Wednesday, February 6, 2013

Meet Your New Big Brother

In an alarming twist of events a group of 13 Canadian industry associations calling themselves the "Coalition of Business and Technology Associations" is lobbying the government to explicitly legalize the use of covert software to protect their interests on consumers' home PCs.

When I say "covert software" I mean legalized spyware, which is software that reports your activity back to someone else without your knowledge, and trojans, which are programs that open up control of your PC to someone else.

The alarm bells are being rung, thanks to a timely article by Professor Michael Geist. He notes that this Coalition includes, among others, "the Canadian Chamber of Commerce, the Canadian Marketing Association, the Canadian Wireless Telecommunications Association and the Entertainment Software Association of Canada".

Under their proposed amendments to the law these groups could spy on and take control of a user's system any time they "reasonably believed" the user might be doing something wrong. If you think this is hyperbole, please read on. I sincerely wish it was not as crazy as it sounds.

There is currently an anti-spam law on the table which has some pretty broad provisions. One of those provisions is very important to Canadian consumers. It explicitly requires user consent to installation of software and proper user notification of what that software does (collection of personal details, etc). This seems like common sense.

Clearly not. The Coalition has proposed two alternatives. One is to scrap the consumer protection provisions altogether and the other is to create ten exemptions to allow software to be surreptitiously installed on any computer or device. Either of the Coalition's options would achieve roughly the same ends, although the explicit exemptions option lays it out in frightening detail.

The very first of the ten exemptions is the scariest. Here it is, copied and pasted directly from the Coalition's letter to the draft board.

(a) a program that is installed by or on behalf of a person to prevent, detect, investigate, or terminate activities that the person reasonably believes (i) present a risk or threatens the security, privacy, or unauthorized or fraudulent use, of a computer system, telecommunications facility, or network, or (ii) involves the contravention of any law of Canada, of a province or municipality of Canada or of a foreign state;  

Note the vague language. One need only "reasonably believe" that there is a risk to something - not necessarily even something that the person doing the installing has any connection to. Under the language of this exemption any business or individual could secretly install software to do nearly anything to a computer, smartphone, tablet or other device and be legally home free. I could say that your blogging violates censorship laws in China and so I could intercept your network traffic and even perhaps delete offending content from your hard drive ("terminate activities").

Clearly that way madness lies - if any of these suggestions were ever adopted as law it seems unlikely a giant loophole like that would remain. The right to invade a user's privacy would have to be tied to the interest the invader was attempting to protect - most likely copyright.

That still leaves every device in Canada that is capable of having software installed vulnerable to the whims (and poor coding skills - let's not forget the Sony rootkit fiasco of 2005) of big business.

Professor Geist recommends writing to Industry Minister Christian Paradis or to your MP to let them know if you don't want businesses installing private enforcement software on your computer.

The words of Sony Pictures VP Steve Heckler in 2000 (when Napster first brought file sharing into the limelight) seem more frightening than ever:

"The industry will take whatever steps it needs to protect itself and protect its revenue streams. It will not lose that revenue stream, no matter what... We will develop technology that transcends the individual user. We will firewall Napster at source -- we will block it at your cable company, we will block it at your phone company, we will block it at your ISP. We will firewall it at your PC...

"These strategies are being aggressively pursued because there is simply too much at stake."

No comments:

Post a Comment