WikiLeaks: TPP Could Change White Hat Hacking As We Know It
The Trans-Pacific Partnership is the most comprehensive, far-reaching treaty in the 21st century. Its implications are onerous at the very best, and many from all corners of the Internet have pointed out that the agreement, which is now many years in the making, could effectively eliminate sovereignty. Cue the conspiracy theories about a one-world government.
In a negative twist for white hats, the partnership will also require authorities in member states to have the power to seize the equipment of those who tamper with digital rights management controls. This wouldn’t just include people who rip media in order to share it via Torrent sites, but also people who are doing legitimate research, such as the guys who figured out several vulnerabilities in Jeep earlier this year. Under TPP, circumventing digital rights management would be a serious offense, and equipment could be seized and potentially destroyed. The agreement specifically says that judicial authorities should have the following powers:
(a) impose provisional measures, including seizure or other taking into custody of devices and products suspected of being involved in the prohibited activity;
(b) order the type of damages available for copyright infringement, as provided under its regime in accordance with Article QQ.H.4 121 ;
(c) order court costs, fees, or expenses as provided for under Article QQ.H.4.11; and
(d) order the destruction of devices and products found to be involved in the prohibited activity.
The 61-page document (just the Intellectual Property section) implies many changes for the citizens of member states. Other infractions might include building a device that can intercept encrypted communications. There is no provision for what happens when someone inadvertently does this.
Testing the security of encrypted communications has long been a field of research, but the TPP doesn’t seem to care about that. Each member party of the agreement must make such activity a criminal offense, as well as provide “civil remedy” for the owners of such satellite companies. While not obvious on the surface, such laws are obviously meant to deal with people who’ve been trafficking in pirate satellite boxes and receivers for many years now. On a trans-national scale.
By and large, the TPP brings with it a lot of stifling regulation that will then have to be passed in the jurisdiction’s where it is agreed upon. This new regulation will not necessarily even deliver real protections to the industries who are most fiercely pushing it, but rather create a new “war” to replace the drug war that has been winding down for the last couple of years.
In response, most likely, hackers of all stripes will take their own security culture to greater heights in order to protect their work. Regardless if companies believe they should be audited, they should. The value of the open source movement has largely been that major organizations have come to embrace the security implications of allowing anyone, anywhere, anytime to audit the code they are running. While TPP would like to set hacking back several generations, it will likely fail.
Image from Shutterstock.