Spy Act of 2007 = "Vendors Can Spy Act"

strick1226 writes "Ed Foster over at InfoWorld describes the Spy Act bill (H.R. 964) as having the same relation to the prevention of spyware that the CAN SPAM Act had to the prevention of spam. It allows exceptions for companies to utilize spyware for any number of reasons; if this bill had been law when Sony distributed their rootkit, they would have had perfect cover. Most troubling is that the bill would preempt all state laws, including those more focused on the privacy of people's data, and disallow individuals from bringing suit. It is expected to pass soon with 'strong bipartisan support.'"

Legal, not moral

[Potor]

if this bill had been law when Sony distributed their rootkit, they would have had perfect cover.

but the protest would have been the same - it was more of a moral outrage than a legal outrage.

Re:Legal, not moral

But at least there was legal recourse to prevent them from continuing their actions.

Re:Legal, not moral

[csmacd]

Yes, organizations that distribute spyware care.

>sarcasm off

When organizations have the legal cover to do junk like this, they will. No amount of moral outrage is going to stop them, unless they monitor and report some random elected official's illegal activities.

Re:Legal, not moral

[interiot]

Oh, there a number of lawsuits and attorney general investigations too.

Re:Legal, not moral

[PopeRatzo]

Moral outrage is not going to protect consumers. In the name of commerce, free markets and the consolidation of capital, we are losing every bit of privacy, security, integrity, dignity.

I think of the report in today's news about the collapse of the housing market. We're seeing a coming depression that is unique in that it will only affect the middle class. I reflect on the anger and aggression with which my credit card company deals with me and my wife just because we pay our bill in full every month. Our banker is shocked because we have paid our mortgage and aren't interested in refinancing our home "to pay bills, take a vacation. Living within our means, not participating in the orgy of consumerism makes us the enemy of those that would see us become indentured.

Tonight I heard a news article about the lenders who give student loans. They learned that there's more money to be made from having those loans go into default than to have the borrower repay, so they actually discourage repayment. Loan payment checks "get lost" so that late fees and penalties can be levied. The Department of Education knew about the crooked practices in student loans since 1998, but with the end of the Clinton administration and the emergence of the Republican majority in Congress in 2000, the problem was ignored. Foreclosures are at an all-time high.

They want to make us the consumables. Is it worth having a 42" plasma TV if you lose your soul?

Re:Legal, not moral

[Al+Dimond]

I realize that credit card users that pay their bills fully don't make the credit card folk any money, and I generally agree with the thrust of your argument, but I have never witnessed anger or aggression from my credit card company despite paying all my bills in full. If you always pay on time, what kind of interaction do they even have with you? Junk mail? Telemarketing calls?

Re:Legal, not moral

[Brandybuck]

I heard all these same arguments twenty five years ago. It was Reagon instead of Bush, and the Greed Generation instead of the Sheeple Generation, but it was otherwise identical. Funny thing, the dire future never happened.

The myth is that big business rules over us. The truth is that the only dollars they get from you are the ones you voluntarily give them. Your "soul" is in your hands. No one can take it from you without your consent. If you buy a 42" plasma TV, it is your fault. Stop blaming business for the shit you buy.

Re:Legal, not moral

[Blakey+Rat]

We're seeing a coming depression that is unique in that it will only affect the middle class. I reflect on the anger and aggression with which my credit card company deals with me and my wife just because we pay our bill in full every month. Our banker is shocked because we have paid our mortgage and aren't interested in refinancing our home "to pay bills, take a vacation. Living within our means, not participating in the orgy of consumerism makes us the enemy of those that would see us become indentured.

Paranoid much?

Re:Legal, not moral

[compro01]

correct me if i'm wrong, but doesn't the constitution only apply to interactions between the people and their government?

if so, it would have no effect on any law regarding bussiness, as a bussiness would be bound by no such restrictions.

Re:Legal, not moral

[TechnicalFool]

As far as I'm aware, organisations always have had the legal cover (if just barely) to distribute spyware, as long as they say it's being installed in the EULA. If not, CoolWebSearch et all would have been sued out of business a long while ago. According to the article, and if I read it correctly, this seems to be more about giving large companies the legal arse-covering required to hack into your computer "just to check" if you've got, say, a dodgy copy of Autodesk Inventor.

What I'd be interested in is how this and other such spyware could be subverted, possibly with some false (and FOSS, naturally) piece of software that sends ridiculous junk to the remote servers. Sort of an anti-spyware, if you will. The best analogy I can think of off-hand would be programs like the fake SubSeven servers, that as I recall made your computer pretend to be infected with the SubSeven trojan. If you got someone connecting, you could give them a false directory tree, or press a button to blast their computer with a gazillion windows in their SubSeven client.

I think maybe a little hacktivism is called for, although naturally I would not advocate breaking any laws in the process! Oh no, sir!

Re:Legal, not moral

[g1zmo]

Don't they make money from the vendor on each transaction? Isn't that why the family-owned gas station attendants always want me to use debit rather than credit?

Re:Legal, not moral

[RobBebop]

We're seeing a coming depression that is unique in that it will only affect the middle class.

Is there really a low, middle, and high? Are you just so blind or proud to admit to being part of the low? Hell, I make nearly $65k and proudly realize that I am not so much better than those making less than half that.

The classes are low and high in this glorious 21st Century.

Re:Legal, not moral

[cbiltcliffe]

They do have good understanding of wallet vote, though.

Yes. Unfortunately, consumers don't.

Re:Legal, not moral

[Travoltus]

Bullshit.

Example: Choicepoint. They make money off you without you ever doing business with anyone.

And one person's bad credit decisions can harm others. Look at how all the foreclosures are driving down the price of homes and causing homes to take longer to sell. Even if you bought your house all cash, you're affected by Joe Spendalot next door - his foreclosed home will depress your house's value when you try to sell and move.

Your myopic view is endemic of ubercapitalist and ubersocialist thinkers alike.

Re:Legal, not moral

[mr_mischief]

They get money off of all customers, including those who pay cash. The customer-to-store-to-CC company route is indirect. If you're not paying interest or a carrying fee, then you're a number the credit card company can sell to the vendor along with all the other numbers.

The direct money in this scenario is actually from the vendor you buy from, and is not passed on to the credit card buyer directly, but spread out among all customers of the business equally or absorbed as a cost of doing business. This is because the merchant agreement one must make to accept credit cards as payment require that credit card customers not pay a surcharge.

The vendor pays the CC company or the processing company a percentage of CC purchases (plus usually a small flat fee per transaction and a monthly fee for having the service, and sometimes an equipment rental). Since they can't charge a surcharge for CC purchases, all the customers of the vendor pay a little bit more than they would otherwise.

Re:Legal, not moral

[TheVelvetFlamebait]

I have a theory: Slashdotters' opinions are often not at all representative of the majority, so consequently, they often believe that the system, designed to benefit the majority, is completely broken because nothing they want ever happens. This situation is a good example. People who make the parent's case usually believe at least one of these two things:

a) The wants of consumers do not filter through to these corporations, and that boycotting will make no difference, or
b) These consumers don't actually know what they want, that they are blinded by corporate advertising saying they are happy when they really aren't, and that they (the person making the argument) know what these people want more than they themselves do.

It is a fact that most (if not all) corporations exist solely for the purpose of making money, and if you starve them of that, they will sit up and notice. I don't subscribe to the idea that I know what is best for other people, or that other people don't know what they want. If they want no rootkits, then they will think about it. If they don't know what a rootkit is, they probably won't notice or care. If you can't get a significant enough movement up and running (it's not like you don't have the communication equipment to set up an international boycott) then you may just have to accept that people don't care about the same things as you, and that you will have to just avoid the offending products.

Re:Legal, not moral

[PopeRatzo]

Those "transaction fees" are nothing more than chump change compared to the >20 percent they charge on interest and the $40 late fees, etc.

Re:Legal, not moral

[eMbry00s]

Should also be noted that consumers have much less wallet to vote with.

Re:Legal, not moral

[osgeek]

I would agree with your general premise that /.ers have a skewed perspective and don't tend to realize how it explains a lot of their disconnect with what happens in reality.

But since we're talking about technology issues, isn't the perspective of a bunch of "smarter than your average bear" (yes, I cringed when I typed that, but it's true) geeks more relevant than joe six pack's?

What if this were a medical discussion board that tended to attract medical professionals, and we were here discussing a health issue? We would rant and rail at how the general population just doesn't understand nutrition guidelines and FDA rulings... "WHY? How could the voters and politicians let the FDA sit in the back pocket of big pharma by letting dicylatrithrithpalaphimides onto the market?", we'd bemoan.

So, I would argue that consumers tend to not know what they want, contrary to your conclusion #2. They're ignorant of the choices that they make every day -- especially in technology areas where (believe it or not), /.ers tend to be highly educated.

For example, my Dad knows now that he didn't want to waste the time buying a new computer or having someone fix his current one. But since he was largely ignorant of how his online behaviors (not patching Windows, running IE, opening every attachment he received, etc.) would devastate his desktop, he did all the things that he shouldn't have done. Now he knows, and he knows because he got to experience the pain of computer catastrophe and I spent a lot of "I told you so" time educating him as to what he had been doing wrong.

As conceited as it sounds, maybe we should be a bit shocked at the technology decisions made by everyday consumers. Maybe it's justified for us to have an air of superiority when we're talking about them. Consumers don't know what rootkits are, despite the fact that they're affected by them. Look at all the people who fall for 419 scams. They're not falling victim to them because of a personal preference that relativistically is just as valid as my preference to NOT fall for them. They're doing it because they're woefully and pathetically ignorant suckers who have no clue what they're doing.

The shittiest part is that when those woeful, pathetic suckers walk into the voting booth or spend a buck to support companies that do evil so they can get the latest ass-reamingly bad hip hop CD, their opinions count just as much as mine do. I have to suffer with their dumb consumerist, political ideologue influenced choices.

Since no one here uses windows

I don't see who this will be a problem.

Re:Since no one here uses windows

I use Windows Vista you insensitive cl

Re:Since no one here uses windows

[drgonzo59]

Well you make a very good point. In a certain respect, I wish they would legalize this stuff so companies will start installing load of spyware on every windows computer out there. Eventually some will turn to open source software.

A major success for Linux operating systems is because not only is Linux great (and it is.../special remark to keep the Slashdot horde from lynching me) but because Windows sucks so much. If Window was OS X all this time, I am not sure if Linux would have gained as much popularity....

Re:Since no one here uses windows

[TheGratefulNet]

this is actually way beyond windows.

it SEEMS that this bill gives vendor-tunnels the OK. and also it notes that they can be stealth. you know, like the sneak and peek procedures we have today.

yes, this is the electronic form of sneak and peek.

and that is why you should be afraid of this. it gives remote 'special parties', well special priviledges on YOUR BOX.

this is such a bad idea, it must have come from congress and/or special interests.

this surely has NO benefit to We, The People ;(

Re:Since no one here uses windows

[bberens]

More than that, now a government official can get a warrant for [insert major company] who will gladly allow them access to your system via their pre-installed spyware. They're in your network and you don't even know it. More snooping without the ability to detect or fight in court. Remember, they're looking at the corporations records, not looking at your box (which you stand a chance to fight in court).

Re:Since no one here uses windows

[tgcid]

this surely has NO benefit to We, The People ;( How quickly you forget that corporations are people too.

Re:Since no one here uses windows

[Blakey+Rat]

How about explaining those bold-faced terms?

What's "vendor-tunnels?" What's "sneak and peek?" What "special privileges?"

If you're going through the effort to emphasize them, you could at least define them.

Re:Since no one here uses windows

[ozmanjusri]

There is no such thing as an totally invulnerable operating system.

Ok. Rootkit my Knoppix CD then.

Re:Since no one here uses windows

[bergeron76]

This is yet another reason why I refuse to use gmail for email. I don't need the largest marketing/advertising company in the world knowing what I subscribe to, what I enjoy, or when I enjoy it.

Re:Since no one here uses windows

[Crayon+Kid]

You're not being paranoid enough, at Slashdot accepted levels. Your Knoppix CD is already rootkit'ed. Hell, {insert IT megacorporation here} would argue that Linux itself is a rootkit.

Look! Rights go down the hole...

[Marrshu]

... there go more of our personal rights simply to support the big business and such. Who wants to guess how long it'll take Sony to restart their whole rootkit campaign? Can't forget Microsoft and all those ISPs that want to spy on you. Big Brother is watching you after all

Re:Look! Rights go down the hole...

[miskatonic+alumnus]

Democracy, privacy, and human rights are antithetical to the "free market". We either get to rule ourselves, or the corporations get to rule us. Guess which way it's turning out?

Re:Look! Rights go down the hole...

[JesseMcDonald]

Democracy, privacy, and human rights are antithetical to the "free market".

You're right on the first point, but you've got the last one backwards: without a free market (i.e. freedom to act as you wish so far as it involves your own property, and freedom to engage in voluntary exchange with others without coercive interference) you cannot exercise those "human rights." You have human rights to the exact extent that you have property rights; they are fundamentally inseparable.

As far as democracy is concerned, you don't live in a democracy (assuming you live in the U.S. or Europe). The U.S. is a constitutional republic, and the important aspect of such a government is the constitutional limits, not the elections.

Re:Look! Rights go down the hole...

[FooAtWFU]

Please note that the "free market" about which you're complaining deserves its name in quotes, because insofar as these the issues you are complaining about are market issues, they are not Free, and insofar as they are free, they are not market issues. Buying legislation is just rent-seeking and as old as the hills.

Free Markets and Free Enterprise don't mean the freedom of Enterprise to do whatever the heck they feel like. It means a freedom for people to engage in enterprise (you know, selling things to each other) as long as they're both willing and able to do so. Nothing in this is contradictory with democracy or against human rights.

The contribution of funds to influence the political process is an entirely nonmarket affair. Blaming market economics for the hazards which are induced are roughly equivalent to saying "Hey, this guy got a job with $COMPANY and used the money to buy a gun and shoot people. $COMPANY is antithetical to human rights!".)

Re:Look! Rights go down the hole...

[RedElf]

You seem a little paranoid, have you switched your desktop to OpenBSD yet?

Re:Look! Rights go down the hole...

[miskatonic+alumnus]

You have human rights to the exact extent that you have property rights; they are fundamentally inseparable.

How do you figure? How is my right to speak or move or breathe air tied to my property rights --- unless you consider me someone's property?

Re:Look! Rights go down the hole...

[miskatonic+alumnus]

Free Markets and Free Enterprise don't mean the freedom of Enterprise to do whatever the heck they feel like. It means a freedom for people to engage in enterprise (you know, selling things to each other) as long as they're both willing and able to do so. Nothing in this is contradictory with democracy or against human rights.

Tell that to the people of Bolivia after their water supply was privatized.

Re:Look! Rights go down the hole...

[homer_s]

Tell that to the people of Bolivia after their water supply was privatized.

I like how you start a story in the middle to make your point. How was the govt able to sell it to a private company?
The govt control of the market for water was what allowed them to unscrupulously sell it to a company that paid enough 'campaign contributions'. And govt control is what allows them to prevent other people from entering the market (they made it illegal for people to dig wells and use their roofs to harvest water). A private company can never prevent you from digging a well or using other means (including what is common in India - getting water delivered by trucks) - only govt can do that.

So, the next time you want to bash free markets and free enterprise, take the time to learn the difference between free enterprise and mercantilism.

Re:Look! Rights go down the hole...

[Tsagadai]

If you actually knew, yes, they were prevented from digging wells and catching rain in buckets. Why don't you read up on it it was a subsidury of Bechtel.

Re:Look! Rights go down the hole...

[zippthorne]

You are someone's property. Either your own, or someone else's. If you don't own you, then who does?

Re:Look! Rights go down the hole...

[JesseMcDonald]

How do you figure? How is my right to speak or move or breathe air tied to my property rights --- unless you consider me someone's property?

property right: the right to control how a piece of property is employed.

Move to where? That "somewhere" is either unowned, or someone's property. With private property rights you can own that place -- or receive permission from the owner -- and move to it freely. No one else can legitimately prevent you from doing so. On the other hand, if all the property is collectively owned, or belongs to the State, you'll need to get permission to move. Your right to move is thus artificially subject to someone else's will. (If all property is unowned and cannot be homesteaded then it cannot be employed by anyone (see the definition above), in which case you don't have the right to move anywhere. This is a fairly useless case but it ought to be mentioned. When most people speak of an absence of property rights they really mean ownership by the State, or collective ownership by all, which in a democracy is the same thing.)

You want to speak? I assume that means you want to address a group? Where will you do it, if no one owns any property? Without private ownership the use of suitable gathering places much necessarily be decided by majority vote, and/or the State. Resources are limited; not everyone who wishes to speak will be able to do so. If your position is in the minority good luck finding a place for your audience to hear you.

At a more fundamental level, if you don't own anything you cannot ensure your own survival -- food, shelter, defense -- or save for the future. If the Majority doesn't care much for you they can reallocate your rations elsewhere, leaving you to starve. If you objected then you'd be claiming a right to that food, that shelter; a property right, to be exact. But on what basis? You didn't produce that food, or construct that shelter. In a private property system you could claim that the prior owner gave it to you in exchange for something else of value, but without private property you are necessarily at the mercy of the State.

Property rights are essential for survival. Private property rights are essential for freedom.

Re:Look! Rights go down the hole...

[miskatonic+alumnus]

I didn't turn anything around. But I am not my own property, as evidenced by points given in my previous post. I hope I am not government or corporate property. Perhaps human beings should transcend being property.

Re:Look! Rights go down the hole...

[zippthorne]

Is.. Ought.

You ought to be your own property. But you are not. At best, you're renting you. For the price of taxes. With some restrictions.

Spying Is Ok... If You Have Money

[Wandering+Wombat]

So now they're just making the cash-enema legal? I guess it beats all the lying and sneaking and stealing... just change what's considered "legal" until you can do whatever you want!

If you have money.

Trumps states rights?

[grasshoppa]

I wonder how much longer that'll fly with the local states. See: http://www.realidrebellion.com/ in regards to another law which steps on state rights, and who's unhappy with it.

If companies can install spyware...

[LamerX]

...then all spyware will be legal. COMPANIES are the ones who install spyware in the first place. It's there for ADVERTISING. Who does advertising? COMPANIES! This bill will only completely legalize spyware.

Re:If companies can install spyware...

[Tuoqui]

And guess what... DMCA protects them from you removing their spyware! So if you use spybot or AdAware you're gonna be breaking the law. Nice to see the politicians are looking out for big business though. Who else wants to incorporate with me so we can get a crapload of legal immunities?

Re:If companies can install spyware...

[dreamchaser]

Please cite where in the DMCA that it is made illegal to remove software from your computer. I'm against the DMCA as much as you are, but that is just pure FUD. Yes, I've read the entire act. Have you even read it?

Re:If companies can install spyware...

[RobertM1968]

And to top that off, companies like MS continuously try to collect information about other products (how many times has an app crashed on Windows, and Windows asks you if you want to send a report to MS?). With the broad coverage of this law, many companies will be able to collect whatever information they want in an effort to "better support you" which could end up becoming an escalating war with each other instead.

Add to that, if you have a website of almost any sort, this is grounds to install spyware on people's machines.

From the bill:
(1) any monitoring of, or interaction with, a subscriber's Internet or other network connection or service , or a protected computer, by a telecommunications carrier, cable operator, computer hardware or software provider, or provider of information service or interactive computer service, to the extent that such monitoring or interaction is for network or computer security purposes, diagnostics, technical support, or repair, or for the detection or prevention of fraudulent activities; or

Broad interpretations can abound from this one part... a website is an information service... it is also an interactive computer service...

Your VOIP service for that matter also fits in the telecommunications carrier and network connection or provider category.

Technically this means anyone with any sort of presence on the Internet can arbitrarily install spyware on anyone else's computer that comes into use of their internet presence (eg: surfing their web page, using their ftp server, etc).

How ridiculously broad.

Di not use Vista and other DRM enabled tech

[roman_mir]

We had this discussion before. The law will make it perfectly legal to spy on you, and you new shiny OS will make it perfectly impossible (well, as long as DRM works) for you to prevent this by technical means.

People who say that it doesn't matter to them, whether Vista has DRM or not as long as they can play their games, maybe surprised to find out that the DRM may make it impossible for them to enjoy their games through enabling the spying and whatever other active measures that can be taken by spying software. Do you like modifying your games in any way? It may become impossible if you are on a DRM platform and you are spied upon. Of-course there are those, who would rely on the DRM to be broken but this is not a very good practice to rely on that, I mean there are so many problems with that, for example why would you trust a 'DRM removing patch' from someone to be spyware/rootkit free? It is better to avoid such products altogether. Avoid DRM products, avoid spyware infected products, that's the only way to really stay in the clear. Besides, isn't it illegal to remove 'security protection' under DMCA anyway?

Free Software becomes more and more attractive in this culture of customer spying and DRM locking every day.

Another reason to use

[drgonzo59]

...open source software. Even in the Linux world that means not using binary drivers. Who knows perhaps Nvidia or other binary drivers have a backdoor installed at the request of NSA. Is that probable - No. Possible? - Maybe. AT&T for example was diverting (still is?) a lot of the their data to NSA, if they wrote drivers, don't you think they would be willing to include a backdoor for U.S. government to use? For all we know such a backdoor exists in Windows. After a high number of cyber attacks on .mil, I am sure Uncle Sam can ask Microsoft to install a small code fragment that would allow access to any machine after say a pre-determined pattern of socket connection attempts or something like that.

Seems like a non-issue to me.

[WhiteWolf666]

What's the deal?

Why do people think you can legislate your way out of these issues? Spyware, spam, etc . . .

For e-mail, use a system that is not susceptible to spam (good filtering, and a white list).

For software, use a system that is not susceptible to spyware (OS X, or Linux).

Spyware doesn't bother me now, it hasn't bothered me in the past, and it won't bother me in the future. If you've got a problem with spyware, either stop buying products from the people who are infecting your system (ahem, Sony), of stop buying systems that are prone to infection (ahem, Microsoft).

If a company sells you an unsafe car, do you blame the government, or the car company? And having been sold 2 or 3 unsafe cars already, why would you go back to the same vendor?

Non issue. Something Congress shouldn't discuss or legislate about. Get over it, and stop being a slave to the MS monoculture.

Re:Just have "bad stuff" described in EULAs

[LiquidCoooled]

No, I think its right to point out the limitations and practicalities of installing certain software.
However, I believe they should be stated in one legible none scrolling frame.
Further information can be linked to any point, but what a user sees upon installation are clear plain English terms.

Re:OK, What Am I Missing?

[powerpants]

I don't see anything to get terribly alarmed about. What am I missing? The bandwagon.

wait!

[Renraku]

Email your..no write..no call...well hell. They don't care anyway.

Soap box, check. Ballot box, check. Anyone remember what came next? Jury box? How do we get in on that? Oh well, probably won't work. Lets skip it and go straight to the ammo box.

What can we reasonably do against a government that sits there and sells our freedoms to the highest vendor? It won't be long before we're forced to pay three easy payments of $599.99 for a new TV-doo-hickie to watch us while we're watching TV. In the name of advertisement, of course, to figure out how we react to some shows.

Moral vs. Legal

[mrbluze]

Moral desensitization leads to legal deregulation. With enough exposure and promotion, the public will accept the legalization of just about anything (as history has shown). It is in the interests of large businesses to protect their market and to discover new markets by having the upper hand in intelligence.

The problem has become that legitimate and morally acceptable markets are generally well serviced and difficult to break into. Companies are therefore very tempted to create new markets, or break into markets which hitherto have been illegal (usually because they are viewed as immoral or socially destructive), such as porn, prostitution, addictive substances, and now privacy invasion.

As the only way to create these kinds of markets is to change legislation, these companies are very active in infiltrating and influencing government. The US government is particularly prone to this kind of corruption.

All of this is obvious. But the techniques used are subtle. They will try to sell the idea to make it appear to be in the public interest. Who knows, maybe we can expect to see a report of a missing child found because of spyware, or some shit like that.

blame the OS

[Grinin]

I think that software companies behind the Operating systems being used today should take full responsibility at prevention and removal of spyware/adware/malware. There should be no need for anti-virus software. Microsoft should stay ahead of virus writers in order to patch systems with vulnerabilities, and in a much better way then the present.

This weekend, I was given a PC that needed to have viruses, spyware, malware removed... I thought it was a joke, this thing looked like a honeypot. It had every trojan known to man on it, every piece of spyware, backdoor, and virus had infected it, and no form of security (besides Service Pack 1 for XP). After 4 days straight trying to remove them (formatting not being an option, because the person was missing their OS restore cd and/or Windows XP home edition CD) I have finally gotten all of them removed... but my point, is that none of this should have ever been possible. An operating system should be designed more intelligently than those who want to exploit those same operating systems. I'm sure if they took the same amount of time they spend trying to promote new products and put it into better R&D for patching vulnerabilities, none of this would happen... but I suppose we don't know who scratches whose back in the world of Operating system / Anti-virus vendor's anymore....

Re: SEPERATION OF BUSINESS AND STATE

[SimBuddha]

Government seems to exist now to create and enforce laws of big business self interests, by big business lobbyists, for big business ever greater appetite for exploiting and plundering shared resources and rights.

Our democracy is lost, we no longer live in a democratic political system. Just the illusion is promoted through propoganda.

Bravo Republicans, Democrats and corporate leaders. You have won at all cost and now all is lost.

The next paradigm is already begun and will be the reclaiming and exposing of the crimes against the people of the earth and the earth itself, by selfish empire builders running the world. Shamre on you and shame on us for not seeing the fundamental problem of our time.

SimBuddha.

Re:OK, What Am I Missing?

[NeutronCowboy]

Are you serious, or just trolling? Here are the key snippets: "or for the detection or prevention of fraudulent activities" and "an affirmative request by the owner or authorized user for an update of, addition to, or technical service for, the software".

The first part means that anyone who sold you hardware or software can snoop around on your machine if they are doing it to detect fraudulent activities - meaning when the activity hasn't happened yet! Yes, yes, you have nothing to hide. Are you sure? Your SSN is probably around somewhere. As is your bank account, or a lot of others things valuable to identity thieves.

The second parts means that anyone who ever wrote any type of software can access your machine in whatever way they please - as long as it's a discrete interaction.

This means that the security features in your OS are there only to prevent you from accessing everything in it. It is expected to remain open so that law enforcement, ISPs, software and hardware owners can check for anything they please.

In short, your computer is yours and secure only in name. Anybody else can trespass pretty much at will. If your computer is broken into and the other party says "I was just checking if anything fraudulent was going on", they're in the clear. Especially if they are a large corporation.

Re:OK, What Am I Missing?

[HTH+NE1]

Exception Relating to Security- Nothing in this Act shall apply to--

                (1) any monitoring of, or interaction with, a subscriber's Internet or other network connection or service, or a protected computer, by a... software provider... for the detection or prevention of fraudulent activities;

OK, your ISP can do network trouble shooting. Your HW / SW vendor can provide on-line tech support. Seems reasonable to me.

                (2) a discrete interaction with a protected computer by a provider of computer software solely to determine whether the user of the computer is authorized to use such software, that occurs upon -- (A) initialization of the software;

Microsoft can run their "Genuine Advantage" crap. Not thrilled about it, but not surprised.

I don't see anything to get terribly alarmed about. What am I missing?

You're letting intervening words distract you. See my excerpts in the quotation above.

So even if you have never installed, for example, Adobe software, Adobe can monitor your computer to determine if you ever run an illegal installation of Photoshop. No sunset on the monitoring; they can continually probe your machine in suspicion of piracy. That'll degrade your bandwidth. And not just Adobe will be permitted to do it, but every software vendor out there. They don't have to be your provider, just a provider.

Also "initialization" is a nebulous term. Are you sure you know how the law defines it? It could easily be phoning home with every launch, or perhaps with every forked process. A perverted vendor could treat it as initialization of any variable, constantly phoning home to make sure every thing you do does not violate their EULA.

Meanwhile, Windows Genuine Advantage has had a not insignificant number of false detections of installations as non-genuine. A little hiccup in an algorithm and they'll cripple the software. Better hope its use wasn't essential to your business. BTW, the EULA makes it clear it should never be used for any essential purpose and disclaims any liability for failure to operate.

Next, read the full text of the act for the prohibited behaviors and realize that with these exceptions it gives those entities license to do every one of them to you whenever and however often they'd like with impunity.

Re:OK, What Am I Missing?

[roman_mir]

You are missing the part where spying on you becomes legal and you have no legal recourse to combat it in case if you are unwilling to be subjected to spying on the first place.

When you allow MS or your ISP to troubleshoot your computer remotely, you are actively giving them permission to do so, spying software does not require your active permission and in this case it doesn't even have to be disclosed to you that it is happenning. If you do find out, you have no legal solution to it except for removing the software (if it will allow you to remove itself on a DRMed system.)

Did anyone expect anything else?

[Opportunist]

Did anyone actually expect a law that limits the power of businesses and hands some back to you? Can you name a single law that was created in the last, say, 7 years that actually promotes privacy and limits the power businesses have over you?

Oh, yes, it "outlaws" spyware... with a few hand picked exceptions that can be summed up with "spyware is outlawed unless some company uses it".

In fact this legalizes spyware rather than outlawing it. Until now you could at least try to get a lawsuit going and at least get a humiliating settlement (humiliating for you, not the corp using spyware against you). See the Sony rootkit trials for details.

With this in effect, the judge would have to throw it out of court even before anything starts, because it would certainly fit the "exceptions".

Re:Third party

[ZoOnI]

This came from the newly-Democratic House of Representatives...

No it didn't. It came from Congressional Republican Towns, Edolphus and 36 of his closest Republican friends. http://thomas.loc.gov/cgi-bin/bdquery/z?d110:H.R.9 64:

List of sponsors

[Comatose51]

List of sponsors: http://thomas.loc.gov/cgi-bin/bdquery/z?d110:HR009 64:@@@P I wonder how much donations from companies these guys get.

This will legalize the NSA Spying and more

[SpaceLifeForm]

The exceptions are too broad.

Re:This will legalize the NSA Spying and more

[TheGratefulNet]

I have Good Reason To Believe(tm) that there is already a shadow set of remote management commands that are not documented in standard user manuals for SOME comms equipment. these allow remote access to networking equip (entirely at the request of the gov, who is paying for such R&D in some key companies) and things like port mirroring, packet capture, triggering and so on.

you think you have the 'docs' to the equipment in your data comm room? are you sure? in fact, its all closed-source and there's very little you can do about it ;(

and in fact, most people IN the comms equiment vendor don't even know about this behind-the-scenes stuff.

I'm not kidding and I'm not nuts. this isn't hard to extrapolate given how our gov is SO hell-bent on spying on its own citizens.

at this point, you do pretty much have to assume that all things you do on the net (this included) are being sniffed and if it 'hits' the right triggers, remote events can be sent or log data retrieved at will.

its basically already too late. the horses are already out of the barn. just - BE AWARE of that fact. its all you can do. just be aware.

Re:This will legalize the NSA Spying and more

[PitaBred]

You mean, bomb the kill president New York?

State law will still supercede it, because:

[Pap22]

When it says "Nothing in this Act shall apply to", that doesn't mean "the following is legal". It means, "Nothing is in the books about the following as far as this bill is concerned".

So if an existing Federal or state law specifically mentions that a provider or software vendor may never access your computer under any circumstance, then that law will supercede this bill.

Or am I missing something?

Re:So who is to blame for this bill Congress?

[phantomlord]

Since you seem to imply the 36 co-sponsors are Republicans,

Rick Boucher D-VA (and Slashdot darling), GK Butterfield D-NC, Lois Capps D-CA, Dianna DeGette D-CO, John Dingell D-MI, Michael Doyle D-PA, Eliot Engel D-NY, Anna Eshoo D-CA, Sam Farr D-CA, Charlie Gonzales D-TX, Bart Gordon D-TN, Gene Green D-TX, Darlene Hooley D-OR, Jay Inslee D-WA, Ed Markey D-MA, Jim Matheson D-UT, Jerry McNerney D-CA, David Price D-NC, Bobby Rush D-IL, Janice Schakowsky D-IL, Hilda Solis D-CA, Bart Stupak D-MI, Anthony Weiner D-NY

23 of 36 co-sponsors are Democrats but it is a Republican bill?

Oh, and the kicker? Author: Ed Towns D-NY

But it is a Republican bill.

You obviously looked up the bill... why lie about the sponsor and co-sponsors? Did you just assume that they were Republicans since the Democrats can do no wrong and the Republicans are evil? The fact that you were modded up here as informative is indicative of the general group think that permeates Slashdot regarding politics. Come on people, is it so hard to fact check this stuff rather than blindly accept what someone else tells you?

Ah. Freedom at last.

[mnemotronic]

As a computer hardware and software provider who performs computer and network security diagnostics and technical support, I will soon be free to monitor and interact with *anyones* network connection, service, or computer. Legally.

Stand back baby, I'm a Nessus monkey with a long list of a**holes, a can 'o nmap, a fully loaded Metasploit, and I ain't afraid to use 'em.

Mission Creep

[xZoomerZx]

1. Never underestimate the ability of a law to expand beyond it original ill-conceived boundaries given enough time. 2. States' rights have been non-existent for over 140 years, not just the last few. 3. Politics is about the accumulation of power in the hands of a few. 4. Read the sig. 5. Be afraid. Be very afraid.

No duty to protect citizens.

[Ungrounded+Lightning]

The State does have a duty to protect its citizens...

Actually, no, it doesn't.

They'd like you to think it does. But the state's duties are things like preserving order, providing equal justice, and having a Republican form of government.

Individuals are just cannon fodder. In the mass the state MAY try to protect them in various ways, as part of preserving order or some other compelling state interest. But they have no duty to protect any particular one of them - unless they've explicitly created an extraordinary and risk for some particular one.

Don't believe it? Try suing the cops for failing to protect you against a crook - say, one you've repeatedly complained about or one you're a witness against.

(That's why it's so hard to get witnesses, especially against possible gang members, in states that restrict personal carry of guns for self-protection.)