UCITA By the Back Door

InfoWorld's Gripelog airs a subject that should interest this community — involved as we were with efforts against UCITA back in the day. One main aim of the derailed UCITA initiative was to give software manufacturers and content owners a degree of control over users' computers. Gripelog's Ed Foster informs us that UCITA is sneaking back in, under the cover of an anti-spyware bill, S. 1625, now making its way through the US Senate. One clause in this draft bill would legalize what the BSA calls "electronic self help" — i.e., the ability for commercial entities to cripple or disable software or networks on your computer if they believe you are violating their property rights.

business opportunity

[roc97007]

"(10) detection or prevention of the unauthorized use of software fraudulent or other illegal activities."

When I hear of something like this, the first thing that occurs to me is how valuable the keys or mechanism or whatever that actually does the "preventing", how badly the criminal element would want to get hold of that information, and the inevitability that this will happen when the right price is found for whomever holds the keys.

In other words, this kind of thing will eventually, inevitably, be used for nefarious purposes.

Re:business opportunity

[nuzak]

In other words, this kind of thing will eventually, inevitably, be used for nefarious purposes.

You mean, like by the government or the corporations? This is not potential abuse, it is abuse on its face. Stop with the "criminals might get access", it's criminals that have the access right now!

Re:business opportunity

[belmolis]

I'm not so sure. As I read the bill, there is nothing that requires the intruder to be correct in its belief that someone is using unlicensed proprietary software. Under the bill, even though I run GNU/Linux and do not use any Microsoft products, what's to prevent Microsoft or some other vendor from breaking into my system and screwing with it, whether as a result of legitimate error or intentionally, for the purpose of protecting their software?

Re:business opportunity

[Daniel+Dvorkin]

Let them!! Seriously, it'll make more converts to Linux and open source so that we can finally do away with these asshats.

That's the naive, optimistic view. The cynical, pessimistic view is that the people who are pushing for this truly awful law consider any use of F/OSS to be equivalent to piracy ("You're using software you didn't pay for, therefore you must be a pirate!") and they'll be able to find prosecutors, judges, and juries who can be duped into accepting this view.

Re:business opportunity

[ehrichweiss]

That's just stupid and full of hyperbole, not cynical, and if you want to think I'm naive then I'd like to invite you out for a night of drinking and gambling. I presented an unpleasant view that the people behind this might not want to see and it happens because in the course of my business I encounter people whose kid screwed up their computer for the 4th time this week by visiting some website but after a knoppix dvd I usually have a convert to linux. You present a view that would have to get rid of everyone who knows anything about computers; that world existed 75 years ago but not today.

Re:business opportunity

[mpe]

I'm not so sure. As I read the bill, there is nothing that requires the intruder to be correct in its belief that someone is using unlicensed proprietary software.

Even if it did would you expect it to be any stronger than with the DMCA.

'Electronic Self-Help'

[muellerr1]

That's the best euphemism I've ever heard for legitimized corporate spyware and DRM. Big software companies will finally be able help themselves to my electronic devices.

Can O Worms

[niiler]

So if an entity (any virus writer, for example), incorporates, then it's legal for them to mess with your computer? All they need to do is claim that they have evidence that you are infringing some property rights of theirs?

Is Congress insane?

The real answer is that they don't tend to think of consequences. Rather they are more interested in rewarding their friends and financiers.

Screw 'em I say!

[zifferent]

You know what, give the lousy ba$tards what they want! They more than anyone else deserve it, and once they start disabling computers willy-nilly it will only beat a path to the OSS door. Why would any company in their right mind turn their entire company over to the trust of a greedy software vendor? They might as well hand over their bank-account numbers and power-of-attorney to BSA while their at it.

It will frankly create a situation ripe for software-license blackmail and extortion.

If they're so intent on shooting themselves in the foot, all the better for the rest of the world. Enough is enough.

Re:Screw 'em I say!

[JPLemme]

I used to perform disaster recovery testing for a very big company. There was one particular test where a critical application wouldn't run because it was registered to the CPU's serial number and the software was refusing to run on the hardware at the DR facility. I'm pretty sure that the majority of proprietary mainframe apps work this way.

The data restoration couldn't begin until the vendor fixed the license issue, which took ~45 minutes. Since we had a 12 hour recovery limit that was a long time. We worked with the vendor to make sure that our DR process wouldn't be affected by this issue, and it never happened again.

Ergo, many companies in their right minds trust their vendors, just like they trust their banks not to steal their money. The difference between Very Big Companies and you is that each VBC is worth millions of dollars to the vendor, and screwing one VBC can cause many other VBCs to defect to vendors they can trust. You, OTOH, are worth about $59.99 and if they screw you most of their other customers will never know about it.

Does it mean

[jmv]

GPL Violations is allowed (with author's permission) to break into the boxes of all GPL violators. *That* could be interesting.

According to this bill

[IBitOBear]

consider provisions of this bill "do not apply to any monitoring of, or interaction with, a subscriber's Internet or other network connection or service, or a protected computer, by or at the direction of a telecommunications carrier, cable operator, computer hardware or software provider, financial institution or provider of information services or interactive computer service..."

and "(10) detection or prevention of the unauthorized use of software fraudulent or other illegal activities."

Well clearly, as per the article they are slipping in "any enforcement we choose" actions regarding the ability of the BSA (etc) to pry into your computer with spyware like tools...

But worse, the spyware perpetrators themselves gain free immunity to all their spyware actions if they can proved they are "a provider of an information service" which, in fact, they are. They provide my information to their paying customers.

Now not only is spyware made penalty free (by accident) but Auditing Trojans that "accidentally" destroy all your data while "trying to detect" whether you have stolen Barbie's Big Adventure

The corporations, both legal and illegal, now own your computer in every way that matters.

Ta Da!

Some exceptions are necessary

[ThreeGigs]

Without exceptions like those, things like the code that prevents (or at least discourages) the use of bots in games like WoW would be rendered illegal. Examining your system memory is *exactly* what the law is designed to prevent, and anti-bot code has to do just that.

Yeah, maybe they could come up with a lot more specifics, thus making the law a lot more unreadable and drawn out, and potentially causing headaches for any circumstances that were left out. But I'm afraid there will probably have to be some sort of exceptions made along the lines of "unathorized software" and/or "fraudulent use" that are potentially over-generalized.

Re:Some exceptions are necessary

[Valdrax]

Without exceptions like those, things like the code that prevents (or at least discourages) the use of bots in games like WoW would be rendered illegal. Examining your system memory is *exactly* what the law is designed to prevent, and anti-bot code has to do just that. Why are your bloody games more important than my right to enjoy the use of my property without extrajudicial interference? I actually do work with my machine and might not let want it tampered with by a vendor who has another "Genuine Advantage" bug.

It's not like WoW is more important than due process rights.

(Not that that's what the bill actually does, but I'm kind of horrified to see someone supporting what the article purports that it to.)

Re:Some exceptions are necessary

[TheGratefulNet]

what this might mean (if it actually comes to pass as a body of new laws) is that people will hard partition their various activities.

ie, a work machine (or even many discrete ones), a home machine, a machine that can be task-related and shared, a machine that is ONLY private stuff and no commercial software, etc etc.

so if there has to be 'crap' installed on some box, don't let it invade on ALL your boxes. partition the systems so that you limit exposure or damage potential. contain the 'viruses', so to speak.

there was a slash story about nokia and their 'bright lines' between GPL and private code. same basic idea here but translated to keeping info on separate boxes and limiting what kind of programs get installed on each 'type' of box.

PITA to have to think in those terms, though! ...I really hate the way laws are mostly just BAD, these days ;( I can't think of a single GOOD LAW they've passed in, well, YEARS.

Re:Some exceptions are necessary

[Opportunist]

PITA to have to think in those terms, though! ...I really hate the way laws are mostly just BAD, these days ;( I can't think of a single GOOD LAW they've passed in, well, YEARS.

It's been quite a run, yes. The average thought that enters my mind when I read about a new law is usually "ok, how're they gonna screw me over this time?". Somehow I think it shouldn't be that way. Laws should be to the benefit of the general population. I might not agree with all of them. I might not benefit from all of them. But I should at the very least benefit from some of them.

So either the majority of laws passed these days aren't really to the benefit of the majority or I'm a really oddball and belong to such a tiny minority that I simply get screwed every single time.

Close

[dreamchaser]

They are certainly interested in rewarding their friends and financiers, but they are mainly interested in sound bite politics. It's an election year.

Re:Is there a flip side?

[Darkness404]

But being GPL'd it would be just as easy to go into the source and take out the back doors and recompile it.

Dumbasses, twice

[Weaselmancer]

Point the first: If they think this won't get hacked, they're out of their freaking minds. You think spyware is bad now, just leave a huge hole in your OS where other people can come in and change stuff. This proposal will make the problem worse, day one. Or should I say 0-day.

Point the second: Accountability. Assuming this could get implemented and be magically unhackable, what all are they actually allowed to do, and who will oversee this?

Put another way, let's say I release an email client that is legal to use for non-commercial purposes. May I read all of your email to see that you're sticking to the EULA? May I delete the ones that are commercial?

How far can this go, and what checks and balances do they propose?

We have to destroy property in order to save it...

[fuzzyfuzzyfungus]

There is something deeply ironic about a lot of the hyperagressive IP enforcement stuff going around. Orrin Hatch's self-destructing computers, Fritz chips, and now "electronic self help". All of these things are deeply antithetical to the notion of private property; but advanced under the banner of protecting private property.

I'm surprised(but not too surprised) that this sort of thing doesn't get more attention from the free enterprise and private property crowd; it is, after all, a much greater threat than any of the pitiful remnants of Communism that still survive. If this sort of stuff persists, it will, in effect, be illegal to own almost any computerized device(sure, you'll own the actual hardware; but the software and firmware will be licenced-revocable-at-will from dozens of different firms, all with the authority to poke at your device whenever they want). I'm sure that some of the true believers will comfort themselves with the fact that it isn't the State that is to blame; but private property will be just as dead as if it were.

Re:Self-Help & Much To-Do About Nothing.

[iminplaya]

...it's pretty much unconstitutional...

Aaaand... that means what, exactly?

Call it the CAN SPY Act.

[Odder]

This is wishful thinking:

Courts are not going to interpret the phrase "detection or prevention of the unauthorized use of software fraudulent or other illegal activities" to allow for deprivations of or interference with the enjoyment of personal property without due process.

Like they kept NBC and Vista from blocking recording of TV shows? People holding the appropriate offices at the DOJ were probably cheering the censorship potential of that and they are rooting for even better illegal wiretaps.

It would be better to lose every major publisher than liberty. This bill shows that publishers would rather take your liberty than go away.

No, I'm not going to look it up

[gumpish]

If you're going to use a 5 letter initialism in the summary and repeatedly in the headline without saying what the fuck it is or at the very least linking it to a definition, I for one can only assume that you don't consider it important enough to warrant the extra 20-50 keystrokes to do so.

This seems odd since the nature of the numerous comments is very alarming, however none of the comments mention what the initialism stands for.

Re:Keeping the balance

[mOdQuArK!]

Maybe balanced with anti-bullshit legislation.

Re:We have to destroy property in order to save it

Another explicit example that Property and "Intellectual Property" are mutually exclusive. If IP trumps material property, you don't truly OWN some of your material possessions (which theoretically could extend to "none of your material possessions", as someone else could "rightfully" possess some of information embossed in them).