1 hour ago
Getty Images file
Companies need to fight back against cyber thieves who steal intellectual property from them, and should be allowed to protect files with a system that locks down a user's computer ? or even spreads malware ? says a U.S. advisory group.
The recommendations, made in a new report by the Commission on the Theft of American Intellectual Property, are in response to the growing problem of industrial espionage. China is considered responsible for between 50 and 80 percent it, the commission said.
"American scientific innovations and new technologies are tracked and stolen from American universities, national laboratories, private think tanks and start-up companies, as well as from the major R&D centers of multinational companies," the group said in the report. "Virtually every sector and technology is attacked ? from low-tech to high-tech; from agricultural machinery and biotechnology to wind- power generation; from mobile phones, computers, and televisions to chemical compounds and aeronautics."
The commission tallies the cost of such losses at "over $300 billion," saying they're comparable to the value of current U.S. exports to Asia.
But the guidance ? which is not, in itself, a legislative bill but goes to Congress and to the White House for consideration ? represents "a dangerous combination of bad ideas and misinformation," Corynne McSherry, Intellectual Property Director for the Electronic Frontier Foundation, told NBC News. It "advocates for increased network surveillance, ignoring the potential impact on user privacy, and the use of malware, which will undermine network and user security," she said.
The commission is headed by Dennis C. Blair, former director of National Intelligence and Jon. M. Huntsman Jr., former ambassador to China and former Utah governor, and includes well-known members from the fields of security, technology and intellectual-property law.
Along with intensified efforts by companies to improve security and monitoring, the report encourages "theft-based deterrence" against "targeted hackers."
'Ransomware' or personal property protection?
For starters, the commission said, companies "should consider marking their electronic files through techniques such as 'meta-tagging,' 'beaconing,' and 'watermarking.' Such tools can determine whether protected information has left an authorized network, and can potentially identify the location of files in the event that they are stolen."
But companies could also use software to tell when an "unauthorized person accesses the information," then render the file inaccessible. It continues:
The unauthorized user's computer could be locked down, with instructions on how to contact law enforcement to get the password needed to unlock the account. Such measures do not violate existing laws on the use of the Internet, yet they serve to blunt attacks and stabilize a cyber incident to provide both time and evidence for law enforcement to become involved.
McSherry calls that recommendation "particularly egregious."
"This kind of malicious software is also known as ransomware and is a popular tool of organized crime," she said. "It is astonishing to see the IP Commission propose using the same tactics as organized criminal gangs."
But the commissioners see this as taking real-world measures into the virtual realm."The protections afforded to victims in the cyber domain are too few," Roy Kamphausen, deputy director of the commission, told NBC News, citing lawyers with whom the commission spoke regarding the report.
"They noted that in the physical world a person who steals a purse on the street, for instance, might legally be detained ? only by means of proportional force ? until law enforcement arrives. Similar protections ought to be available, with appropriate protections against collateral damage, in the cyber domain."
Who's in charge of enforcement?
Another idea ? one that the commission acknowledges is not "currently permitted under U.S. law" ? is to have companies retrieve stolen information from an intruder's computer, alter it within the intruder's networks, "even destroying the information within an unauthorized network."
"The potential for abuse is extraordinary" if such a route is taken, McSherry said. "The long and shameful history of the Digital Millennium Copyright Act file takedown abuse teaches us that intellectual property owners cannot be trusted with the enforcement tools they already have ? we should hardly be giving them new ones."
"Attempting to categorize intellectual property enforcement as crucial to national security is simply a naked attempt to justify fobbing off the costs of that enforcement ? which traditionally belong primarily with the copyright owner ? onto the government," she said.
Kamphausen said that the report is just "the beginning of a process that would result in more effective legislation and regulation." The concerns about whether such steps taken by the government could be considered going too far "would need to be addressed in that process," he said.
Check out Technology and TODAY Tech on Facebook, and on Twitter, follow Suzanne Choney.
vanessa minnillo super tuesday epidemiology total eclipse of the heart jionni lavalle earthquake san francisco donald payne
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.