updated 5/29/2013 3:49:47 PM ET 2013-05-29T19:49:47

No, Hollywood isn't planning to put malware on your computer.

A posting by BoingBoing's Cory Doctorow on Sunday (May 26) asserted that the music and movie industries were planning to lobby Congress for the right to plant spyware and ransomware in media files in order to deter piracy.

"Software would be loaded on computers that would somehow figure out if you were a pirate, and if you were, it would lock your computer up and take all your files hostage until you call the police and confess your crime," wrote Doctorow.

His posting has been picked up on other tech-oriented websites, many of which repeat Doctorow's assertions that Hollywood has declared war on your digital rights.

Doctorow was citing a couple of lines in a newly issued paper entitled " The IP Commission Report : The Report of the Commission on the Theft of American Intellectual Property." 

But Doctorow is crying wolf. The report, released last week, has almost nothing to do with media piracy.

Instead, it's primarily concerned with the theft of patents, trade secrets and intellectual property by Chinese spies. The usual groups and bills associated with stopping media piracy — the Motion Picture Association of America (MPAA), the Recording Industry Association of America (RIAA), the Stop Online Piracy Act (SOPA) and the Protect IP Act (PIPA) are never mentioned.

The issue of media piracy does appear once in the 92-page report, but only as an afterthought. It's confined to a single paragraph on pages 52-53, appended to a two-page examination of software piracy.

[ 13 Security and Privacy Tips for the Truly Paranoid ]

What got Doctorow truly alarmed was this passage on page 81:

"Software can be written that will allow only authorized users to open files containing valuable information. If an unauthorized person accesses the information, a range of actions might then occur. For example, the file could be rendered inaccessible and the unauthorized user's computer could be locked down, with instructions on how to contact law enforcement to get the password needed to unlock the account."

Doctorow is right in that the software mimics what ransomware does, right down to the threat of law-enforcement involvement.

He's also right in bringing up the precedent of the Sony rootkit, a piece of malware designed to disable MP3-ripping software that was discovered in 2005 on certain premanufactured CDs.

But he's wrong in stating, "Now they've demanded that Congress legalize an extortion tool invented by organized criminals."

Who are the "they" Doctorow refers to?  The commission is made up of foreign-policy and intelligence experts without any obvious Hollywood links.

Its co-chairs are former Director of National Intelligence Adm. Dennis Blair and former presidential candidate, ambassador to China and Utah Gov. Jon Huntsman.

The other five members include a former secretary of defense, a former CEO of Intel, a former senator, a career trade bureaucrat and an academic.

As for Congress legalizing malware, here's the relevant passage:

"While not currently permitted under U.S. law, there are increasing calls for creating a more permissive environment for active network defense that allows companies not only to stabilize a situation, but to take further steps, including actively retrieving stolen information, altering it within the intruder’s networks or even destroying the information within an unauthorized network."

That is alarming, but it's also factual. There really is an active ongoing debate in the information-security community about whether counterattacks against malicious hackers should be allowed.

The issue hasn't yet been settled — but merely stating that such a debate exists does not equal "demanding" that Congress "legalize extortion."

Last but not least, Doctorow leaves out the very passage that nullifies his argument.

"An action against a hacker designed to recover a stolen information file or to degrade or damage the computer system of a hacker might degrade or damage the computer or network systems of an innocent third party," the report states. "For these reasons and others, the Commission does not recommend specific revised laws under present circumstances."

Follow Paul Wagenseil @snd_wagenseil. Follow us @TechNewsDaily Facebook  or Google+.

© 2012 TechNewsDaily


Discussion comments


Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments