[news=http://img424.imageshack.us/img424/240/untitled18iv1wo.png]It’s supposed to protect you from predators spying on your computer habits, but a bill Microsoft Corp. helped write for Oklahoma will open your personal information to warrantless searches, according to a computer privacy expert and a state representative.
Called the “Computer Spyware Protection Act,” House Bill 2083 would create fines of up to a million dollars for anyone using viruses or surreptitious computer techniques to break on to someone’s computer without that person’s knowledge and acceptance, according to the bill’s state Senate author, Clark Jolley.
“The bill has a clear prohibition on anything going in without your permission. You have to grant permission,” said Jolley, R-Edmond. “You can look at your license agreement. It will say whether they have the ability to take that information or not.”
But therein lies the catch.
If you click that “accept” button on the routine user’s agreement, the proposed law would allow any company from whom you bought upgradable software the freedom to come onto your computer for “detection or prevention of the unauthorized use of or fraudulent or other illegal activities in connection with a network, service, or computer software, including scanning for and removing computer software prescribed under this act.”
That means that Microsoft (or another company with such software) can erase spyware or viruses. But if you have, say, a pirated copy of Excel — Microsoft (or companies with similar software) can erase it, or anything else they want to erase, and not be held liable for it. Additionally, that phrase “fraudulent or other illegal activities” means they can:
—Let the local district attorney know that you wrote a hot check last month.
—Let the attorney general know that you play online poker.
—Let the tax commission know you bought cartons of cigarettes and didn’t pay the state tax on them.
—Read anything on your hard drive, such as your name, home address, personal identification code, passwords, Social Security number … etc., etc., etc.
“I think in broad terms that is still a form of spying,” said Marc Rotenberg, attorney and executive director of the Electronic Privacy Information Center in Washington, D.C. “Some people say, ‘Well, it’s justified.’ I’m not so clear that should be the case. Particularly if the reason you are passing legislation is to cover that activity.”
The bill is scheduled to go back before the House for another vote. Will the Oklahoma House, on behalf of all computer users in the state of Oklahoma, click “accept”?
Where did you go yesterday?
Computer users first accepted updates when anti-virus makers, such as Symantec Corp. or McAfee, began back in the Nineties offering regular updates in an attempt to stay current with the alarming number of viruses introduced over the Internet. This was followed by Windows ME and 2000 allowing updates to their programs via downloads. By the time Windows XP came out, regular online updates became part of the product one purchased.
At around the same time, the Napster phenomenon pushed music corporations, courts and lawmakers into taking action against online file sharing of music. Hip, computer-savvy listeners traded pirated MP3 recordings beyond count, leading to action by the music industry to go on a search and destroy mission against the online music traders, even in Oklahoma. In 2000, Oklahoma State University police seized a student’s computer containing thousands of downloaded songs after he was traced by a recording industry group.
Anti-spyware bill author Jolley said that’s what people like the OSU student get for sharing their information online.
“You have to look at the other side of that issue,” Jolley said. “When they agreed to put their files online, they literally agreed to allow people to come on their computers and search the files online. On a P-to-P (peer-to-peer) network, you are inviting other people to see what you have. That’s a risk you run by participating in file share.”
Jolley said his spyware bill is supposed to stop “phishers” from stealing one’s identity off of one’s computer, is supposed to stop “Trojan horse” viruses from being installed on the computer and is supposed to make illegal a host of other techniques for spying on a user’s personal information.
“It prohibits them from taking things as basic as your home address, your first name, your first initial in combination with your last name, your passwords, any personal identification numbers you have, any biometric information, any Social Security, tax IDs, drivers licenses, account balances, overdraft histories — there is a clear prohibition on that,” Jolley said.
Indeed, Sections 4 and 5 of the act specifically forbid anyone from doing so without the user’s permission.
However, Section 6 of the act says such a prohibition “shall not apply” to “telecommunications carrier, cable operator, computer hardware or software provider or provider of information service” and won’t apply to those companies in cases of “detection or prevention of the unauthorized use of or fraudulent or other illegal activities.”
Which means software companies updating a user’s software or the cable company monitoring that user’s activities on a broadband modem hookup can turn over that user’s history of writing hot checks to the district attorney if the company feels like it, said Rotenberg.
“You go back to the old-fashioned wiretap laws,” Rotenberg said. “There was an exception to allow telephone companies to listen in on telephone calls. The theory was that it was necessary to make sure that the service was working. Part of what’s going on here is to significantly expand that exemption to a whole range of companies that might have reason for looking on your computer. The statute will give them authority to do so. I think it’s too broad. I think the users in the end need to be able to allow that themselves.”
Jolley insists his proposed law would not allow Microsoft, Symantec or Cox Communications to become “Big Brother.”
“The goal of this is not to allow any company to go through and scan your computer,” Jolley said. “If they are, it has to be for a specific purpose. If you don’t want them doing that, don’t agree to (the user’s agreement).”
Which means, when a user accepts Microsoft’s Windows operating system on that new computer, or Norton AntiVirus, or Apple’s operating system or a host of other online-upgradable programs, that user agrees to being watched by the company.
Who on Earth would write such a law? It wasn’t Jolley, or anyone in Oklahoma.