Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sony Rootkit Redux: Canadian Business Groups Lobby For Right To Install Spyware

Posted by Soulskill on from the do-not-want dept.

An anonymous reader writes "Michael Geist reports that a coalition of Canadian industry groups, including the Canadian Chamber of Commerce, the Canadian Marketing Association, the Canadian Wireless Telecommunications Association and the Entertainment Software Association of Canada, are demanding legalized spyware for private enforcement purposes. The potential scope of coverage is breathtaking: a software program secretly installed by an entertainment software company designed to detect or investigate alleged copyright infringement would be covered by this exception. This exception could potentially cover programs designed to block access to certain websites (preventing the contravention of a law as would have been the case with SOPA), attempts to access wireless networks without authorization, or even keylogger programs tracking unsuspecting users (detection and investigation)."

57 of 240 comments (clear)

  1. Only over my dead body by Kardos · · Score: 5, Interesting

    will you be installing your spyware on my computer.

    1. Re:Only over my dead body by Capt.DrumkenBum · · Score: 3, Insightful

      You and me both.
      If I find that someone (Person or corporate entity.) has installed software on MY computer without my explicit permission, they will be explaining to law enforcement why they think they have the right.

      --
      If I were God, wouldn't I protect my churches from acts of me?
    2. Re:Only over my dead body by Kardos · · Score: 5, Insightful

      And therein lies the problem. "Oh, but the law permits them to".

      Stallman saw this shit coming decades ago, sadly he's right :x

    3. Re:Only over my dead body by jxander · · Score: 2, Insightful

      Unless they're backed by law enforcement, at which point they'll be explaining nothing.

      That's the point.

      These agencies are trying to legalize computer-rape, so that when they bend you over, you've no recourse but to take it and pray for a reach around

      --
      This signature is false.
    4. Re:Only over my dead body by iksbob · · Score: 5, Insightful

      In which case, the only option is to not buy the spyware-infested product. Since the spyware is secret, there's no way to tell which disks are infected and which are not. The only safe alternative is to avoid buying any official content what so ever. The industry will drive any previously paying customers that give two s**** about their privacy to turn to the "piracy" avenue of acquiring content.
      The contortions the industry goes through to reach out and nail their own coffin shut are quite impressive.

    5. Re:Only over my dead body by TheGratefulNet · · Score: 4, Insightful

      blueray runs 'mobile code' when it starts the disc.

      for that reason (a big one) I refuse to buy BD discs or even support the business model with recorders/players.

      I can't know what they run and it could be harmful. I refuse to play that game.

      --

      --
      "It is now safe to switch off your computer."
    6. Re:Only over my dead body by icebike · · Score: 2

      In which case, the only option is to not buy the spyware-infested product. Since the spyware is secret, there's no way to tell which disks are infected and which are not. The only safe alternative is to avoid buying any official content what so ever.

      I suspect Antivirus/anti-spyware companies (smaller ones, foreign ones) will provide methods of de-installing the spyware. With fewer and fewer software packages being delivered on disk, you just about have to install downloaded software in a clean room to to inspect it.

      --
      Sig Battery depleted. Reverting to safe mode.
    7. Re:Only over my dead body by Em+Adespoton · · Score: 2

      This will spawn an entirely new term:

      Pirivacy. Those who practice it will be Silicon Pirites :D

      I can see CMA and ESAC being behind this, but the Canadian Wireless Telecommunications Association is food for thought... if they're behind it, that means we're talking about legal spyware on smartphones. Bundled by the carriers. Sound familiar? Unless you don't use a smartphone, these groups just did an end-run around your privacy with this proposal.

      Basically, the groups advocating this, if they were allowed to implement it, would have you coming and going; there'd be almost no way to use electronics in Canada without the worry that spyware was either bundled in, or a conduit was in place to load it without your knowledge.

    8. Re:Only over my dead body by mwvdlee · · Score: 4, Interesting

      Who says they have to distribute the spyware with paid products? They might simply pay computer manufacturers to include it, similar with drivers (closed source GFX card drivers for Linux?) or any other products. They wouldn't need to ask you or even tell you. They might even be able to have such software installed on the BIOS level with every motherboard sold if they pay the manufacturers enough money. I can't see of any way to avoid it if they're legally allowed to.

      --
      Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
    9. Re:Only over my dead body by interkin3tic · · Score: 3, Insightful

      I think you're calling it while it's still in the air though. These groups are lobbying for it. Of course they are: it's in their interests. Lobbying groups always ask for things that are in their interests, often at the expense of everyone else's. As always, the rest of us must oppose it. I saw nothing in the article suggesting it was likely to pass. Don't get discouraged yet, in other words, gear up for a fight.

    10. Re:Only over my dead body by interkin3tic · · Score: 2

      I suspect that if we limit ourselves to boycotting, we're going to lose. Most people don't remember the sony rootkit thing. In fact, I'm betting most of them didn't know it while it was a story. The word "spyware" is probably not something most consumers know about.

      I also don't see a real potential for them to hurt themselves with this. Doesn't any EULA already grant them the "consent" they'd need to install spyware?

    11. Re:Only over my dead body by jxander · · Score: 4, Insightful

      If these laws (or any like them) are allowed to pass, the explanation will be "we installed it because the law permits it, any further harassment by you will result in fines and jail time."

      That's why it's important to spread the knowledge now, well in advance. That's why it was so important for sites like Wikipedia to stage the blackout in defiance of SOPA/PIPA last year. Raise awareness BEFORE the laws are passed. Because once they are, digging the hooks out will be an extremely painful process.

      --
      This signature is false.
    12. Re:Only over my dead body by lgw · · Score: 5, Informative

      The Department of Justice certainly remembers the Sony Rootkit. Remember, this rootkit found its way ont a great many government computers, which had to be cleaned by government IT staff, and was recent enough that there was already laws about that. Sony was fined enough for investors to notice, and punish the leadership, but the DoJ also said: do this again and Sony will no longer be a going concern in the US.

      Any new spyware/rootkit product, even if intended only for the Canadian market, could also easily make its way onto US federal government computers, and the DoJ made it clear at the time that it wasn't just Sony they were warning - any company pulling this stunt again would cease to exist within the US. Apparantly the govenment's love for corporation does not reach quite so far as overlooking putting spyware on government networks (especially the DoJs own network) - so we've got that going for us.

      --
      Socialism: a lie told by totalitarians and believed by fools.
    13. Re:Only over my dead body by Frank+T.+Lofaro+Jr. · · Score: 4, Insightful

      Then they'll pass a law where providing tools to remove spyware will get you a 5 year prison sentence.

      --
      Just because it CAN be done, doesn't mean it should!
    14. Re:Only over my dead body by Gr8Apes · · Score: 4, Interesting

      Funny enough, I'm pretty sure my BD ripper program doesn't phone anybody, especially as it's not on the net.

      --
      The cesspool just got a check and balance.
    15. Re:Only over my dead body by idontgno · · Score: 3

      Sure. Use the US model. Call the spyware "anti-circumvention technology" protecting "copyright access control mechanisms" and Bob's your draconian millienial copyright uncle, and the world is your rich copyright violation lawsuit plaintiff.

      --
      Welcome to the Panopticon. Used to be a prison, now it's your home.
    16. Re:Only over my dead body by PlusFiveTroll · · Score: 2

      If it's from the manufacture the drivers can bypass the hosts file and communicate directly with the network card if they wanted/needed to. You'd have to have an external firewall monitoring and blocking said traffic. Chances are the software would turn in Diablo 3 like, where you had to have an internet connection for it to work at all in the first place.

    17. Re:Only over my dead body by Gr8Apes · · Score: 2

      You are entirely incorrect - it's a ripper, this isn't firmware, there is no content producer that supports this software.

      BD+ has been broken for years. All versions. The entire approach was flawed from day one. The best thing the content folks could do is actually provide us with working product, instead of all this hackery that drives more and more folks to exercise their fair use rights and right of first sale. DMCA can actually be argued is in violation of the constitution, as it oversteps the boundaries allotted for Copyright. Copyright explicitly relates to the right to distribute copies, not the actual copying itself - something the **AA's routinely ignore in their paid for legislation.

      --
      The cesspool just got a check and balance.
    18. Re:Only over my dead body by JeanCroix · · Score: 2

      Holy crap, really? I almost don't even want to own a computer any more.

    19. Re:Only over my dead body by rhalstead · · Score: 2

      I do that if it comes from Sony. I have not purchased a Sony product since the infamous root kiit. The only devices I have that will play a CD or DVD are my computers. I used to purchase around a 100 CDs and/or DVDs per year. That has gone to zero. Come to think of it, I've not watched the mainstream media or networks for close to 4 years either because of their biased reporting..and no, I'm not a conservative.

  2. Legit uses for legalized spyware by Synerg1y · · Score: 4, Insightful

    Law enforcement computers, politician's computers, government computers, homeland security computers. My bet is within a week 50% of those folks wouldn't have jobs, and 75% in a month.

    1. Re:Legit uses for legalized spyware by Solandri · · Score: 5, Interesting
      Read TFA. This would allow you to do exactly that.

      a program that is installed by or on behalf of a person to prevent, detect, investigate, or terminate activities that the person reasonably believes (i) present a risk or threatens the security, privacy, or unauthorized or fraudulent use, of a computer system, telecommunications facility, or network, or (ii) involves the contravention of any law of Canada, of a province or municipality of Canada or of a foreign state;

      So if you think a police officer, politician, or someone working at the government is breaking any law - Canadian, provincial, or foreign, you can break into their network and computers and install your rootkit and keylogger. Hackers and groups like Anonymous would simply have to claim "we broken into the system because we suspected the owner was violating Moldavian law" or something like that, and they'd be in the clear.

    2. Re:Legit uses for legalized spyware by dryeo · · Score: 3, Insightful

      Probably everyone is breaking a foreign states laws, just think of Saudi Arabia and its insane laws.

      --
      https://en.wikipedia.org/wiki/Inverted_totalitarianism
    3. Re:Legit uses for legalized spyware by Khashishi · · Score: 3, Insightful

      Probably everyone is breaking US laws. Who the hell knows all of them?

  3. Dear CCC et al by gignac.adam · · Score: 2

    Screw off. Sincerely, Canadians.

    1. Re:Dear CCC et al by jxander · · Score: 4, Funny

      ... without an immediate apology? Are you sure that you're Canadian?

      --
      This signature is false.
    2. Re:Dear CCC et al by gstoddart · · Score: 4, Funny

      OK, how's this ... Dear CCC et all, we're sorry to hear you're a bunch of ignorant douchebags who feel it should be your right to install crap onto our computers. Screw off. Sincerely, Canadians. Have a nice day.

      --
      Lost at C:>. Found at C.
  4. I reserve the right to install and recommend Linux by overmoderated · · Score: 2

    On every machine I find.

  5. Open Source by DaMattster · · Score: 4, Insightful

    This makes a good argument for using open source. Removing a secret rootkit is a lot easier when the underlying layers of the operating system aren't obscured. I'll be this goes nowhere. Either that or proprietary OS vendors suffer sales losses as people flock to Linux and *BSD

    1. Re:Open Source by fredprado · · Score: 5, Interesting

      Only if you or anyone whom you trust can read code. That is not so hard to find. Open source is open for all, and chances are that anything fishy inserted in open source software will be detected by someone and the whistle will be blown.

  6. Are we in China or some place like it? by Maow · · Score: 5, Insightful

    It's getting pretty hard to differentiate between living in North America under corporate controlled government and China under government controlled corporatism.

    If only there were a similarity that I could put my finger on, it seems there is but it escapes me.

    I guess we'll see how similar if this passes. I doubt it will, but it indicates we have more in common that I'm comfortable with. Hell, just the fact that this has been proposed is a lot more egregious than I'd have ever imagined possible just a few years ago.

    1. Re:Are we in China or some place like it? by overmoderated · · Score: 4, Insightful

      It's getting pretty hard to differentiate between living in North America under corporate controlled government and China under government controlled corporatism.

      Different control mechanisms, same goal.

  7. Happened already here. by Anonymous Coward · · Score: 5, Interesting

    My own computer running Windows 7 was hacked in a drive-by when I visited a website (didn't download anything), and the drive began spinning wildly. The router logs showed connections to the Dutch anti-piracy group, BREIN. If it's not currently legal, it isn't stopping them.

    1. Re:Happened already here. by mug+funky · · Score: 2

      you quite possibly caught Anonymous' latest ddos weapon...

  8. Re:How about killing obsolete business? by jxander · · Score: 2

    Money, my dear boy. (best spoken aloud with a posh British accent)

    Why should the powers that be do anything logical, if logic dictates that they make less money? They'll gladly spend millions to ensure their archaic practices are retained as long as it takes to recoup the millions they spent ... with interest.

    --
    This signature is false.
  9. How ridiculous? by lorinc · · Score: 3, Insightful

    How far all thess jokes will go until we decide collectively for a stop, and just throw all those IP crap out the window?

    --
    Video of some good progressive thrash music
  10. Sure - no problem by Eristone · · Score: 4, Funny

    I say absolutely. As long as part of the law is continuous video surveillance of all executives of the companies that install the spyware. (Bedroom, bathroom, mistress' place, hotel room, etc.) And their families. And it has to be accessible by any Canadian citizen to do with as they please at any time.

  11. I'm not going to apt-get it. by scorp1us · · Score: 2

    Not even if it is open source.

    --
    Slashdot's rate-of-post filter: Preventing you from posting too many great ideas at once.
  12. Re:Hang them. Problem solved. by overmoderated · · Score: 2

    Brutal, but effective.

  13. nobody ever won a war with their customers by Presto+Vivace · · Score: 5, Insightful

    It is amazing that corporations do not recognize this simple truth.

  14. With the Current Canadian Administration... by IonOtter · · Score: 2

    ...these so-called "business groups" will get everything they're asking for. With extra tongue.

    The U.S. administration has probably given this up long ago, we just haven't heard about it yet.

    --
    [End Of Line]
  15. Only One Appropriate Response by Scarletdown · · Score: 4, Insightful

    The only appropriate response to such a request is, "Go fuck yourself."

    --
    This space unintentionally left blank.
  16. Re:Hang them. Problem solved. by VitaminB52 · · Score: 4, Interesting
    I dislike your solution for the problem.

    However, I hate the problem more than I dislike the solution.

  17. Re:I reserve the right to install and recommend Li by denmarkw00t · · Score: 5, Insightful

    That doesn't solve the problem, though - more and more people are using Linux on a regular basis, and while they are shielded from a good majority of threats seen on Windows, it doesn't meant that 1) there isn't spyware that can affect them and 2) that they would know how to lock down their systems just because they have an OS more capable of being finely-tuned and locked down. Don't mistake a great tool for a great carpenter.

  18. Re:How about killing obsolete business? by TheGratefulNet · · Score: 2

    I don't, for a minute, believe this is there for the business guys.

    more and more, government does an end-run around laws by having a company do its dirty work and then contracting to the company. we see this a lot in lots of areas, where it would be 'bad' if the gov directly did X, but if they were clean-hands and did not do X directly, they can escape the laws.

    this is what I worry the most about. not sony or some stupid company but the fact that this lets governments who are out of control (ie, all modern ones) skirt the laws that are supposed to ensure a just and lawful society, where we could trust our leaders to look out for our interests.

    don't look one step ahead, look two steps and you'll agree that this is not just possible but a standard MO.

    --

    --
    "It is now safe to switch off your computer."
  19. Re:Hang them. Problem solved. by leonardluen · · Score: 2

    But it doesn't work on vampires.

  20. 5 years too late by TheSkepticalOptimist · · Score: 3, Funny

    I don't use a PC for copyright infringement anymore.

    --
    I haven't thought of anything clever to put here, but then again most of you haven't either.
  21. Damages by boristdog · · Score: 3, Interesting

    And when the software inevitably bricks a few thousand (or hundred thousand, or million) devices and people lose untold billions worth of data...Will these companies be required to provide just compensation since no EULA was even clicked?

    How much are those lost photos of a couple's new baby worth to them, anyway?

  22. Re:An IP address doesn't identify a person by LoRdTAW · · Score: 2

    I imagine if the computer had a webcam, they would snap a picture along with the infringement evidence.

    CAD **AA Lawyer: Your honor, ladies and gentlemen of the jury, if we examine exhibit A you will see that at on November 12th 2014, at 11:24 PM Sally Smith visited a known website which engages in piracy or illegal downloading if you will. She downloaded what is called a torrent file which enabled the defendant to download an illegal copy of Star Trek: Into the Darkness. From that illegal copy our "copyright law enforcement software" logged that seventeen copies were uploaded to other users. We are seeking damages equal to the cost of making the film, squared.

    Judge: what proof do you have that it was in fact Sally Smith who was actively engaging in the heinous crime of illegally downloading a precious piece of Hollywood?

    CAD **AA Lawyer: Your honor, our "copyright law enforcement software" detected the presence of a web camera which allowed us to record the user as she committed the crime. Article 5 paragraph 34 of the Canadian copyright enforcement act explicitly allows us the right to enable remote viewing of criminal behaviour once it is detected.

    Judge: proceed.

  23. These exceptions would legalize hacking in Canada by Eightbitgnosis · · Score: 3, Insightful

    http://tinyurl.com/9wpxjg6 Page 11-12

    These exceptions they are asking for are so very broad. Take a look this exception they're seeking,

    (a) a program that is installed by or on behalf of a person to prevent, detect, investigate, or terminate activities that the person reasonably believes (i) present a risk or threatens the security, privacy, or unauthorized or fraudulent use, of a computer system, telecommunications facility, or network,

    Do you believe the RIAA poses a reasonable threat to your privacy from their new rootkits? Well then it seems, under this law, you could install a trojan horse on their computer, read their files, and then crash programs that might end up help the RIAA from violating your privacy...Like Windows

  24. Re:Great by Em+Adespoton · · Score: 4, Insightful

    This raises a very valid point: once this spyware is on a system, it'll be trivial for malware authors to co-opt the malware to steal data for their own use. Not to mention, the temptation for PRIVATE GROUPS to misuse information lifted from private citizens in secret is huge.

    Luckily, this goes against Canadian Privacy law in so many ways, I don't see how even the Conservative government could succeed in ramming this through.

  25. Re:Hang them. Problem solved. by jamiesan · · Score: 2

    Hangin's too good for 'em. Burnin's too good for 'em...

  26. Re:I reserve the right to install and recommend Li by the+eric+conspiracy · · Score: 2

    I have a drill press in my garage for dealing with such defective equipment.

  27. Re:An IP address doesn't identify a person by VitaminB52 · · Score: 2
    If there is spyware on a machine, doing it's dirty thing without the users knowledge or consent, then any piece of event logging, keystroke logging or pictures taken is suspect. It could be produced by the user, by other spyware, or by a hacker with access to the machine.

    The very fact that the 'evidence' is collected by spyware is full evidence that spyware is performing activities the user is unaware about. It implicitely proofs the machine is not under full user control. It therefore proofs not all actions performed at the machine are endorsed by the user.

    Since one piece of spyware/malware managed to get installed on the computer means users anti virus and anti malware software is not up to its task. If that is the case, then the installation of other spyware/malware packages is very likely. Meaning there is reasonable doubt about who or what did a download.
    And you can not convict a suspect if there is reasonable doubt - not yet anyway.

  28. Vote with your wallets by Tool+Man · · Score: 4, Insightful

    Simply stop buying their crap, there are alternatives. I think the choices will start to become more apparent to the masses over time, and the losers will be those depending on unsupportable business models.

    Consider: You can buy DRM-free music, today, where they make no attempt to lock it to specific devices. Emusic is one, and Magnatune is another. In the latter case, you are even encouraged to share your purchase in limited amounts, and there's also free streaming if you are OK with the per-song nag message. Non-lossy formats are supported too, and they go for quality content instead of large amounts of crap. (Yeah, preaching here, but I just bought a lifetime membership.)

    In TV/movie terms, Netflix has just released a season of a series, "House of Cards", that *they* produced. Screw Sony and their ilk, this is produced and distributed without their help. I'm hoping this gives big media companies a shocking wheeze, where it's apparent even to them that they're becoming irrelevant.

  29. Re:Hang them. Problem solved. by WillAffleckUW · · Score: 2

    But it doesn't work on vampires.

    There is always guillotines. Those work.

    --
    -- Tigger warning: This post may contain tiggers! --
  30. Re:Pirivacy? by Nostromo21 · · Score: 2

    I thought he was going for pyrrhivacy, as in pyrrhic privacy :)