Friday, March 04, 2005

Big Brother Is Here — Microsoft Gets Power to Search and Destroy on Your System


From Lisa:

TECH PRIVACY ENEMY #1

Rep. Cliff Stearns (R-Fla.)



This alert came from my local linux user group (LUG).  Find a LUG near you and escape the evil clutches of M$!


Big Brother Is Here — Microsoft Gets Power to Search and Destroy on Your System

Posted by Wee-san on Thursday, February 17 @ 06:50:46 CST

A U.S. House of Representatives committee has readied H.R. 29, the Securely Protect Yourself Against Cyber Trespass Act (SPY ACT) [Another deceptively cutesy acronym, à la PATRIOT ACT –L.], to allow software vendors to scan user systems, and "interact" with them to determine any breach of proprietary rights. While the bill continues prohibitions against spyware, phishing schemes and other hostile actions against end-users, it also retains a curious provision threatening users and their right to due process and privacy in use of proprietary (commercial) software.

The obscure, anti-user provision at issue allows Microsoft or any software vendor to scan user systems and (implicitly) to take whatever actions deemed appropriate in determining compliance with its own view of licensing terms.

In effect, the legislation skips due process altogether in license infringement disputes. By allowing Microsoft or any other software provider freedom to conduct vigilante-style search-and-destroy missions on user systems, the bill undermines the rule of law (and its protections) for all consumers. The clear presumption is the user is guilty of piracy if Microsoft or another vendor says so, and there is no appeal, only suffering whatever action the software vendor deems appropriate to protect its property.

By allowing such interaction with a user system, this bill makes the software vendor sheriff, judge, jury and executioner in suspected software piracy cases. Currently, Microsoft scans millions of end-user systems by permission, but only to determine patch requirements for an installed Windows operating system. While there is no explicit authorization or prohibition of more aggressive policies, such as disabling program code and/or data, MS has not publicly pushed for power to do so, fearing a user backlash.

The legislative amendment is effectively a quiet, post-election gift to Microsoft by GOP Rep. Cliff Stearns (FL) [Remember the days when M$ was rightfully sweating it out in a courtroom because of its monopolistic business practices? With the Rethugs in charge, those days are gone!  –L.], who otherwise would be first to champion full protection for your individual rights and privacy. [IMHO, the author has our current neocons in Republican clothing confused with what the ideals of the Republican party used to be!  These days, if you want government to stay out of your business, you have to go libertarian. –L.] In contrast to such high ideals, this legislation is the purest example of cyber-surveillance. While surreptitious, remote actions are commonly employed by hackers and spyware, the bill authorizes exactly the same extra-legal actions by Microsoft and others.

Further erosion of privacy comes from the bill's relaxed provision for network monitoring for purposes of maintenance, repair/diagnostics, security or crime detection. It relaxes legislative protections for privacy to allow online intelligence-gathering by security agencies, exempting such activity from provisions of the notice and consent requirements of the bill. Action on the bill by the full House is expected in the next few days.




Here is the story about which Wee-san wrote the commentary... which was deceptively titled House Cuts Cookies From SPY ACT:

By Roy Mark
February 16, 2005

With little fuss and no debate [What else is f'n new? –L.], a House subcommittee today amended an anti-spyware bill to clarify that the legislation does not cover third-party cookies.

H.R. 29, the Securely Protect Yourself Against Cyber Trespass Act (SPY ACT), prohibits unfair or deceptive practices related to spyware and requires an opt-in notice and consent regime for legal software that collects personally identifiable information from consumers.

The spyware practices prohibited by the legislation include phishing, keystroke logging, homepage hijacking and ads that can't be closed except by shutting down a computer. Violators could face civil penalties of up to $3 million.

At a January hearing on the legislation, concerns were raised that the bill would unfairly target third-party cookies, although lawmakers insisted that was not their intent and expressed their desire to reach a compromise on the issue.

"This amendment otherwise clarifies an excellent bill," [Excellent?!  for the plutocracy, maybe! –L.] said Rep. Cliff Stearns (R-Fla.), chairman of the House Subcommittee on Commerce, Trade and Consumer Protection [How about CORPORATE protection?!  F*** the consumer! –L.]. "The bill should not penalize authentic use of the technology. It [the bill] does not apply to cookies, including third-party cookies."

First-party cookies are placed from the same domain the user clicks on and are solely used to allow the user to access a Web site, most typically by allowing the site to remember a user name and password. Advertisers, publishers and their service providers use third-party cookies to serve, rotate, target, cap, measure and report on online advertising.

"This is an all-out technology arms race [against bad actors]," Stearns said. "This bill will help us win that race."

The bill permits computer software providers to interact with a user's computer without notice and consent to determine whether the user is authorized to use the software. [Scary translation: M$, or any other company whose software you use, has the right to poke around your computer, totally unsupervised.  The AOL employee selling lists of customer names is just one example of privacy breaches... can you imagine how vulnerable you'll be if they can invade your desktop?!  I don't even want to think about it. –L.] Network monitoring is also exempted from the provisions of the notice and consent requirements of the bill to the extent that the monitoring is for network or security purposes [A bone thrown to employers who want to monitor employees? –L.], diagnostics, technical support or repair [Like the ISP diagnostic software I refused to install? BTW, my connection works just fine! –L.], or the detection or prevention of fraudulent activities. [Carnivore, anyone? –L.]

The bill next goes to the full House Energy and Commerce Committee. Chairman Joe Barton (R-Tex.) said he "expects this bill on the floor very quickly." The Senate has yet to hold any hearings on spyware. [The lack of action by the Senate is either our last hope, or the last sign that we've lost all hope! –L.]



[This is a classic case of giving with one hand while picking your pocket with the other!  This legislation will no doubt be as impotent as anti-spamming laws (yeah, they undertake big prosections for show... but, really, has the amount of spam in your inbox decreased? I thought not.), thus providing the consumer zero protection... while simultaneously robbing the PAYING customer of control of the product they BOUGHT!  Ba$tard$! –L.]

0 Comments:

Post a Comment

<< Home

eXTReMe Tracker