By Dameon D. Welch-Abernathy, CISSP, Check Point employee, also known as PhoneBoy of the PhoneBoy.com Blog
At Check Point, our goal is to protect your computers from anything malicious that might get in and perform actions without your knowledge or consent. The malicious software, regardless of the entry vector, usually comes from black-hat hackers or other people who do not have your best interests at heart. Occasionally, it comes from legitimate companies without overly malicious intentions, for example the Sony BMG Rootkit scandal.
It appears that the Recording Industry Association of America (RIAA) did not learn anything from the Sony Rootkit debacle. They, along with the Motion Picture Association of America (MPAA), and several related industry organizations recently submitted joint comments to the Intellectual Property Enforcement Coordinator (IPEC) in regards to a forthcoming Joint Strategic Plan for intellectual property enforcement.
What they have in mind appears to be similar to spyware or wire-tapping telephones.
These comments, among other things, advocate the forced installation of "anti-infringement" software on home computers similar to "tools used to protect consumers from viruses and malware." The entertainment industry appears to be suggesting draconian measures in the name of protecting their intellectual property rights, including real-time monitoring, blocking or removal of infringing materials, bandwidth shaping and throttling, among other things. The Electronic Frontier Foundation weighs in on all this in their recent article.
So let me get this straight. The entertainment industry wants me to install software on my computer that will scan my computer for potentially infringing files? Who will be getting data about what files are on my computer? The entertainment industry has no legal or moral right to know what files I have on my computer. A law enforcement agency could not obtain data about what's on my computer without a search warrant without violating my Fourth Amendment rights, right?
Let's assume for a moment that this data about what's on my computer could be legally obtained. What criteria will be used to determine if I have potentially infringing data? What will the software do if it finds something potentially infringing? Report on it? To whom? Will the software delete it? What recourse do I have if they're wrong?
To take it a step further, what happens if this software has its own security flaws that a malicious hacker subverts for other purposes? Think this won't happen? It certainly did with the Sony BMG Rootkit software and there's no doubt in my mind it will happen again.
As a software company, Check Point has a vested interest in the proper enforcement of intellectual property laws. However, these enforcement methods suggested by the entertainment industry appear to be ultimately dangerous and will do little to stem the flow of illegal content on the Internet. ZoneAlarm, as well as our enterprise Endpoint Security product, will treat this software like any other. You'll be informed when the program attempts to delete a file or attempts to talk to a remote server. Your system will be safe from software that behaves like spyware regardless of the source.