Spy Act of 2007 = "Vendors Can Spy Act" 309
strick1226 writes "Ed Foster over at InfoWorld describes the Spy Act bill (H.R. 964) as having the same relation to the prevention of spyware that the CAN SPAM Act had to the prevention of spam. It allows exceptions for companies to utilize spyware for any number of reasons; if this bill had been law when Sony distributed their rootkit, they would have had perfect cover. Most troubling is that the bill would preempt all state laws, including those more focused on the privacy of people's data, and disallow individuals from bringing suit. It is expected to pass soon with 'strong bipartisan support.'"
Legal, not moral (Score:5, Interesting)
Re: (Score:2, Insightful)
Re:Legal, not moral (Score:5, Insightful)
>sarcasm off
When organizations have the legal cover to do junk like this, they will. No amount of moral outrage is going to stop them, unless they monitor and report some random elected official's illegal activities.
Re:Legal, not moral (Score:5, Informative)
What I'd be interested in is how this and other such spyware could be subverted, possibly with some false (and FOSS, naturally) piece of software that sends ridiculous junk to the remote servers. Sort of an anti-spyware, if you will. The best analogy I can think of off-hand would be programs like the fake SubSeven servers, that as I recall made your computer pretend to be infected with the SubSeven trojan. If you got someone connecting, you could give them a false directory tree, or press a button to blast their computer with a gazillion windows in their SubSeven client.
I think maybe a little hacktivism is called for, although naturally I would not advocate breaking any laws in the process! Oh no, sir!
Re:Legal, not moral (Score:5, Insightful)
Re:Legal, not moral (Score:4, Insightful)
a) The wants of consumers do not filter through to these corporations, and that boycotting will make no difference, or
b) These consumers don't actually know what they want, that they are blinded by corporate advertising saying they are happy when they really aren't, and that they (the person making the argument) know what these people want more than they themselves do.
It is a fact that most (if not all) corporations exist solely for the purpose of making money, and if you starve them of that, they will sit up and notice. I don't subscribe to the idea that I know what is best for other people, or that other people don't know what they want. If they want no rootkits, then they will think about it. If they don't know what a rootkit is, they probably won't notice or care. If you can't get a significant enough movement up and running (it's not like you don't have the communication equipment to set up an international boycott) then you may just have to accept that people don't care about the same things as you, and that you will have to just avoid the offending products.
Re:Legal, not moral (Score:5, Interesting)
But since we're talking about technology issues, isn't the perspective of a bunch of "smarter than your average bear" (yes, I cringed when I typed that, but it's true) geeks more relevant than joe six pack's?
What if this were a medical discussion board that tended to attract medical professionals, and we were here discussing a health issue? We would rant and rail at how the general population just doesn't understand nutrition guidelines and FDA rulings... "WHY? How could the voters and politicians let the FDA sit in the back pocket of big pharma by letting dicylatrithrithpalaphimides onto the market?", we'd bemoan.
So, I would argue that consumers tend to not know what they want, contrary to your conclusion #2. They're ignorant of the choices that they make every day -- especially in technology areas where (believe it or not),
For example, my Dad knows now that he didn't want to waste the time buying a new computer or having someone fix his current one. But since he was largely ignorant of how his online behaviors (not patching Windows, running IE, opening every attachment he received, etc.) would devastate his desktop, he did all the things that he shouldn't have done. Now he knows, and he knows because he got to experience the pain of computer catastrophe and I spent a lot of "I told you so" time educating him as to what he had been doing wrong.
As conceited as it sounds, maybe we should be a bit shocked at the technology decisions made by everyday consumers. Maybe it's justified for us to have an air of superiority when we're talking about them. Consumers don't know what rootkits are, despite the fact that they're affected by them. Look at all the people who fall for 419 scams. They're not falling victim to them because of a personal preference that relativistically is just as valid as my preference to NOT fall for them. They're doing it because they're woefully and pathetically ignorant suckers who have no clue what they're doing.
The shittiest part is that when those woeful, pathetic suckers walk into the voting booth or spend a buck to support companies that do evil so they can get the latest ass-reamingly bad hip hop CD, their opinions count just as much as mine do. I have to suffer with their dumb consumerist, political ideologue influenced choices.
Re: (Score:3, Informative)
Re:Legal, not moral (Score:5, Insightful)
I think of the report in today's news about the collapse of the housing market. We're seeing a coming depression that is unique in that it will only affect the middle class. I reflect on the anger and aggression with which my credit card company deals with me and my wife just because we pay our bill in full every month. Our banker is shocked because we have paid our mortgage and aren't interested in refinancing our home "to pay bills, take a vacation. Living within our means, not participating in the orgy of consumerism makes us the enemy of those that would see us become indentured.
Tonight I heard a news article about the lenders who give student loans. They learned that there's more money to be made from having those loans go into default than to have the borrower repay, so they actually discourage repayment. Loan payment checks "get lost" so that late fees and penalties can be levied. The Department of Education knew about the crooked practices in student loans since 1998, but with the end of the Clinton administration and the emergence of the Republican majority in Congress in 2000, the problem was ignored. Foreclosures are at an all-time high.
They want to make us the consumables. Is it worth having a 42" plasma TV if you lose your soul?
Re:Legal, not moral (Score:4, Interesting)
Re: (Score:3, Informative)
Re: (Score:3, Informative)
Re:Legal, not moral (Score:4, Insightful)
The direct money in this scenario is actually from the vendor you buy from, and is not passed on to the credit card buyer directly, but spread out among all customers of the business equally or absorbed as a cost of doing business. This is because the merchant agreement one must make to accept credit cards as payment require that credit card customers not pay a surcharge.
The vendor pays the CC company or the processing company a percentage of CC purchases (plus usually a small flat fee per transaction and a monthly fee for having the service, and sometimes an equipment rental). Since they can't charge a surcharge for CC purchases, all the customers of the vendor pay a little bit more than they would otherwise.
Re: (Score:3, Insightful)
The myth is that big business rules over us. The truth is that the only dollars they get from you are the ones you voluntarily give them. Your "soul" is in your hands. No one can take it from you without your consent. If you buy a 42" plasma TV, it is your fault. Stop blaming business for
Re: (Score:3, Interesting)
Example: Choicepoint. They make money off you without you ever doing business with anyone.
And one person's bad credit decisions can harm others. Look at how all the foreclosures are driving down the price of homes and causing homes to take longer to sell. Even if you bought your house all cash, you're affected by Joe Spendalot next door - his foreclosed home will depress your house's value when you try to sell and move.
Your myopic view is endemic of ubercapitalist and ubersocialist thinkers alike.
Re: (Score:3, Funny)
Pa
Re: (Score:3, Informative)
if so, it would have no effect on any law regarding bussiness, as a bussiness would be bound by no such restrictions.
Since no one here uses windows (Score:5, Funny)
Re:Since no one here uses windows (Score:4, Funny)
Re: (Score:3, Interesting)
A major success for Linux operating systems is because not only is Linux great (and it is.../special remark to keep the Slashdot horde from lynching me) but because Windows sucks so much. If Window was OS X all this time, I am not sure if Linux would have gained as much popular
Re:Since no one here uses windows (Score:5, Insightful)
it SEEMS that this bill gives vendor-tunnels the OK. and also it notes that they can be stealth. you know, like the sneak and peek procedures we have today.
yes, this is the electronic form of sneak and peek.
and that is why you should be afraid of this. it gives remote 'special parties', well special priviledges on YOUR BOX.
this is such a bad idea, it must have come from congress and/or special interests.
this surely has NO benefit to We, The People
Re:Since no one here uses windows (Score:5, Insightful)
Re: (Score:3, Interesting)
This will legalize the NSA Spying and more (Score:3, Insightful)
Re:This will legalize the NSA Spying and more (Score:5, Insightful)
you think you have the 'docs' to the equipment in your data comm room? are you sure? in fact, its all closed-source and there's very little you can do about it
and in fact, most people IN the comms equiment vendor don't even know about this behind-the-scenes stuff.
I'm not kidding and I'm not nuts. this isn't hard to extrapolate given how our gov is SO hell-bent on spying on its own citizens.
at this point, you do pretty much have to assume that all things you do on the net (this included) are being sniffed and if it 'hits' the right triggers, remote events can be sent or log data retrieved at will.
its basically already too late. the horses are already out of the barn. just - BE AWARE of that fact. its all you can do. just be aware.
Re:This will legalize the NSA Spying and more (Score:5, Funny)
Re: (Score:2, Funny)
Re: (Score:3, Interesting)
What's "vendor-tunnels?" What's "sneak and peek?" What "special privileges?"
If you're going through the effort to emphasize them, you could at least define them.
Re:Since no one here uses windows (Score:5, Funny)
Ok. Rootkit my Knoppix CD then.
Re: (Score:3, Funny)
Look! Rights go down the hole... (Score:5, Insightful)
Re: (Score:3, Insightful)
Re:Look! Rights go down the hole... (Score:5, Informative)
You're right on the first point, but you've got the last one backwards: without a free market (i.e. freedom to act as you wish so far as it involves your own property, and freedom to engage in voluntary exchange with others without coercive interference) you cannot exercise those "human rights." You have human rights to the exact extent that you have property rights; they are fundamentally inseparable.
As far as democracy is concerned, you don't live in a democracy (assuming you live in the U.S. or Europe). The U.S. is a constitutional republic, and the important aspect of such a government is the constitutional limits, not the elections.
Re: (Score:3, Insightful)
How do you figure? How is my right to speak or move or breathe air tied to my property rights --- unless you consider me someone's property?
Re: (Score:2)
Unemployed, Huh?
Re: (Score:3)
Re: (Score:3, Insightful)
Re: (Score:3, Insightful)
You ought to be your own property. But you are not. At best, you're renting you. For the price of taxes. With some restrictions.
Re:Look! Rights go down the hole... (Score:5, Insightful)
property right: the right to control how a piece of property is employed.
Move to where? That "somewhere" is either unowned, or someone's property. With private property rights you can own that place -- or receive permission from the owner -- and move to it freely. No one else can legitimately prevent you from doing so. On the other hand, if all the property is collectively owned, or belongs to the State, you'll need to get permission to move. Your right to move is thus artificially subject to someone else's will. (If all property is unowned and cannot be homesteaded then it cannot be employed by anyone (see the definition above), in which case you don't have the right to move anywhere. This is a fairly useless case but it ought to be mentioned. When most people speak of an absence of property rights they really mean ownership by the State, or collective ownership by all, which in a democracy is the same thing.)
You want to speak? I assume that means you want to address a group? Where will you do it, if no one owns any property? Without private ownership the use of suitable gathering places much necessarily be decided by majority vote, and/or the State. Resources are limited; not everyone who wishes to speak will be able to do so. If your position is in the minority good luck finding a place for your audience to hear you.
At a more fundamental level, if you don't own anything you cannot ensure your own survival -- food, shelter, defense -- or save for the future. If the Majority doesn't care much for you they can reallocate your rations elsewhere, leaving you to starve. If you objected then you'd be claiming a right to that food, that shelter; a property right, to be exact. But on what basis? You didn't produce that food, or construct that shelter. In a private property system you could claim that the prior owner gave it to you in exchange for something else of value, but without private property you are necessarily at the mercy of the State.
Property rights are essential for survival. Private property rights are essential for freedom.
Re:Look! Rights go down the hole... (Score:4, Insightful)
Please note that the "free market" about which you're complaining deserves its name in quotes, because insofar as these the issues you are complaining about are market issues, they are not Free, and insofar as they are free, they are not market issues. Buying legislation is just rent-seeking [wikipedia.org] and as old as the hills.
Free Markets and Free Enterprise don't mean the freedom of Enterprise to do whatever the heck they feel like. It means a freedom for people to engage in enterprise (you know, selling things to each other) as long as they're both willing and able to do so. Nothing in this is contradictory with democracy or against human rights.
The contribution of funds to influence the political process is an entirely nonmarket affair. Blaming market economics for the hazards which are induced are roughly equivalent to saying "Hey, this guy got a job with $COMPANY and used the money to buy a gun and shoot people. $COMPANY is antithetical to human rights!".)
Re:Look! Rights go down the hole... (Score:4, Informative)
Tell that to the people of Bolivia after their water supply was privatized.
Re: (Score:2)
Re: (Score:2, Interesting)
Re: (Score:3, Insightful)
I like how you start a story in the middle to make your point. How was the govt able to sell it to a private company?
The govt control of the market for water was what allowed them to unscrupulously sell it to a company that paid enough 'campaign contributions'. And govt control is what allows them to prevent other people from entering the market (they made it illegal for people to dig wells and use their roofs to harvest water).
Re: (Score:2, Informative)
Spying Is Ok... If You Have Money (Score:5, Insightful)
If you have money.
Moral vs. Legal (Score:5, Interesting)
Moral desensitization leads to legal deregulation. With enough exposure and promotion, the public will accept the legalization of just about anything (as history has shown). It is in the interests of large businesses to protect their market and to discover new markets by having the upper hand in intelligence.
The problem has become that legitimate and morally acceptable markets are generally well serviced and difficult to break into. Companies are therefore very tempted to create new markets, or break into markets which hitherto have been illegal (usually because they are viewed as immoral or socially destructive), such as porn, prostitution, addictive substances, and now privacy invasion.
As the only way to create these kinds of markets is to change legislation, these companies are very active in infiltrating and influencing government. The US government is particularly prone to this kind of corruption.
All of this is obvious. But the techniques used are subtle. They will try to sell the idea to make it appear to be in the public interest. Who knows, maybe we can expect to see a report of a missing child found because of spyware, or some shit like that.
Trumps states rights? (Score:4, Interesting)
Yes: Trumps states rights! (Score:2)
Doesn't matter. This law overrides state laws that conflict with it, as authorized by the "supremacy clause" of the US Constitution.
(That's the one that is often misread to say that treaties have the force of constitutional amendments. In fact it says that the Constitution, federal laws passed under the authorization of the constitution, and treaties negotiated and ratified as authorized by the constitution, each override state law when they are i
No duty to protect citizens. (Score:3, Interesting)
Actually, no, it doesn't.
They'd like you to think it does. But the state's duties are things like preserving order, providing equal justice, and having a Republican form of government.
Individuals are just cannon fodder. In the mass the state MAY try to protect them in various ways, as part of preserving order or some other compelling state interest. But they have no duty to protect any particular one of them - unless they've explicitly created an extra
If companies can install spyware... (Score:5, Informative)
Re: (Score:2, Interesting)
Re:If companies can install spyware... (Score:4, Insightful)
Re: (Score:3, Interesting)
And to top that off, companies like MS continuously try to collect information about other products (how many times has an app crashed on Windows, and Windows asks you if you want to send a report to MS?). With the broad coverage of this law, many companies will be able to collect whatever information they want in an effort to "better support you" which could end up becoming an escalating war with each other instead.
Add to that, if you have a website of almost any sort, this is grounds to install spyware o
Di not use Vista and other DRM enabled tech (Score:5, Insightful)
People who say that it doesn't matter to them, whether Vista has DRM or not [slashdot.org] as long as they can play their games, maybe surprised to find out that the DRM may make it impossible for them to enjoy their games through enabling the spying and whatever other active measures that can be taken by spying software. Do you like modifying your games in any way? It may become impossible if you are on a DRM platform and you are spied upon. Of-course there are those, who would rely on the DRM to be broken [slashdot.org] but this is not a very good practice to rely on that, I mean there are so many problems with that, for example why would you trust a 'DRM removing patch' from someone to be spyware/rootkit free? It is better to avoid such products altogether. Avoid DRM products, avoid spyware infected products, that's the only way to really stay in the clear. Besides, isn't it illegal to remove 'security protection' under DMCA anyway?
Free Software becomes more and more attractive in this culture of customer spying and DRM locking every day.
Re: (Score:2)
until free software becomes illegal... Watch out for any upcoming "Intellectual Property Reform"
--jeffk++
More of this same FUD (Score:2)
Re: (Score:2)
Re: (Score:2)
Vista's DRM doesn't prevent you from doing anything that you could have done on XP.
Except do whatever you want with your own computer.
---
DRM. You don't control it means you don't own it.
Another reason to use (Score:5, Insightful)
Third party (Score:2)
Re: (Score:2)
Re: (Score:3, Informative)
Big surprise to the SD crowd (Score:2)
Seems like a non-issue to me. (Score:5, Insightful)
Why do people think you can legislate your way out of these issues? Spyware, spam, etc . . .
For e-mail, use a system that is not susceptible to spam (good filtering, and a white list).
For software, use a system that is not susceptible to spyware (OS X, or Linux).
Spyware doesn't bother me now, it hasn't bothered me in the past, and it won't bother me in the future. If you've got a problem with spyware, either stop buying products from the people who are infecting your system (ahem, Sony), of stop buying systems that are prone to infection (ahem, Microsoft).
If a company sells you an unsafe car, do you blame the government, or the car company? And having been sold 2 or 3 unsafe cars already, why would you go back to the same vendor?
Non issue. Something Congress shouldn't discuss or legislate about. Get over it, and stop being a slave to the MS monoculture.
Re: (Score:2)
If you're dumb enough to keep going back to the same vendor after getting burned by their products so many times, I think you deserve whatever happens to you.
As the saying goes, "Fool me once, shame on -- shame on you. Fool me -- you can't get fooled again." Err, you know what I
Make congress care (Score:2)
wait! (Score:3, Interesting)
Soap box, check. Ballot box, check. Anyone remember what came next? Jury box? How do we get in on that? Oh well, probably won't work. Lets skip it and go straight to the ammo box.
What can we reasonably do against a government that sits there and sells our freedoms to the highest vendor? It won't be long before we're forced to pay three easy payments of $599.99 for a new TV-doo-hickie to watch us while we're watching TV. In the name of advertisement, of course, to figure out how we react to some shows.
Just wrote to my Congresswoman (Score:2)
Much to my annoyance, Anna Eshoo, the local congresswoman for Silicon Valley, is a cosponsor on this turkey. I sent in a letter. This thing needs some work in committee to clean it up, preferably well enough that EPIC is satisfied with it.
Re: (Score:2)
blame the OS (Score:4, Interesting)
This weekend, I was given a PC that needed to have viruses, spyware, malware removed... I thought it was a joke, this thing looked like a honeypot. It had every trojan known to man on it, every piece of spyware, backdoor, and virus had infected it, and no form of security (besides Service Pack 1 for XP). After 4 days straight trying to remove them (formatting not being an option, because the person was missing their OS restore cd and/or Windows XP home edition CD) I have finally gotten all of them removed... but my point, is that none of this should have ever been possible. An operating system should be designed more intelligently than those who want to exploit those same operating systems. I'm sure if they took the same amount of time they spend trying to promote new products and put it into better R&D for patching vulnerabilities, none of this would happen... but I suppose we don't know who scratches whose back in the world of Operating system / Anti-virus vendor's anymore....
Re: (Score:2)
Re:(DON'T) blame the OS (Score:2)
Did they have a clue what they were doing? No. Should they have been allowed to install software on their computer if they didn't know better? No.
If the OS can prevent or allow installation of software, you can't blame the OS for allowing the user to install software. You can lock Windows down so installation of trojans, spyware, etc. is impossible. What you then have is an email/web surfing appliance.
They can't spy on you (Score:2)
Good Luck (Score:2)
Just who... (Score:2)
Ask your congress-critter just how this vote benefits You! If they can't give you a good answer to this, ask them why they're still in office.
Did anyone expect anything else? (Score:3, Interesting)
Oh, yes, it "outlaws" spyware... with a few hand picked exceptions that can be summed up with "spyware is outlawed unless some company uses it".
In fact this legalizes spyware rather than outlawing it. Until now you could at least try to get a lawsuit going and at least get a humiliating settlement (humiliating for you, not the corp using spyware against you). See the Sony rootkit trials for details.
With this in effect, the judge would have to throw it out of court even before anything starts, because it would certainly fit the "exceptions".
Big Brother (Score:2)
For those interested, here is the entire book in pdf [msxnet.org] format.
Let me put it to plain english : (Score:2)
"We were trying to do spying through government agencies, but it seems that due to public pressure we will have to eventually let go of it. So, we put out this act to allow private companies to spy on people, so we will be able to continue spying through private companies that are affiliated with us. And as its private and everyone can do this, noone can object"
List of sponsors (Score:3, Informative)
Simple response (Score:2)
Vendors can (Score:2)
I guess the charade is over... (Score:2)
Ah. Freedom at last. (Score:3, Informative)
Stand back baby, I'm a Nessus [nessus.org] monkey with a long list [unixhub.com] of a**holes [blocklist.org], a can 'o nmap [insecure.org], a fully loaded Metasploit [metasploit.com], and I ain't afraid to use 'em.
Mission Creep (Score:3, Insightful)
Re: (Score:2, Insightful)
However, I believe they should be stated in one legible none scrolling frame.
Further information can be linked to any point, but what a user sees upon installation are clear plain English terms.
Re: (Score:2)
Re:OK, What Am I Missing? (Score:5, Insightful)
What Are You Missing? (Score:2)
'nuff said.
Re:OK, What Am I Missing? (Score:5, Informative)
The first part means that anyone who sold you hardware or software can snoop around on your machine if they are doing it to detect fraudulent activities - meaning when the activity hasn't happened yet! Yes, yes, you have nothing to hide. Are you sure? Your SSN is probably around somewhere. As is your bank account, or a lot of others things valuable to identity thieves.
The second parts means that anyone who ever wrote any type of software can access your machine in whatever way they please - as long as it's a discrete interaction.
This means that the security features in your OS are there only to prevent you from accessing everything in it. It is expected to remain open so that law enforcement, ISPs, software and hardware owners can check for anything they please.
In short, your computer is yours and secure only in name. Anybody else can trespass pretty much at will. If your computer is broken into and the other party says "I was just checking if anything fraudulent was going on", they're in the clear. Especially if they are a large corporation.
Re:OK, What Am I Missing? (Score:5, Interesting)
So even if you have never installed, for example, Adobe software, Adobe can monitor your computer to determine if you ever run an illegal installation of Photoshop. No sunset on the monitoring; they can continually probe your machine in suspicion of piracy. That'll degrade your bandwidth. And not just Adobe will be permitted to do it, but every software vendor out there. They don't have to be your provider, just a provider.
Also "initialization" is a nebulous term. Are you sure you know how the law defines it? It could easily be phoning home with every launch, or perhaps with every forked process. A perverted vendor could treat it as initialization of any variable, constantly phoning home to make sure every thing you do does not violate their EULA.
Meanwhile, Windows Genuine Advantage has had a not insignificant number of false detections of installations as non-genuine. A little hiccup in an algorithm and they'll cripple the software. Better hope its use wasn't essential to your business. BTW, the EULA makes it clear it should never be used for any essential purpose and disclaims any liability for failure to operate.
Next, read the full text of the act for the prohibited behaviors and realize that with these exceptions it gives those entities license to do every one of them to you whenever and however often they'd like with impunity.
Re: (Score:2)
And yes, I agree that WGA and similar methods are bad technically, but if you consider a product inferior, simply don't use it. The law isn't mandating WGA for all, it simply
State law will still supercede it, because: (Score:4, Interesting)
So if an existing Federal or state law specifically mentions that a provider or software vendor may never access your computer under any circumstance, then that law will supercede this bill.
Or am I missing something?
Re:OK, What Am I Missing? (Score:4, Insightful)
When you allow MS or your ISP to troubleshoot your computer remotely, you are actively giving them permission to do so, spying software does not require your active permission and in this case it doesn't even have to be disclosed to you that it is happenning. If you do find out, you have no legal solution to it except for removing the software (if it will allow you to remove itself on a DRMed system.)
Re: (Score:2)
The first one is rather broad because it
Re: (Score:2)
Just about everything. Let's highlight the important points:
Re: SEPERATION OF BUSINESS AND STATE (Score:2, Interesting)
Our democracy is lost, we no longer live in a democratic political system. Just the illusion is promoted through propoganda.
Bravo Republicans, Democrats and corporate leaders. You have won at all cost and now all is lost.
The next paradigm is already begun and will be the reclaiming and exposing o
Re: (Score:2)
Re: (Score:3, Interesting)
Rick Boucher D-VA (and Slashdot darling), GK Butterfield D-NC, Lois Capps D-CA, Dianna DeGette D-CO, John Dingell D-MI, Michael Doyle D-PA, Eliot Engel D-NY, Anna Eshoo D-CA, Sam Farr D-CA, Charlie Gonzales D-TX, Bart Gordon D-TN, Gene Green D-TX, Darlene Hooley D-OR, Jay Inslee D-WA, Ed Markey D-MA, Jim Matheson D-UT, Jerry McNerney D-CA, David Price D-NC, Bobby Rush D-IL, Janice Schakowsky D-IL, Hilda Solis D-CA, Bart Stupak D-MI, Anthony Weiner
Re: (Score:2)