MPs install malware across every computer in the UK

Members of Parliament voted yesterday 189 to 47 for the new Digital Economy Bill, which would effectively install one of the most cunning pieces of malware ever devised, across every internet ready device in the UK.

 

The bill itself is a rather sprawling piece of legislation attempting to address an eclectic bunch of issues, from the role of Channel 4, to video game classification, to internet usage.  The most contentious parts of the bill are concerned specifically with file sharing on the internet, and specifically with the illicit distribution of copyrighted content.

Peer to peer file sharing is a great way of distributing content, and is an important (if normally unseen) part of the internet.  Universities, and free software organisations (such as vendors for Linux distributions) regularly use file sharing as a free, fast, and reliable way to get their product to the end user.

 

However it is also arbitrarily easy to share content for which you do not hold copyright.  Albums, movies and games regularly show up across these networks, and technical solutions to this problem by copyright holders invariably end up in an "arms race".  The holder will enforce some method to only to have it broken (sometimes hours after release), for them to try harsher technical measures, etc.

 

So copyright groups lobbied the UK government into creating a number of amendments to existing Acts, in a hash fisted attempt to "catch all" eventualities of copyright infringement.  Unfortunately the resultant laws now bear striking similarities to the type of software you pay to keep off your computer systems.

Most people who use a computer nowadays have either fallen victim to, or are at least aware of "malware".  Software which installs on your computer (usually without your explicit consent) and then carries out unauthorised tasks.  The most sophisticated types of malware do not draw attention to themselves, instead they install silently then wait for instruction (sent remotely via the internet at a time suiting the malware creator).  Some variants gather personal data from your computer, then relay that information to a specified server, to be harvested.  Others subtly change the websites you visit.  The most malicious install on so many machines that they can be synchronised to launch large scale attacks, usually "denial of service", where the sheer flood of traffic "takes down" an intended victims internet connection or webserver.

Three tools in the bill, when combined show the hallmarks of a piece of malware.

 

1.  Clause 5, an insertion into the Communications Act (2003) -- 124B Forces an obligation on internet service providers (ISP's) to provide copyright infringement lists to copyright owners.
2.  Clause 17 an insertion into the Copyright, Design and Patents Act 1988 -- 302A (Power granted to Home Secretary to amend the act without consultation).
3.  Clause 4.  Grants powers to force an ISP to disconnect the end user if their IP address is identified in file sharing.
4.  Clause 8.  The Secretary of State for Business can order the blocking of a "location on the Internet which the court is satisfied has been, is being or is likely to be used for or in connection with an activity that infringes copyright."

 

With Clause 17, the Home Secretary gains the power to change the scope of copyright, however he/she sees fit.  Effectively, things that are not illegal today, could be illegal tomorrow, without any requirement by the Home Office to seek parliamentary consent.   Potentially, once the parameters of copyright infringement are changed, a legal order can then be sent to an internet service provider to monitor and subsequently hand over information based on that perceived infringement.  They can then issue a denial of service attack to the end user, using clause 4.  

Taken to a hypothetical case and point.  Many people, and indeed, MP's in the debate pointed at Wikileaks, which regularly publishes information that many political parties, governments, and corporations would rather never saw the light of day.  With the Digital Economy Bill, a piece of damning evidence released on this site could be set as infringing on copyright.  They could block UK wide access to the site.  Then the government could then force your ISP to tell them whether you've downloaded it or not, and take action against you, technically for an infraction.

Of course, that's not what the new legislation is designed to do.  But it wouldn't be the first law that government attempt misuse of an act to silence critics.  Just like well written malware, the Digital Economy Bill will sit there, dormant, waiting to be activated.