Hacking Vigilantism

By Roy D. Follendore III

September 27, 2002

The music industry is asking the permission of our Government to become hacker vigilantes in their effort to halt the exchange and storage of copyrighted materials on the Internet. If allowed they would essentially be allowed to invade and attack computers and their content if it was determined that their unlicensed material was involved. These attacks could take place with respect to connectivity links as well and could include a denial of service.

Imagine yourself going to send an email and a message pops up saying that you are not allowed to communicate until you erase a file from your hard disk with the name of a pop music record. This is not as far fetched as it may at first seem. There are cases where the entertainment industry thought that a file was something that it wasn't. There are also cases where children were taken to court because of a school book report which was placed on a personal website. This is another excuse that can too easily become just another way of bypassing privacy and another example of greed of millionaire record executives overriding individual freedom because they do not want to spend any of their precious money protecting those same copyrights with quality security technology.

They simply do not own the necessary intellectual property rights of the hardware manufacturers and they are not willing to pay to acquire rights to them. It is supposed to be their easy way out because they do not have to be embarrassed again when the next entertainment security system is hacked because they refuse to understand the most basic principles of technical security. This is the real reason why the entertainment industry has chosen the lobby route that they have taken.

In the climate of all of the foolish mistakes in security policies that have been made recently in the name of antiterrorism, it all sounds like the kind of justification that just might be approved. But if allowed, this in my opinion would be an egregious and foolish decision and here are my reasons why.

First of all, such practices establishes a dangerous precedent by allowing a commercial party to become both the Internet police and court. Interruptions are active forms of punishment that paralyze and inhibit private business.

Second, it invites real hacker retaliation and imitation. Kids as well as terrorist could use the identities of the vigilantes to attack legitimate websites. Such hackers would not be limited by regulation and right now any hack attack can be represented as illegitimate because they are unauthorized. The problem with security authentication for individuals would therefore become the problem of "legitimate vigilante hacks." It could therefore become impossible to for authorities to untangle a real hack war and such a war could in fact shut down much of the traffic on the Internet.

Third, in practice after the issue drags through all of the State, Federal and Supreme Courts, it will probably be considered Unconstitutional. Free speech and free trade both of which are directly and indirectly protected by the Constitution would be jeopardized. In fact, there could easily be several other potential Constitutional violations involved, including illegal search and seizure. This is of course the intention of the people who invented this solution, who obviously were lawyers.

Just as in some of my other essays, I am asking a fundamental and profound question. Is this the way that we would choose to be? We are constantly building our society, not just for ourselves but for future generations. Is this the way that we choose our children to exist? For any special interest group to lobby our Congress to have the right to act as judge, jury or executioner is not only an at the abridgement of human rights, it is a scary slippery slope that can then be used to affect the opportunities and free will of future generations.

Essentially all of this boils down to just another crazy and irrational security problem and the influence of power and money, like all of the others similar problems we now seem constantly surrounded by. This is also a problem that is bounded by our educational institutes of neglect, which we call our Universities. There does not seem to be much interest from them to educate students about the rational reasons for security policies. Just like lawyers, the engineers in charge today are just businessmen interested in the question of the "how," not the "why." So the cart continues to drive the horse. Perhaps one of these days University Communication departments will hopefully come to understand that applied security is an organizational communication science involving human beings, not a technical engineering application. Then they might get someone qualified to teach the reasons why issues like this occur.

.