Canadian Chamber Of Commerce Wants To Legalize Spyware Rootkits To Help Stop 'Illegal' Activity
from the this-is-a-bad-idea dept
As a whole bunch of folks have been sending in, up in Canada, as part of a discussion on anti-spam laws, the Canadian Chamber of Commerce is proposing a very troubling idea: allowing rootkit spyware to be installed surreptitiously for the purpose of stopping illegal activity. As Geist notes, the last time this battle was fought, it was fresh on the heels of the Sony rootkit debacle, so there wasn't much support for these concepts. But, with a few years distance, the industry groups are trying again. Specifically they either want to remove language that prevents the surreptitious installation of spyware -- or they want specific exemptions. For example, in the case of the following, they argue spyware should be allowed:a program that is installed by or on behalf of a person to prevent, detect, investigate, or terminate activities that the person reasonably believes (i) present a risk or threatens the security, privacy, or unauthorized or fraudulent use, of a computer system, telecommunications facility, or network, or (ii) involves the contravention of any law of Canada, of a province or municipality of Canada or of a foreign state;Basically, as long as you claim that you're going after someone for breaking the law, surreptitious installs are allowed. Geist points out the obvious: copyright holders will salivate over this.
This provision would effectively legalize spyware in Canada on behalf of these industry groups. The potential scope of coverage is breathtaking: a software program secretly installed by an entertainment software company designed to detect or investigate alleged copyright infringement would be covered by this exception. This exception could potentially cover programs designed to block access to certain websites (preventing the contravention of a law as would have been the case with SOPA), attempts to access wireless networks without authorization, or even keylogger programs tracking unsuspecting users (detection and investigation). Ensuring compliance with the law is important, but envisioning private enforcement through spyware without the involvement of courts, lawful authorities, and due process should be a non-starter.If this works in Canada, expect to see similar provisions start popping up elsewhere around the world in short order.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: canada, copyright, rootkits, spyware
Companies: canadian chamber of commerce
Reader Comments
Subscribe: RSS
View by: Time | Thread
Interestingly enough...
How fast will the law get revoked when that comes to light?
[ link to this | view in chronology ]
Re: Interestingly enough...
[ link to this | view in chronology ]
Re: Re: Interestingly enough...
[ link to this | view in chronology ]
Re: Interestingly enough...
Content cartel installs spyware onto my computer, which threatens my privacy. I therefore get to install spyware on the suspected intruder's computer to see what they're up to.
[ link to this | view in chronology ]
Re: Re: Interestingly enough...
[ link to this | view in chronology ]
Re: Re: Interestingly enough...
[ link to this | view in chronology ]
If this passes I for one will completely halt any and all acquisitions of any official content to be sure my machine will not be punctured into a Swiss cheese.
In trying to stop piracy they are driving people away from buying. Way to go.
[ link to this | view in chronology ]
Re:
You know if you go to the store and buy a copy that your relatively safe in assuming their is no extra code hanging around. That is a huge advantage over pirating content.
Now they are going to make it so that pirating is even SAFER than buying? What genius thought this plan up?
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
Indeed a tremendous idiocy.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re:
Did you sleep through the Sony RootKit debacle or what? They were installing rootkits on peoples' machines through legitimately purchased disks, the toxic software was coming from the manufacturer, not pirated content.
[ link to this | view in chronology ]
Actually, that is what Sony did
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Big face palm.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
Removal is an entirely different ball of wax. If your system has been penetrated at the level of a modern rootkit, you simply can't trust it any longer, so removal is moot.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re: this can't be legal ...
In the USA, however, Sony fought tooth and nail to keep "promise not to do it again" provision out of the FTC settlement. ... So, in the USA, there is nothing to prevent Sony or anyone else from installing a rootkit on your PC.
Maybe US Attorney Carmen Ortiz should go after the chairman at Sony like she did with Aaron Schwartz.
[ link to this | view in chronology ]
Re: Re: this can't be legal ...
Yes there is. The CFAA. You'd think Ortiz would be all over this, except that unlike the Swartz case, this would be using the law for the purpose it was intended, so I'm sure she wouldn't be interested.
[ link to this | view in chronology ]
Re: Re: this can't be legal ...
[ link to this | view in chronology ]
Wow, so can I propagate and install my own rootkit now?
So if I believe that someone may be making unauthorized copies of photographs of my cat, I can install a rootkit on all PCs in Canada?
Cool!
[ link to this | view in chronology ]
How can this be (ab)used? Let me count the ways.
Suppose you reasonably believe that the music industry is installing rootkits onto computers without having reasonable belief of [laundry list of bad things], then can you install a rootkit onto their computers?
Suppose you reasonably believe your government officials are bought and paided for pawns of the music and movie industry. Can you install rootkits onto the computers of the industry and officials in order to investigate?
[ link to this | view in chronology ]
Re: Wow, so can I propagate and install my own rootkit now?
[ link to this | view in chronology ]
Re: Wow, so can I propagate and install my own rootkit now?
You don't even have to believe that much. You just have to believe that those hypothetical unauthorized copies would be illegal.
[ link to this | view in chronology ]
Re: Wow, so can I propagate and install my own rootkit now?
Yes but your rootkit is in itself a threat to canadian privacy and may or may not be exploited as botnet. Which gives probable reason to 'investigate' every canadian PC with spyware.
I honestly can't tell if the recursive nature of this law is intended or not... If it is I'll tip my hat at whatever entity came up with this specific wording. If not intended it's worthy of a *double facepalm*. And In any case, I'll grab some popcorn and watch the resulting cyber war since this effectively turns their country into a international cybarwar shooting range.
[ link to this | view in chronology ]
once this road is gone down, what would the next one be designed to do? who would install it and on which machines? who would know it was there? who could distinguish between the 'official' one and the non-official' one? what privacy would people have left?
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Canada would be condoning piracy and spying by making themselves allies with the corporate hackers. This sort of hacking is a form of terrorism deserving only the most stringent response by our military. Drone attacks for the corporate presidents, lawyers and lobbyists who should all become rapidly unpopular with the Canadian parliament.
[ link to this | view in chronology ]
/s
[ link to this | view in chronology ]
Re:
Hmm, I wonder if that would encourage the ISP's to cooperate with rights holders to find any indication of trouble so more people will get the rootkit installed?
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Oh please bring this on.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
So if this passes, all you would need to do is get some country with a corrupt government, besides the US, to pass a law saying it's illegal to Rip a legal CD to your computer to listen to on a media player, and if I'm reading this right, that's all they would need to put the rootkit on someones computer. "He's got an iphone, maybe he copied some of his CD's, better stop him."
That could get out of control so fast it isn't funny. dictators would be falling all over themselves to sell access to their law making process.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Obvious Flaw
Guess buying retail is for suckers.
[ link to this | view in chronology ]
"Hahahaha look at all the dumb things we enacted that you have to deal with. Enjoy!"
I'm starting to fear that they really believe their own BS...
[ link to this | view in chronology ]
Re:
The internet is a huge threat to the media industry publishers since it would allow artists to self-publish easily.
The media industry is trying to make use of that technology as difficult and risky as possible so that people will be dissuaded from using it. They truly believe they can accomplish this. And once this happens, they think people will not be interested in buying music and movies online directly from the artists and will go back to the store to buy CDs made by them (the publishers).
[ link to this | view in chronology ]
Are they fucking stupid?
[ link to this | view in chronology ]
The only surprising thing is that it wasn't the US or another corrupt government that came up with it first.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Who, what and why?
The unwritten part is that the only ones permitted to do this legally will be the content monopolies and, of course, the government(s).
Assuming this sees the light of day, I can't wait for clever citizens to figure out how to intercept, isolate and decrypt the data being collected and start publishing the embarrassing habits of government officials and industry executives.
[ link to this | view in chronology ]
Such a dumb law
But if someone installs a spyware program on MY computer, that by definition involves the security, privacy, and unauthorized use of MY system. So I would be automatically able to do the same to them.
"or (ii) involves the contravention of any law of Canada, of a province or municipality of Canada or of a foreign state; "
Seriously? FOREIGN laws? If Iran declares websites on Christianity to be illegal, then anyone can hack any computer in Canada relating to a Christian website? If some third world country declares computers to be illegal, then anyone can hack any computer in Canada?
Anyway, this is a HORRIBLE law. This is akin to allowing anyone to break into my storage locker if they think I have something of theirs, or something illegal. You know what you're supposed to if you think someone has something of yours, or is breaking the law? You CALL THE POLICE and have THEM investigate. If there's evidence, they can get a warrant. You don't take some bolt cutters and rummage through my stuff yourself.
[ link to this | view in chronology ]
Safeguards
A requirement that the police or some authorized agency be notified of each install of the spyware. This is needed to enforce the other safeguards:
A time limit of 30-60 days, after which the program must be uninstalled and the person NOTIFIED that they were subject to this. In extraordinary circumstances a single extension may be applied for. You cannot simply install it and leave it on forever. This notification may discourage frivolous use of the spyware, and is also necessary to enforce the last point:
Strict liability on the installer for all costs involved. Including any damages from third-party hackers that may have used the hole the program opened. And including any costs in uninstalling the spyware, and any costs incurred if the user noticed something wrong and attempted to do something to fix it - for example, by buying more memory, or even a new computer. And including the costs of any loss of processor time, network lag, additional bandwidth costs, additional electricity costs, and additional cooling costs caused by the extra program running. If a business lost a sale because the system was running slow due to spyware running, the spyware installer should be liable.
And hey, while I'm at it, how about this only gets done by police with a warrant? No? Well, I had to try.
[ link to this | view in chronology ]
Where's the memo?
[ link to this | view in chronology ]
sure, go ahead
1. You provide the computer. You can install all the rootkits, spyware, etc you want on it. Drop it off at my place, activate it, do whatever you need. After you leave, I'll put it on my neighbor's WiFi and stick it in a closet. Then I'll start using my own legally-bought computer to do whatever the hell I want.
2. As your own proposal says:
a program that is installed by or on behalf of a person to prevent, detect, investigate, or terminate activities that the person reasonably believes (i) present a risk or threatens the security, privacy, or unauthorized or fraudulent use, of a computer system, telecommunications facility, or network, or (ii) involves the contravention of any law of Canada, of a province or municipality of Canada or of a foreign state;
You have to hire a real person to make these decisions. No automated filters, no robots, no software of any kind. A real live person. You can pay them $50,000 a year to watch a live feed of the screen of the computer you provided to me, 24/7/365. After all, piracy never sleeps!
[ link to this | view in chronology ]
Hackers don't even have to worry about making a new virus since it's safe to assume if it was government sponsor the major av players will be asked to not detect anything made by them.
Now you have free reign over all those computers.
You have a endless amount of time to do what you please since there is no risk of it being detected.
You don't have to spend big bucks on new exploits.
[ link to this | view in chronology ]
Re:
They are trying to
1) Make laws more IP Maximalist for general corruption purposes
2) Hype the whole piracy is the apocalypse thing they've got going on
3) Establish more control over other countries laws.
Once they have established the control and the hype, it's easier to change things how they want later. They will take this step, they say "oh nos, piracy is so strong it's not enough" and rachet it up a little worse, and repeat until they can't figure out how to change the law to get any more of our money without earning it anymore.
[ link to this | view in chronology ]
Competing rootkits
There will need to be a central registry of rootkits and citizens whose computers have been rooted. Canada has lots of experience in that field, e.g. the gun registry.
Rootkits will need to be designed carefully to avoid collisions between competing rootkits. We'll need an industry rootkit consortium, and a rootkit standards body.
If the law allows for only one rootkit on one PC then the government can initiate an auction to determine which "interested party" gets to put their rootkit on which PCs. This could be a revenue generator for the government.
Of course, there will be a new federal department, Rootkits Canada. Think of the civil service employment opportunities!
We can have rootkit lobbyists. Politicians can run on the Rootkit Platform. They can join Rootkit Party of Canada (who will probably be in opposition to the Pirate Party of Canada).
Exciting times ahead...
--Bob.
[ link to this | view in chronology ]
Wait, it's worse than I thought,
So, I'm going to install a rootkit keylogger on every computer in Canada. This will allow me to find people who type the word "murder". Or "jaywalking".
[ link to this | view in chronology ]
CCC rootkit
[ link to this | view in chronology ]
False Positives?
I have been ripping MP3s and DVDs for personal streaming since the technologies were available. Further as a computer professional I have tons of software from multiple vendors with all kinds of different licenses (retail, volume, corporate, shared keys, etc).
It seems to me that the first people that would get in trouble with such spyware would not be actual pirates (and the criminality of piracy is HIGHLY questionable as it is) but rather digital pack-rats and professionals that may have more on their system (and a larger variety of esoteric types) than your average home user. I don't pirate and everything I have and do is acquired legally. I am glad this is only in Canada for now, I really don't want to worry about a software download potentially sending me through the legal ringer for a 8 year old MP3 I haven't listened to in ages and ripped myself anyway.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Better idea
Here is a better idea, just build a rootkit into the BIOS of every computer, smartphone, and tablet. If you don't have said rootkit, the device won't boot.
These idiots at the media companies are doing a piss-poor job at being evil.
[ link to this | view in chronology ]
Re: Better idea
[ link to this | view in chronology ]
Re: Better idea
[ link to this | view in chronology ]
Re: Re: Better idea
[ link to this | view in chronology ]
Simple Fact:
I hate the USA Government even more than Canada Government.Our US Government is a disgusting smelly piece of dog poop.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
If they want to install software on PC like this, the PC better be free, since it's not my PC anymore if this infection is on there.
I also have the right to buy a computer from the store, wipe it completely clean, and install what I want on it, as it's my computer, not theirs.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Wrong!
Here, I'll fix it for you:
Expect to see similar provisions start popping up elsewhere around the world in short order.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Beyond Stupid
[ link to this | view in chronology ]
Is not even Christmas and they want to give Aanonymous and all hackers a gift?
Guns for hire prepare, musicians, actors, florists, and corn farmers will be hiring you to install and maintain spyware in the computers of the RIAA, MPAA, IFPI and others because you know they sure have reasonable belief that they are getting the shaft somehow LoL
Anonymous rejoice hacking computer networks could become fair game in Canada, and if they try to backpaddle we all know how to make a stink out of it.
[ link to this | view in chronology ]
46dcead317fe45d80923eb97e4956410d4cdb2c2
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
So, let me get this straight. This law would allow me write and install spyware rootkits on the machines of people who write spyware rootkits to install on my computer, because I'm targeting those who present a security risk to my computer? I'm game, bring it on bitches.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
The religious people against Jesus were spy's
[ link to this | view in chronology ]
One-Way
[ link to this | view in chronology ]
Violence is legal when committed by police
[ link to this | view in chronology ]
Computer Fraud and Abuse Act.
[ link to this | view in chronology ]