TECH

DefCAD Triggers HTTP 451
Depending on where you live, pointing your browser to Defcad.com yesterday may have shown you something you’d never seen before. It certainly did for me. That’s because I live in one of the two states (as of this writing) in the United States which have scrambled to block access to the online repository of firearm CAD files after they were approved for release by the US State Department.
Anyone using the internet in those states was presented with HTTP status code 451: “Unavailable For Legal Reasons”. This code was named for Ray Bradbury’s dystopian novel “Fahrenheit 451″, in which books are burned to censor the information they contain. Rather than simply returning the traditional 403 error, 451 can be used to signal that the server is willing to serve the user the information, but is being prevented from doing so by court order.
Whatever your personal feelings are on the public having unfettered access to technical information on firearms, this is still a worrying development. The First Amendment covers more than literal speech: source code and technical data is a form of expression just as much as a poem or song, and are equally protected. If the federal government believes the files that Cody Wilson’s Defense Distributed offers up are not restricted by International Traffic in Arms Regulations (ITAR), then how can a citizen of the United States not view them? The question remains unanswered and overnight a federal judge granted a restraining order to restrict the website for the remaining states.

State vs Federal Law
There’s a somewhat confusing intersection of state and federal laws in the United States, but the short version is that a state can make laws which are more restrictive than federal laws so long as they don’t directly contradict each other. This allows the federal government to establish a baseline, and each state to decide on their own how strictly to enforce it.
A classic example of this principle are seat belt laws. Since 1968, it’s been federally mandated that all cars have seat belts. Anything more specific than that, such as ages at which passengers must use them and fines for failure to do so, are set at the state level. However, a law which exempted vehicles from having seat belts in a particular state would conflict with federal law. If challenged, such a law can be thrown out under what’s called the Supremacy Clause.
In this context, the states in question (New Jersey and Pennsylvania) cannot block their citizens from viewing a particular website because that would be in violation of the First Amendment. Indeed, that’s exactly what Cody Wilson is banking on in the lawsuit he’s filed against New Jersey’s Attorney General. The case is somewhat complicated due to the fact that his settlement with the US State Department didn’t specifically state firearm CAD files are protected by the First Amendment, but only determined that they were not limited by ITAR. Now tied up in federal court, the Supremacy Clause will take precedent.

HTTP 451 Goes Mainstream
Published as RFC7725 in February 2016, HTTP 451 originally met resistance when it was proposed by developer Tim Bray in 2013. Some considered it redundant and not significantly different from the more traditional 403, especially since the HTTP status codes are a constrained name space. Why use up a status code when the same information could be conveyed with an existing one? But as more sites started to use 451 unofficially, it became clear the modern Internet needed a way to differentiate active censorship from a technical issue.
So who can use HTTP 451? Anyone who feels it’s appropriate. Nobody is required to use it, but if you’re in charge of a server and being asked to limit who can see the content it’s hosting, HTTP 451 might be for you. More often than not it will be done by the person who’s running the site which is the case here, but there’s even a push to get ISPs to implement it when they’re being asked to intercede in legal cases.

Eagerly Watching
Cody Wilson says 21 states are currently suing him; with injunctions by NJ and PA being the first at the state level. This kind of state-by-state control over content on the Internet is unprecedented in the United States.
The issues now being tested in the federal case are messy ones. If the DefCAD files remain exempt from ITAR, then the battle over who has access to them is likely to be complex and drawn out, giving way to a troubling scenario in which individual states try to control access to the Internet. On the other hand, if it’s decided that they should be controlled under ITAR, it will set a precedent that some 3D models are too dangerous to be released to the public. The issue then becomes how to decide which 3D models need restriction.



Tom Nardy