[NTLUG:Discuss] Government sanctioned hacking?!?

[Merlin]

I am including an editorial from a daily e-zine that I get.  This really, 
really scares me, and I think the author is right on point.

I can immediately see one method of "abuse" of this law.  A hacker identifies a 
network they want to take down, so the introduce a piece of their 
own "copyrighted" material, even if it's just an original sig line.  Once that 
is moved from one machine or another (if they wait that long), off goes the 
email to the AG and down comes the system.  Very scary.

=============
**Point: Just Say No to Government-Sanctioned Hacking
By Roberta Bragg

We’re all in trouble now. Representative Howard Berman (D-Calif.) has
introduced a bill that would legalize hacking. Yep, it’s true; Berman
thinks hacking is OK, as long as it’s done by “copyright” owners (read
the bill at www.house.gov/berman/p2p.pdf). The bill legalizes attacks
on “peer-to-peer file trader networks” if a copyright holder thinks the
network is distributing their works. Computer attacks are rising at an
alarming rate and being used for anything from thrill seeking to
terrorism, and Berman wants to legalize it?

I have a few problems with that. First of all, some exquisitely good
hackers aside, I don’t believe most amateurs or even pros in this area
are capable of making the sort of surgical strike the bill specifies.
He seems to think the copyright holder will be able to target the file-
trader who’s infringed upon their rights, thwart him or her and not
affect anyone else. I don’t think so. That’s sort of like thinking you
can infect one person with a virus and not have it spread to others.
The easy attacks affect computers indiscriminately, and even those
directed at a specific target may affect many others as they clog the
network.

Second, the bill doesn’t require the copyright holder to call in
authorities, obtain a warrant or otherwise submit to the same review
that citizens and law enforcement agencies must. He merely has to
“notify” the U.S. attorney general about who he’s going to attack and
what tool he’s going to use. (Get ready, John Ashcroft; you’re going to
be flooded by hackers and crackers who want similar rights.)

Third, the bill contains weak controls and avenues for redress. Sure,
the copyright holder can only inflict $50 damage per suspected
incident. But how many songs do they have to suspect you of obtaining
before they can destroy your Web server? Domain controller? Database
server? And remember, the bill only specifies actual monetary loss, so
we’re looking at the cost to you of just the hardware and software, not
the data on it, lost sales, collections, deadlines and so on. I hope
your lawyers are as good as those the big cats in the entertainment
world can hire.

Think you’re not going to be affected by this proposed law? Think
again. Your views on new laws which allow copyright holders to copy
protect their work don’t matter. Nor do your actions: You may never
have downloaded a single song, paid for or otherwise; never made a copy
from a CD you purchased; never shared an illicit copy with friends. To
be targeted, you only have to be part of a ‘peer-to-peer file trader
network.’ The bill defines that as two or more computers connected by
computer software that:

A) Is primarily designed to
- enable the connected computers to transmit files or data to other
connected computers
- enable the connected computers to request the transmission of files
or data from other connected computers
- enable the designation of files or data on the connected computers
as available for transmission

(B) Doesn’t permanently route all file or data inquiries or searches
through a designated, central computer located in the United States.

I think this broad definition was meant only to encompass networks
developed for the purpose of sharing copyrighted recordings. But by
this definition, we are all file traders and use and manage peer-to-
peer file trading networks. Do you not, or have you not at some time
enabled file and printer sharing? Have you set up a file share? FTP?
TFTP? How many of you run personal Web servers? And what does
“designated, central computer” mean? One run by the copyright holder?
Some new government agency?

I’m a published author, and I certainly don’t want anyone to copy my
work and sell it or advertise it as their own. But It’s not right to
attack their computer to get back at them. Berman wants to make it
legal for me to do so. He’s wrong. Let’s tell him that this 10-page
bill is dangerous.

Here’s how. First do your own research. Read the bill, then do a little
Internet search. You’ll find some intelligent--and not so intelligent—
commentary. You’ll find some interesting ideas, some which echo my own
and some which are different, including a group of folks who want to
organize and vote out of office someone who supports the bill, at
www.instapundit.com. Then visit www.eff.org. You’ll find a sample
letter you can use to write your representatives and other ideas.
Regardless of your view on obtaining tunes at no charge over the
Internet, no one should have the legal right to attack our computers.
No one.

--
Roberta Bragg, MCSE, MCT, CISSP, runs her company, Have Computer
Will Travel Inc., out of a notebook carrying case. She's an independent
consultant specializing in security, operating systems and databases.
Send her your questions or comments at mailto:roberta.bragg at mcpmag.com.
=============

-- 
Merlin