[Infowarrior] - Microsoft's Calling Home Problem: It's a Matter of Informed Consent

Sun Jun 11 19:43:21 EDT 2006

Microsoft's Calling Home Problem: It's a Matter of Informed Consent
Sunday, June 11 2006 @ 11:18 AM EDT
http://www.groklaw.net/article.php?story=20060608002958907

No doubt many of you saw on Slashdot the article "Microsoft Talks Daily With
Your Computer" or in Steven J. Vaughan-Nichols article for eWeek titled, Big
Microsoft Brother, about allegations that Microsoft's Windows Genuine
Advantage validation tool phones home daily to report information to
Microsoft about you on each boot. Lauren Weinstein broke the story on his
blog. Microsoft has now put out a statement, asserting that the Windows
Genuine Advantage tool is not spyware, that they're going to change it some,
and that one thing that distinguishes it from spyware is that they get
consent before installing it. I question the accuracy of the statement.

David Berlind did a fabulous job of discovering that in fact the tool has
two parts, one of which is new, the Notification part, as you can see in his
helpful series of screenshots. First, he explains how the applications
actually work. His research indicated to him that Microsoft asks permission
for only one of the two, but the wrong one. I think it's muddier even than
that, after reading the EULA. Thanks to Berlind's work, I see a legal
problem with consent, which I noticed by reading the EULA. I also see a
problem with the statement Microsoft has issued with regard to what
information it collects. And something in the EULA needs to be explained,
because it doesn't match Microsoft's statement. Let me explain.

Vaughan-Nichols lists the information Microsoft says it is collecting, which
matches the Microsoft statement's list:

    Now, when you use Windows Genuine Advantage for the first time, it
gathers up, Microsoft tell us, and it will grab your PC's XP product key, PC
manufacturer, operating system version, PC BIOS information and user locale
setting and language.

    Nothing at all, Microsoft assures us, that could identify us or what
programs we use, or anything like that. No siree. No chance of that.

Microsoft actually collects more information than that. I have some
additional details I found on Microsoft's own website that I thought you'd
want to know.

Let's look at what Microsoft currently tells customers about the validation
tool and what information it collects:

    Information collected during validation

    Q: What information is collected from my computer?

    A: The genuine validation process will collect information about your
system to determine if your Microsoft software is genuine. This process does
not collect or send any information that can be used to identify you or
contact you. The only information collected in the validation process is:

        * Windows product key
        * PC manufacturer
        * Operating System version
        * PID/SID
        * BIOS information (make, version, date)
        * BIOS MD5 Checksum
        * User locale (language setting for displaying Windows)
        * System locale (language version of the operating system)
        * Office product key (if validating Office)
        * Hard drive serial number

    Q: How does Microsoft use this information?

    A: The information serves three purposes:

        * It provides Web page flow, tailoring the pages you see based on
your responses.

        * It conveys demographics, which help Microsoft to understand
regional differences in Windows or Office usage.

        * It confirms user input. User input is often compared against data
collected from the PC in order to determine whether to grant a user¹s
request for additional access.

I think we can discount those three items as being the purpose behind taking
in our hard drive serial numbers. Microsoft is not checking our hard drive
serial numbers to provide web page flow, convey usage demographics, or
confirm user input, unless they are also perusing the contents of our hard
drives, which they claim they are not. Of course, once they are inside your
computer, there's really nothing much stopping them, if they felt like it.
So why does Microsoft collect information like that and what are they doing
with it? The above statement surely isn't all. They don't need such
information about you as your hard drive's serial number, the company that
built your computer, what language you use, PID/SID, Bios information with
an MD5 checksum, and where you are located to do any of the three things
they say they are doing it for. Obviously, they are checking to know if you
are a pirate, and they should say so straightforwardly. But does Microsoft
need your hard drive serial number to know if you are a pirate? If you
change it, is it any of Microsoft's business? Did they sell you that hard
drive? But my point is, it's not mentioned in the EULA at all, so I don't
see consent having been given. But it gets worse.

Here's part of what Lauren Weinstein wrote about his discovery in his blog
entry on June 5th:

    It appears that even on such systems, the MS tool will now attempt to
contact Microsoft over the Internet *every time you boot*.... The
connections occur even if you do not have Windows "automatic update"
enabled.

    I do not know what data is being sent to MS or is being received during
these connections. I cannot locate any information in the MS descriptions to
indicate that the tool would notify MS each time I booted a valid system. I
fail to see where Microsoft has a "need to know" for this data after a
system's validity has already been established, and there may clearly be
organizations with security concerns regarding the communication of
boot-time information.

    I'll leave it to the spyware experts to make a formal determination as
to whether this behavior actually qualifies the tool as spyware.

Shortly thereafter, he was contacted by Microsoft and so he had a chance to
ask his questions, and he tells what happened next in his blog entry for
June 6:

    Why is the new version of the validity tool trying to communicate with
MS at every boot? The MS officials tell me that at this time the connections
are to provide an emergency "escape" mechanism to allow MS to disable the
validation tool if it were to malfunction....

    I was told that no information is sent from the PC to MS during these
connections in their current modality, though MS does receive IP address and
date/timestamp data relating to systems' booting and continued operations,
which MS would not necessarily otherwise be receiving.

    Apparently these transactions will also occur once a day if systems are
kept booted, though MS intends to ramp that frequency back (initially I
believe to once every two weeks) with an update in the near future. Further
down the line, the connections would be used differently, to provide checks
against the current validation revocation list at intervals (e.g., every 90
days) via MS, even if the user never accessed the Windows Update site
directly. 

Oh, excellent. So they get your ip address too, and date/timestamp data
"relating to systems' booting and continued operations". No way to contact
customers, eh? No information sent? In what way is this not spyware? I am
reminded of what the gentleman from Homeland Security said after the Sony
rootkit was revealed: yes, it's your intellectual property; it's not your
computer. (video.) Again, there is nothing in the EULA that gets your
consent for that information to be collected that I can find.

Microsoft, of course, says it is not spyware, and this is a one of their
statements explaining their point of view, from Berlind's article:

    "Broadly speaking, spyware is deceptive software that is installed on a
user¹s computer without the user¹s consent and has some malicious purpose.
WGA is installed with the consent of the user and seeks only to notify the
user if a proper license is not in place. WGA is not spyware."

Now, as we've already seen, they didn't clearly notify customers that they
were installing something that calls home daily, by their own
acknowledgment. Here's what their website says about the ease of the
validation process:

    Q: Is genuine Windows validation a one-time process?

    A: We¹ve designed validation to be as easy as possible. Validation
itself just takes a moment. The lengthiest part of the process is
downloading the ActiveX control that performs validation. The ActiveX
control is downloaded on the first validation and when a new version is
available from Microsoft. So, while it¹s not a one-time process, it is still
quick and easy.

Aside from breaking out in hives at the thought of having ActiveX running
constantly on my computer, is this a clear description of how often it
checks? Does it even indicate? How often does Microsoft release a new
version? Daily? Weekly?

Microsoft's statement distinguishes between the two tools:

    Q: What information is collected in this check? Is Microsoft collecting
Personally Identifiable Information?

    A: Other than standard server log information, no information is
collected. Unlike validation, which sends system information to Microsoft,
this operation is limited to the download of the new settings file. No
additional information is sent to Microsoft.

    Q: Why were customers not told that their PCs would periodically check
in with Microsoft?

    A: Microsoft strives to maintain the highest standards in our business
conduct and meet our customers' expectations. We concentrated our disclosure
on the critical validation step that would occur when validating through
WGA. Not specifically including information on the periodic check was an
oversight. We believe that being transparent and upfront with our customers
is very important and have updated our FAQ accordingly. We have gone to
great lengths to document any time a Microsoft product connects with
Microsoft servers and will continue to do so. For example, we published a
white paper that covers the topic of connecting with Microsoft Servers in
Windows XP SP2. It is located at
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/intmgmt/downl
oad.mspx 

I understand that to be saying that the validation tool collects information
about the computer, but the new notification tool does not, that it only
checks to see if you should be sent a notice that you are not running
validly licensed software. But if you think about it, that is the same as
saying that it is checking every day on your validation, so the statement on
their website about checking only once and then again when a new system is
released isn't matching this information. And remember what they told
Weinstein: "MS does receive IP address and date/timestamp data relating to
systems' booting and continued operations, which MS would not necessarily
otherwise be receiving."

Berlind was the one who noticed that there are actually two tools, and the
Validation tool never asks consent before installation. The Notification
tool does, but without telling you that what you are downloading will be
calling home daily. The notion of informed consent is that you have to know
what you are saying yes to, and the party asking for your consent has an
obligation to tell you the things you need to know to make an informed
decision. A hospital, for example, can't get your consent to try a new,
untested drug without telling you that it is new, untested, that you are a
guinea pig, and exactly what the risks are and what your choices are. And if
you refuse treatment, it can't force you to take the drug. And your doctor
can't remove your gall bladder while doing surgery on your appendix, just
because he notices a tumor in the gall bladder. Why not? Because that is
battery, if he didn't get your prior consent to remove your gall bladder.
You might wish to treat the tumor a different way, after all. Motive doesn't
matter. There is no, "I was only trying to help" excuse. It's your right to
say yes or no, because it's your body and medicine isn't a field where one
has sufficient certainty to determine in advance if a certain treatment is
or isn't going to work.

What about Microsoft's statement that it isn't spyware because it has no
malicious purpose? First, I don't think spyware has to have a malicious
purpose to be spyware. That's Microsoft's definition, but spyware companies
no doubt would object. And that's also taking Microsoft's word for their
good purposes. We don't actually know what they do with the information.
There's no way to check. Do they store it? I'm sure they must. And let's
face it, "malicious purpose" depends on where you are standing, doesn't it?
Did Sony's rootkit have a malicious purpose? Or was its purpose very much
like Microsoft's here? The "content industry" has gotten so used to waxing
indignant about the harm being done to them by piracy, and getting laws to
suit, that they now, evidently, believe that anything they do to reduce or
prevent piracy is acceptable. It's not. My computer is mine, not
Microsoft's.

But what purpose does Microsoft have? They tell us that their purpose is to
notify the user if a proper license is not in place. Why would the user care
if they are running a validly licensed copy of the software? Does this have
anything at all to do with an "improved" experience for them? I suppose they
care because Microsoft holds back updates unless they agree.

But if you look at the screenshots Berlind took, you'll see something else
that doesn't seem so straightforward. The notice you get to prompt you to
download and install the tools describes it as "updates," not new
installations, which would lead a customer to believe that he already has
the tool on his computer and just needs to tweak it. The Notification part
is labeled "high priority updates", which would lead me to think that I
really needed it to be safe. Microsoft says this is what it's for:

    The Windows Genuine Advantage Notification tool notifies you if your
copy of Windows is not genuine. If your system is found to be non-genuine,
the tool will help you obtain a licensed copy of Windows.

Here's the screenshot Berlind took of what you see if you try to update
without already having the Windows Genuine Advantage tool in place, although
they don't mention it by name at the starting gate, which is devious enough
for me right there. [Update: A reader tells me that Berlind missed a tiny
Details link, which he says would have provided more information. I have
asked him to send me a screenshot.] If you agree, and who wouldn't, given
the description, the next thing you see is your first mention of the
Validation tool, but it is already downloading. That isn't consent, let
alone informed consent.

It is actually a little more complex, as you can see beginning in the
explanation of this screenshot. After you "successfully update" your
computer with the Validator tool, if you click Continue, you get your notice
of another vital update, the Notification tool. Notice you can't uninstall
it, under the terms of the EULA, nor can you "test the software in a live
operating environment unless Microsoft permits you to do so under another
agreement." You do get a notice, very vague, about consent but only after
the Validator tool is already installed, which raises the question of what
happens if you say no? Berlind clicked yes all the way through, so I don't
know because there is no way in the world I would put my computer through
this. Here's part of the language of the "consent":

    Consent for Internet-Based Services. The software feature described
below connects to Microsoft or service provider computer systems over the
Internet. In some cases, you will not receive a separate notice when they
connect. You may switch off this feature or not use it.

Now, I have read a lot of contracts in my time, as part of my job, and I
have no idea what this is saying. Are they saying I can switch off the daily
notification? Or that I don't have to install it in the first place? Or is
it talking about the "in some cases" feature whereby I don't get notice?
Clearly folks have not been getting notices of the daily contact with
Microsoft's servers, so what "services" is Microsoft talking about?

Does the user need to know its license is valid every single day? What is
Microsoft expecting to happen in 24 hours, after it first checks that a
license is in place and valid? And why does Microsoft need to check every
day? Obviously, they don't, because they've said they intend to cut back to
every 14 days, and then, oddly, they say that once the beta test if over --
and that's another issue, Microsoft installing beta software for you to test
for them without making it clear until it is already downloading that it is
"Beta PreRelease" software (see the last Berlind screenshot) -- they will
end the daily phoning home, according to InformationWeek:

    The company plans to change the settings of the application in its next
release, so that it dials in to Microsoft every two weeks, the spokeswoman
said. The call-in feature would be disabled permanently when the program is
generally available worldwide later this year.

That actually worries me even more. Why do they need it now but they won't
once the software is available worldwide? Have they got something even more
effective coming next? Perhaps they will say it's because once it isn't
beta, then they won't need to maybe turn it off. All right. But surely they
don't intend to stop validating, and that's the tool that sends Microsoft
all the personal information about you, so I find their statement
misleading, in that it talks about the notification component, which
doesn't, they claim, send any info about you to them, rather than the
validation part, which certainly does. People aren't just disturbed about
the tool calling home; they are concerned about what the conversation
includes.

That brings me to the problem I see in the EULA. Before I explain, some of
you might like to know how to get rid of it. Here is what the Rob Pegoraro
in the Washington Post says:

    Notifications also looks for new instructions from Microsoft every day.
The company says these daily checks (which it plans to slow to once every 14
days) let it adjust the program's behavior if problems arise. That raises an
alarming point: Notifications is pre-release software, tested without users'
consent.

    Worse yet, Notifications -- unlike other Microsoft updates -- cannot be
uninstalled. (You can, however, erase it by restoring your PC back to its
condition before Notifications' install: From the Start Menu, select All
Programs, then Accessories, then System Tools, then System Restore.)

    Microsoft is out of line here. The Notifications program is not the kind
of critical update that should be installed automatically, much less
excluded from uninstallation. And if people respond to this intrusive
behavior by turning off automatic updates -- thus severing their PCs from
the Microsoft patches they do need -- the already-bad state of Windows
security can only get worse.

Actually it already is worse, because even if you turn off automatic
updates, the notification tool continues to run. So, what about the EULA?
Let's take a look at it. First, as Berlind so ably demonstrates, you are
asked to consent to the notification tool, but not to the validation tool,
which is the part that, according to Microsoft's statement, is the tool that
sends them information about you and your computer. That's a hole in the
consent process right there. That's the same as saying that you never gave
consent for your information to be sent, or only after the fact. You are
presented with this EULA only when you are considering whether to install
the Notification tool. But it's more complicated, because the EULA you are
presented with -- and remember that the notification tool only recently was
offered, as of April 24, according to Microsoft's statement -- describes the
validation tool's actions, at least according to what Microsoft is telling
us. My question is, what was the EULA like before? When did you first see
it? And my next question is, if you say no to the EULA, and you don't
install the Notification tool, have you ever said yes to the Validation
tool? On what terms? Here's Microsoft's description of the two, from the
statement:

    The WGA program consists of two major components, WGA Validation and WGA
Notifications. Validation determines whether the copy of Windows XP
installed on a PC is genuine and licensed. WGA Notifications reminds users
who fail validation that they are not running genuine Windows and directs
them to resources to learn more about the benefits of using genuine Windows
software.

They ask for your consent regarding the notification installation only, but
it seems as if the EULA is intended to cover both tools, in which case they
only ask for consent after the Validation tool is already installed. Here's
what Microsoft says the Notification tool does:

    Recent public discussions about WGA Notifications have raised questions
about its operation. Shortly after logon, WGA Notifications checks whether a
newer settings file is available and downloads the file if one is found. The
settings file provides Microsoft with the ability to update how often
reminders are displayed and to disable the program if necessary during the
test period. This functionality enables Microsoft to respond quickly to
feedback to improve the customer's experience. Unlike validation, which
sends system information to Microsoft, this operation is limited to the
download of the new settings file. No additional information is sent to
Microsoft. There have been some questions on this issue, and Microsoft is
working to more effectively communicate details of this feature to the
public. 

Just telling the truth would work. I think it's obvious no customer wants
this software, Microsoft knows that, and so they tried to finesse it so as
to get customers to agree to install it. And now they've been caught, just
like Sony. Do you remember the time lag after that story broke, before
Microsoft would say anything condemnatory? Now we probably know why.

Berlind notices issues remaining after Microsoft's statement. I would only
add the following about the EULA: it isn't just a matter of timing, of when
you get asked for consent. It's a matter of what you are asked to consent
to. From the EULA:

    This software is a pre-release version of the software intended to
update the technological measures in Windows XP which are designed to
prevent unlicensed use of Windows XP.

    By using the software, you accept these terms. If you do not accept
them, do not use the software. As described below, using some features also
operates as your consent to the transmission of certain standard computer
information for Internet-based services.

So far, so good. They are letting you know that there will be some
transmission of information about your computer sent to Microsoft. They
don't however tell you precisely what they mean by "certain standard
computer information." They describe the process as being done in connection
with services, which implies you are getting something out of it, but you
actually are getting nag screens, which by no stretch of my imagination is a
service I would ask for. Additionally, this EULA first appears when you are
being asked to download the Notification tool. You already have the
Validation tool on your computer without any EULA or request for consent,
and according to Microsoft, the Notification tool doesn't send any
information about you to them. So this part of the EULA must be about the
Validation component, unless they haven't been truthful about what the
Notification tool does.

Let's continue:

    When you install the software on your premises, it will check to make
sure you have a genuine and validly licensed copy of Microsoft Windows XP
(³Windows XP²) installed. If you have a genuine copy of Windows XP, you
receive special benefits, which are listed on the following link:
http://go.microsoft.com/fwlink/?linkid=39157.

    · If the software detects you are not running a genuine copy of Windows
XP, the operation of your computer will not be affected in any way. However,
you will receive a notification and periodic reminders to install a genuine
licensed copy of Windows XP. Automatic Updates will be limited to receiving
only critical security updates.

    · You will not be able to uninstall the software but you can suppress
the reminders through the software icon in the system tray.

The first part of this seems to be talking about the Validation tool,
because it talks about checking to make sure you have a valid copy of the
software, unless the Notification component does that too. But the end part,
about not being able to uninstall it, which part is that talking about? Can
you not uninstall either? Or was the Validation tool you already downloaded
uninstallable too? If so, then you have installed software that you can't
uninstall that does God knows what without being given an opportunity to say
yes or no.

Next comes the Privacy clause:

    PRIVACY NOTICE: The validation process of the software does not identify
you and is used only for the purpose of reporting to you whether or not you
have a genuine copy of Windows XP. The software does not collect or send any
personal information to Microsoft about you. The sole purpose of the
software is to inform you whether or not you have installed a genuine copy
of Windows XP. However, Microsoft may collect and publish aggregated data
about the use of the software.

Now, this is the part I find misleading. Here they say that the validation
process doesn't collect anything about you or send it to Microsoft. But in
fact, they have already told us in their statements and on their website
that in fact the Validation tool does both. Remember the hard drive and the
IP address? So this part of the EULA appears to be talking about the
Notification tool, but it calls it "the validation process" which means
either that the Notification tool has in fact a validation aspect also, or
it means that Microsoft never asked you for your consent to send that
information to them, because this says they don't do so in the validation
process and the software is only for the purpose of notifying you. If this
EULA purports to be for both tools, it is inadequate and inaccurate. The
validation process does collect information about you and it sends it to
Microsoft, and they need to tell us that and get our consent.

So. Where's the information about the Validation tool, which does collect
information about us and does send it to Microsoft? I think it's this part:

    3. INTERNET-BASED SERVICES. Microsoft provides Internet-based services
with the software. It may change or cancel them at any time.

    a. Consent for Internet-Based Services. The software feature described
below connects to Microsoft or service provider computer systems over the
Internet. In some cases, you will not receive a separate notice when they
connect. You may switch off this feature or not use it. For more information
about this feature, see http://go.microsoft.com/fwlink/?LinkId=56310. By
using this feature, you consent to the transmission of this information.
Microsoft does not use the information to identify or contact you.

    i. Computer Information. The software uses Internet protocols, which
sends to Microsoft computer information, such as your Windows XP product
key, PC manufacturer, operating system version, Windows XP product ID, PC
BIOS information, user locale setting, and language version of Windows XP.

    ii. Use of Information. We may use the computer information to improve
our software and services. We may also share it with others, such as
hardware and software vendors. They may use the information to improve how
their products run with Microsoft software.

In reality, the information we have indicates that you can't turn off this
feature. What feature is it you can turn off? Paragraph a is talking about
connecting to Microsoft's servers. You can't turn that off, can you? This is
so unclear that I consider it no notice at all. What is it that you are
agreeing to? It doesn't tell you how often you will be connecting or all of
the information that it turns out is sent. Microsoft, for example, in the
EULA never mentions your hard drive's serial number or your IP address,
unless that is what they mean by standard computer information, in which
case they need to explain how very personal and identifying it actually is.
If that isn't personal, what is?

And in what way is the customer "using" the software or getting a service?
Don't forget that by this point, you already have the Validation tool on
your computer and there is a question as to whether you can uninstall it.
The EULA purports to cover both tools, as far as I can make out, without
ever fully telling you precisely what it is actually doing. There is no
notice of daily calling home on each boot, for example. Next, Microsoft's
EULA lets you know it is beta, but which tool are they talking about? Let's
assume both:

    4. PRE-RELEASE SOFTWARE. This software is a pre-release version. It may
not work the way a final version of the software will. We may change it for
the final, commercial version. We also may not release a commercial version.

Now, it's on your computer, half way already, and apparently you can't
uninstall it, so if Microsoft changes it for a final commercial version,
what happens to you? Do you then have to pay for it? Do you get any choice?
Speaking of which, let's look at clause 6:

    6. Scope of License. The software is licensed, not sold. This agreement
only gives you some rights to use the software. Microsoft reserves all other
rights. Unless applicable law gives you more rights despite this limitation,
you may use the software only as expressly permitted in this agreement. In
doing so, you must comply with any technical limitations in the software
that only allow you to use it in certain ways. You may not

    · disclose the results of any benchmark tests of the software to any
third party without Microsoft¹s prior written approval;

    · work around any technical limitations in the software;

    · reverse engineer, decompile or disassemble the software, except and
only to the extent that applicable law expressly permits, despite this
limitation;

    · make more copies of the software than specified in this agreement or
allowed by applicable law, despite this limitation;

    · publish the software for others to copy;

    · rent, lease or lend the software;

    · transfer the software or this agreement to any third party; or

    · use the software for commercial software hosting services.

You have been given a vision of the future, where software will be a
service, and all you get is a license to use it the way they allow you to
use it. How do you like Microsoft's Brave New World?

Surely they will find a way to check that you are complying with all the
above, so I think it's clear that if you stay with Microsoft products, you
have to agree to share your computer with them, that your privacy will be in
their hands, and that they can control your computer without your say so.
And they won't necessarily tell you clearly what they are doing, judging by
this incident, or perhaps there will be no notice at all, as mentioned in
the EULA. It's not about you buying a product and using it any way you wish.
They let you use their software only within strict limitations they set
which by the way do not conform to your rights under Copyright Law. This is
a license, a kind of contract, whereby you waive rights you would otherwise
have in order to use their software. And you are presented with a EULA at
least one paralegal can't even understand, too late to say no in a
meaningful way.

Is that your only choice? This unintentionally funny article "Windows
anti-piracy program causes shock for doing its job," says Microsoft has been
"pretty upfront about the WGA program," and if we don't like it, we should
switch to Linux. That's a very good idea. You could use GPL software
instead. It doesn't care how you use it. Share it, lend it, rent it, install
it on as many computers as you wish, write about it, test it, transfer it to
a third party, work around any technical limitations of the software,
improve it, personalize it to make it do what you want it to do, and use it
for commercial services. Do all of the above and you still haven't violated
the software license, and by the way, the software is yours. You own it. No
one has a need or even a right to check to see if you are using it properly
or if you have the right license or if you swapped in a new hard drive or
where you live or what your IP address is. Think about it. And then ask 
yourself, which do I prefer?

The world is at a crossroads, where for the first time there really is a 
choice. You don't have to accept Microsoft's demeaning and insulting EULA 
terms. If you are a business, do you want Microsoft having free access to 
your computer? If you are a government? I'm just an individual, and I don't.

If you wish to remove the Windows Genuine Advantaage tools, and I expect 
most of you do, why not go the whole hog and remove the entire software 
package, replace it with GNU/Linux, and find out what it feels like to be 
treated with respect and to breathe free?