I have on my computer, even as I type this message, computer programs that I do not wish to have running, and which I cannot remove. I know that I also have programs running which I do not know exist (think about it) nor do I know how to remove them without being able to identify them. The constant need to expand my paging file, however, is all the proof I need of their existence. They are lodged upon my disk space and even in my active memory, and I hereby demand that the authors of the software remove them immediately or begin paying me a nominal monthly fee of $159.99 for storage.
...
Dang. It looks like I don't have a large enough legal team for that demand.
I have invested a lot of valuable resources into combatting unwanted software on my own system, and on the system my parents have at home. Fortunately I have a few tools - computer systems knowledge, experience, wisdom, patience, and Google- to help me in my fight, and I've had moderate success, but it's really infuriating that I should have to fight this hard when I did not consent to have (most) of the software placed on my computer to begin with. A little over a year ago, I consented to having adware temporarily installed upon my computer so that I could "legally" download and watch a certain anime. Hey- they claimed it was legal, and I had little incentive to argue the point. Anyway, I read the EULA. I read the whole boring, technical, dull EULA. I knew exactly what I signed on for, and I knew that the company promised the software could be fully uninstalled, including the advertising software. I uninstalled that program within a week of installing it, because it did not work properly. The media player is gone, the adware is not. To this day I receive random popups advertising anything from Dodge pickup trucks to websites where I can date wrinkled 40-year-old married women cheating on their spouses. Oh boy. The pop-ups come at any time, and I have had some of the sleazy ads present themselves on the foreground of my monitor while I've had guests in the room. The recommended solution to my problem: pay someone to professionally wipe out my hard drive, and start again from scratch. I honestly believe that Dodge should hav to foot the bill.
I've used numerous programs designed to remove malicious software, some of which are considered to be silver bullets by many. I'm still looking for one that works for my problem. I've gone into spooky portions of my computer that I did not fully understand, brought up documentation of the file system, and crossed my fingers and prayed as I deleted mysterious files with cryptic names, hoping that I was killing the problem and not my operating system.
Unfortunately, the website that originally inspired the rant shown above is now in a state of 404, however, I wanted to let you know that various companies and individuals have been suing people who make antivirus software for interfering with their buisiness. The link I provide you with points to a case where the antivirus did not specifically warn users before removing content Zango had placed on their computer. I think I've just found another powerful antivirus to try to out on my computer, yet the idea that the anti-virus software does actions without consent is frustrating. It is as though one must enlist one virus to combat another. If I take the time to read through a EULA, then shouldn't my time be rewarded by software tha does what it says it does, and does not do what it does not claim to do? As my ranting continues, I am becoming more and more sympathetic toward Intel's plight in the Intel v. Hamidi (1)case. Supposedly, all of these companies that are sending me popups are trying to communicate with me. I would like the opportunity to communicate back to them, yet I do not feel that a "right to access" has been set up to allow me to trash their servers, nor am I so sure my response would not cause me to face prosecution for obscenity. Back to the focus, these companies are hoping that if they can apply enough pressure through legal action, they can force the antivirus folks to safelist any software that they make, allowing them to act without restraint upon user's systems.
I read yesterday about a case(2) in which a technician was hired to perform a software-related service for a company. He did his task, but then inserted a conditional statement into the code that would force the software to stop working after a certain number of uses. This would force the client to return and pay him for additional services to fix the problem. The judge in the civil case expressed that he felt the conduct was probably criminal in nature. Perhaps the man should have counter-sued, claiming that asking him to remove the conditional statement was interfering with HIS business interests. He certainly could demonstrate loss of revenue associated with fixing the problem properly!
What is my point and how does any of this apply to the First Amendment? Sony. Patriotic nerds have been speaking out against DRM for a while now. Some say that the right to share music is part of what it means to have a right to free speech. Others argue that DRM is ineffective, that it stifles creativity, undermines innovation, and even violates the copyright agreements put into effect when consumers purchase CD's in the marketplace. And there is a growing group of people who simply want to have their hardware back. Some of the Digital Rights Management software that Sony installs onto your computer when you use their CD's is "masked" so that anti-virus software is unlikely to detect and remove it. Quoting from the Electonic Frontier Foundation:
The software also transmits data about users to SunnComm through an Internet connection whenever purchasers listen to CDs, allowing the company to track listening habits -- even though the EULA states that the software will not be used to collect personal information and SunnComm's website says "no information is ever collected about you our your computer."
The software has many of the same properties as the notorious rootkit viruses. Through my experience trying to take adware off of my computer, I have learned that these are particuarly nasty infections, and often require system-specific methods to eliminate, if they can even be eliminated at all. In addition, Sony's software creates new gaps in the security systems of infected computers. The discovery of the rootkit-like properties in their software should have caused Sony to immediately take action to undo the damage it was doing. Thomas Hesse, President of Sony BMG's global digital business division, stated, "Most people, I think, don't even know what a rootkit is, so why should they care about it?"
I believe the rant at the beginning of this blog post hint at a few reasons why someone should care about rootkits. To demonstrate to the good man Hesse the problem, I suggest that he allow me access to his garage. I will take a mysterious, sticky substance and smear it across the nice paint job of his shiny new car. Then I will claim the sticky substance does no "damage" because if he is somehow able to remove it there will be no damage to the vehicle itself. I will dismiss any claims he makes that any attempts to remove the sticky substance will almost certainly result in damage to the paint of the car, because the substance I placed there simply added to the value of the vehicle. It did not take away the paint. His clumsy attempts at removal will take away the paint.
To their credit, the people at Sony have begun to take some action- yet it is the sort of slow, ineffective action that one can expect from a company with powerful lawyers. They have produced an uninstaller program to remove the DRM software, yet analysts are warning that the uninstaller actually creates an even larger hole in system security compared against the problems of the DRM software. The uninstaller does not even manage to uninstall the software completely.
When you combine the three facts that
1) The software is not readily removable
2) the software creates gaps in security and degrades system performance
3) the software is installed on a victim computer EVEN IF they click "NO" on the EULA
you may reach the same conclusion I have. Sony's actions are as criminal as those of Donal Lewis (2).
All of this because Sony and other companies are trying to protect their financial interests by preventing music piracy. Copyright laws are important, very important, to encourage innovation and creativity. Even with all of this ranting, I do not agree with those who feel that music piracy is protected by the First Amendment. I feel that piracy is illegal and should remain illegal.
Patent law is also important, I believe. A man named Ho Keung Tse is suing several companies who use DRM software he claims he has a patent for (3). The irony is too much for me to handle. The case is still not settled- it has been tied up for years. Tse urged for swift action to prevent these companies from using the software in question until a verdict had been returned, but his request was denied. Judging from some of the language used in the footnotes (at one point, Tse's approach is called "bizarre") it does not seem as though the man is as thoroughly versed in American law as the combined legal teams of those he is sueing. He will likely lose. The plaintiff's argument that his monetary losses would be incalculable if use of the software in question was not stopped was dismissed. This argument was dismissed, yet the record companies' argument that incalculable damage was being done by people sharing music files they claim to have proprietary rights to is taken seriously.
I realize I've been a bit wordy in this blog, so I will sum up my main points:
1. Viruses are bad.
2. I want to have control over my own system.
3. I am angry that anti-virus makers are being sued by companies that don't want their junk ads blocked.
4. Sony should be held criminally liable for installing unremovable software onto computers even after the user refuses to accept the terms of the EULA
5. I don't like the ad-hoc approach to law, and find it pitiful that filesharing sites had to be shut down while the courts decided their fate, but Apple and Sony are still permitted to use DRM software while the court is still considering what to do about Mr. Tse's claims.
6. If anybody knows a really good antivirus program, please contact me.
7. If I have to pay for an antivirus program, I want the people who have been sending me advertisements to pay the bill.
----------
1. Intel v. Hamidi. (A direct link to LexisNexis would not work here, yet I credit them as my source)
2.
Index No. 104232/ 89
CIVIL COURT OF THE CITY OF NEW YORK, NEW YORK COUNTY
155 Misc. 2d 558; 588 N.Y.S.2d 960; 1992 N.Y. Misc. LEXIS 459
3. HO KEUNG TSE, Plaintiff, v. APPLE INC., et al., Defendants.
I too, dislike viruses. Last semester I had to wipe my computer clean. All I know is, thank goodness for external hard drives!
ReplyDeleteI don't even understand how antivirus makers can even be sued by companies that don't want their ads blocked. A person has a right to buy an antivirus program and run it if they don't want the ads. It isn't as if the antivirus program is out there cleaning up a computer on its own: it takes active purchase and installation on an individual's part. And, since the computer is my property, I should be able to add or remove whatever I wish. I mean, if someone comes to my house and puts political posters in my front lawn, as it is my property I have a right to remove them, even if they believe they have a right to advertise. I guess that's a weird example but you get the idea; it's my property and I can clean up ads if I want to.
I also think it's criminal that after reading the fine print and not accepting a EULA (or accepting and then later finding out they lied one way or another) is criminal. They have EULAs for a reason; so that people know what to expect with this program. It's sad how often companies put teeny tiny little blurbs in the EULAs hoping to catch people off guard in downloading something they don't wish on their computers. Sadly, there's really nothing much we can do about it. If it's in the EULA then it's our own fault. But if not, then it should be illegal. Let's say I'm at a hospital, and had to sign a release to receive a tetanus booster shot. That doesn't mean they can just slip in a dose of flu vaccine too. It could be deadly depending on what I'm allergic too! It's the same with your computer - one silly little bug can be all it takes to open up a wide window into never-ending security breaches.
But what about their first amendment rights? Companies should have a right to advertise, but they need to do it legally. Last week, I talked about the CAN SPAM act, which requires companies sending out commercial emails to have an "opt-out" option, meaning a person must be able to unsubscribe from the email list. I think this same approach should be taken here by the courts. Bugs make it impossible sometimes to remove them or opt-out. If things are downloaded by companies without your knowledge, then if you don't know about it you can't opt out! That's why ads should stay on webpages, where people can just opt-out of even viewing the webpage if they don't wish to see that ad. If a person can't opt-out, it should be illegal.
Just a random question. Last night my roommate and I were talking about this mega April Fools Day worm. My question is, what sick person wants to cause millions of people harm by destroying their computers just for the fun of it?? I guess in some ways they can get private information and passwords, but honestly it just seems like a waste of time. Go rob a bank the old fashioned way or something...haha just kidding! I guess I'm not a criminal so I don't understand...But good luck with your computer woes!
I agree with the judge in the second case you mentioned that forcing software to stop working after a certain number of uses in order to force a client to return and pay you for additional services to fix the problem is probably criminal in nature. In fact, I would venture to say that it is definitely criminal in nature, not just “probably.” Imagine if other technicians did this: your breaks stop working x miles after getting them fixed or a hip replacement falls apart after taking x steps. While the latter two mentioned are probably more dangerous, they show the wrong and illegal quality of such an act.
ReplyDeleteGetting into your main point, the issue of having the right to share music versus violating copyright agreements put into effect when consumers purchase CDs in the marketplace is certainly a controversy.
Additionally, software that transmits data about users through an Internet connection whenever purchasers listen to CDs seems like an invasion of privacy. I would not want companies to track my listening habits, especially if I had been told that software would not be used to collect personal information.
In response to Thomas Hesse’s question of "Most people, I think, don't even know what a rootkit is, so why should they care about it?" , I could not have told you what a rootkit virus was before reading your blog. However, that does not mean that I do not care about it. Anything that is difficult to eliminate or perhaps cannot be eliminated at all would concern me. As is true for many things, what you don’t know can hurt you. I enjoyed your analogy of smearing a mysterious, sticky substance across the paint of a new car. How convenient for Sony to produce an uninstaller program that creates an even larger hole in the system security, deterring people from uninstalling. While preventing music piracy may be a worthwhile cause, it may also make Sony criminally liable.