"[C]urrent law and law-enforcement procedures simply have not kept pace with the technology of hacking and the speed of the Internet," the commission said in its report. "Almost all the advantages are on the side of the hacker; the current situation is not sustainable."
So, with a “take back the ‘Net” kind of spirit, the commission, which is made up of former US government and ex-military officials, offers several cyber-vigilante ideas for discussion. First up is the ransomware concept: Locking up computers that have illegal content until the offending party confesses to law enforcement and pays a fine.
“Software can be written that will allow only authorized users to open files containing valuable information,” the report noted. “If an unauthorized person accesses the information, a range of actions might then occur. For example, the file could be rendered inaccessible and the unauthorized user’s computer could be locked down, with instructions on how to contact law enforcement to get the password needed to unlock the account. Such measures do not violate existing laws on the use of the Internet, yet they serve to blunt attacks and stabilize a cyber incident to provide both time and evidence for law enforcement to become involved.”
Spyware is another trick that could do the trick: The commission also said that active probing of private networks is another idea. “While not currently permitted under US law, there are increasing calls for creating a more permissive environment for active network defense that allows companies not only to stabilize a situation but to take further steps, including actively retrieving stolen information, altering it within the intruder’s networks, or even destroying the information within an unauthorized network."
Rights-holders could also go long by taking a page from the cyber-world’s most nefarious: they could leverage computers’ built-in web cams to surreptitiously photograph or videotape suspected pirates; they could punish pirates with malware infections; or they could simply hijack a system and actively disabling a computer network entirely.
"These attacks would raise the cost to IP thieves of their actions, potentially deterring them from undertaking these activities in the first place," the commission said.
Clearly, the report is working under the assumption that existing privacy and regulatory frameworks would be suspended, along with a host of laws, in order to make such vigilantism a legal thing to carry out. But the commission did say that it has its misgivings: "The commission is not ready to endorse this recommendation because of the larger questions of collateral damage caused by computer attacks, the dangers of misuse of legal hacking authorities, and the potential for nondestructive countermeasures such as beaconing, tagging and self-destructing that are currently in development to stymie hackers without the potential for destructive collateral damage.”