MPAA Requests Immunity to Commit Cyber-Crimes
The news has been buzzing around for the last couple of days that Representative Berman, whose palm has been crossed with silver by the entertainment industry, would introduce a bill permitting copyright holders to hack or DoS people allegedly distributing their works without permission. Well, the bill has been introduced - read it and weep. Although the bill wouldn't allow copyright owners to alter or delete files on your machine, they would be allowed to DoS you in essentially any other way. Let me restate that: the MPAA and RIAA are asking that they be allowed to perform what would otherwise be federal and state criminal acts and civil torts, and you will have essentially no remedy against them under any laws of the United States. [Privacy Digest]
My analysis of the bill: Despite the obvious un-American nature of the bill, and the fact that the RIAA and MPAA are basically asking for permission to commit terrorist acts (that word has been tossed around a lot lately, but it's literally true here; they intend to "terrorize" their customers), the current incarnation of the bill is basically irrelevant. In order for a copyright holder to be allowed to get away with "disabling, interfering with, blocking, diverting, or otherwise imparing the unauthorized distribution, display, performance, or reproduction of his or her copyrighted work", the act must meet several criteria:
- must not cause economic loss to any person other then affected file traders
- must not cause an economic loss of more then $50.00 per impairment to the property of an affected file trader not related to the copyrighted material
Taken together, I am unable to think of an actual action the RIAA or MPAA could take that would meet these criteria with any sort of confidence. Packet flooding, the easiest and lowest tech of the DOS attacks, is right out; it economically affects everyone between the flooder and the floodee. More subtle hacks will be virtually impossible for the industry, as they will involve exploiting holes (like the old Ping of Death) that will be closed faster then they can find them. Even though I expect the second criterion to disappear by the time the bill is passed, there's no way the first one can, and that eliminates too much.
This bill is a waste of time, and hopefully, will just become a public relations disaster if we can manage to tag this action with the terrorist tag... shouldn't be too hard, because it is terrorism!
Update: The Register largely agrees with my analysis, but gives it the good ole' Register trademarked satirical spin. '...anyone with a copyright will be allowed to hack the daylights out of anyone, including MPAA Headquarters, so long as they have a 'reasonable suspicion' of infringement and notify the DoJ of their intent at least seven days before commencing the attack... Somehow, Valenti failed to impress on the over-eager Berman's mind that this legislation is for media giants only.' (Emphasis theirs.)