Net antipiracy bill proposes remedy many can't hack

Media: A proposed law letting copyright-holders use otherwise illegal tactics to stop swapping of their intellectual property has file-sharing services and others up in arms.

August 01, 2002|By Hiawatha Bray | Hiawatha Bray,NEW YORK TIMES NEWS SERVICE

How far will the big media companies go to keep you from stealing their music and video recordings?

If U.S. Rep. Howard L. Berman, a California Democrat, has his way, outfits like the Walt Disney Co. and AOL Time Warner Inc. may soon use teams of computer hackers to keep the rest of us honest.

Attacking a stranger's computer is illegal under federal law. But a bill introduced by Berman would make an exception for anybody who holds a copyright - writers, filmmakers, recording artists, photographers.

These people will be allowed to use hacking techniques to go inside peer-to-peer file-sharing networks like Kazaa and Morpheus, and prevent illegal swaps of their copyrighted materials.

The digital community is reacting with stark horror.

"Vigilantism by the Hollywood studios," Jason Mahler, general counsel for the Computer and Communications Industry Association, called it.

"What they're trying to do is put sugar in the gas tank" of the peer-to-peer industry, said Ellen Stroud, spokeswoman for StreamCast Networks, makers of Morpheus.

It's easy to share their dismay. It's bad enough that major copyright holders, such as the Hollywood studios, want laws that will require the redesign of our computers to make it impossible to copy digital files. Now they want a license to hack our computers while we cruise the Net?

Not quite, said a spokesman for Berman. According to him, the law would not permit the use of many destructive tricks. The intruders could not "alter, delete, or otherwise impair" anything on a suspect computer. As a result, a company couldn't wipe files found on your computer, even if it believed you had no right to them. Nor would it be allowed to vandalize a computer by, say, planting a virus on it.

The bill would forbid any method that would disrupt legal file transfers on peer-to-peer networks; companies can only block exchanges of their own intellectual property. And a copyright holder wouldn't be allowed to use any technique that would cause more than $50 in damage to a computer system.

Cross that line, and the victim is allowed to sue.

So what could the copyright holders do? The legislation doesn't say. A company would have to notify the U.S. attorney general, and provide complete details on what technologies it would use. But it wouldn't have to inform the public. After all, that would make it easy for people to defeat the method.

Chris Wysopal, director of research and development for @Stake Inc., the Cambridge computer security firm, figures companies will try "denial-of-service" attacks because "that has the least risk of breaking things."

If, for example, the newspaper wanted to stop someone from sharing copies of this article, it would log onto Morpheus and identify all the computers carrying the file. Then it would request downloads from each machine, using a program that would collect the files ... very ... slowly. This would tie up the computers on the other end, preventing them from sharing the file with others. That's a denial-of-service attack, simple and effective - and quite illegal when it's done by teen-age vandals looking to shut down a Web site. But the Berman bill would make it OK in the name of protecting intellectual property.

Internet civil libertarians like the Electronic Frontier Foundation are already mounting the barricades against Berman's bill. But on what grounds?

Networks like Morpheus are open to the public, which routinely uses them to deal in stolen digital goods. If someone enters the network and disrupts only the illegal traffic, where's the problem? Internet users have no right to do wrong.

One of the law's weak spots is the secrecy it grants to copyright holders. They're not required to identify themselves to users of the network. So if somebody thinks they're being unjustly targeted, how do they complain to the Justice Department? Just as officers must show their badges, the law ought to provide that these "ethical" hackers must identify themselves.

But if they do so, and comply with the other safeguards described above, it's hard to see how these antipiracy tactics will hurt anybody except the data thieves.

On the other hand, they probably won't help either. Wysopal noted that it wouldn't be too difficult to add an "anti-antipiracy" feature to Morpheus and its ilk.

This would automatically spot denial-of-service attacks and kick the perpetrator out of the system. Besides, a huge number of the computers on these peer-to-peer networks are based in other parts of the world, beyond the reach of Attorney General John Ashcroft.

"It's a fundamentally unsolvable problem, I think," said Wysopal. "It's going to be a cat-and-mouse game, and I don't see how they can win."

But that won't stop the big media companies from trying. And the Berman bill demonstrates just how far they're willing to go.

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.