The Commission on the Theft of American Intellectual Property has proposed pre-installing software on computers to identify copyright-violating activity.
If the software detects the copying, storing or use of copyrighted material, it would lock the computer or files, according to US reports.
In its latest report, the commission, an independent initiative set up to examine the impact of IP theft, proposes that offenders would have to contact a law enforcement agency to get a password to unlock the computer.
“While not currently permitted under US law, there are increasing calls for creating a more permissive environment for active network defense,” the report said.
This would allow companies not only to stabilise a situation, but to take further steps, including actively retrieving stolen information or even destroying the information within an unauthorised network.
Additional measures, the report said, could include taking a photo of the hacker using a webcam, implanting malware in the hacker’s network, or physically disabling the hacker’s computer or network.
According to the commission, US companies are suffering the loss of hundreds of billions of dollars a year due to intellectual property theft.
Read more on piracy
Law lags behind internet advances
The report said current law and law-enforcement procedures simply have not kept pace with the technology of hacking and the speed of the internet.
“Almost all the advantages are on the side of the hacker; the current situation is not sustainable,” the report said.
In the absence of a more permissive legal environment, the commission said new options need to be considered.
As a first step, corporations need better information, and thus open, two-way communications between companies and US government agencies is more necessary than ever before, the report said.
The Cyber Information Security Protection Act (Cispa) is an example of a statutory effort to address this problem, and the commission recommends its passage, the report said.
Second, the commission believes an aggressive assessment of the sufficiency of current legal norms to address the new circumstances needs to be undertaken, and new statutes should be considered.
The Department of Homeland Security, the Department of Defense and law enforcement agencies should have the legal authority to use threat-based deterrence systems against unauthorised intrusions, it said.
Finally, new laws might be considered for corporations and individuals to protect themselves in an environment where law enforcement is very limited, the report said.
Some security experts have expressed concern about the proposals, however.
Christian Mairoll, chief executive of security firm Emsisoft, said there is no such thing as good malware.
“Piracy is indeed a problem that has to be solved. But legalised and widely spread malware would lead to even more problems with unforeseeable consequences,” he said.