Skip Links

U.S. urged to let companies 'hack-back' at IP cyber thieves

Best defense against American IP theft may be legalizing cyber offense, U.S. commission says

By Jaikumar Vijayan, Computerworld
May 23, 2013 05:32 PM ET

Computerworld - U.S. companies should be allowed to take aggressive countermeasures against hackers seeking to steal their intellectual property, contends the private Commission on the Theft of American Intellectual Property.

The 100-page report, released this week, stops just short of recommending that the U.S. allow businesses to actively retrieve stolen information from within an intruder's network, and to disable or destroy it without any limitations.

[ ANALYSIS: Is retaliation the answer to cyberattacks? ]

However, the report does make clear that some so-called hack-back options be available if simpler attempts to deter IP theft fail, which will likely gain the attention of rights advocacy groups.

The commission is co-chaired by Dennis Blair, former U.S. Director of National Intelligence and Jon Huntsman, former U.S. Ambassador to China.

The report, released May 22, largely blames China for the what it says is the theft of hundreds of billions of dollars worth of U.S. intellectual property each year. Such theft is leads to significant U.S. revenue loss while hurting U.S. innovation and jobs, the report noted.

"The American response to date of hectoring governments and prosecuting individuals has been utterly inadequate to deal with the problem," the Commission said in the report.

Data from court cases, the U.S. Trade Representative and from specialized firms and industry groups show that Chinese cybercriminals account for roughly 70% of all IP theft today.

The stolen IP is used to help Chinese companies and the Chinese government close the current technology gap with the U.S. That finding is similar to one cited in the recently-released Department of Defense Annual Report to Congress.

Countries like India and Russia are also seen posing a strong threat to American IP, the reports said.

Existing laws and IP protection provisions in international trade agreements have failed to address the issue so far. Similarly, emerging cybersecurity laws and policies implemented by the Obama Administration to tighten U.S. economic espionage laws will only have limited effect, the IP Commission argued.

In order to better deter IP theft, American companies should be allowed to implement measures that make it much more costly for someone to steal their property, the latest report said.

"Effective security concepts against targeted attacks must be based on the reality that a perfect defense against intrusion is impossible," the IP Commission said. It argued that it's more important to raise the stakes for cybercriminals than to create more laws aimed at stopping all attacks.

For instance, the commission argues that U.S. laws should let American owners of intellectual property recover or render inoperable any IP that's stolen over the Internet. Such laws would allow companies to consider a broader use of "meta-tagging," "beaconing" and "watermarking" tools to digitally mark any files containing proprietary data.

The tools would alert companies to the theft of a protected file, and could help identify where it was stored by the cybercriminals. Such tools would also let IP owners render a stolen file inaccessible or lock down an authorized user's computer.

Originally published on www.computerworld.com. Click here to read the original story.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News