Why Would The Copyright Lobby Be Concerned About An Anti-Spam Bill?
from the because-it-may-hurt-their-rootkits dept
Up in Canada, there have been ongoing discussions and negotiations over an anti-spam law. While I have various reservations over anti-spam legislation (here in the US it's done little to stop spam, but plenty to outline how to "legitimately" spam people), it's a bit surprising to find out that the copyright lobby is heavily involved in the process as well. Why would the copyright lobby care about an anti-spam bill? Apparently, they're afraid that it'll hinder their use of DRM, since the current bill requires consent before installing software on computers. And, as we learned in Sony's famous rootkit debacle, plenty of DRM works by surreptitiously installing software that watches what you do with content. Of course, the last thing the entertainment industry would want is to be required to be 100% upfront and truthful with you when it's installing spyware/DRM on your computer. That would -- in their minds -- defeat the point.So, the copyright lobby has been making sure to water down the bill, to try to cut out the language that would cover their use of surreptitious spyware/DRM:
Sources say that the Liberals have introduced a motion that would take these practices outside of the bill. In its place, they would define computer program as, among other things, "a program that has as its primary function...inducing a user to install software by intentionally misrepresenting that installing that software is necessary to safeguard security or privacy or to open or play content of a computer program." This sets such a high bar - primary function, intentional mispresentation - that music and software industry can plausibly argue that surreptitious DRM installations fall outside of C-27.And, of course, once the copyright lobby can put spyware on your machine, they want to be sure they can spy on you and use that information against you:
PIPEDA currently features a series of exceptions to the standard requirements for obtaining consent for the collection of personal information (found in Section 7). Bill C-27 includes a provision that bars those exceptions in cases involving computer harvesting of email addresses and the "collection of personal information through any means of telecommunication, if the collection is made by accessing a computer system or causing a computer system to be accessed without authorization." In other words, email harvesting and spyware would not be permitted and would not qualify for the PIPEDA exceptions found in Section 7.It's really stunning what kind of sense of entitlement the entertainment industry has -- insisting that it should have the right to install spyware on your computer without you knowing about it, and to then collect all sorts of private info about you and what you do on your computer. Shameful.
The copyright lobby is deeply concerned that this change will block attempts to track possible infringement through electronic means. The Section 7(1)(b) exception in PIPEDA currently states that collecting personal information without consent or knowledge of the individual is permitted if it is reasonable to expect that the collection "would compromise the availability or accuracy of the information" and the collection is "related to investigating a breach of an agreement or a contravention of the laws of Canada."
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
The ineffectiveness of legislation
I've been paying attention to the spam problem for over a quarter century now (I released the first anti-spam program ever back in the mid-80's) and one of the things I've noticed is that legal action against spammers is infrequent, inept, and self-serving. That is: it's only undertaken under two circumstances: (1) when a sufficiently powerful corporation co-opts the mechanisms of government or (2) when someone needs to score political points. In both these cases, it's important to recognize that the goal of such action is not to stop spam; they couldn't care less about that. It's a PR exercise, and if it incidentally decreases spam temporarily, well, that's a minor bonus.
Worth noting as well is that even if the perfect anti-spam bill (whatever that looks like) was enacted anywhere in the world, it would do not good unless it was enacted everywhere, and that will never happen. And even if that far-fetched outcome came to pass: it would still do no good, as there are no resources (including budget, highly trained personnel, investigators, prosecutors, etc.) to enforce it.
And this is why the security theater continues -- and why the spam problem continues to get worse. Spammers (and other abusers, like those implanting spyware) understand the game far better than the naive, pathetically clueless people who actually think anti-spam laws will work.
[ link to this | view in chronology ]
Re: The ineffectiveness of legislation
[ link to this | view in chronology ]
Re: Re: The ineffectiveness of legislation
As to whether there are other battles that are more important: there certainly are, for example, the fight against breast cancer, where I also spend my time, money and energy. There are always "more important" battles based on our own perceptions and values. But there's only time to tackle so many in a lifetime, and spam is one those I've committed to.
And as it turns out, the fight against spam/spammers is increasingly the fight about abuse/abusers in general, where that includes malware, spyware, DoS attacks, and quite a few other things. One of the major realizations of the past decade is that the people doing all these things are the same people; they've put together elaborate enterprises which (for example) use viruses to create botnets that are used to host phishing sites that are the payload in spam runs. Thus it turns out that folks studying malware, and folks studying botnets, and folks studying spam are all looking at different pieces of the same puzzle -- and all of them can contribute to (well, we hope) understanding and countermeasures.
[ link to this | view in chronology ]
Re: Re: Re: The ineffectiveness of legislation
[ link to this | view in chronology ]
Re: Re: Re: The ineffectiveness of legislation
"There are always "more important" battles based on our own perceptions and values. But there's only time to tackle so many in a lifetime, and spam is one those I've committed to."
You've said some very interesting things, do you have a blog? I would like to read more analysis on the subject. Or where are your sources, I want to look deeper in the subject.
I think E - Mails are (or at least were) a great way to spread important messages. Then again retarded things like chain letters get sent in E - Mails. But perhaps these anti spam laws were designed to prevent people from forwarding certain political speech or discussions/opinions on important issues? Hard to say.
I can't find the legislation, so perhaps my memory is wrong, but at least in California (if not the U.S.) I remember on the news a long time ago that a bill was passed to limit what can be said on fortune cookies. Before this law was passed all sorts of strange things (ie: some fortune will bestow up you or some nonsense like that) were said on fortune cookies. The pretext behind limiting what could be said was to prevent them from giving people false hope or to prevent them from misguiding people (which is also nonsense). Now they say things but they don't say as much and there are limits on what they can say. However, one thing I did notice is that lottery numbers are allowed on fortune cookies and, now, on the bottom of each fortune cookie is a lottery number. I don't remember that from before. So perhaps the real reason for the law was to discourage certain things to be said for the purpose of encouraging them to put lottery numbers on fortune cookies to encourage people to buy more lottery tickets. I'm just guessing, don't really know.
The point is that when laws are passed often times their alleged intent is not their true intent. If the spam lobby was behind much of the anti spam laws then that aloe is good reason to believe this might be one of those situations.
[ link to this | view in chronology ]
Due Process Anyone
[ link to this | view in chronology ]
Re: Due Process Anyone
It seems like such an opportunity to win political points and to simultaneously shine a bad light on your competition. There's only one reason no one has done it already.
[ link to this | view in chronology ]
Equality under the law is an ancient right to be enforced in any age.
What separates the actions here of the entertainment industry and any other criminal? Nothing .... Except the criminal is probably more honest about their objectives.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Reply to Professor Geist
http://innovationandculture.wordpress.com/
[ link to this | view in chronology ]
Re: Reply to Professor Geist
"James Gannon is an associate in our Technology Group in Toronto. His practice focuses on intellectual property, technology and Internet law issues. He represents a variety of clients in these fields, including media industry organizations and technology manufacturers."
From: http://www.mccarthy.ca/lawyer_detail.aspx?id=6759
[ link to this | view in chronology ]
Re: Reply to Professor Geist
Also, did Geist actually say that EVERY change made to the legislation was bad?
And thirdly, I simply don't understand the point you're trying to make about Antivirus companies with regards to the inclusion of language that mandates informing the end user that you're installing something and the purpose of the software they're installing. Most AV/AS software out there runs their definition updates hourly. I don't see how a blanket agreement consenting to updates for the purpose of virus/malware defenitions would violate the legislation at all.
And even if it did, when a scan indicates it's time for a definition update, a dialogue box pops open and says, "Hey, we need to get your software the names of some nasty new malware out there, cool?", then you click "OK" and go about your business.
Is that really such a problem?
[ link to this | view in chronology ]
Re: Re: Reply to Professor Geist
[ link to this | view in chronology ]
Re: Re: Re: Reply to Professor Geist
I also sent a copy to the Parliamentarians working on the Bill.
[ link to this | view in chronology ]
Re: Re: Reply to Professor Geist
Yes it's actually a huge problem. The proposed Bill goes way beyond simply requiring consent to installing updates. It says you have to describe in detail the "function, purpose and effect" of each program, patch, add-on, update, etc. Not just of your program, but also the reasonably anticipated effects on "every other program" that the user might be running. If you're wrong, the original Bill put software companies on the hook for liabilities of $200 per instance. That was amended and changed to up to $1 million per day. It's not hard to see how this would open things up to huge liabilities and class actions against software developers.
But I don't see this as any kind of conspiracy against the software industry. It's a complicated, technical Bill. Everyone's working hard to get the language just right so that bad things (spam, spyware) are illegal, but common business practices aren't. It's very hard to get this just right, our elected Parliamentarians aren't programmers, but they're working hard and listening to a lot of people in order to pass an effective Bill.
[ link to this | view in chronology ]
Re: Re: Re: Reply to Professor Geist
Yes, because legitimate actions that can be expected (ie: enabled autoupdates from an antivirus getting those updates from the Internet) require consent but illegitimate nonsense from big industry spying on you without your consent is perfectly OK. Face it, the whole purpose of this is to turn the Internet and software writing into the scam that pharmaceutical corporations and mainstream media has become, where legislators (ie: FDA) play corporate favoritism against the consumers under the pretext of drug/computer safety/security. It's all a bunch of nonsense.
[ link to this | view in chronology ]
Re: Re: Re: Reply to Professor Geist
Given the current laws in place for everything else I have VERY LITTLE faith that they're even trying to serve the consumers whatsoever and I have very good reason not to trust them.
[ link to this | view in chronology ]
Re: Re: Reply to Professor Geist
You wrote:
"Most AV/AS software out there runs their definition updates hourly. I don't see how a blanket agreement consenting to updates for the purpose of virus/malware defenitions would violate the legislation at all."
The original Bill required consent for EVERY patch, upgrade, etc. A lot of software companies said this was unworkable, and an amended version allowed for consent in advance, so that you could consent to the installation of a program and "all future updates". The original Bill did not allow for that. The drafters listened to the concerns of software companies and amended the Bill as such. That's when Prof Geist wrote his article "Businesses Resume Attacks on Anti-Spam Bill".
[ link to this | view in chronology ]
Re: Reply to Professor Geist
You too are misleading as well. Dr. Geist never described the various copyright lobbyists as a "united copyright lobby". In fact, he explicitly states that they were lobbyists from the music and software industries. Sure, they were putting on a united front, but they are not a united lobby. They have the same concerns about the bill, and so would logically send the same messages to the MPs. It should also be noted that their lobbying efforts towards the bill are all about the interests of who they represent, not the interests of Canadian citizens. Sure, the prevention of wire-fraud, and the investigation into it is in the interests of Canadians, and therefore the concerns of the banks and law enforcement need addressing (just as a subset example). However, how I use legally purchased software is of no concern to the copyright holder unless I'm causing monetary damage to them (through copyright infringement), or are doing something illegal with it (which is the for the police to take care of). By allowing these exemptions, you allow a company to legally make a program that "phones home" to report the activities of that user for the purpose of "investigating a breach of an agreement" (i.e. a contract, e.g. a EULA) without the express consent or knowledge of the user. Wow, that's a breach of privacy.
Perhaps both you and Dr. Geist need to think a little more critically.
[ link to this | view in chronology ]
Re: Reply to Professor Geist
Please research the term "spyware" and frame your responses with regards to the proposed legislation, which is intended to protect individuals, not the proposed changes which are intended to allow certain kinds of spyware, such as Sony's rootkit DRM.
Spyware gathers information about a user's system and activities without the user's knowledge or consent. Covert DRM which "goes beyond copy protection" to track and report on a user's activity is spyware and should be prohibited.
That the debate "never included discussion of DRM" does not dissolve the appearance that a united copyright lobbyist effort has taken the legislation hostage and is attempting to undermine any protections that would be affirmed by the originally proposed law.
[ link to this | view in chronology ]
Re: Reply to Professor Geist
You're a *personal* believer in "goals of the Canadian Government with respect to passing the Electronic Commerce Protection Act (ECPA)." or a *professional* believer?
For example, when you posted this comment at around 9AM Toronto time, did you bill any clients for the time you spend writing your blog or this comment?
You accuse Michael Geist of misdirection. OK, you're a lawyer. Let's get SVU on this case: What, prey tell is his hidden motive? He has a history of protecting consumer interests, and appears to be doing so now. On the other hand, you have a definite bias. Have you been involved in public policy debate regarding spam in the past, or is it only now that it behooves your clients?
Seems odd and suspiciously coincidental that a lawyer representing media firms should take time out of his workday, and choose a vocal side in a debate about spam.
Here's the skinny. When you say a "broad range of Canadian businesses sought to work with the Government to re-tool this section so that these legitimate services would not be prohibited." The reality is the 'legitimate services' to which you refer are more commonly know as spyware. You want to have an exemption to permanently install your pal's crappy PC-colonoscope upside my computer. If given the choice, I would rather let the SPAM run free, but be certain to craft a specific law against the kind of spyware you seek to exempt. At least SPAM can be filtered, ignored, and deleted.
Sir, you act like the all-powerful Geist is out to get you. Ha! A U of O prof vs. the media industry!? And you think you're the victim? You say the bill, if unedited, throws out the good with the bad. You are mistaken. Your ilk are not the baby being thrown out with the bathwater... You are the bathwater itself! Dirty, dirty water from a well somewhere near Walkerton.
Derek.
[ link to this | view in chronology ]
Re: Re: Reply to Professor Geist
I'm not saying you're asking bad questions, but I'm not responding to them. The tone of your post basically suggests you won't listen to my answer and just look for ways to insist that it's all just The Man telling me what to say.
I have no problem defending what I've written. If you ask your questions in a more respectful tone, I'll be happy to answer them. Also, understand that some of what you're asking involves confidential information. I know you'll likely just presume the answers you're looking for, but there's not much I can do about that. On my scale of importance, respecting confidentiality ranks quite a bit higher than coming on top in Internet discussion board discussions.
[ link to this | view in chronology ]
Re: Re: Re: Reply to Professor Geist
[ link to this | view in chronology ]
I say they can install all the spyware they want on my computer, but if at the end of the month if they dont find any "infringements" I should have a free reign to take a baseball bat against one of their execs skulls.
Then the month again resets to zero.
[ link to this | view in chronology ]
Re:
all in favor?
say aye!
[ link to this | view in chronology ]
Oh, and about DRM...
The pro-DRM shills will bleat endlessly about how this isn't the case, but they are either ignorant of basic security practice or are disengenuously ignoring it. Of course they are: they couldn't possibly care less whether they decrease the security of end-users' systems and thus correspondingly increase their exposure to attacks and abuse. What they care about is having the ability to not just passively spy on user activities, but to actively control them. (I trust everyone here realizes that the business about infringing content is just a charade.)
This same goal on their part is also responsible for their support of spyware and their incessant whining about how terribly, awfully hard it is for them to get along without it. Expect them to raise the volume on this and (if at all possible) to attempt to tie it to national security, since that makes it an easier political sell.
[ link to this | view in chronology ]
Seems you would get the same chaotic language if you attempted to outlaw unsolicited voice calls and the unauthorized tapping of voice lines into the same bill.
[ link to this | view in chronology ]
Re:
Wait, I think I just solved all our problems.
[ link to this | view in chronology ]
Welcome all to the world of loop holes
[ link to this | view in chronology ]
And the award for Knucklehead of the month goes to ...
[ link to this | view in chronology ]
Wrong Story: And the award for Knucklehead of the month goes to ...
- Alan :(
[ link to this | view in chronology ]
[ link to this | view in chronology ]
I promise you
Never ever piss off a SEO expert who can put his complaint pages on the first page of Google and draw your traffic off to listen to his point of view on just how scummy your company is.
Clearly this is a violation of the Forth Amendment under unreasonable search and seizure of private data contained in the United States Constitution.
Remember folks, because we live in a representational republic, we are all part of the government thus we are all subject to upholding an and all of the constitution, be we an individual or a corporation.
Make sure you remind each company you deal with of this fact every time you deal with them.
[ link to this | view in chronology ]
Re: I promise you
> unreasonable search and seizure of private data contained
> in the United States Constitution.
No, it's not.
First of all, this is a Canadian law affecting Canadian citizens. The US Constitution is entirely irrelevant and inapplicable.
Second, even if this law were being proposed in the USA, it's still not a violation of the 4th Amendment, since that amendment only prohibits the *government* from searching you and your things without a warrant supported by probable cause. A private corporation searching your computer via spyware/DRM is not the government, hence the 4th Amendment does not apply.
It's still a ridiculous breach of privacy and should be prosecuted under current computer intrusion laws (because let's face it, if I installed spyware on *their* machines, they'd have a shrieking meltdown and press every chagre against me they could think of). The law is law and it should apply equally to everyone. If they think they have the right to hack into and spy on my computer than I should be able to do the same to them. If they think that should be prohibited and illegal, then they should go to jail for doing it to me.
[ link to this | view in chronology ]
it's a moral issue
[ link to this | view in chronology ]