Sony Rootkit Redux: Canadian Business Groups Lobby For Right To Install Spyware 240
An anonymous reader writes "Michael Geist reports
that a coalition of Canadian industry groups, including the Canadian
Chamber of Commerce, the Canadian Marketing Association, the
Canadian Wireless Telecommunications Association and the
Entertainment Software Association of Canada, are demanding
legalized spyware for private enforcement purposes. The potential
scope of coverage is breathtaking: a software program secretly
installed by an entertainment software company designed to detect or
investigate alleged copyright infringement would be covered by this
exception. This exception could potentially cover programs designed
to block access to certain websites (preventing the contravention of
a law as would have been the case with SOPA), attempts to access
wireless networks without authorization, or even keylogger programs
tracking unsuspecting users (detection and investigation)."
Only over my dead body (Score:5, Interesting)
will you be installing your spyware on my computer.
Re:Only over my dead body (Score:4, Insightful)
If I find that someone (Person or corporate entity.) has installed software on MY computer without my explicit permission, they will be explaining to law enforcement why they think they have the right.
Re:Only over my dead body (Score:5, Insightful)
And therein lies the problem. "Oh, but the law permits them to".
Stallman saw this shit coming decades ago, sadly he's right :x
Re:Only over my dead body (Score:5, Insightful)
In which case, the only option is to not buy the spyware-infested product. Since the spyware is secret, there's no way to tell which disks are infected and which are not. The only safe alternative is to avoid buying any official content what so ever. The industry will drive any previously paying customers that give two s**** about their privacy to turn to the "piracy" avenue of acquiring content.
The contortions the industry goes through to reach out and nail their own coffin shut are quite impressive.
Re:Only over my dead body (Score:5, Insightful)
blueray runs 'mobile code' when it starts the disc.
for that reason (a big one) I refuse to buy BD discs or even support the business model with recorders/players.
I can't know what they run and it could be harmful. I refuse to play that game.
Re:Only over my dead body (Score:4, Interesting)
Re: (Score:3)
In which case, the only option is to not buy the spyware-infested product. Since the spyware is secret, there's no way to tell which disks are infected and which are not. The only safe alternative is to avoid buying any official content what so ever.
I suspect Antivirus/anti-spyware companies (smaller ones, foreign ones) will provide methods of de-installing the spyware. With fewer and fewer software packages being delivered on disk, you just about have to install downloaded software in a clean room to to inspect it.
Re: (Score:2)
I suspect Antivirus/anti-spyware companies (smaller ones, foreign ones) will provide methods of de-installing the spyware.
Cracking groups like Razor1911 et al might get into the game as well. And as always, the folks who buy the legit software will end up worse off than the people who don't pay for it.
Re:Only over my dead body (Score:5, Insightful)
Then they'll pass a law where providing tools to remove spyware will get you a 5 year prison sentence.
Re: (Score:2)
Then they'll pass a law where providing tools to remove spyware will get you a 5 year prison sentence.
But preventing the installation of spyware is a totally different thing. Beside, you are talking about Canada here, not Australia.
Re:Only over my dead body (Score:4)
Re: (Score:3)
Re: (Score:2)
This will spawn an entirely new term:
Pirivacy. Those who practice it will be Silicon Pirites :D
I can see CMA and ESAC being behind this, but the Canadian Wireless Telecommunications Association is food for thought... if they're behind it, that means we're talking about legal spyware on smartphones. Bundled by the carriers. Sound familiar? Unless you don't use a smartphone, these groups just did an end-run around your privacy with this proposal.
Basically, the groups advocating this, if they were allowed
Re: (Score:3)
I thought he was going for pyrrhivacy, as in pyrrhic privacy :)
Re:Only over my dead body (Score:5, Interesting)
Who says they have to distribute the spyware with paid products? They might simply pay computer manufacturers to include it, similar with drivers (closed source GFX card drivers for Linux?) or any other products. They wouldn't need to ask you or even tell you. They might even be able to have such software installed on the BIOS level with every motherboard sold if they pay the manufacturers enough money. I can't see of any way to avoid it if they're legally allowed to.
Re: (Score:2)
It won't be long before interested parties find out what hosts the spyware reports to, then that information will become public. Anti-malware suppliers can either provide an option to remove said spyware, or at the very least, block it at the nearest firewall. Hell, anyone with half a brain can just add a 127.0.0.1 entry to the HOSTS file.
Re: (Score:3)
If it's from the manufacture the drivers can bypass the hosts file and communicate directly with the network card if they wanted/needed to. You'd have to have an external firewall monitoring and blocking said traffic. Chances are the software would turn in Diablo 3 like, where you had to have an internet connection for it to work at all in the first place.
Re: (Score:3)
I also don't see a real potential for them to hurt themselves with this. Doesn't any EULA already grant them the "consent" they'd need to install spyware?
Re:Only over my dead body (Score:5, Informative)
The Department of Justice certainly remembers the Sony Rootkit. Remember, this rootkit found its way ont a great many government computers, which had to be cleaned by government IT staff, and was recent enough that there was already laws about that. Sony was fined enough for investors to notice, and punish the leadership, but the DoJ also said: do this again and Sony will no longer be a going concern in the US.
Any new spyware/rootkit product, even if intended only for the Canadian market, could also easily make its way onto US federal government computers, and the DoJ made it clear at the time that it wasn't just Sony they were warning - any company pulling this stunt again would cease to exist within the US. Apparantly the govenment's love for corporation does not reach quite so far as overlooking putting spyware on government networks (especially the DoJs own network) - so we've got that going for us.
Re: (Score:2)
The Canadian government wouldn't put up with spyware being on their devices either though they would love it on the oppositions devices. This may be the carrot that gets it passed, this government is the most undemocratic government in memory, don't even call themselves the Government of Canada anymore, just Harpers government.
There will probably be a disable switch only known to the government and shared with friendly governments which hopefully will leak out.
Re:Only over my dead body (Score:4, Insightful)
Re: (Score:3, Insightful)
Unless they're backed by law enforcement, at which point they'll be explaining nothing.
That's the point.
These agencies are trying to legalize computer-rape, so that when they bend you over, you've no recourse but to take it and pray for a reach around
Re: (Score:2)
Then they can try to explain it to me. That will not be a pleasant conversation.
Re:Only over my dead body (Score:5, Insightful)
If these laws (or any like them) are allowed to pass, the explanation will be "we installed it because the law permits it, any further harassment by you will result in fines and jail time."
That's why it's important to spread the knowledge now, well in advance. That's why it was so important for sites like Wikipedia to stage the blackout in defiance of SOPA/PIPA last year. Raise awareness BEFORE the laws are passed. Because once they are, digging the hooks out will be an extremely painful process.
Look at the Bright Side (Score:2)
When they do install it on your computer, you will know who to hunt down and kill.
Re: (Score:2)
Just for their own good, of course.
Re: (Score:2)
It seems to me this law allows that.
After all corps are people too. And we certainly have reason to believe they are breaking laws.
hello, anonymous? got targets (Score:2)
spend some time up in .ca land, leave a message.
thank you.
Re: (Score:2)
I disagree, the right sentense is:
"Over YOUR dead body, will you be installing spyware on my computer"
Re: (Score:2)
Legit uses for legalized spyware (Score:5, Insightful)
Law enforcement computers, politician's computers, government computers, homeland security computers. My bet is within a week 50% of those folks wouldn't have jobs, and 75% in a month.
Re: (Score:2)
Those agencies install their own.
Re:Legit uses for legalized spyware (Score:5, Interesting)
So if you think a police officer, politician, or someone working at the government is breaking any law - Canadian, provincial, or foreign, you can break into their network and computers and install your rootkit and keylogger. Hackers and groups like Anonymous would simply have to claim "we broken into the system because we suspected the owner was violating Moldavian law" or something like that, and they'd be in the clear.
Re:Legit uses for legalized spyware (Score:4, Insightful)
Probably everyone is breaking a foreign states laws, just think of Saudi Arabia and its insane laws.
Re:Legit uses for legalized spyware (Score:4, Insightful)
Probably everyone is breaking US laws. Who the hell knows all of them?
Re: (Score:2)
Dear CCC et al (Score:2)
Re:Dear CCC et al (Score:5, Funny)
Re:Dear CCC et al (Score:5, Funny)
OK, how's this ... Dear CCC et all, we're sorry to hear you're a bunch of ignorant douchebags who feel it should be your right to install crap onto our computers. Screw off. Sincerely, Canadians. Have a nice day.
I reserve the right to install and recommend Linux (Score:2)
Re:I reserve the right to install and recommend Li (Score:5, Insightful)
That doesn't solve the problem, though - more and more people are using Linux on a regular basis, and while they are shielded from a good majority of threats seen on Windows, it doesn't meant that 1) there isn't spyware that can affect them and 2) that they would know how to lock down their systems just because they have an OS more capable of being finely-tuned and locked down. Don't mistake a great tool for a great carpenter.
Re: (Score:2)
And Linux, just as OSX and Windows, often assigns the root password to the first user's password - OEMs used to add their own passwords (at least on some Windows boxes I've used), but it seems they stopped after there was a bunch of "WTF is an Administrator Password? Try Kitties123" I'm thankful for it when I work on someone else's computer, while simultaneously cringing that an entire machine is at the mercy of "stormclouds1"
Still, security ultimately falls on the user - to make an OS stronger we inevitabl
Re: (Score:2)
And Linux, just as OSX and Windows, often assigns the root password to the first user's password
I have NEVER seen a distro do this and I've worked with Ubuntu, Fedora, Arch, Debian, Mint, FreeBSD* and more. Unless you meant "sudo", but that is NOT root's password.
* Not technically Linux, but uses almost identical security design.
Re: (Score:2)
Watch out for those Windows 8/RT ARM-based machines. Not possible without money going to Microsoft for a key.
Re: (Score:3)
I have a drill press in my garage for dealing with such defective equipment.
Open Source (Score:5, Insightful)
Re: (Score:2)
Oh... if only.
I'm just waiting for them to come to the conclusion that running such OS's is "circumventing" the so-called "digital protections" (aka rootkits, spyware, etc) they have put in place, and thus illegal under the anti-circumvention provisions of Bill-C32.
Re: (Score:2)
Exactly.
Making it (spyware, malware which stops your PC from doing unapproved things, etc) legal isn't enough, if people can fight it by disabling it, removing it, etc.
If the law won't stop it, but people can, the companies pushing for this gain nothing.
So they have to make it illegal for people to fight against. Claim a property right in the software or an anti-circumvention prohibition and say people fighting it are interfering with property and/or circumventing protections.
Re: (Score:2)
Re:Open Source (Score:5, Interesting)
Re: (Score:2)
True, but that is just one more argument for going to Linux or something.
Even if the users inserted on of these companies disks, the spyware on those disks is heavily dependent on Windows.
Its doubtful they even have a linux version. If they do, the community will discover it in short order even if they try to install
via binary blobs. Word will spread.
Re: (Score:2)
Are we in China or some place like it? (Score:5, Insightful)
It's getting pretty hard to differentiate between living in North America under corporate controlled government and China under government controlled corporatism.
If only there were a similarity that I could put my finger on, it seems there is but it escapes me.
I guess we'll see how similar if this passes. I doubt it will, but it indicates we have more in common that I'm comfortable with. Hell, just the fact that this has been proposed is a lot more egregious than I'd have ever imagined possible just a few years ago.
Re:Are we in China or some place like it? (Score:4, Insightful)
It's getting pretty hard to differentiate between living in North America under corporate controlled government and China under government controlled corporatism.
Different control mechanisms, same goal.
Re: (Score:2)
Indeed, I spent the last year living in China. And it was really disturbing how quickly I got used to having no say at all in anything. It's no wonder that most Americans are so complacent. I only hope that the Canadians are smart enough to avoid that. I wouldn't mind moving to BC and taking my trade craft with me.
How about killing obsolete business? (Score:2)
Re: (Score:3)
Money, my dear boy. (best spoken aloud with a posh British accent)
Why should the powers that be do anything logical, if logic dictates that they make less money? They'll gladly spend millions to ensure their archaic practices are retained as long as it takes to recoup the millions they spent ... with interest.
Re: (Score:3)
I don't, for a minute, believe this is there for the business guys.
more and more, government does an end-run around laws by having a company do its dirty work and then contracting to the company. we see this a lot in lots of areas, where it would be 'bad' if the gov directly did X, but if they were clean-hands and did not do X directly, they can escape the laws.
this is what I worry the most about. not sony or some stupid company but the fact that this lets governments who are out of control (ie, all moder
Re: (Score:2)
Happened already here. (Score:5, Interesting)
My own computer running Windows 7 was hacked in a drive-by when I visited a website (didn't download anything), and the drive began spinning wildly. The router logs showed connections to the Dutch anti-piracy group, BREIN. If it's not currently legal, it isn't stopping them.
Re: (Score:3)
you quite possibly caught Anonymous' latest ddos weapon...
Let's not blame ALL Canadians, shall we? (Score:2)
This is just a case of bureaucrats being bureaucrats as usual and common sense taking a back seat.
There are plenty of level-headed folks with a tenacity for doing what's right up there in moose country that will fight this tooth and nail (Theo comes to mind). At most, this will cause a whole lot of noise a la SOPA and eventually get dumped.
Besides, the anti-spam legislation, I hear, is quite popular. More than this rubbish is popular with law enforcement.
Re: (Score:2)
How ridiculous? (Score:4, Insightful)
How far all thess jokes will go until we decide collectively for a stop, and just throw all those IP crap out the window?
Sure - no problem (Score:5, Funny)
I say absolutely. As long as part of the law is continuous video surveillance of all executives of the companies that install the spyware. (Bedroom, bathroom, mistress' place, hotel room, etc.) And their families. And it has to be accessible by any Canadian citizen to do with as they please at any time.
I'm not going to apt-get it. (Score:3)
Not even if it is open source.
Re: (Score:2)
In Soviet Kanada, Corporate Spyware apt-gets you!
They'll just send someone by to install it:
Ding-Dong! "Hi, I'm from your local utilities, I'm here to read your power meter, check your gas meter, and install our Corporate Spyware for you."
Easy in Canada . . . nobody bothers to lock their front doors.
Re: (Score:2)
Sure after I comment out everything between { and } in int main(int arc, car*argv[])
Re: (Score:2)
Legal definition of 'behalf' (Score:2)
nobody ever won a war with their customers (Score:5, Insightful)
With the Current Canadian Administration... (Score:3)
...these so-called "business groups" will get everything they're asking for. With extra tongue.
The U.S. administration has probably given this up long ago, we just haven't heard about it yet.
Only One Appropriate Response (Score:5, Insightful)
The only appropriate response to such a request is, "Go fuck yourself."
5 years too late (Score:4, Funny)
I don't use a PC for copyright infringement anymore.
Damages (Score:4, Interesting)
And when the software inevitably bricks a few thousand (or hundred thousand, or million) devices and people lose untold billions worth of data...Will these companies be required to provide just compensation since no EULA was even clicked?
How much are those lost photos of a couple's new baby worth to them, anyway?
These exceptions would legalize hacking in Canada (Score:4, Insightful)
These exceptions they are asking for are so very broad. Take a look this exception they're seeking,
(a) a program that is installed by or on behalf of a person to prevent, detect, investigate, or terminate activities that the person reasonably believes (i) present a risk or threatens the security, privacy, or unauthorized or fraudulent use, of a computer system, telecommunications facility, or network,
Do you believe the RIAA poses a reasonable threat to your privacy from their new rootkits? Well then it seems, under this law, you could install a trojan horse on their computer, read their files, and then crash programs that might end up help the RIAA from violating your privacy...Like Windows
Re: (Score:2)
I doubt the courts will accept that argument even if it plainly written in the law. Only sufficiently rich corporations are allowed to install rootkits.
Cross platform availibility? (Score:2)
I hope they provide the source to their security software or at least port it so it can run on on Linux/BSD. I want to continue to legally be able to watch DVD's and BluRay movies/TV shows on my Linux HTPC.
Re: (Score:2)
Well, they could just push an update to a BR player to be a packet sniffer.
Naw... (Score:2)
They wanna do WHAT now?
I'm starting to think it's going to take some heads on pikes before they get the message. And every day it seems more likely I'll see such in my lifetime.
I don't know about you all, but I'm putting some money in guillotine futures.
Re: (Score:2)
I don't know about you all, but I'm putting some money in guillotine futures.
So you'll make money even if the gov't wins and executes all the people it doesn't like.
Win-win. (in a way)
Vote with your wallets (Score:5, Insightful)
Simply stop buying their crap, there are alternatives. I think the choices will start to become more apparent to the masses over time, and the losers will be those depending on unsupportable business models.
Consider: You can buy DRM-free music, today, where they make no attempt to lock it to specific devices. Emusic is one, and Magnatune is another. In the latter case, you are even encouraged to share your purchase in limited amounts, and there's also free streaming if you are OK with the per-song nag message. Non-lossy formats are supported too, and they go for quality content instead of large amounts of crap. (Yeah, preaching here, but I just bought a lifetime membership.)
In TV/movie terms, Netflix has just released a season of a series, "House of Cards", that *they* produced. Screw Sony and their ilk, this is produced and distributed without their help. I'm hoping this gives big media companies a shocking wheeze, where it's apparent even to them that they're becoming irrelevant.
How about this tradeoff: (Score:2)
Re: (Score:2)
Re: (Score:3)
But it doesn't work on vampires.
Re:Hang them. Problem solved. (Score:5, Interesting)
However, I hate the problem more than I dislike the solution.
Re: (Score:2)
Re: (Score:2)
The french had a good solution for politicians that got out of hand....... :) [wordpress.com]
Old solution to a modern problem
Re: (Score:2)
Re: (Score:2)
I dunno, I hear that sunshine is the best disinfectant and they haven't gotten around to charging for that yet.
Re: (Score:2)
Spyware like this can prove that someone did indeed commit acts of copyright infringement as alleged.
No, it can't. Since the TFA talks about "a group of 13 industry associations", we would get every one of these industry associations to install it's own spyware package on your machine.
So if copyrights were to be infringed from your machine, who can prove that YOU were to one to do it, and not one of the spyware packages? All one can prove is that it happened from your machine, not WHO or WHAT did it. A compromised system is by definition out of your control.
Re: (Score:3)
I imagine if the computer had a webcam, they would snap a picture along with the infringement evidence.
CAD **AA Lawyer: Your honor, ladies and gentlemen of the jury, if we examine exhibit A you will see that at on November 12th 2014, at 11:24 PM Sally Smith visited a known website which engages in piracy or illegal downloading if you will. She downloaded what is called a torrent file which enabled the defendant to download an illegal copy of Star Trek: Into the Darkness. From that illegal copy our "copyrigh
Re: (Score:2)
Max damages in Canada are $5000 for all your piracy ever.
That means they can only sue you in small claims court.
If you go to small claims by yourself and the other guy sends a dozen lawyers, the judge will almost always find in favour of the guy by himself. A really good judge will take 50+ hours to do so in order to mess up the team of lawyers.
Also I have electrical tape over my laptop's camera.
Re: (Score:3)
The very fact that the 'evidence' is collected by spyware is full evidence that spyware is performing activities the user is unaware about. It implicitely proofs the machine is not under full user control. It therefore proofs not all acti
Re: (Score:2)
All the picture proofs is that said user was using the computer at a certain point in time. It doesn't proof the user was doing the download of the copyrighted material. If there was other spyware running at the computer, then that other piece of spyware could be performing the download. All recorded keystrokes
Re: (Score:2)
Spyware like this can prove that someone did indeed commit acts of copyright infringement as alleged.
Having police officers break into someone's house at night, unannounced and without warrant, can prove that someone did indeed commit whatever crimes they're accused of. While they're in there, might just find a few more crimes to accuse them of.
We wouldn't for a second tolerate this level of intrusion in meat-space... why is it permissible on computers?
Re: (Score:2)
Spyware could theoretically also use Tor nodes to report your real IP to authorities, or the *AA.
i fail to see how TOR will save us if the spyware/keylogger is installed on your computer.
Re:Great (Score:4, Insightful)
This raises a very valid point: once this spyware is on a system, it'll be trivial for malware authors to co-opt the malware to steal data for their own use. Not to mention, the temptation for PRIVATE GROUPS to misuse information lifted from private citizens in secret is huge.
Luckily, this goes against Canadian Privacy law in so many ways, I don't see how even the Conservative government could succeed in ramming this through.
Re: (Score:2)
Once the Conservative government considers the usefulness of this software on the oppositions computers and the usefulness of it on voters computers so they know how to target those voters they'll ram it through.
Re: (Score:2)
I'm not a big supporter of gun rights here in the US but it just occurred to me that now I understand the argument that 'only people that have guns will be the criminals'.
In this case, the only people with rootkits installed on their machines will be the law abiding citizens.
PS: I assume they'll also make it illegal to remove a rootkit, so people that just care about their privacy instantly become criminals too.
They already did. [wikipedia.org]