US entertainment industry to Congress: make it legal for us to deploy rootkits, spyware, ransomware and trojans to attack pirates!Cory Doctorow at 11:41 am Sun, May 26, 2013
The hilariously named "Commission on the Theft of American Intellectual Property" has finally released its report, an
84-page tome that's pretty bonkers. But amidst all that crazy, there's a bit that stands out as particularly insane: a proposal to legalize the use of malware in order to punish people believed to be copying illegally. The report proposes that software would be loaded on computers that would somehow figure out if you were a pirate, and if you were, it would lock your computer up and take all your files hostage until you call the police and confess your crime. This is the mechanism that crooks use when they deploy
ransomware.
It's just more evidence that copyright enforcers' network strategies are indistinguishable from those used by dictators and criminals. In 2011, the MPAA told Congress that they wanted SOPA and knew it would work
because it was the same tactic used by governments in "China, Iran, the UAE, Armenia, Ethiopia, Saudi Arabia, Yemen, Bahrain, Burma, Syria, Turkmenistan, Uzbekistan, and Vietnam." Now they've demanded that Congress legalize an extortion tool invented by organized criminals.
Additionally, software can be written that will allow only authorized users to open files containing valuable information. If an unauthorized person accesses the information, a range of actions might then occur. For example, the file could be rendered inaccessible and the unauthorized user’s computer could be locked down, with instructions on how to contact law enforcement to get the password needed to unlock the account. Such measures do not violate existing laws on the use of the Internet, yet they serve to blunt attacks and stabilize a cyber incident to provide both time and evidence for law enforcement to become involved.
It gets better:
While not currently permitted under U.S. law, there are increasing calls for creating a more permissive environment for active network defense that allows companies not only to stabilize a situation but to take further steps, including actively retrieving stolen information, altering it within the intruder’s networks, or even destroying the information within an unauthorized network. Additional measures go further, including photographing the hacker using his own system’s camera, implanting malware in the hacker’s network, or even physically disabling or destroying the hacker’s own computer or network.