Be Afraid...Be Very Afraid

This article was brought to my attention by one of my Computer Science teachers today. Read on:

Get ready for Microsoft, cable and phone companies, and quite a few other people to know a lot more about what you do on your computer, thanks to House Bill 2083.
Wednesday, April 05, 2006
Ben Fenwick

It’s supposed to protect you from predators spying on your computer habits, but a bill Microsoft Corp. helped write for Oklahoma will open your personal information to warrantless searches, according to a computer privacy expert and a state representative.

Called the “Computer Spyware Protection Act,” House Bill 2083 would create fines of up to a million dollars for anyone using viruses or surreptitious computer techniques to break on to someone’s computer without that person’s knowledge and acceptance, according to the bill’s state Senate author, Clark Jolley.

“The bill has a clear prohibition on anything going in without your permission. You have to grant permission,” said Jolley, R-Edmond. “You can look at your license agreement. It will say whether they have the ability to take that information or not.”

But therein lies the catch.

If you click that “accept” button on the routine user’s agreement, the proposed law would allow any company from whom you bought upgradable software the freedom to come onto your computer for “detection or prevention of the unauthorized use of or fraudulent or other illegal activities in connection with a network, service, or computer software, including scanning for and removing computer software prescribed under this act.”

That means that Microsoft (or another company with such software) can erase spyware or viruses. But if you have, say, a pirated copy of Excel — Microsoft (or companies with similar software) can erase it, or anything else they want to erase, and not be held liable for it.

Additionally, that phrase “fraudulent or other illegal activities” means they can:
—Let the local district attorney know that you wrote a hot check last month.
—Let the attorney general know that you play online poker.
—Let the tax commission know you bought cartons of cigarettes and didn’t pay the state tax on them.
—Read anything on your hard drive, such as your name, home address, personal identification code, passwords, Social Security number … etc., etc., etc.

“I think in broad terms that is still a form of spying,” said Marc Rotenberg, attorney and executive director of the Electronic Privacy Information Center in Washington, D.C. “Some people say, ‘Well, it’s justified.’ I’m not so clear that should be the case. Particularly if the reason you are passing legislation is to cover that activity.”

The bill is scheduled to go back before the House for another vote. Will the Oklahoma House, on behalf of all computer users in the state of Oklahoma, click “accept”?

Where did you go yesterday?

Computer users first accepted updates when anti-virus makers, such as Symantec Corp. or McAfee, began back in the Nineties offering regular updates in an attempt to stay current with the alarming number of viruses introduced over the Internet. This was followed by Windows ME and 2000 allowing updates to their programs via downloads. By the time Windows XP came out, regular online updates became part of the product one purchased.

At around the same time, the Napster phenomenon pushed music corporations, courts and lawmakers into taking action against online file sharing of music. Hip, computer-savvy listeners traded pirated MP3 recordings beyond count, leading to action by the music industry to go on a search and destroy mission against the online music traders, even in Oklahoma. In 2000, Oklahoma State University police seized a student’s computer containing thousands of downloaded songs after he was traced by a recording industry group.

Anti-spyware bill author Jolley said that’s what people like the OSU student get for sharing their information online.

“You have to look at the other side of that issue,” Jolley said. “When they agreed to put their files online, they literally agreed to allow people to come on their computers and search the files online. On a P-to-P (peer-to-peer) network, you are inviting other people to see what you have. That’s a risk you run by participating in file share.”

Jolley said his spyware bill is supposed to stop “phishers” from stealing one’s identity off of one’s computer, is supposed to stop “Trojan horse” viruses from being installed on the computer and is supposed to make illegal a host of other techniques for spying on a user’s personal information.

“It prohibits them from taking things as basic as your home address, your first name, your first initial in combination with your last name, your passwords, any personal identification numbers you have, any biometric information, any Social Security, tax IDs, drivers licenses, account balances, overdraft histories — there is a clear prohibition on that,” Jolley said.

Indeed, Sections 4 and 5 of the act specifically forbid anyone from doing so without the user’s permission.

However, Section 6 of the act says such a prohibition “shall not apply” to “telecommunications carrier, cable operator, computer hardware or software provider or provider of information service” and won’t apply to those companies in cases of “detection or prevention of the unauthorized use of or fraudulent or other illegal activities.”

Which means software companies updating a user’s software or the cable company monitoring that user’s activities on a broadband modem hookup can turn over that user’s history of writing hot checks to the district attorney if the company feels like it, said Rotenberg.

“You go back to the old-fashioned wiretap laws,” Rotenberg said. “There was an exception to allow telephone companies to listen in on telephone calls. The theory was that it was necessary to make sure that the service was working. Part of what’s going on here is to significantly expand that exemption to a whole range of companies that might have reason for looking on your computer. The statute will give them authority to do so. I think it’s too broad. I think the users in the end need to be able to allow that themselves.”

Jolley insists his proposed law would not allow Microsoft, Symantec or Cox Communications to become “Big Brother.”

“The goal of this is not to allow any company to go through and scan your computer,” Jolley said. “If they are, it has to be for a specific purpose. If you don’t want them doing that, don’t agree to (the user’s agreement).”

Which means, when a user accepts Microsoft’s Windows operating system on that new computer, or Norton AntiVirus, or Apple’s operating system or a host of other online-upgradable programs, that user agrees to being watched by the company.

Who on Earth would write such a law? It wasn’t Jolley, or anyone in Oklahoma.

MOUTHING OFF
“Now we are talking about Microsoft having the freedom to check your computer for any sort of illegal or fraudulent activity you might be participating in. Without your knowledge or consent. It is giving up your rights to privacy.”

—State Rep. Mike Reynolds, R-Oklahoma City, about House Bill 2083. The bill gives software or online access companies freedom, without liability, to erase spyware and pirated software from users’ computers, in addition to monitoring for fraudulent or illegal activities.

My first thought was Oh my.......Oh...
How did we let something this stupid and invasive ever pass the legislation? I'm a pretty savvy computer person and can look over my own shoulder-- I can look out for myself and my own computer thank you very much. I don't need Microsoft or Kodak or any other company coming into my computer and looking it over for me. I've got five different types of spyware removal programs and about four different malware removal programs plus virus scanners and a host of other programs that allow me to know exactly what goes into my computer and what is going out. This article scared me. If you're the type of paranoid I am about computers, then I know you share the same fears I do. Where will it end? The world of computers is turning into Big Brother, and we're just letting it happen. The very people who are preaching about not spying on consumers using computers are breaking their own codes of conduct. If I were you, I'd cloak my hard drives and any other sensitive information that may be on your computer. Get a rootkit revealer and run it often. Get several different spyware removers and run those often too. Know exactly what is going in or out of your computer at all times. All it takes is for one piece of sensitive information to get out and you're put on a no-fly list at the airport, and you can't even get a decent loan because someone used your name and credit score to buy a Ferrari. Pay attention, very close attention. We have to take back the privacy of our computers, and we have to do it now.