In an interesting piece at Boing Boing, the entertainment industry wants a piece of the APT action. The report from the Commission on the Theft of American Intellectual Property, coincidentally copyright 2013 by The National Bureau of Asian Research, proposes taking rights management software to the next level. Not only can one restrict who can open certain files, but now one can scan the hard drive to determine if there is additional IP that has not been paid for. Not only that, it would legalize password protecting ALL the files on the computer much like ransomware until someone could verify that the law was not being broken.
The real prize is is in Chapter 13 page 81:
Reconcile necessary changes in the law with a changing technical environment.
When theft of valuable information, including intellectual property, occurs at network speed, sometimes merely containing a situation until law enforcement can become involved is not an entirely satisfactory course of action. While not currently permitted under U.S. law, there are increasing calls for creating a more permissive environment for active network defense that allows companies not only to stabilize a situation but to take further steps, including actively retrieving stolen information, altering it within the intruder’s networks, or even destroying the information within an unauthorized
network. Additional measures go further, including photographing the hacker using his own system’s camera, implanting malware in the hacker’s network, or even physically disabling or destroying the hacker’s own computer or network.
The entertainment industry is opening up an extremely large can of worms. First, let us consider that they manage to lobby to have the entertainment industry only exempt from prosecution in these instances. Our favorite article at Forbes suggests that 50% of the workforce will be freelancers or entrepreneurs by 2020. A lot of thought doesn’t have to go into discovering how to use this sort of lobbying against the industry that created it. If 50% of the workforce works for one-person corporations, it is very easy to create an offshore subsidiary as a separate legal entity with separate bank accounts for the purposes of “entertainment licensing”.
Such nonsense of invading common citizens hard drives would be stopped by mutually assured destruction. All of these offshore subsidiaries could start contracting Hacking as a Service (Haas) at other offshore companies to install ransomware into these mega-corporations as part of intellectual property enforcement. If the subsidiary collecting royalties is off shore along with the HaaS provider, it makes it very difficult for the entertainment industry to do anything but pay a licensing fee.
As traders we can follow these patterns and attempt to capitalize on 10-20% movements from short selling the companies getting shut down. History has shown us that having intruders in your network does not affect stock value to a large degree; however, adding companies to a watch list for ease of reference does not hurt.
While the entertainment industry is proposing outrageous solutions to a problem they have, it is still possible for other professionals to make money if these solutions become law. These professions stand to benefit:
- Lawyers because no mater what happens, lawyers always win.
- Infosec professionals, both on the offense and defense side
- Management Consultants who may setup subsidiary companies for the purpose of launching both legal (see Lawyers above) and virtual attacks
- SMBs who may manage to obtain licensing fees for their “one off” ebook or song being on the wrong network at the wrong time
- Day Traders who can capitalize on a single day news event where a company’s operating capability is shut down.
The measures proposed by the entertainment industry may never pass. The industry should hope so. In less than 5 minutes we have devised a way to create off shore companies bent on collecting licensing fees for misappropriated intellectual property, in a manner that may be in full compliance with the law, and untouchable depending on what country they are located in. That is something the entertainment industry should understand is possible and relatively easy to setup with today’s technology.