Home > Piracy >
The Motion Picture Association wants the US government’s cybersecurity executive order to be optimized to identify operators of pirate sites and services. Among other things, the order should require US-based IaaS providers, including hosting services, DNS servers, reverse proxies, and cryptocurrency exchanges, to reliably verify the identity of customers. foreigners.
Anonymity is great on the Internet, but more and more calls are being made for tighter identity checks.
Such requirements are not new. In everyday life, many people are faced with situations where they have to prove their identity. When opening a bank account, for example. But online, it’s still rare.
Earlier this year, then-President Donald Trump signed an executive order that could help change that. Entitled: “Take Further Measures to Address the National Emergency Regarding Significant Cybercrime-Related Malicious Activities”, aims to combat online cybercrime, including copyright infringement.
IaaS providers must verify clients
The executive order aims to prevent foreign cybercriminals from using infrastructure as a service (IaaS) products based in the United States. Specifically, this can be achieved by requiring these services to properly verify and maintain the identity of non-US customers.
This proposal is music to the ears of large groups of copyright holders, including the Motion Picture Association (MPA). Rights holders often complain that anonymous operators of pirate sites and services are using US services such as domain registrars, hosting companies, CDN and proxy services, and even cryptocurrency exchanges. .
Thus, when the US Department of Commerce launched a public consultation on the implementation of the decree, the Hollywood anti-piracy group was keen to react. According to AMP, the proposal will help deter piracy, but only under the right conditions.
AMP offers strict requirements
Under the DMCA, online services may already be required to identify potential copyright infringers. However, the MPA notes that operators of pirate sites and services often use false information.
“In our experience, malicious cyber actors – including operators of hacking sites and services – almost always misrepresent their identities with IaaS providers. Regulations should therefore ensure that verification of their identities generates a high degree of confidence that the registered identities are authentic, ”writes MPA.
Among other things, IaaS providers shouldn’t just verify personal information when opening an account. Services must ensure that this information remains accurate while the customer is using their products.
In addition, the MPA wants these robust identity checks to apply to all customers, not just strangers. After all, pirate sites aren’t just operated by people from other countries.
“While a significant portion of malicious cyber activity – including copyright infringement – is perpetrated by non-US commercial actors, US business customers represent a significant portion of perpetrators of cyber malicious activity. “
Guarantee effective and correct policies
The MPA proposes three measures that should help ensure that the new requirements are effective and properly implemented by IaaS providers.
First, online services should offer a tool for interested parties to notify them if their customers are potentially using false or misleading identities. Second, services should terminate the accounts of customers whose information is false or misleading and who do not correct those errors.
The third measure targets the IaaS providers themselves. If they do not comply with the regulations, financial penalties should follow.
The MPA fully supports efforts to require IaaS providers to identify customers. However, the group is concerned that the current IaaS definition used by the government is not broad enough.
Cryptocurrency Exchanges and DNS Servers
For this reason, the regulation should ensure that it covers a wide range of services, including web hosting, reverse proxies, CDNs, DNS servers, anti-DDoS services, domain registrars, processors. payment, ad networks and cryptocurrency exchanges.
The role of hosts is obvious, but the Hollywood group points out that cryptocurrency exchanges and DNS servers also play an important, crucial role in the hacking ecosystem.
“Cryptocurrencies have become a popular method among malicious cyber actors – including copyright violators – to receive payments anonymously and store profits,” writes MPA.
“[DNS] servers “resolve” a web address to the corresponding IP address. DNS resolution is an essential network function of the Internet and the infrastructure essential to the operation of a website, ”adds the group.
Right now, many cryptocurrency exchanges already have extensive verification procedures, but the MPA clearly sees room for improvement. For DNS servers, this can be more difficult to implement, as they usually don’t have site operators as clients. But maybe they could be urged otherwise to stop solving pirate sites?
If implemented, the MPA is optimistic that the new regulations will help track down cybercriminals and significantly deter hacking. In due course, this should help protect the entertainment industry’s revenue while protecting the public from hacking-related malware threats.
–
A copy of the Motion Picture Association’s comments and suggestions in response to the US Department of Commerce consultation is available here (pdf)
