[Infowarrior] - Proposed OK bill allows commercial spying/access to PCs

[Richard Forno]

Get ready for Microsoft, cable and phone companies, and quite a few other
people to know a lot more about what you do on your computer, thanks to
House Bill 2083.
Wednesday, April 05, 2006
Ben Fenwick
http://www.okgazette.com/news/templates/cover.asp?articleid=423&zoneid=7
 

It¹s supposed to protect you from predators spying on your computer habits,
but a bill Microsoft Corp. helped write for Oklahoma will open your personal
information to warrantless searches, according to a computer privacy expert
and a state representative.

 

Called the ³Computer Spyware Protection Act,² House Bill 2083 would create
fines of up to a million dollars for anyone using viruses or surreptitious
computer techniques to break on to someone¹s computer without that person¹s
knowledge and acceptance, according to the bill¹s state Senate author, Clark
Jolley.

 

³The bill has a clear prohibition on anything going in without your
permission. You have to grant permission,² said Jolley, R-Edmond. ³You can
look at your license agreement. It will say whether they have the ability to
take that information or not.²

 

But therein lies the catch.

 

If you click that ³accept² button on the routine user¹s agreement, the
proposed law would allow any company from whom you bought upgradable
software the freedom to come onto your computer for ³detection or prevention
of the unauthorized use of or fraudulent or other illegal activities in
connection with a network, service, or computer software, including scanning
for and removing computer software prescribed under this act.²

 

That means that Microsoft (or another company with such software) can erase
spyware or viruses. But if you have, say, a pirated copy of Excel ‹
Microsoft (or companies with similar software) can erase it, or anything
else they want to erase, and not be held liable for it. Additionally, that
phrase ³fraudulent or other illegal activities² means they can:

‹Let the local district attorney know that you wrote a hot check last month.

‹Let the attorney general know that you play online poker.

‹Let the tax commission know you bought cartons of cigarettes and didn¹t pay
the state tax on them.

‹Read anything on your hard drive, such as your name, home address, personal
identification code, passwords, Social Security number Š etc., etc., etc.

 

³I think in broad terms that is still a form of spying,² said Marc
Rotenberg, attorney and executive director of the Electronic Privacy
Information Center in Washington, D.C. ³Some people say, ŒWell, it¹s
justified.¹ I¹m not so clear that should be the case. Particularly if the
reason you are passing legislation is to cover that activity.²

 

The bill is scheduled to go back before the House for another vote. Will the
Oklahoma House, on behalf of all computer users in the state of Oklahoma,
click ³accept²?

 

 

Where did you go yesterday?

Computer users first accepted updates when anti-virus makers, such as
Symantec Corp. or McAfee, began back in the Nineties offering regular
updates in an attempt to stay current with the alarming number of viruses
introduced over the Internet. This was followed by Windows ME and 2000
allowing updates to their programs via downloads. By the time Windows XP
came out, regular online updates became part of the product one purchased.

 

At around the same time, the Napster phenomenon pushed music corporations,
courts and lawmakers into taking action against online file sharing of
music. Hip, computer-savvy listeners traded pirated MP3 recordings beyond
count, leading to action by the music industry to go on a search and destroy
mission against the online music traders, even in Oklahoma. In 2000,
Oklahoma State University police seized a student¹s computer containing
thousands of downloaded songs after he was traced by a recording industry
group.

 

Anti-spyware bill author Jolley said that¹s what people like the OSU student
get for sharing their information online.

³You have to look at the other side of that issue,² Jolley said. ³When they
agreed to put their files online, they literally agreed to allow people to
come on their computers and search the files online. On a P-to-P
(peer-to-peer) network, you are inviting other people to see what you have.
That¹s a risk you run by participating in file share.²

 

Jolley said his spyware bill is supposed to stop ³phishers² from stealing
one¹s identity off of one¹s computer, is supposed to stop ³Trojan horse²
viruses from being installed on the computer and is supposed to make illegal
a host of other techniques for spying on a user¹s personal information.

 

³It prohibits them from taking things as basic as your home address, your
first name, your first initial in combination with your last name, your
passwords, any personal identification numbers you have, any biometric
information, any Social Security, tax IDs, drivers licenses, account
balances, overdraft histories ‹ there is a clear prohibition on that,²
Jolley said.

 

Indeed, Sections 4 and 5 of the act specifically forbid anyone from doing so
without the user¹s permission.

 

However, Section 6 of the act says such a prohibition ³shall not apply² to
³telecommunications carrier, cable operator, computer hardware or software
provider or provider of information service² and won¹t apply to those
companies in cases of ³detection or prevention of the unauthorized use of or
fraudulent or other illegal activities.²

 

Which means software companies updating a user¹s software or the cable
company monitoring that user¹s activities on a broadband modem hookup can
turn over that user¹s history of writing hot checks to the district attorney
if the company feels like it, said Rotenberg.

 

³You go back to the old-fashioned wiretap laws,² Rotenberg said. ³There was
an exception to allow telephone companies to listen in on telephone calls.
The theory was that it was necessary to make sure that the service was
working. Part of what¹s going on here is to significantly expand that
exemption to a whole range of companies that might have reason for looking
on your computer. The statute will give them authority to do so. I think
it¹s too broad. I think the users in the end need to be able to allow that
themselves.²

 

Jolley insists his proposed law would not allow Microsoft, Symantec or Cox
Communications to become ³Big Brother.²

 

³The goal of this is not to allow any company to go through and scan your
computer,² Jolley said. ³If they are, it has to be for a specific purpose.
If you don¹t want them doing that, don¹t agree to (the user¹s agreement).²

 

Which means, when a user accepts Microsoft¹s Windows operating system on
that new computer, or Norton AntiVirus, or Apple¹s operating system or a
host of other online-upgradable programs, that user agrees to being watched
by the company.

 

Who on Earth would write such a law? It wasn¹t Jolley, or anyone in
Oklahoma.

 

To read more of ³The Watchers,² pick up a Gazette.

 

 

MOUTHING OFF

³Now we are talking about Microsoft having the freedom to check your
computer for any sort of illegal or fraudulent activity you might be
participating in. Without your knowledge or consent. It is giving up your
rights to privacy.²

 

‹State Rep. Mike Reynolds, R-Oklahoma City, about House Bill 2083. The bill
gives software or online access companies freedom, without liability, to
erase spyware and pirated software from users¹ computers, in addition to
monitoring for fraudulent or illegal activities.