these bills backed off, and the White House issued a statement on its blog Saturday opposing the approach the bills take.
SOPA would compel financial companies to cut off payments to a website if just one of the site's users is merely accused of copyright infringement. This aspect of the proposed legislation, along with the implications for free speech and for the way the whole Internet functions, has led to the backlash from technology companies and tech-savvy web users.
"It shouldn't be [payment companies'] role to police what the hundreds of millions of users of Google are posting on Google's sites," says Julie Conroy McNelley, a senior risk and fraud analyst at Aite Group LLC. "That's not the core competency of a payment company. They shouldn't be put in that enforcement role."
Hence, the financial services industry may want to band together to lobby for removal of its enforcement role from any future version of SOPA, McNelley says.
"This bill needs to, in my opinion, be thrown out and they need to start all over again," she says. "The broad-brush way in which this bill has been written … is putting the onus on a lot of players on the bad actions of a few that are going to find ways around it. They always do."
In a rewritten bill that takes "a more surgical-strike approach to weeding out and stopping some of this stuff, I think you can take the payment companies out entirely," McNelley says.
As it is written today, SOPA states that "a payment network provider shall take technically feasible and reasonable measures," within five days, "to prevent, prohibit, or suspend its service from completing payment transactions involving customers located within the United States and the Internet site, or portion thereof, that is specified in the notification" of infringement by the attorney general.
Even MasterCard Inc., which supports SOPA, has been outspoken about certain language in the bill it disagrees with. An executive for the Purchase, N.Y. card network highlighted its concerns in a November testimony at the House's Judiciary Committee.
The five-day deadline is unrealistic, said Linda Kirkpatrick, group head of franchise development and customer performance integrity at MasterCard, in her Nov. 16 testimony.
"Simply identifying the acquirer for an Internet site may take several days depending upon how long it takes for the alleged infringer to submit payments to its acquirer," she said, according to a transcript. "MasterCard urges the committee not to set an artificial deadline for the performance of a specific action as it may present impossible compliance challenges in some circumstances."
MasterCard would not provide further comment for this story. Visa Inc. did not respond to an inquiry for this story, though the card network was named alongside MasterCard on a list of SOPA supporters published by the Judiciary Committee. Discover Financial Services and American Express Co. did not respond to inquiries and were not named on the committee's list.
PayPal Inc., a unit of eBay Inc., does not have a public position on SOPA, according to a spokeswoman.
Even if the payment companies were comfortable with their roles as enforcers, they would run the risk of being targets of "hacktivist" backlash.
Last year, several financial companies faced the wrath of the hacktivist community after the companies blocked payments to WikiLeaks. The organization’s defenders launched a denial-of-service attack against the financial companies' websites, knocking MasterCard's website briefly offline. A denial-of-service attack is designed to block access to a website by overwhelming it with more traffic than it is designed to handle.
"If [financial companies] stop payment-processing, even if it's to the right company, they're in a very vulnerable position," says Avivah Litan, a vice president and distinguished analyst at the Stamford, Conn., market research company Gartner Inc. "Their sites can be taken down, as they have in the past."
And the threat to banks and payment processors stands to get worse as the issue of blocking payments to websites provokes a heightened response from the Internet community.
"The attackers haven't gotten into the payment networks yet, but they've come very close," Litan says. "They've been attacking the websites, not the backbone payment processing, but they certainly could do that."