Slashdot Mirror
UCITA By the Back Door
InfoWorld's Gripelog airs a subject that should interest this community — involved as we were with efforts against UCITA back in the day. One main aim of the derailed UCITA initiative was to give software manufacturers and content owners a degree of control over users' computers. Gripelog's Ed Foster informs us that UCITA is sneaking back in, under the cover of an anti-spyware bill, S. 1625, now making its way through the US Senate. One clause in this draft bill would legalize what the BSA calls "electronic self help" — i.e., the ability for commercial entities to cripple or disable software or networks on your computer if they believe you are violating their property rights.
"(10) detection or prevention of the unauthorized use of software fraudulent or other illegal activities."
When I hear of something like this, the first thing that occurs to me is how valuable the keys or mechanism or whatever that actually does the "preventing", how badly the criminal element would want to get hold of that information, and the inevitability that this will happen when the right price is found for whomever holds the keys.
In other words, this kind of thing will eventually, inevitably, be used for nefarious purposes.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
That's the best euphemism I've ever heard for legitimized corporate spyware and DRM. Big software companies will finally be able help themselves to my electronic devices.
steampunk web design
So if an entity (any virus writer, for example), incorporates, then it's legal for them to mess with your computer? All they need to do is claim that they have evidence that you are infringing some property rights of theirs?
Is Congress insane?
The real answer is that they don't tend to think of consequences. Rather they are more interested in rewarding their friends and financiers.
You know what, give the lousy ba$tards what they want! They more than anyone else deserve it, and once they start disabling computers willy-nilly it will only beat a path to the OSS door. Why would any company in their right mind turn their entire company over to the trust of a greedy software vendor? They might as well hand over their bank-account numbers and power-of-attorney to BSA while their at it.
It will frankly create a situation ripe for software-license blackmail and extortion.
If they're so intent on shooting themselves in the foot, all the better for the rest of the world. Enough is enough.
cat sig >
GPL Violations is allowed (with author's permission) to break into the boxes of all GPL violators. *That* could be interesting.
Opus: the Swiss army knife of audio codec
consider provisions of this bill "do not apply to any monitoring of, or interaction with, a subscriber's Internet or other network connection or service, or a protected computer, by or at the direction of a telecommunications carrier, cable operator, computer hardware or software provider, financial institution or provider of information services or interactive computer service..."
and "(10) detection or prevention of the unauthorized use of software fraudulent or other illegal activities."
Well clearly, as per the article they are slipping in "any enforcement we choose" actions regarding the ability of the BSA (etc) to pry into your computer with spyware like tools...
But worse, the spyware perpetrators themselves gain free immunity to all their spyware actions if they can proved they are "a provider of an information service" which, in fact, they are. They provide my information to their paying customers.
Now not only is spyware made penalty free (by accident) but Auditing Trojans that "accidentally" destroy all your data while "trying to detect" whether you have stolen Barbie's Big Adventure
The corporations, both legal and illegal, now own your computer in every way that matters.
Ta Da!
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press
By writing themselves into the law as "above the law", I no longer feel particularly feel any moral obligation to obey the law. The only principle that guides my behavior now when it comes to dealing with the RIAA/MPAA is "don't get caught".
Congratulations, you people just created another pirate.
Done with slashdot, done with nerds, getting a life.
Isn't this what Microsoft tried with WGA? And you know the rest of THAT story....
Isn't WGA already an example of this? If this sort of thing is prevalent in proprietary software it can be nothing but good for FOSS. At least one or two ignorant proprietary users will flap their ears and try FOSS instead. Those two users will tell their friends and they may change as well.
The summary acts like the UCITA failed and is trying to come back. But UCITA passed Maryland and Virginia, and probably some other states too. I think Massachusetts actually passed an anti-UCITA law.
Without exceptions like those, things like the code that prevents (or at least discourages) the use of bots in games like WoW would be rendered illegal. Examining your system memory is *exactly* what the law is designed to prevent, and anti-bot code has to do just that.
Yeah, maybe they could come up with a lot more specifics, thus making the law a lot more unreadable and drawn out, and potentially causing headaches for any circumstances that were left out. But I'm afraid there will probably have to be some sort of exceptions made along the lines of "unathorized software" and/or "fraudulent use" that are potentially over-generalized.
...'Member the "This is your brain on drugs" TV spots, with an egg sizzling in a frying pan? No, no, I don't think you do.
I would be open to this if the legislation placed control of whether software on a privately owned computer should be disabled in the hands of a court rather than in the hands of the software vendor. The problem with this legislation, and all DRM, is that it hands much too much control over to the vendor, which is a conflict of interest. Governments exist to protect property rights, not private corporations or individuals.
I haven't read this legislation. But UCITA most certainly did not do that; it placed control completely in the hands of the software vendor (copyright holder). I think this type of DRM could fly with a real adjudication process that's fair and fully public.
They are certainly interested in rewarding their friends and financiers, but they are mainly interested in sound bite politics. It's an election year.
It's one thing to be bought and/or rented by industry lobbyists. It's another to have our government's data and operations legally placed in jeopardy in the event some jackass might have installed some application that contains some code that disables the computer and/or network in the event it believes it is pirated or otherwise running in a way that conflicts with its license.
This could also do very bad things to businesses under similar circumstances. And before any claims "but your users shouldn't be allowed to install software!" I'll remind you that this is Windows we're talking about where way too much software won't even run unless the user has administrator privileges.
Perhaps I'll sell a trojan for $0.99. Then I'll be able to access computers legally of people who do not pay for a license.
Yet another reason why NOT to use proprietary software... these bills are moronic the people running America don't know jack shit about computers why the fuck are they trying to come up with laws to fix them.
I feel Lobbyist undertow from every one of these bills its going to get to a point that they hide what they really want so sell in a huge bill that no one will ever see it, let alone the people that voted to pass the bill. And its only going to take ONE - one congress person brought down by these types of laws for the rest of the morons in Washington to see why trying to legislate computers is dumb. The market it's self with find an answer for crop-rights long before the government will do anything meaningful to help out the situation
copyright is a outdated idea that needs to GTFO
There has to be a better way, more red tape isn't the answer
I wonder, can this be used to monitor GPL violations?
You know something is utterly wrong when corporations decide to bypass the users and go directly to(enforce) "propose" a law to the same politicians they support with money in their campaigns to help them selfs convince you that they have the right solution for the economy your wealth and the good of the community. "Sick of the oil prices? the economy is bad, so consider this as a new law that will help the economy and benefit you!" (sarcasm)
Isn't this just what foreign governments would love to have to manipulate, say, our armed forces?
Only with your participation: by running proprietary software. Free software systems can be improved to continue to grant users power over their devices.
Digital Citizen
"Electronic (Help-Our-Selves)Self-Help"...
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
...as Sony learned with the rootkit. Any software that does crap like that will quickly find itself shunned like the malware it is...
I've contacted mine! I have the distinct pleasure of being on one of my senators' "short list" of people to consult in computer issues, especially computer security issues (due to my Ph.D. in the subject), so I've already told him that this is a bad idea.
Please contact your senators!
So I would be able to go cut the cables with impunity of any entity I thought had misappropriated my business data?
Point the first: If they think this won't get hacked, they're out of their freaking minds. You think spyware is bad now, just leave a huge hole in your OS where other people can come in and change stuff. This proposal will make the problem worse, day one. Or should I say 0-day.
Point the second: Accountability. Assuming this could get implemented and be magically unhackable, what all are they actually allowed to do, and who will oversee this?
Put another way, let's say I release an email client that is legal to use for non-commercial purposes. May I read all of your email to see that you're sticking to the EULA? May I delete the ones that are commercial?
How far can this go, and what checks and balances do they propose?
Weaselmancer
rediculous.
"Self-help" is kind of a legal term of the art for any extra-legal means that people use to resolve a dispute without the aid or sanction of the courts, usually with the implication of violent means of depriving people of property in dispute.
For quite enlightened reasons (and the more cynical would say selfish ones too), courts tend not to favor resolutions that encourage self-help. Courts are not going to interpret the phrase "detection or prevention of the unauthorized use of software fraudulent or other illegal activities" to allow for deprivations of or interference with the enjoyment of personal property without due process. This law can't be interpreted in any manner to set up a due process satisfying procedure, so it's pretty much unconstitutional if interpreted to allow remote disabling or (suspected) pirated property.
Assuming that the above language even means to imply the "software fraudulent" is a meaningful term, given that it appears nowhere else in the US Code, and there's no definitions section for the bill. The sentence makes a lot more sense if "...software for fraudulent..." was their intended language.
In that context, it seems less like a backdoor attempt to insert remote disabling into law and more like a phrase in line with preventing malware. UCITA was dangerous because it allowed people to contract away their protection against this sort of thing, which is less constitutionally suspect than just writing into law at large.
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
Any chance this violates the Constitution's provisions against (a) due process, and (b) unreasonable search and seizure?
There is something deeply ironic about a lot of the hyperagressive IP enforcement stuff going around. Orrin Hatch's self-destructing computers, Fritz chips, and now "electronic self help". All of these things are deeply antithetical to the notion of private property; but advanced under the banner of protecting private property.
I'm surprised(but not too surprised) that this sort of thing doesn't get more attention from the free enterprise and private property crowd; it is, after all, a much greater threat than any of the pitiful remnants of Communism that still survive. If this sort of stuff persists, it will, in effect, be illegal to own almost any computerized device(sure, you'll own the actual hardware; but the software and firmware will be licenced-revocable-at-will from dozens of different firms, all with the authority to poke at your device whenever they want). I'm sure that some of the true believers will comfort themselves with the fact that it isn't the State that is to blame; but private property will be just as dead as if it were.
So how does this effect me if I live outside of the USA and don't have a clue what the U.S constitution or Bill Of Rights says? Does my country's laws kick in? Because if it is all electronic then surely they can stretch across borders and mess with my system too.
http://projectleader.wordpress.com
Don't just gripe here in a thread, email your senator
VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!
"UCITA By the Back Door" Hmmm, Unsolicited Computer In The Anus? Is it somehow related to UFIA?
Spork.
P.S. Spork.
(a) no, and (b) no. Those provisions only apply to governmental actions and thus wouldn't affect the commercial entities. Of course, that wouldn't really change much since the current administration has spent the last seven years violating our rights to due process and indulging in warrantless and otherwise unreasonable searches in the guise of "security."
There should be a bill as follows: Once per month, your computer locks up and stops working completely, and you have to pay $250 each into the accounts of the RIAA, MPAA, and Microsoft to regain control of your computer. This is $250 to each entity, per computer. If you use Linux or other such rogue malware, the charge is $500 to the RIAA, $500 to the MPAA, and $9500 to Microsoft. Failure to pay within 24 hours results in the hardware frying itself, after deleting all your files. It would be a shame if that would happen, so you should pay up to "protect" your system from such a fate.
McCain/Palin '08. Now THAT's hope and change!
I unashamedly admit that I deprived BSA members of profits, and at least weekly encourage clients to do the same.
I encourage the use of BSA-profit-depriving alternatives such as:
* Linux rather than Windows
* The OpenOffice.org and OxygenOffice suites rather than Microsoft Office
* Thunderbird or Evolution+Lightning rather than Outlook
* Moon Secure rather than the buggy, resource-hogging Symantec antivirus
* Scalix, Zimbra, or even good old Postfix rather than Exchange
* Mozilla Firefox rather than the insecure MSIE
* Spybot S&D rather than commercial (OK this one is freeware not F/OSS but proprietary/free as in beer is great when the payware solutions suck!)
* ASSP rather than Symantec's crappy spam filter - which after an automatic update deleted every single email attachment in my Exchange Info Store years ago, which prompted my moving almost everything at the office back to Linux. ASSP blocks more spam, incurs fewer false positives, plus it's FREE/OSS! I implement ASSP for clients running both Windows and Linux mail servers.
That isn't to say I am opposed to buying software, nor is open source software a solution for everyone. I pay for my Linux distributions, I buy Crossover Office and Zend Studio, and I just bought a Windows game. There is an intern at one of my clients wanting to get everyone on open source across the board, and was asking me why I didn't do it. I pointed him to the fact that QCAD is 2D-only, PythonCAD is weak, other CAD solutions on Linux are immature, incomplete, incompatible (no LISP), or in planning stages, plus there would be HUGE training issues. Also, they NEED M$ office for some of the programs they need to run, and several engineering programs they use "might" run under wine, but there is no way the execs would approve of the training cost. We're planning a Linux server for them for some time sheet/project billing software, but there is no realistic way they can dump Windows. As it is, I have OOo.org, Firefox, PDF Creator (no more "pirating" Distiller), 7 Zip (no more "pirating" Winzip!), Filezilla (No more "pirating" WS_FTP), and various other F/OSS and freeware programs deployed there. When I pointed that all out he saw the reality of it: F/OSS is not the BFH that works for every solution, but when it can be used, it should be.
In the architecture industry there are few alternatives to AutoCAD or DesignCAD, both of which require Windows.
Also, for syncing up PDAs, smartphones, etc. nothing beats Windows and Exchange+Outlook.
There isn't a good affordable alternative to Quickbooks - and none that I know of that run on Linux.
You're a gamer? CVS Cedega, Cedega, and Crossover Games may play a lot of games, but not all. Like Microsoft Live games? Linux is probably not the best solution for you.
I recommend F/OSS solutions whenever possible, because it's best for the client, it's best for the F/OSS community (exposure), and it helps keep the market forces (read: Microsoft) keep their prices in check.
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
This is wishful thinking:
Like they kept NBC and Vista from blocking recording of TV shows? People holding the appropriate offices at the DOJ were probably cheering the censorship potential of that and they are rooting for even better illegal wiretaps.
It would be better to lose every major publisher than liberty. This bill shows that publishers would rather take your liberty than go away.
If you're going to use a 5 letter initialism in the summary and repeatedly in the headline without saying what the fuck it is or at the very least linking it to a definition, I for one can only assume that you don't consider it important enough to warrant the extra 20-50 keystrokes to do so.
This seems odd since the nature of the numerous comments is very alarming, however none of the comments mention what the initialism stands for.
I write in response to bill S. 1625, currently making it's way through the senate.
This bill should not be passed in the state that it is in because it includes exemptions for "telecommunications carriers, cable operators, computer hardware and software providers, financial institutions or providers of information service or interactive computer services..." that could be decremental to consumers. These exemptions grant immunity to such companies and groups to impose on personal privacy for the following reasons as stated under exemption #10 of the bill:"(10) detection or prevention of the unauthorized use of software fraudulent or other illegal activities."
This issue falls under software piracy and not software privacy, which the bill purports to address, namely spyware. Giving companies more power to detect pirated software is not pertinent in protecting against spyware. In fact, it is counter-intuitive to such well-intended efforts, as it will give said companies a considerable measure of control over their customer's computers, an effect that the bill was designed to prevent.
I believe this bill should be dumped on the merits that has been laced, tainted with unrelated details - the desires of lobbyists in the telecommunications and computer software and hardware business - that weigh it down and bend it away from the intended goal of protecting consumers from the dangers of spyware and rogue applications on the internet. Rather, it is being twisted into a government-sanctioned tool for the appeasement of corporate dictators in yet another attempt to hide away their intellectual properties at the consumer's expense. At the tax-payers expense. And at the expense of the liberties of the American people. This is what I protest about proposed bill S. 1625.
Please dump this bill in favor of ratifications that do not seek to satisfy the needs of corporate lobbyists, but rather accomplish the original intent of protecting consumers on the internet.
The eternal struggle of good vs. evil begins within one's self.
Did anybody else misread the article at first as "Utica by the back door"? More to the point, would an Utica by the back door trump UCITA?
Instead of Congress yanking the FBI off of un-Constitutional privacy violations and other worthless, expensive investigations, in favor of protecting us from software attacks, Congress is abdicating yet more responsibility for protecting us, in favor of giving legal cover for unaccountable vigilantes.
What do we pay those people to do, anyway? Ruin us? We can get that for free.
--
make install -not war
"UCITA By The Back Door"?
Is that like a UFITA?
What a wonderful reason for people to switch to FOSS to avoid the nasty spywares.
"Come over to the light side, everyone, where your PC is safe from spying eyes!"
I am anarch of all I survey.
The American senate has no right to do this. it will afect THE WHOLE (IT) WORLD they do not have juristiction
null
These problems would all go away if we just abolished copyright altogether.
Help stamp out iliturcy.
Vista, yes. But the blame lies squarely on the content producers. Companies like Microsoft and Apple are just giving people the ability to watch the content in the terms specified by the content owners. Go talk to them, tell them that you don't want DRM in your content and I'm pretty sure the OS vendors will eject the DRM in no time.
http://www.gripe2ed.com/scoop/story/2008/6/3/0529/41400
It's unclear from that statement whether Barracuda intends to or has the ability to remotely disable one of their Spam Firewalls that has been resold, but the insinuation is there.
.
So you think just because I install your crapware on my computer, that you have the right to cripple MY PROPERTY at a whim? You, you, fuck you, you fuckin' FUCK, you, I say, and GOOD NIGHT, SIR! The first time I detect this sort of shenanigans occurring on any computer in my posession is the moment when I uninstall said software (or OS for that matter!) and seek a complete and full refund of any monies paid -- if not legal reparations in civil court. Fuck that noise! Again, some asshats are borrowing pages from the RIAA's playbook apparently, thinking they can get away with whatever they want. I beg to differ! Put these asshats in front of me, face to face, when they try to pull this crap, I swear I'll punch them in the nose!
> ... will eventually, inevitably, be used for nefarious purposes.
Don't you think that all this anti-terrorism legislation should be balanced with at least a bit of pro-terrorism legislation?
tm
Support TBI Research: http://www.raisinhope.org
While the concept of forcing users to turn their computer over to any software vendor is abhorrent to me, I don't know if the consequences of this bill are as extreme as they sound.
From my reading of the article it sounds like the bill adds additional "protections" to current law. Additionally the exemptions sound like they apply solely to this bill. That's fine because as the article notes, all of these things are already banned. If this bill replaces current laws restricting unauthorized access to computers, then we have a real problem. If this does not do so, we're in the same place we are now and this law meaningless in regards to software vendors disabling software at will.
If it is used for preventing copyright infringement then perhaps you can have a court rule that it was not appropriate to disconnect you, but you are not allowed to do anything to protect yourself against it happening beforehand because it can be interpreted as circumventing means of protection against copyright infringement. And even if it does companies would be reluctant to provide tools to do it, so you're on your own.
So if you're an organization that needs a license for 50 copies of whatever you'd get a license for 100 just in case some race condition makes the monitoring processes that you are not allowed to stop detect 51 copies (when you actually have 49 but moved 2) and then stop your entire business network and corrupt your data bases by disabling some components while others still work. Of course this won't happen but it will cost money to prevent it from happening and the money would go to the hands of those that might make it happen.
aka
1. use open source software
2. make your own software (come on this is
null
Huh, the world of Shadowrun is near. Imagine a brain implant connection to the net with some self-helping homepage. They can burn your brain (LEGALLY) if you just wander off the net in the wrong direction...
Patents Drive Free Software as Hurricanes Drive Construction Industry
Resale is a RIGHT. Its not a Privilege.
This statement will NEVER hold in a court of law.
And in addition, if i twist the MPAA president's speech: If i buy a chair, i can sit on it or pee on it, or sell it. If xyz Corp chose to remove the legs of the chair because my wife is sitting on it instead of me, they can expect a product liability suit, wire fraud suit, OSHA investigation (under Obama), and Damage to Private Property criminal cases.
It will be long day before the CEO gets out of prison.
"Doing what i can, with what i have." ~ Burt Gummer
Corporations have so little power and support from the government in the U.S.
Even now, as of the timestamp on this comment, NO ONE in any comments here has identified what UCITA is short for.
Ah Slashdot, the Great Communicator.
Another explicit example that Property and "Intellectual Property" are mutually exclusive. If IP trumps material property, you don't truly OWN some of your material possessions (which theoretically could extend to "none of your material possessions", as someone else could "rightfully" possess some of information embossed in them).
This comes in the qake of hearing the us army wants to be able to just set up a botnet of our computers and just do what they want with it, if this passes, they will have no barriers left to protect the computer user that thinks , I don't want anyone in my machine.
IF they think they have the right to "disable" my computer or any of MY property. Then that means I have the right to "disable" their corporation. "Bomb, Bomb, Bomb, Bomb Iran"......
The Truth is a Virus!!!
Thanks to VPNs, IPs aren't 100% reliable for geolocation. So what happens if you're in the UK, working for a US company, and they trigger their little self help program?
Passing a law in the US for this sort of thing doesn't cut it. You have to make it globally legal, or you're on thin ice waiting for suit to be filed.
Besides, don't most EULAs for the shadowy applications of the world already include verbiage similar to this? "Well you agreed when you shot the duck with the blue target instead of the red..."
*snort*
My reality check bounced.
If by "Led Zeppelin", you mean "Willie Dixon" and "Muddy Waters", then yes I remember.
Led Zeepelin was covering their songs.
Sometimes is so good live on non-US country...
Religion: The greatest weapon of mass destruction of all time
People can't be punished for time shifting. Society did not consider time shifting a publication and does not prevent it to enforce the created right of copyright. Recent rulings on the broadcast flag all reached the same conclusion so both their broadcast and listening for and obeying the broadcast flag are voluntary - ie a pointless competitive disadvantage that outrages customers.
In time, encrypted works will not be considered publications and lose copyright protection. Encrypted works may never enter the public domain and fail to meet the US Constitutional requirement of limited time of protection.
This situation is exactly the kind of thing that Andrew Jackson was speaking of, give the government enough time and it will keep working to take away our liberties.
Unfortunatly, I am getting tired of having the same things come up over and over and over...
McFly777
- - -
"What do people mean when they say the computer went down on them?" -Marilyn Pittman
Is Google really so hard to use?
The Uniform Computer Information Transactions Act
http://www.ucita.com/
Additionally the exemptions sound like they apply solely to this bill.
These things have a habit of spreading... consider the effect of the "CAN-SPAM" act, which has effectively raised barriers to fighting spam by forcing people to prove over and over again that compliance with the CAN-SPAM act is not de-facto legalization.
If this bill replaces current laws restricting unauthorized access to computers, then we have a real problem.
That is the effect it will have in a large number of cases.
To plagiarize another saying about theory and practice, the difference between de-facto and de-jure is less de-facto than de-jure.
It makes one wonder all of the potential abuses of this law. Since Patents are considered "Intellectual Property", would it be much of a stretch to assume that this law would grant "self help" to those looking to squash patent violators? Microsoft, for example, could probably argue that they can "help" themselves squash patent violators by attacking users of Linux, or OpenOffice (Not that I know of any specific violations in either of these two, but that's the danger of extralegal enforcement; it's shoot first, ask questions later. Only if they are caught are there any problems.), or any number of other technologies. Makes me wonder if the RIAA/MPAA would try to get anything under the radar in this bill. (By trying to argue that extralegal attacks on various networks are legal because they stunt "other illegal activities" performed by software.)
The requirements of law are all things publishers and government, not the public, must deal with. There is no law that requires NBC to have a large chunk of the spectrum or Constitutional requirement that spectrum must be licensed. There is also no real requirement for government to protect NBC in this case. You can run rings around the "requirements" of law, but they don't add up to government protection for sleazy behavior. A company as dependent on government protection as NBC is is foolish to skirt around the law like it has.
NBC has been granted spectrum in exchange for some sort of public good and had better watch it's step. Specifically, broadcast licenses have cultural and educational requirements that most broadcasters like NBC mostly fail to deliver. They really are at the whim of the people on this one and should not dare further annoy them lest they elect officials that give the spectrum to more worthy people or to the public at large.
The requirements of copyright law from the US Constitution that Twitter mentioned come from Article 1, Section 8:
Clause 1: The Congress shall have PowerNothing is required of Congress to protect NBC or any other publisher. Congress may protect Authors but only for a limited time and only if it promotes science and the useful arts. A broadcast that never enters the public does not fairly merit government protection. The public should not be stopped from copying and distributing it at will, for fun and profit.
Essentially, your "the law does not require this or that" argument boils down to an insulting, "what are you going to do about it?" There is plenty both government can and will do about NBC and Microsoft.