License to Hack

Computerworld - There are bad ideas, and then there are really awful ideas. Example of a bad idea: the proposed uniform state law called the Uniform Computer Information Transactions Act (UCITA), with its "self-help" provision that lets vendors remotely sabotage software you've bought if they believe you're not conforming to their license terms. That one is such a stinker that three states have actually outlawed UCITA provisions from being enforced.
And a really awful idea? Try legalizing malicious hacking.
That's what a Los Angeles congressman named Howard Berman has in mind. He's proposing a federal law that would let copyright holders use "technological self-help measures" against peer-to-peer networks like Kazaa, Morpheus and the now-moribund Napster in order to fight piracy of their copyrighted material.
What kind of "self-help" would be legalized? Spoofs, redirection, file blocking, decoys, interdiction and, oh yeah, actually breaking into servers to plant malicious code.
And what if a copyright holder causes additional damage or attacks the systems of someone who isn't actually misusing their copyrights? Berman's bill would protect them from being arrested or sued.
Now let this sink in for a moment: This law is a license to hack, and hack maliciously - without any further government approval, without a court order, entirely at the discretion of the copyright holder.
This is a terrible idea. Full disclosure: I've got no use for peer-to-peer networks where music and movies and software are pirated. My own copyrighted work has been ripped off on the Internet. My friends include the owners of several tiny music labels who hate the music-stealing networks with a passion and rejoiced when Napster went down. So I'm in a position to benefit from this license to hack.
But I repeat: It's a truly awful idea. And not just because it would give a little moral justification to every overgrown juvenile delinquent who believes that "if it's OK for big movie studios to break into someone else's computer, then it's OK for me, too."
It's also a bad law for us because even though it's aimed at peer-to-peer outfits like Kazaa and Morpheus, the next target will be corporate IT.
Face it, there's no way to write a law that's sure to include all peer-to-peer pirates without defining things very broadly. So any copyright holder who's got a beef with any organization whose networks may be used to violate copyrights could claim this license to hack.
So if some software vendor decides your company might have unlicensed software on its network - whether that's true or