Legally speaking, may the owner of a computer file put a beacon in it so that it will “phone home” if stolen.
By “phoning home,” the file would transmit data over the Internet,
telling the owner that the file has been stolen and telling the owner where the file is located.
Beacon in Proprietary Media
The file might be a copyrighted movie, or a document containing corporate secrets.
I recently heard that a media company was planting such beacons in its copyrighted media files.
Computer Crime?
Some argue that this beacon might encroach on the rights of other people.
For example, if the file is stolen and then stored on the computer of another person, then the beacon may be acting in a manner that surprises the “other person.” Some legal experts are concerned that the original file owner may, by way of the beacon, be accessing the “other person’s” computer without authority and thereby be committing a computer crime. See, "Cybertheft Victims Itchy to Retaliate," Wall Street Journal, June 3, 2013. (Reference Computer Fraud and Abuse Act.)
The “other person” might be a hacker who stole the file. Alternatively, the other person might be an innocent party who owns a server, on which a hacker stored the file without authority.
Computer Crime Law Is Hard to Interpret
Computer crime laws are often worded vaguely and hard to interpret in new situations. Technology changes quickly.
Little if any US case law gives good guidance on whether use of this beacon would be a crime.
Thus, the owner of the media file arguably bears risk as it embeds the beacon in the file.
Reduce Risk
One way to lower risk would be for the file owner to warn people in advance about the beacon. For instance, the file owner could post a legal notice:
WARNING: This file is the property of Acme Corp. You are forbidden from taking it without explicit, written permission. This file contains a tracking beacon. The beacon will send signals to Acme Corp. with details about the status and location of this file and the environment in which it resides. The beacon may cause damage to the systems in which the file resides.
If police were to investigate whether the file owner committed a computer crime, a warning like this may help to defend the owner. The warning connotes that the owner had no intention of wrongdoing.
Did Innocent Server Owner See the Warning?
Granted, the innocent owner of a server where the file is placed may not see the warning. But the server owner should monitor its equipment and prevent hackers from storing stuff on it.
–Benjamin Wright, Instructor at SANS Institute
Side note: When a robber demands cash from a bank teller these days, the teller is likely to slip a GPS tracking device in with the paper bills. Thus, the police can track the location of the bills. Is the bank committing a crime when it plays such a trick on a robber? The robber might store the bills (plus GPS device) in the home of an innocent person, without permission and thereby cause havoc for the innocent person.
By “phoning home,” the file would transmit data over the Internet,
telling the owner that the file has been stolen and telling the owner where the file is located.
Beacon in Proprietary Media
The file might be a copyrighted movie, or a document containing corporate secrets.
I recently heard that a media company was planting such beacons in its copyrighted media files.
Computer Crime?
Some argue that this beacon might encroach on the rights of other people.
For example, if the file is stolen and then stored on the computer of another person, then the beacon may be acting in a manner that surprises the “other person.” Some legal experts are concerned that the original file owner may, by way of the beacon, be accessing the “other person’s” computer without authority and thereby be committing a computer crime. See, "Cybertheft Victims Itchy to Retaliate," Wall Street Journal, June 3, 2013. (Reference Computer Fraud and Abuse Act.)
The “other person” might be a hacker who stole the file. Alternatively, the other person might be an innocent party who owns a server, on which a hacker stored the file without authority.
Computer Crime Law Is Hard to Interpret
Computer crime laws are often worded vaguely and hard to interpret in new situations. Technology changes quickly.
Little if any US case law gives good guidance on whether use of this beacon would be a crime.
Thus, the owner of the media file arguably bears risk as it embeds the beacon in the file.
Reduce Risk
One way to lower risk would be for the file owner to warn people in advance about the beacon. For instance, the file owner could post a legal notice:
WARNING: This file is the property of Acme Corp. You are forbidden from taking it without explicit, written permission. This file contains a tracking beacon. The beacon will send signals to Acme Corp. with details about the status and location of this file and the environment in which it resides. The beacon may cause damage to the systems in which the file resides.
If police were to investigate whether the file owner committed a computer crime, a warning like this may help to defend the owner. The warning connotes that the owner had no intention of wrongdoing.
Did Innocent Server Owner See the Warning?
Granted, the innocent owner of a server where the file is placed may not see the warning. But the server owner should monitor its equipment and prevent hackers from storing stuff on it.
–Benjamin Wright, Instructor at SANS Institute
Side note: When a robber demands cash from a bank teller these days, the teller is likely to slip a GPS tracking device in with the paper bills. Thus, the police can track the location of the bills. Is the bank committing a crime when it plays such a trick on a robber? The robber might store the bills (plus GPS device) in the home of an innocent person, without permission and thereby cause havoc for the innocent person.
No comments:
Post a Comment