Fighting software piracy
Security UPDATE, Web exclusive, June 25, 2003
You might have heard about the comments that US Senator Orrin Hatch of Utah made about fighting copyright piracy. In brief, Hatch advocates using Trojan horse technology to destroy the computers of people who are thought to have pirated copyrighted works more than twice.
Hatch's sentiments echo ideas that those with vested interests in the entertainment industry have voiced before. He believes that we might find better ways to stop piracy. However, if stopping piracy takes destroying computers through Trojan horse code, he's for it. I think that the vast majority of you will agree that Hatch's ideas go against the ideals of democratic society.
Such "hacking back," a form of vigilantism, involves several problems. First of all, catching and punishing criminals is work for law enforcement and judicial systems, not copyright holders. In addition, we currently have no way to determine from a remote location who's actually using a computer or how serial violations might occur.
For example, one person could use a public computer, perhaps at a library or Internet cafe, to download files. If that person inadvertently or unknowingly downloads copyrighted data that wasn't authorized for public distribution, that's one strike against that computer. A second person might later make the same error. Under the ideas that Hatch supports, if a third person downloads copyrighted data not authorized for public use, the injured entity could destroy that computer with a Trojan horse, which the entity would probably launch from a remote location. Meanwhile, the library or Internet cafe would suffer a significant loss for something it did not "do."
The idea makes little sense. I'm sure Hatch meant well in acknowledging software piracy as a serious problem; however, he doesn't seem to understand the underlying technical implications of this form of prevention. People have pointed out that destroying a computer used to download pirated material is akin to destroying the engine of a car because police caught the driver speeding in that car too often. The idea is to produce a financial loss in retaliation for a financial loss, but it amounts to punishing an inanimate technological object for the acts of its operators.
Many copyright holders need a way to better control unauthorized duplication of their works. But using Trojan horses to destroy computers isn't a good answer. Microsoft's Digital Rights Management (DRM) technology might help when it comes to certain types of data. But if someone really wants to pirate copyrighted materials (e.g., code, multimedia, documents), current computer technology--including DRM--simply can't prevent that piracy 100 percent of the time. Quite a dilemma.