Tuesday, April 18, 2006

Computer Spyware Protection Act - Million of Dollars in Fines, Surreptitious Computer Techniques a Whole New Can of Worms For the Consumer to Worry About.

" Get ready for Microsoft, cable and phone companies, and quite a few other people to know a lot more about what you do on your computer, thanks to House Bill 2083."
Wednesday, April 05, 2006
Ben Fenwick
Get ready for Microsoft, cable and phone companies, and quite a few other people to know a lot more about what you do on your computer

It's supposed to protect you from predators spying on your computer habits, but a bill Microsoft Corp. helped write for Oklahoma will open your personal information to warrantless searches, according to a computer privacy expert and a state representative.

Called the "Computer Spyware Protection Act," House Bill 2083 would create fines of up to a million dollars for anyone using viruses or surreptitious computer techniques to break on to someone's computer without that person's knowledge and acceptance, according to the bill's state Senate author, Clark Jolley.

"The bill has a clear prohibition on anything going in without your permission. You have to grant permission," said Jolley, R-Edmond. "You can look at your license agreement. It will say whether they have the ability to take that information or not."

But therein lies the catch.

If you click that "accept" button on the routine user's agreement, the proposed law would allow any company from whom you bought upgradable software the freedom to come onto your computer for "detection or prevention of the unauthorized use of or fraudulent or other illegal activities in connection with a network, service, or computer software, including scanning for and removing computer software prescribed under this act."

That means that Microsoft (or another company with such software) can erase spyware or viruses. But if you have, say, a pirated copy of Excel - Microsoft (or companies with similar software) can erase it, or anything else they want to erase, and not be held liable for it. Additionally, that phrase "fraudulent or other illegal activities" means they can:

-Let the local district attorney know that you wrote a hot check last month.

-Let the attorney general know that you play online poker.

-Let the tax commission know you bought cartons of cigarettes and didn't pay the state tax on them.

-Read anything on your hard drive, such as your name, home address, personal identification code, passwords, Social Security number . etc., etc., etc.

"I think in broad terms that is still a form of spying," said Marc Rotenberg, attorney and executive director of the Electronic Privacy Information Center in Washington, D.C. "Some people say, 'Well, it's justified.' I'm not so clear that should be the case. Particularly if the reason you are passing legislation is to cover that activity."

The bill is scheduled to go back before the House for another vote. Will the Oklahoma House, on behalf of all computer users in the state of Oklahoma, click "accept"?

Where did you go yesterday?

Computer users first accepted updates when anti-virus makers, such as Symantec Corp. or McAfee, began back in the Nineties offering regular updates in an attempt to stay current with the alarming number of viruses introduced over the Internet. This was followed by Windows ME and 2000 allowing updates to their programs via downloads. By the time Windows XP came out, regular online updates became part of the product one purchased.

At around the same time, the Napster phenomenon pushed music corporations, courts and lawmakers into taking action against online file sharing of music. Hip, computer-savvy listeners traded pirated MP3 recordings beyond count, leading to action by the music industry to go on a search and destroy mission against the online music traders, even in Oklahoma. In 2000, Oklahoma State University police seized a student's computer containing thousands of downloaded songs after he was traced by a recording industry group.

Anti-spyware bill author Jolley said that's what people like the OSU student get for sharing their information online.

"You have to look at the other side of that issue," Jolley said. "When they agreed to put their files online, they literally agreed to allow people to come on their computers and search the files online. On a P-to-P (peer-to-peer) network, you are inviting other people to see what you have. That's a risk you run by participating in file share."

Jolley said his spyware bill is supposed to stop "phishers" from stealing one's identity off of one's computer, is supposed to stop "Trojan horse" viruses from being installed on the computer and is supposed to make illegal a host of other techniques for spying on a user's personal information.

"It prohibits them from taking things as basic as your home address, your first name, your first initial in combination with your last name, your passwords, any personal identification numbers you have, any biometric information, any Social Security, tax IDs, drivers licenses, account balances, overdraft histories - there is a clear prohibition on that," Jolley said.

Indeed, Sections 4 and 5 of the act specifically forbid anyone from doing so without the user's permission.

However, Section 6 of the act says such a prohibition "shall not apply" to "telecommunications carrier, cable operator, computer hardware or software provider or provider of information service" and won't apply to those companies in cases of "detection or prevention of the unauthorized use of or fraudulent or other illegal activities."

Which means software companies updating a user's software or the cable company monitoring that user's activities on a broadband modem hookup can turn over that user's history of writing hot checks to the district attorney if the company feels like it, said Rotenberg.

"You go back to the old-fashioned wiretap laws," Rotenberg said. "There was an exception to allow telephone companies to listen in on telephone calls. The theory was that it was necessary to make sure that the service was working. Part of what's going on here is to significantly expand that exemption to a whole range of companies that might have reason for looking on your computer. The statute will give them authority to do so. I think it's too broad. I think the users in the end need to be able to allow that themselves."

Jolley insists his proposed law would not allow Microsoft, Symantec or Cox Communications to become "Big Brother."

"The goal of this is not to allow any company to go through and scan your computer," Jolley said. "If they are, it has to be for a specific purpose. If you don't want them doing that, don't agree to (the user's agreement)."

Which means, when a user accepts Microsoft's Windows operating system on that new computer, or Norton AntiVirus, or Apple's operating system or a host of other online-upgradable programs, that user agrees to being watched by the company.

Who on Earth would write such a law? It wasn't Jolley, or anyone in Oklahoma.

To read more of "The Watchers," pick up a Gazette.


"Now we are talking about Microsoft having the freedom to check your computer for any sort of illegal or fraudulent activity you might be participating in. Without your knowledge or consent. It is giving up your rights to privacy."

-State Rep. Mike Reynolds, R-Oklahoma City, about House Bill 2083. The bill gives software or online access companies freedom, without liability, to erase spyware and pirated software from users' computers, in addition to monitoring for fraudulent or illegal activities. ""

I don't doubt that right now someone out there has figured out a way to use this new law to benefit their scamming of the consumers.  This law is very vague because it doesn't set rules in place to say who has the REAL right to collect this information.  So Jane or John Doe of Kansas can claim to have a legit software business, and have a ball collecting information. They can do it legally thanks to this new law because everyone knows there are many who claim to be anyone.   Newbies will become very vulnerable.  All thanks to our nice Government.  Thank you Bushy. This could also open a can of worms called abuse.  The paranoid will want ALL your information which will lead Americans everywhere to cry fowl.  The lawsuits will start.  Because even though they want to protect the software makers, they forgot also to protect the public from abuse.  
Everyone knows that big business has done a lousy job at protecting our information.  If the consumer has any sense they wont let this fly by.  I suggest that the first batch that suffers from pitfalls from these new laws do all they can to create a class action law suit. There must be new laws for the consumer in place also.  Unless someone has the (ahem) to take it on now and try to get this settled before the consumer is hurt.  I don't believe for one minute that these new laws will stop anyone from using surreptitious computer techniques. Now a new law may be in place to help them in their efforts, and the consumer hasn't a ground to stand on. Another thing to consider is they can remove anything from your computer they deem necessary.  So who is to say they don't get ridiculous enough to start removing rival software then claim oops! sorry!  besides folks you will be accepting a EULA that states they are not liable.  The consumer is bound to their EULA that reads like a book,  and inside that EULA is a clause that you wont hold them liable if something like the accidental removal of legit software occurred you wont be holding them accountable period.  I am telling you folks sitting on your butt will not help you any longer.  You have to take action. If not to change these laws but to increase the protection of consumers against abuse.  You have just as much right to be protected as the software vendors, ISPs, etc.