The Report of the Commission on the Theft of American Intellectual Property... And lunacy ensues!

Like many other people within the security industry, I took the time to read the "The Report of The Commission on the Theft of American Intellectual Property" which was published by "The IP Commission". For the most part, the report is pretty unsurprising reading. They talk about the different types of issues that surround intellectual property theft, from patents to trade secrets to trademarks and copyright. And at first, I was pretty sure it was going to be one of 'those reads' where everything is pretty much something I already knew, that was until I turned to page 81 and then stuff got really interesting... In a bad way…

The first hint that things were going off the rails was the recommendation titled "Support efforts by American private entities both to identify and to recover or render inoperable intellectual property stolen through cyber means." which basically entertains the notion that intellectual property holders should have the right to devise software that would lock computers down should they detect that someone may be using some of their intellectual property without permission. In turn, the said offending users whose computer has been locked down would have to go and call the police, thus being forced to incriminate themselves, in order to get the password that unlocks their computer. Not only that, but said offending users might have to pay a 'fee' in order to get that password. For those not paying attention, this is basically a redo of 'ransom-ware', evil little malware programs designed to lock down computers until owners of said computers pay a ransom. Basically, hostage taking of computers.

The fact that anyone would entertain that idea is beyond me. Not only that, but the authors of the report wrote “Such measures do not violate existing laws”… Now, I am not a lawyer, but being somewhat educated, I am pretty sure that this idea violates in some way the 4^th Amendment, the 5^th Amendment and the 6^th Amendment. Ignoring those pesky amendments, the authors of the report have also neglected to consider the unintended consequences of what happens when there are false positives? What happens when there is a false positive and a mission critical computer gets locked down? What happens when there is a false positive and a life critical computer gets locked down? What happens when hackers figure out (and they sure as hell will) how to cause false positives at will? I don’t know about you, but as someone who knows a thing or two about hacking and computer security, I have to say that all these questions and the answers that lie behind them, scare me.

So then I kept on reading the remainder of the “Cyber Solutions” section and all semblance of lunacy seemed to calm down. That was until I read the next section titled “Potential Future Measures” and my jaw dropped. I’m not sure what the commission authors were smoking that day, but here are the recommendations they gave and my comments thereafter:

“Recommend that Congress and the administration authorize aggressive cyber actions against cyber IP thieves”

I could go on a rant on this, but instead I am going to ask you, the reader, to try and answer the following questions … How does anyone reliably find cyber IP thieves? Won’t cyber IP thieves just get really good at covering their tracks? What happens when retaliation ends up targeting the wrong people? Where are the checks and balances to make sure those being targeted for aggressive counter-measures are in fact guilty? Won’t this just turn into a “cyber arms-race”? I can see a lot of innocent ‘computers’ getting caught in the cross-fire on this one.

“Recommend to Congress and the administration that U.S. funding to the World Health Organization (WHO) program budget in whole or in part be withheld”

YES! Because world health and intellectual property thieves are two closely tied entities… Sarcasm aside, this is an asinine idea. For one thing, a considerable amount of WHO resources would have to be diverted to developing, maintaining and auditing a regulatory system designed to make sure the WHO never deals with anyone who might be involved in intellectual property theft (i.e. for example, third world countries). Secondly, it would also require foreign agencies that the WHO deals with to have regulatory compliance as well. After all, nothing spells regulatory compliance more than impossibly impoverished third world countries in dire need of medical assistance. This entire idea ends up offloading the cost of IP theft on organizations and countries that are already stretched thin…

“Recommend that Congress and the administration impose a tariff on all Chinese-origin imports, designed to raise 150% of all U.S. losses from Chinese IP theft in the previous year”

Once again, YES! Let’s make ALL AMERICANS pay (through a dramatic rise in the cost of goods) for the theft of intellectual property originating from China. Obviously, the Chinese government will retaliate with their own tariffs which will end up closing the door to China for many US producers, thus costing jobs. But then again, the WTO might have something to say about this…

Anyway, I apologize if I’ve been a bit rant’ish, but I expected something a lot smarter from a group of people who should definitely be more level headed.