Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Canada Businesses Privacy Security Spam Your Rights Online News

Sony Rootkit Redux: Canadian Business Groups Lobby For Right To Install Spyware 240

An anonymous reader writes "Michael Geist reports that a coalition of Canadian industry groups, including the Canadian Chamber of Commerce, the Canadian Marketing Association, the Canadian Wireless Telecommunications Association and the Entertainment Software Association of Canada, are demanding legalized spyware for private enforcement purposes. The potential scope of coverage is breathtaking: a software program secretly installed by an entertainment software company designed to detect or investigate alleged copyright infringement would be covered by this exception. This exception could potentially cover programs designed to block access to certain websites (preventing the contravention of a law as would have been the case with SOPA), attempts to access wireless networks without authorization, or even keylogger programs tracking unsuspecting users (detection and investigation)."
This discussion has been archived. No new comments can be posted.

Sony Rootkit Redux: Canadian Business Groups Lobby For Right To Install Spyware

Comments Filter:
  • by Kardos ( 1348077 ) on Wednesday February 06, 2013 @04:23PM (#42812799)

    will you be installing your spyware on my computer.

    • by Capt.DrumkenBum ( 1173011 ) on Wednesday February 06, 2013 @04:34PM (#42812969)
      You and me both.
      If I find that someone (Person or corporate entity.) has installed software on MY computer without my explicit permission, they will be explaining to law enforcement why they think they have the right.
      • by Kardos ( 1348077 ) on Wednesday February 06, 2013 @04:40PM (#42813043)

        And therein lies the problem. "Oh, but the law permits them to".

        Stallman saw this shit coming decades ago, sadly he's right :x

        • by iksbob ( 947407 ) on Wednesday February 06, 2013 @04:51PM (#42813255)

          In which case, the only option is to not buy the spyware-infested product. Since the spyware is secret, there's no way to tell which disks are infected and which are not. The only safe alternative is to avoid buying any official content what so ever. The industry will drive any previously paying customers that give two s**** about their privacy to turn to the "piracy" avenue of acquiring content.
          The contortions the industry goes through to reach out and nail their own coffin shut are quite impressive.

          • by TheGratefulNet ( 143330 ) on Wednesday February 06, 2013 @05:00PM (#42813387)

            blueray runs 'mobile code' when it starts the disc.

            for that reason (a big one) I refuse to buy BD discs or even support the business model with recorders/players.

            I can't know what they run and it could be harmful. I refuse to play that game.

          • by icebike ( 68054 )

            In which case, the only option is to not buy the spyware-infested product. Since the spyware is secret, there's no way to tell which disks are infected and which are not. The only safe alternative is to avoid buying any official content what so ever.

            I suspect Antivirus/anti-spyware companies (smaller ones, foreign ones) will provide methods of de-installing the spyware. With fewer and fewer software packages being delivered on disk, you just about have to install downloaded software in a clean room to to inspect it.

          • This will spawn an entirely new term:

            Pirivacy. Those who practice it will be Silicon Pirites :D

            I can see CMA and ESAC being behind this, but the Canadian Wireless Telecommunications Association is food for thought... if they're behind it, that means we're talking about legal spyware on smartphones. Bundled by the carriers. Sound familiar? Unless you don't use a smartphone, these groups just did an end-run around your privacy with this proposal.

            Basically, the groups advocating this, if they were allowed

          • by mwvdlee ( 775178 ) on Wednesday February 06, 2013 @05:05PM (#42813455) Homepage

            Who says they have to distribute the spyware with paid products? They might simply pay computer manufacturers to include it, similar with drivers (closed source GFX card drivers for Linux?) or any other products. They wouldn't need to ask you or even tell you. They might even be able to have such software installed on the BIOS level with every motherboard sold if they pay the manufacturers enough money. I can't see of any way to avoid it if they're legally allowed to.

            • by dwywit ( 1109409 )

              It won't be long before interested parties find out what hosts the spyware reports to, then that information will become public. Anti-malware suppliers can either provide an option to remove said spyware, or at the very least, block it at the nearest firewall. Hell, anyone with half a brain can just add a entry to the HOSTS file.

              • If it's from the manufacture the drivers can bypass the hosts file and communicate directly with the network card if they wanted/needed to. You'd have to have an external firewall monitoring and blocking said traffic. Chances are the software would turn in Diablo 3 like, where you had to have an internet connection for it to work at all in the first place.

          • I suspect that if we limit ourselves to boycotting, we're going to lose. Most people don't remember the sony rootkit thing. In fact, I'm betting most of them didn't know it while it was a story. The word "spyware" is probably not something most consumers know about.

            I also don't see a real potential for them to hurt themselves with this. Doesn't any EULA already grant them the "consent" they'd need to install spyware?
            • by lgw ( 121541 ) on Wednesday February 06, 2013 @05:26PM (#42813725) Journal

              The Department of Justice certainly remembers the Sony Rootkit. Remember, this rootkit found its way ont a great many government computers, which had to be cleaned by government IT staff, and was recent enough that there was already laws about that. Sony was fined enough for investors to notice, and punish the leadership, but the DoJ also said: do this again and Sony will no longer be a going concern in the US.

              Any new spyware/rootkit product, even if intended only for the Canadian market, could also easily make its way onto US federal government computers, and the DoJ made it clear at the time that it wasn't just Sony they were warning - any company pulling this stunt again would cease to exist within the US. Apparantly the govenment's love for corporation does not reach quite so far as overlooking putting spyware on government networks (especially the DoJs own network) - so we've got that going for us.

              • by dryeo ( 100693 )

                The Canadian government wouldn't put up with spyware being on their devices either though they would love it on the oppositions devices. This may be the carrot that gets it passed, this government is the most undemocratic government in memory, don't even call themselves the Government of Canada anymore, just Harpers government.
                There will probably be a disable switch only known to the government and shared with friendly governments which hopefully will leak out.

        • by interkin3tic ( 1469267 ) on Wednesday February 06, 2013 @05:06PM (#42813467)
          I think you're calling it while it's still in the air though. These groups are lobbying for it. Of course they are: it's in their interests. Lobbying groups always ask for things that are in their interests, often at the expense of everyone else's. As always, the rest of us must oppose it. I saw nothing in the article suggesting it was likely to pass. Don't get discouraged yet, in other words, gear up for a fight.
      • Re: (Score:3, Insightful)

        by jxander ( 2605655 )

        Unless they're backed by law enforcement, at which point they'll be explaining nothing.

        That's the point.

        These agencies are trying to legalize computer-rape, so that when they bend you over, you've no recourse but to take it and pray for a reach around

        • Unless they're backed by law enforcement, at which point they'll be explaining nothing.

          Then they can try to explain it to me. That will not be a pleasant conversation.

          • by jxander ( 2605655 ) on Wednesday February 06, 2013 @05:16PM (#42813605)

            If these laws (or any like them) are allowed to pass, the explanation will be "we installed it because the law permits it, any further harassment by you will result in fines and jail time."

            That's why it's important to spread the knowledge now, well in advance. That's why it was so important for sites like Wikipedia to stage the blackout in defiance of SOPA/PIPA last year. Raise awareness BEFORE the laws are passed. Because once they are, digging the hooks out will be an extremely painful process.

      • When they do install it on your computer, you will know who to hunt down and kill.

    • by tonywong ( 96839 )
      I'd agree to this if only the corporations allow the people to install spyware on their board's and employee's computers to check on whether there is any malfeasance in their accounting and to watch for deviant pornography.

      Just for their own good, of course.
    • spend some time up in .ca land, leave a message.

      thank you.

    • by Yaa 101 ( 664725 )

      I disagree, the right sentense is:
      "Over YOUR dead body, will you be installing spyware on my computer"

  • by Synerg1y ( 2169962 ) on Wednesday February 06, 2013 @04:25PM (#42812827)

    Law enforcement computers, politician's computers, government computers, homeland security computers. My bet is within a week 50% of those folks wouldn't have jobs, and 75% in a month.

    • Those agencies install their own.

    • by Solandri ( 704621 ) on Wednesday February 06, 2013 @04:57PM (#42813347)
      Read TFA. This would allow you to do exactly that.

      a program that is installed by or on behalf of a person to prevent, detect, investigate, or terminate activities that the person reasonably believes (i) present a risk or threatens the security, privacy, or unauthorized or fraudulent use, of a computer system, telecommunications facility, or network, or (ii) involves the contravention of any law of Canada, of a province or municipality of Canada or of a foreign state;

      So if you think a police officer, politician, or someone working at the government is breaking any law - Canadian, provincial, or foreign, you can break into their network and computers and install your rootkit and keylogger. Hackers and groups like Anonymous would simply have to claim "we broken into the system because we suspected the owner was violating Moldavian law" or something like that, and they'd be in the clear.

  • Screw off. Sincerely, Canadians.
    • by denmarkw00t ( 892627 ) on Wednesday February 06, 2013 @05:02PM (#42813415) Homepage Journal

      That doesn't solve the problem, though - more and more people are using Linux on a regular basis, and while they are shielded from a good majority of threats seen on Windows, it doesn't meant that 1) there isn't spyware that can affect them and 2) that they would know how to lock down their systems just because they have an OS more capable of being finely-tuned and locked down. Don't mistake a great tool for a great carpenter.

    • Watch out for those Windows 8/RT ARM-based machines. Not possible without money going to Microsoft for a key.

  • Open Source (Score:5, Insightful)

    by DaMattster ( 977781 ) on Wednesday February 06, 2013 @04:28PM (#42812885)
    This makes a good argument for using open source. Removing a secret rootkit is a lot easier when the underlying layers of the operating system aren't obscured. I'll be this goes nowhere. Either that or proprietary OS vendors suffer sales losses as people flock to Linux and *BSD
    • by mark-t ( 151149 )

      Oh... if only.

      I'm just waiting for them to come to the conclusion that running such OS's is "circumventing" the so-called "digital protections" (aka rootkits, spyware, etc) they have put in place, and thus illegal under the anti-circumvention provisions of Bill-C32.

      • Exactly.

        Making it (spyware, malware which stops your PC from doing unapproved things, etc) legal isn't enough, if people can fight it by disabling it, removing it, etc.

        If the law won't stop it, but people can, the companies pushing for this gain nothing.

        So they have to make it illegal for people to fight against. Claim a property right in the software or an anti-circumvention prohibition and say people fighting it are interfering with property and/or circumventing protections.

  • by Maow ( 620678 ) on Wednesday February 06, 2013 @04:30PM (#42812905) Journal

    It's getting pretty hard to differentiate between living in North America under corporate controlled government and China under government controlled corporatism.

    If only there were a similarity that I could put my finger on, it seems there is but it escapes me.

    I guess we'll see how similar if this passes. I doubt it will, but it indicates we have more in common that I'm comfortable with. Hell, just the fact that this has been proposed is a lot more egregious than I'd have ever imagined possible just a few years ago.

    • by overmoderated ( 2703703 ) on Wednesday February 06, 2013 @04:41PM (#42813059)

      It's getting pretty hard to differentiate between living in North America under corporate controlled government and China under government controlled corporatism.

      Different control mechanisms, same goal.

    • Indeed, I spent the last year living in China. And it was really disturbing how quickly I got used to having no say at all in anything. It's no wonder that most Americans are so complacent. I only hope that the Canadians are smart enough to avoid that. I wouldn't mind moving to BC and taking my trade craft with me.

  • Instead of legalizing a practice that would otherwise be illegal to protect obsolete businesses, why not legalize a practice that is otherwise illegal to rid ourselves of those obsolete businesses?
    • Money, my dear boy. (best spoken aloud with a posh British accent)

      Why should the powers that be do anything logical, if logic dictates that they make less money? They'll gladly spend millions to ensure their archaic practices are retained as long as it takes to recoup the millions they spent ... with interest.

    • I don't, for a minute, believe this is there for the business guys.

      more and more, government does an end-run around laws by having a company do its dirty work and then contracting to the company. we see this a lot in lots of areas, where it would be 'bad' if the gov directly did X, but if they were clean-hands and did not do X directly, they can escape the laws.

      this is what I worry the most about. not sony or some stupid company but the fact that this lets governments who are out of control (ie, all moder

      • The companies aren't doing these favors out of the goodness of their hearts of their patriotic duties. They are getting something out of it, whether they are literally being paid to do so, getting legislation in exchange, good favor from the government, etc. Also, it's worth noting that a lot of government action is at the behest of corporations, typically in actions that the corporations couldn't legally do themselves, but occasionally actions that would be legal, but expensive.
  • by Anonymous Coward on Wednesday February 06, 2013 @04:31PM (#42812921)

    My own computer running Windows 7 was hacked in a drive-by when I visited a website (didn't download anything), and the drive began spinning wildly. The router logs showed connections to the Dutch anti-piracy group, BREIN. If it's not currently legal, it isn't stopping them.

  • This is just a case of bureaucrats being bureaucrats as usual and common sense taking a back seat.

    There are plenty of level-headed folks with a tenacity for doing what's right up there in moose country that will fight this tooth and nail (Theo comes to mind). At most, this will cause a whole lot of noise a la SOPA and eventually get dumped.

    Besides, the anti-spam legislation, I hear, is quite popular. More than this rubbish is popular with law enforcement.

    • by Dins ( 2538550 )
      I don't think anyone's blaming Canadians in general. It's just one stupid company who needs to be smacked down, doesn't matter where they are.
  • How ridiculous? (Score:4, Insightful)

    by lorinc ( 2470890 ) on Wednesday February 06, 2013 @04:38PM (#42813011) Homepage Journal

    How far all thess jokes will go until we decide collectively for a stop, and just throw all those IP crap out the window?

  • by Eristone ( 146133 ) * <> on Wednesday February 06, 2013 @04:39PM (#42813031) Homepage

    I say absolutely. As long as part of the law is continuous video surveillance of all executives of the companies that install the spyware. (Bedroom, bathroom, mistress' place, hotel room, etc.) And their families. And it has to be accessible by any Canadian citizen to do with as they please at any time.

  • by scorp1us ( 235526 ) on Wednesday February 06, 2013 @04:41PM (#42813051) Journal

    Not even if it is open source.

    • In Soviet Kanada, Corporate Spyware apt-gets you!

      They'll just send someone by to install it:

      Ding-Dong! "Hi, I'm from your local utilities, I'm here to read your power meter, check your gas meter, and install our Corporate Spyware for you."

      Easy in Canada . . . nobody bothers to lock their front doors.

  • in Canada seems to be where the problems would stem from. Would it be considered in 'my' best interests to install software to incriminate myself?
  • It is amazing that corporations do not recognize this simple truth.
  • by IonOtter ( 629215 ) on Wednesday February 06, 2013 @04:47PM (#42813137) Homepage

    ...these so-called "business groups" will get everything they're asking for. With extra tongue.

    The U.S. administration has probably given this up long ago, we just haven't heard about it yet.

  • by Scarletdown ( 886459 ) on Wednesday February 06, 2013 @04:54PM (#42813297) Journal

    The only appropriate response to such a request is, "Go fuck yourself."

  • by TheSkepticalOptimist ( 898384 ) on Wednesday February 06, 2013 @05:07PM (#42813475)

    I don't use a PC for copyright infringement anymore.

  • Damages (Score:4, Interesting)

    by boristdog ( 133725 ) on Wednesday February 06, 2013 @05:07PM (#42813481)

    And when the software inevitably bricks a few thousand (or hundred thousand, or million) devices and people lose untold billions worth of data...Will these companies be required to provide just compensation since no EULA was even clicked?

    How much are those lost photos of a couple's new baby worth to them, anyway?

  • by Eightbitgnosis ( 1571875 ) on Wednesday February 06, 2013 @05:09PM (#42813525) Homepage [] Page 11-12

    These exceptions they are asking for are so very broad. Take a look this exception they're seeking,

    (a) a program that is installed by or on behalf of a person to prevent, detect, investigate, or terminate activities that the person reasonably believes (i) present a risk or threatens the security, privacy, or unauthorized or fraudulent use, of a computer system, telecommunications facility, or network,

    Do you believe the RIAA poses a reasonable threat to your privacy from their new rootkits? Well then it seems, under this law, you could install a trojan horse on their computer, read their files, and then crash programs that might end up help the RIAA from violating your privacy...Like Windows
    • I doubt the courts will accept that argument even if it plainly written in the law. Only sufficiently rich corporations are allowed to install rootkits.

  • I hope they provide the source to their security software or at least port it so it can run on on Linux/BSD. I want to continue to legally be able to watch DVD's and BluRay movies/TV shows on my Linux HTPC.

  • They wanna do WHAT now?

    I'm starting to think it's going to take some heads on pikes before they get the message. And every day it seems more likely I'll see such in my lifetime.

    I don't know about you all, but I'm putting some money in guillotine futures.

    • I don't know about you all, but I'm putting some money in guillotine futures.

      So you'll make money even if the gov't wins and executes all the people it doesn't like.

      Win-win. (in a way)

  • by Tool Man ( 9826 ) on Wednesday February 06, 2013 @07:00PM (#42814779)

    Simply stop buying their crap, there are alternatives. I think the choices will start to become more apparent to the masses over time, and the losers will be those depending on unsupportable business models.

    Consider: You can buy DRM-free music, today, where they make no attempt to lock it to specific devices. Emusic is one, and Magnatune is another. In the latter case, you are even encouraged to share your purchase in limited amounts, and there's also free streaming if you are OK with the per-song nag message. Non-lossy formats are supported too, and they go for quality content instead of large amounts of crap. (Yeah, preaching here, but I just bought a lifetime membership.)

    In TV/movie terms, Netflix has just released a season of a series, "House of Cards", that *they* produced. Screw Sony and their ilk, this is produced and distributed without their help. I'm hoping this gives big media companies a shocking wheeze, where it's apparent even to them that they're becoming irrelevant.

  • You can (try to) install spyware on anyone's computer without legal penalty, but people can (try to) pirate anything from your company without legal penalty. Deal?

The unfacts, did we have them, are too imprecisely few to warrant our certitude.