The Internet is buzzing over a new report from the Commission on the Theft of American Intellectual Property that recommends using spyware and ransom-ware to combat online infringement. The recommendations are shocking as they represent next-generation digital locks that could lock down computers and even “retrieve” files from personal computers:
Software can be written that will allow only authorized users to open files containing valuable information. If an unauthorized person accesses the information, a range of actions might then occur. For example, the file could be rendered inaccessible and the unauthorized user’s computer could be locked down, with instructions on how to contact law enforcement to get the password needed to unlock the account.
While many of the recommendations sound outrageous (see further details here and here), it is worth noting that earlier this year Canadian business groups led by the Canadian Chamber of Commerce recommended that the Canadian government introduce a regulation that would permit the use of spyware for these kinds of purposes.
a program that is installed by or on behalf of a person to prevent, detect, investigate, or terminate activities that the person reasonably believes (i) present a risk or threatens the security, privacy, or unauthorized or fraudulent use, of a computer system, telecommunications facility, or network, or (ii) involves the contravention of any law of Canada, of a province or municipality of Canada or of a foreign state;
As I noted at the time, this provision would effectively legalize spyware in Canada on behalf of these industry groups. The potential scope of coverage is breathtaking: a software program secretly installed by an entertainment software company designed to detect or investigate alleged copyright infringement would be covered by this exception. This exception could potentially cover programs designed to block access to certain websites (preventing the contravention of a law as would have been the case with SOPA), attempts to access wireless networks without authorization, or even keylogger programs tracking unsuspecting users (detection and investigation).