NNSquad - Network Neutrality Squad
[ NNSquad ] USA Intellectual Property Theft Commission Recommends Malware!
USA Intellectual Property Theft Commission Recommends Malware!
http://lauren.vortex.com/archive/001034.html
Oh boy. The "Commission on the Theft of American Intellectual
Property" has released its long awaited report, and it's 90 or so
pages of doom, gloom, and the bizarre -- including one section that
had me almost literally doing a "spit-take" onto my screens while
sipping my morning coffee. ( http://j.mp/12BLvSj [IP Commission - PDF] )
I'm not going to try critique the entire report here and now. As
you'd expect, it presents a dire scenario of intellectual property
theft run amok, and while offering only a few words of lip service to
the grossly flawed measurement methodologies that vastly overstate
dollar losses in various sectors, the report instead suggests that
those exaggerations are actually understatements -- that the problem
is far, far worse than we ever imagined. Oh, the horror. The horror.
But we expected this sort of skew to massively hyperbolize the
underlying actual problems of IP theft.
What you may not have expected, however, is that the authors of this
report appear to have been smoking "funny cigarettes" during its
drafting. OK, we don't know this for a fact, but it's otherwise
difficult to wrap your mind around this specific proposal in the
"cyber" section of the report:
"Additionally, software can be written that will allow only authorized
users to open files containing valuable information. If an
unauthorized person accesses the information, a range of actions might
then occur. For example, the file could be rendered inaccessible and
the unauthorized user's computer could be locked down, with
instructions on how to contact law enforcement to get the password
needed to unlock the account. Such measures do not violate existing
laws on the use of the Internet, yet they serve to blunt attacks and
stabilize a cyber incident to provide both time and evidence for law
enforcement to become involved."
Booooing! Say what? Is this the parody section of the report?
Something from "The Onion" or perhaps a "Saturday Night Live" skit?
I'm afraid they're serious. And what they're proposing is no less
than the legitimizing of a form of malware that has attacked vast
numbers of Internet users, costing them immense lost time, money, and
grief.
You may have been unlucky enough to see this for yourself. It comes
in various forms, but generally it claims to be a law enforcement
warning (often saying it's from the FBI). It accuses you of having
some kind of "illicit" material (usually a copyright violation and/or
porn) on your system, and demands that you contact an address for
"more information" -- or even that you make immediate payment of a
"fine" to release your computer. Your webcam may even be
surreptitiously used to include your photo to further confuse and
upset you.
Of course, this is all a scam. If you go to that address, you'll
likely download more malware, or be directed to provide credit card or
bank account info to pay for your "violation" of law. Even if you
pay, you have no assurance that this malware will go away. Even if it
does seem to release you, it may hang around in the background sucking
up your private information, bank account access data, and who knows
what else.
Consumers attacked by this class of malware have spent enormous sums
to get it actually cleaned out, and very many have been directly
defrauded by it as well. And of course, these systems can't be used
for anything else while the malware is actively threatening you.
So now we have the IP Commission suggesting that firms be allowed to
use basically this same technique -- pop up on someone's computer
because you *believe* they've stolen something from you, terrify them
with law enforcement threats, and lock them out of their (possibly
crucial) data and applications as well.
What the hell are these guys thinking? Outside of the enormous
collateral damage this sort of "permitted malware" regime could do to
innocents -- how would the average user be able to tell the difference
between this class of malware and the fraudulent variety that is
currently a scourge across the Net?
What's more, how can it possibly be justified to lock users out of
their systems on this sort of unilateral basis? How much "theft" --
even when it actually occurred -- is enough to justify locking someone
out of their private applications and data, some of which may be
absolutely necessary to their daily lives.
I could get into a lot of technical details about this, but we can
just cut to the chase for now: the whole concept is utterly insane,
and frankly calls into question the competency of the commission in
general.
With our own commissions coming up with idiotic, dangerous nonsense
like this, we may have more to worry about from their kind of thinking
than from the "cyber-crooks" themselves.
And that's really, seriously, scary.
--Lauren--
Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren
Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info
Founder:
- Network Neutrality Squad: http://www.nnsquad.org
- PRIVACY Forum: http://www.vortex.com/privacy-info
- Data Wisdom Explorers League: http://www.dwel.org
- Global Coalition for Transparent Internet Performance: http://www.gctip.org
Member: ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Google+: http://vortex.com/g+lauren / Twitter: http://vortex.com/t-lauren
Tel: +1 (818) 225-2800 / Skype: vortex.com
_______________________________________________
nnsquad mailing list
http://lists.nnsquad.org/mailman/listinfo/nnsquad