By Declan McCullagh
2:00 a.m. Oct. 15, 2001 PDT
WASHINGTON -- Look out, music pirates: The recording industry wants the right to hack into your computer and delete your stolen MP3s.
It's no joke. Lobbyists for the Recording Industry Association of America (RIAA) tried to glue this hacking-authorization amendment onto a mammoth anti-terrorism bill that Congress approved last week.
An RIAA-drafted amendment according to a draft obtained by Wired News would immunize all copyright holders -- including the movie and e-book industry -- for any data losses caused by their hacking efforts or other computer intrusions "that are reasonably intended to impede or prevent" electronic piracy.
In an interview Friday, RIAA lobbyist Mitch Glazier said that his association has abandoned plans to insert that amendment into anti-terrorism bills -- and instead is supporting a revised amendment that takes a more modest approach.
"It will not be some special exception for copyright owners," Glazier said. "It will be a general fix to bring back current law." Glazier is the RIAA's senior vice president of government relations and a former House aide.
The RIAA's interest in the USA Act, an anti-terrorism bill that the Senate and the House approved last week, grew out of an obscure part of it called section 815. Called the "Deterrence and Prevention of Cyberterrorism" section, it says that anyone who breaks into computers and causes damage "aggregating at least $5,000 in value" in a one-year period would be committing a crime.
If the current version of the USA Act becomes law, the RIAA believes, it could outlaw attempts by copyright holders to break into and disable pirate FTP or websites or peer-to-peer networks. Because the bill covers aggregate damage, it could bar anti-piracy efforts that cause little harm to individual users, but meet the $5,000 threshold when combined.
"We might try and block somebody," Glazier said. "If we know someone is operating a server, a pirated music facility, we could try to take measures to try and prevent them from uploading or transmitting pirated documents."
The RIAA believes that this kind of technological "self-help" against online pirates, if done carefully, is legal under current federal law. But the RIAA is worried about the USA Act banning that practice -- and neither the Senate nor the House versions of that bill include the RIAA's suggested changes.
Glazier said that the RIAA was no longer lobbying for the language provided to Wired News -- "that's completely out" -- but instead wanted to ensure that current law remains the same. But Glazier said he could not provide a copy of the revised amendment he hopes to include.
Legal scholars say that the original amendment the RIAA had been shopping around to members of Congress raises privacy and security concerns.
"It could lead to some really bad outcomes, like a program purposefully intended to delete MP3s that misfunctions and erases everything on a disk -- ooops," says Marc Rotenberg, director of the Electronic Privacy Information Center. "Think a repo man smashing windows and knocking down doors to pull out the 27-inch color TV when you've missed a couple of payments."
Peter Swire, a former top privacy official under President Clinton and now a professor at Ohio State University, says he hopes there would be public debate on any such proposal.
"On its face, this language would allow a deliberate hack attack by a copyright owner against the system of someone who is infringing the copyright," Swire said.
The draft amendment is overly broad and poorly-written, says Orin Kerr, a former Justice Department lawyer now at George Washington University. Says Kerr: "It would deny victims their right to sue copyright owners and their agents if they engaged in vigilante justice by hacking or other means in an effort to block online music distribution."
"Another troubling thing is that they appear to be trying to limit their liability for consequential damages," says R. Polk Wagner, an assistant professor at the University of Pennsylvania's law school. "What if their efforts caused your hard disk to become fatally corrupted?"
An aide on Capitol Hill who had been contacted by the RIAA was even more blunt, dubbing the amendment the "RIAA's License to Virus" proposal.
For its part, the RIAA is still trying to get a copy of its revised amendment -- that it would not provide a copy of -- included in the anti-terrorism bill called the USA Act.
"It didn't make it into the Senate bill," says the RIAA's Glazier. "So the great work of the Senate staff to fix this unintentional problem didn't get through. Now we're in the House with the base language that could have these unintended consequences."
On Friday, the House voted 339-79 for the USA Act, which eases limits on wiretapping and Internet monitoring. The Senate approved the bill on Thursday.
Because neither the House nor the Senate versions of the USA Act include either variant of the RIAA's amendment, the association's lobbyists will focus on a possible conference committee, which would be appointed to work out differences with the Senate. Another possibility is that the Senate could enact the USA Act when senators return this week, automatically sending the bill to President Bush for his signature.
Bush has asked Congress for the additional surveillance and detention powers as a response to the deadly Sept. 11 terrorist attacks on the World Trade Center and the Pentagon.
The text of the original RIAA amendment says that "no action may be brought under this subsection arising out of any impairment of the availability of data, a program, a system or information, resulting from measures taken by an owner of copyright in a work of authorship, or any person authorized by such owner to act on its behalf, that are intended to impede or prevent the infringement of copyright in such work by wire or electronic communication."
It also immunizes from liability actions that "are reasonably intended to impede or prevent the unauthorized transmission" of pirated materials.