Canadian Chamber Of Commerce Wants To Legalize Spyware Rootkits To Help Stop 'Illegal' Activity
from the this-is-a-bad-idea dept
As a whole bunch of folks have been sending in, up in Canada, as part of a discussion on anti-spam laws, the Canadian Chamber of Commerce is proposing a very troubling idea: allowing rootkit spyware to be installed surreptitiously for the purpose of stopping illegal activity. As Geist notes, the last time this battle was fought, it was fresh on the heels of the Sony rootkit debacle, so there wasn’t much support for these concepts. But, with a few years distance, the industry groups are trying again. Specifically they either want to remove language that prevents the surreptitious installation of spyware — or they want specific exemptions. For example, in the case of the following, they argue spyware should be allowed:
a program that is installed by or on behalf of a person to prevent, detect, investigate, or terminate activities that the person reasonably believes (i) present a risk or threatens the security, privacy, or unauthorized or fraudulent use, of a computer system, telecommunications facility, or network, or (ii) involves the contravention of any law of Canada, of a province or municipality of Canada or of a foreign state;
Basically, as long as you claim that you’re going after someone for breaking the law, surreptitious installs are allowed. Geist points out the obvious: copyright holders will salivate over this.
This provision would effectively legalize spyware in Canada on behalf of these industry groups. The potential scope of coverage is breathtaking: a software program secretly installed by an entertainment software company designed to detect or investigate alleged copyright infringement would be covered by this exception. This exception could potentially cover programs designed to block access to certain websites (preventing the contravention of a law as would have been the case with SOPA), attempts to access wireless networks without authorization, or even keylogger programs tracking unsuspecting users (detection and investigation). Ensuring compliance with the law is important, but envisioning private enforcement through spyware without the involvement of courts, lawful authorities, and due process should be a non-starter.
If this works in Canada, expect to see similar provisions start popping up elsewhere around the world in short order.
Filed Under: canada, copyright, rootkits, spyware
Companies: canadian chamber of commerce
Comments on “Canadian Chamber Of Commerce Wants To Legalize Spyware Rootkits To Help Stop 'Illegal' Activity”
Interestingly enough...
You can turn this right around and claim that the CEOs and Content Cartels are breaking the law and put spyware on THEIR computers.
How fast will the law get revoked when that comes to light?
Re: Interestingly enough...
it won’t, you’ll be in jail anyway. silly people, don’t you understand that justice is only for those who can afford it yet?
Re: Re: Interestingly enough...
I believe the proper wording is “Everyone is entitled to as much justice as they can afford.”
Re: Interestingly enough...
“… they argue spyware should be allowed … to prevent, detect, investigate, or terminate activities that the person reasonably believes … threatens … privacy”
Content cartel installs spyware onto my computer, which threatens my privacy. I therefore get to install spyware on the suspected intruder’s computer to see what they’re up to.
Re: Re: Interestingly enough...
Even better. You don’t have to stop at spyware. You could legally install software to terminate their activities.
Re: Re: Interestingly enough...
http://www.youtube.com/watch?v=Iw3G80bplTg
Yes, right, open up more and more security holes and see zombie botnets fck up you as it backlashes in a very entertaining way.
If this passes I for one will completely halt any and all acquisitions of any official content to be sure my machine will not be punctured into a Swiss cheese.
In trying to stop piracy they are driving people away from buying. Way to go.
Re: Re:
Yeah that really does remove the only big reason not to pirate doesn’t it?
You know if you go to the store and buy a copy that your relatively safe in assuming their is no extra code hanging around. That is a huge advantage over pirating content.
Now they are going to make it so that pirating is even SAFER than buying? What genius thought this plan up?
Re: Re: Re:
Also thought I should point out that ONCE AGAIN they prove that all DRM does is hurt your actual customers. The pirate copies will have the spyware removed.
Re: Re: Re:
Yes, that. If I’m at risk of getting infected either buying the original or pirating I’ll go for the option that saves me money.
Indeed a tremendous idiocy.
Re: Re: Re: Re:
And I thought one of the reasons to avoid piracy was to keep your computer clean.
Re: Re: Re:2 Re:
Not for the wise ones 😉
Re: Re: Re:
“You know if you go to the store and buy a copy that your relatively safe in assuming their is no extra code hanging around”
Did you sleep through the Sony RootKit debacle or what? They were installing rootkits on peoples’ machines through legitimately purchased disks, the toxic software was coming from the manufacturer, not pirated content.
Re: Re: Actually, that is what Sony did
Sony actually installed the root kits on people’s PCs from LEGALLY PURCHASED items, so no, the pirated software / music would be “safer”.
Re: Re:
It’s amazing how they think that it’s perfectly fine to invade other people’s privacy for the sake of their precious copyright, treating the public as would-be criminals. They’d better realize that we’re not their subjects.
Learning at their usual rate, I see.
Big face palm.
The one problem is that rootkits could, and would, ultimately be detected by anti-virus software makers, and updates to the programs to remove them would be pushed out.
Re: Re:
Not if there is a tsunami of new rootkits.
Re: Re:
I don’t know of any antivirus software that can detect, let alone remove, a rootkit.
Re: Re: Re:
F-Secure has a good one, at least as far as detection goes. Some of the initial testing of it is what started the whole Sony fiasco.
Removal is an entirely different ball of wax. If your system has been penetrated at the level of a modern rootkit, you simply can’t trust it any longer, so removal is moot.
This can’t be legal by forcing rootkits on people.
Re: this can't be legal ...
At the time the Sony rootkit came to light, the Canadian government in extracting its settlement with Sony made them promise to never do it again or they would open Sony up to tens, if not hundreds, of thousands of individual lawsuits.
In the USA, however, Sony fought tooth and nail to keep “promise not to do it again” provision out of the FTC settlement. … So, in the USA, there is nothing to prevent Sony or anyone else from installing a rootkit on your PC.
Maybe US Attorney Carmen Ortiz should go after the chairman at Sony like she did with Aaron Schwartz.
Re: Re: this can't be legal ...
Yes there is. The CFAA. You’d think Ortiz would be all over this, except that unlike the Swartz case, this would be using the law for the purpose it was intended, so I’m sure she wouldn’t be interested.
Re: Re: this can't be legal ...
If she did, they would destroy her career and she would commit suicide.
Wow, so can I propagate and install my own rootkit now?
They argue for:
So if I believe that someone may be making unauthorized copies of photographs of my cat, I can install a rootkit on all PCs in Canada?
Cool!
Re: How can this be (ab)used? Let me count the ways.
Suppose you are an artist and you think that your record really is profitable, but that you are being defrauded, can you install a rootkit onto the PCs of all record company execs and other persons, in order to investigate?
Suppose you reasonably believe that the music industry is installing rootkits onto computers without having reasonable belief of [laundry list of bad things], then can you install a rootkit onto their computers?
Suppose you reasonably believe your government officials are bought and paided for pawns of the music and movie industry. Can you install rootkits onto the computers of the industry and officials in order to investigate?
Re: Wow, so can I propagate and install my own rootkit now?
You have to hold the copyright to the photo of your cat. If the photo was made by a rootkit you are out of luck.
Re: Wow, so can I propagate and install my own rootkit now?
“So if I believe that someone may be making unauthorized copies of photographs of my cat, I can install a rootkit on all PCs in Canada?”
You don’t even have to believe that much. You just have to believe that those hypothetical unauthorized copies would be illegal.
Re: Wow, so can I propagate and install my own rootkit now?
“So if I believe that someone may be making unauthorized copies of photographs of my cat, I can install a rootkit on all PCs in Canada?”
Yes but your rootkit is in itself a threat to canadian privacy and may or may not be exploited as botnet. Which gives probable reason to ‘investigate’ every canadian PC with spyware.
I honestly can’t tell if the recursive nature of this law is intended or not… If it is I’ll tip my hat at whatever entity came up with this specific wording. If not intended it’s worthy of a double facepalm. And In any case, I’ll grab some popcorn and watch the resulting cyber war since this effectively turns their country into a international cybarwar shooting range.
and given the stupid nature of how the government usually behaves in the UK, it will be one of the first to follow. that would be after the US, that is!
once this road is gone down, what would the next one be designed to do? who would install it and on which machines? who would know it was there? who could distinguish between the ‘official’ one and the non-official’ one? what privacy would people have left?
Re: Re:
that bios thing is already fucked up.
I am speechless as to the utter stupidity this is. Legalizing rootkits? For real?
Re: Re:
There is only one clear and obvious solution to this. Declare war on Canada.
Canada would be condoning piracy and spying by making themselves allies with the corporate hackers. This sort of hacking is a form of terrorism deserving only the most stringent response by our military. Drone attacks for the corporate presidents, lawyers and lobbyists who should all become rapidly unpopular with the Canadian parliament.
I can see it now, Canadian ISPs hurriedly providing more upload capacity as PC’s send the entire contents of their discs to every record label, every Hollywood studio, and every government.
/s
Re: Re:
Don’t forget to set a low quota on each user account so the ISP’s can charge you extra for the data usage.
Hmm, I wonder if that would encourage the ISP’s to cooperate with rights holders to find any indication of trouble so more people will get the rootkit installed?
Re: Re: Re:
Could the rights holders be sued for stealing the users data quota?
Oh please bring this on.
The coding will be laughably easy to decompile (10 bucks says their C&C will be a hard-coded static IP on port 80); and the effort will introduce another generation of computer users into the psychotic effects of copyright.
And the war on general purpose computing continues.
or (ii) involves the contravention of any law of Canada, of a province or municipality of Canada or of a foreign state;
So if this passes, all you would need to do is get some country with a corrupt government, besides the US, to pass a law saying it’s illegal to Rip a legal CD to your computer to listen to on a media player, and if I’m reading this right, that’s all they would need to put the rootkit on someones computer. “He’s got an iphone, maybe he copied some of his CD’s, better stop him.”
That could get out of control so fast it isn’t funny. dictators would be falling all over themselves to sell access to their law making process.
Re: Re:
What’s the IP for the Canadian Chamber of Commerce? I have reason to believe they do not properly honor and respect the Glorious Leader of Best Korea.
Obvious Flaw
Pirated MP3s won’t be installing any rootkits.
Guess buying retail is for suckers.
I keep waiting for the story to break where someone in on the conspiracy lets the rest of us know that this is really just a plot to cause the younger generation extra work.
“Hahahaha look at all the dumb things we enacted that you have to deal with. Enjoy!”
I’m starting to fear that they really believe their own BS…
Re: Re:
It’s a plot to kill modern technology.
The internet is a huge threat to the media industry publishers since it would allow artists to self-publish easily.
The media industry is trying to make use of that technology as difficult and risky as possible so that people will be dissuaded from using it. They truly believe they can accomplish this. And once this happens, they think people will not be interested in buying music and movies online directly from the artists and will go back to the store to buy CDs made by them (the publishers).
Are they fucking stupid?
Oh sure, let’s legalize spyware. That will fucking end well. You know, I won’t be surprised if they fall victim to spyware and they decide “you know, maybe this is a bad idea” and rebuke it.
Your hard drive is the only thing in computing the gov cannot yet spy on. They aim to change that.
The only surprising thing is that it wasn’t the US or another corrupt government that came up with it first.
Re: Re:
Oh, they did. The US has a history of installing backdoors and spyware that stretches back a long time. The difference is that the US doesn’t admit it by trying to make a law saying they can.
Who, what and why?
The really idiotic part of this is that the way it is written, anyone for any reason can install a rootkit and start collecting unspecified data. Sure, there is the BS about “suspicion”, but that’s a pretty low bar.
The unwritten part is that the only ones permitted to do this legally will be the content monopolies and, of course, the government(s).
Assuming this sees the light of day, I can’t wait for clever citizens to figure out how to intercept, isolate and decrypt the data being collected and start publishing the embarrassing habits of government officials and industry executives.
Such a dumb law
“a program that is installed by or on behalf of a person to prevent, detect, investigate, or terminate activities that the person reasonably believes (i) present a risk or threatens the security, privacy, or unauthorized or fraudulent use, of a computer system, “
But if someone installs a spyware program on MY computer, that by definition involves the security, privacy, and unauthorized use of MY system. So I would be automatically able to do the same to them.
“or (ii) involves the contravention of any law of Canada, of a province or municipality of Canada or of a foreign state; “
Seriously? FOREIGN laws? If Iran declares websites on Christianity to be illegal, then anyone can hack any computer in Canada relating to a Christian website? If some third world country declares computers to be illegal, then anyone can hack any computer in Canada?
Anyway, this is a HORRIBLE law. This is akin to allowing anyone to break into my storage locker if they think I have something of theirs, or something illegal. You know what you’re supposed to if you think someone has something of yours, or is breaking the law? You CALL THE POLICE and have THEM investigate. If there’s evidence, they can get a warrant. You don’t take some bolt cutters and rummage through my stuff yourself.
Safeguards
And if they’re going to go through with this no matter how horrible it is, how about some safeguards:
A requirement that the police or some authorized agency be notified of each install of the spyware. This is needed to enforce the other safeguards:
A time limit of 30-60 days, after which the program must be uninstalled and the person NOTIFIED that they were subject to this. In extraordinary circumstances a single extension may be applied for. You cannot simply install it and leave it on forever. This notification may discourage frivolous use of the spyware, and is also necessary to enforce the last point:
Strict liability on the installer for all costs involved. Including any damages from third-party hackers that may have used the hole the program opened. And including any costs in uninstalling the spyware, and any costs incurred if the user noticed something wrong and attempted to do something to fix it – for example, by buying more memory, or even a new computer. And including the costs of any loss of processor time, network lag, additional bandwidth costs, additional electricity costs, and additional cooling costs caused by the extra program running. If a business lost a sale because the system was running slow due to spyware running, the spyware installer should be liable.
And hey, while I’m at it, how about this only gets done by police with a warrant? No? Well, I had to try.
Where's the memo?
Is it April 1st in Canada and I didn’t get the memo?
sure, go ahead
I’ll let you do it on two conditions:
1. You provide the computer. You can install all the rootkits, spyware, etc you want on it. Drop it off at my place, activate it, do whatever you need. After you leave, I’ll put it on my neighbor’s WiFi and stick it in a closet. Then I’ll start using my own legally-bought computer to do whatever the hell I want.
2. As your own proposal says:
a program that is installed by or on behalf of a person to prevent, detect, investigate, or terminate activities that the person reasonably believes (i) present a risk or threatens the security, privacy, or unauthorized or fraudulent use, of a computer system, telecommunications facility, or network, or (ii) involves the contravention of any law of Canada, of a province or municipality of Canada or of a foreign state;
You have to hire a real person to make these decisions. No automated filters, no robots, no software of any kind. A real live person. You can pay them $50,000 a year to watch a live feed of the screen of the computer you provided to me, 24/7/365. After all, piracy never sleeps!
They are fools to think this could never backfire on them. All this is going to is give hackers a open door to abuse countless systems.
Hackers don’t even have to worry about making a new virus since it’s safe to assume if it was government sponsor the major av players will be asked to not detect anything made by them.
Now you have free reign over all those computers.
You have a endless amount of time to do what you please since there is no risk of it being detected.
You don’t have to spend big bucks on new exploits.
Re: Re:
Think is, they don’t care about effectiveness or whether or not it backfires. It’s not about the specific laws, they just need more laws under their control in as many countries as they can get.
They are trying to
1) Make laws more IP Maximalist for general corruption purposes
2) Hype the whole piracy is the apocalypse thing they’ve got going on
3) Establish more control over other countries laws.
Once they have established the control and the hype, it’s easier to change things how they want later. They will take this step, they say “oh nos, piracy is so strong it’s not enough” and rachet it up a little worse, and repeat until they can’t figure out how to change the law to get any more of our money without earning it anymore.
Competing rootkits
Of course, removing rootkits is already illegal in Canada. All the rootkit authors need to do is declare that the rootkit is a Technological Protection Measure for their content, and it is automatically protected by the recently enacted copyright legislation (formerly Bill C-11).
There will need to be a central registry of rootkits and citizens whose computers have been rooted. Canada has lots of experience in that field, e.g. the gun registry.
Rootkits will need to be designed carefully to avoid collisions between competing rootkits. We’ll need an industry rootkit consortium, and a rootkit standards body.
If the law allows for only one rootkit on one PC then the government can initiate an auction to determine which “interested party” gets to put their rootkit on which PCs. This could be a revenue generator for the government.
Of course, there will be a new federal department, Rootkits Canada. Think of the civil service employment opportunities!
We can have rootkit lobbyists. Politicians can run on the Rootkit Platform. They can join Rootkit Party of Canada (who will probably be in opposition to the Pirate Party of Canada).
Exciting times ahead…
–Bob.
Wait, it's worse than I thought,
The way it is worded, it would be legal to install a program to detect activities that you reasonably believe to present a risk or are illegal. It does not say that you need to reasonably believe that the computer you are installing it on is actually USED for those activities – only that those activities would be harmful or illegal.
So, I’m going to install a rootkit keylogger on every computer in Canada. This will allow me to find people who type the word “murder”. Or “jaywalking”.
CCC rootkit
The CCC can’t make laws,but they can lobby for them. Rootkits are 2 way street,if you have one on your HD ,it’s very simple to find the 1st level ,with that info you send back DSD -this will send SDH on a ramp (have ip track V np to watch how this plays out)The tech at the server end will have to pull HD ,or risk a fire. Brings a whole new meaning to Sk 🙂 you may get a call from your isp ,just tell them someone put a RK on your HD an your trying to get it off.
False Positives?
And how would such a program ever accurately tell someone has or is infringing? As time goes on and people collect more digital data from a dizzying array of sources how could any piece of software determine a “legal” file or resource from an “illegal” one?
I have been ripping MP3s and DVDs for personal streaming since the technologies were available. Further as a computer professional I have tons of software from multiple vendors with all kinds of different licenses (retail, volume, corporate, shared keys, etc).
It seems to me that the first people that would get in trouble with such spyware would not be actual pirates (and the criminality of piracy is HIGHLY questionable as it is) but rather digital pack-rats and professionals that may have more on their system (and a larger variety of esoteric types) than your average home user. I don’t pirate and everything I have and do is acquired legally. I am glad this is only in Canada for now, I really don’t want to worry about a software download potentially sending me through the legal ringer for a 8 year old MP3 I haven’t listened to in ages and ripped myself anyway.
Bob, Average_Joe, et al…this is why I’m anti-copyright. The biggest supporters of copyright in the world want to spy on my every move. That is too high a price to pay for copyright.
Re: Re:
You’ll notice that they never comment on articles like this one. I think it’s fair to link bob to this page every time he claims that the odds are against copyright holders.
funny how whatever excuses they attach to these ‘laws’ they are really always only about protecting the entertainment industries. when are politicians and governments actually going to wise up to what is happening here and stop this practice? who else consistently demands more and more protection without doing anything for themselves except use the bought politicians and law enforcement agencies to shut down, close up and lock up competition? wankers!!
Better idea
Ok, this is a dumb idea that will never work because people will just either avoid buying the content or find a way to uninstall it.
Here is a better idea, just build a rootkit into the BIOS of every computer, smartphone, and tablet. If you don’t have said rootkit, the device won’t boot.
These idiots at the media companies are doing a piss-poor job at being evil.
Re: Better idea
They have already been trying to do just that, but so far the companies that make those devices have been much more resistent to corruption than they are used to dealing with. Their next step will probably be to make it illegal for the tech companies to refuse what they demand.
Re: Better idea
I think that’s called Secure Boot.
Re: Re: Better idea
TPM to be exact.
Not only am I very Anti-Government but I am also very Anti-Copyright/Patent Abuse.
Simple Fact:
I hate the USA Government even more than Canada Government.Our US Government is a disgusting smelly piece of dog poop.
And here they’ve been trying to make you believe that “hackers” are the enemy.
Sure, they can install spyware on my PC..Oh, that’s right, I OWN my PC. GUess I’ll rent it out then. How does $5000/day sound?
If they want to install software on PC like this, the PC better be free, since it’s not my PC anymore if this infection is on there.
I also have the right to buy a computer from the store, wipe it completely clean, and install what I want on it, as it’s my computer, not theirs.
Let’s see if he likes a spyware rootkit installed on his computer.
He will have to make ‘open source’ illegal first.
Wrong!
Here, I’ll fix it for you:
Expect to see similar provisions start popping up elsewhere around the world in short order.
Another reason why Auto-Run was the single most stupid thing ever put into Windows.
Beyond Stupid
This is just beyond stupid, if they start doing this, they’re going to GUARANTEE a big market for piracy. The main reason I hacked my PS3 is because they put a rootkit update out, before that I was a good li’l boy and didn’t mod it at all. This is disgusting.
Quote:
Is not even Christmas and they want to give Aanonymous and all hackers a gift?
Guns for hire prepare, musicians, actors, florists, and corn farmers will be hiring you to install and maintain spyware in the computers of the RIAA, MPAA, IFPI and others because you know they sure have reasonable belief that they are getting the shaft somehow LoL
Anonymous rejoice hacking computer networks could become fair game in Canada, and if they try to backpaddle we all know how to make a stink out of it.
46dcead317fe45d80923eb97e4956410d4cdb2c2
I’m STILL waiting on Sony to pay the bill to repair the PC of mine they trashed with that (bleeping) rootkit. Now if I find one from Canada, I might just declare open warfare on them.
I thought the US used Australia and New Zealand to push out insane new laws, they could point to as an example of why they should adopt the new law.
Didn’t Sony try this already?? Seems they failed miserably…
“a program that is installed by or on behalf of a person to prevent, detect, investigate, or terminate activities that the person reasonably believes (i) present a risk or threatens the security, privacy, or unauthorized or fraudulent use, of a computer system, telecommunications facility, or network,”
So, let me get this straight. This law would allow me write and install spyware rootkits on the machines of people who write spyware rootkits to install on my computer, because I’m targeting those who present a security risk to my computer? I’m game, bring it on bitches.
By opinion of one member of the public, this is illegal
The religious people against Jesus were spy's
The religious people against Jesus were spy’s spying on Jesus trying to find fault in him. The Canadian Chamber Of Commerce acts exactly like the corrupt people against God in the flesh. Why do people want to be like the enemy of Jesus?
One-Way
How much you want to bet that this will only work one way: Big Copy gets to spy on you, but you don’t get to spy on Big Copy. If you get caught hacking into Copy’s servers to install spyware to “ensure they?re not violating the law”, you get sent to the Canadian equivalent of federal ass-rapin’ prison, but they’ll get to hack your computer whenever they feel like it.
Violence is legal when committed by police
No No No You all don’t get it. It does NOT mean YOU or any individual will be able to use this law. It’s only for THEM to use it against you. Here’s the scenario – You are accused of a crime – the police come, they assault you, they kidnap you and they put you in jail. New evidence is found you are cleared and found to be innocent. Does anyone then go and arrest the policemen that assaulted you, kidnapped you and then falsely imprisoned you? No of course not – they were only doing their job – right – right that’s what the concentration camp guard said. The Stones were right ‘all police are criminals’. It’s a requirement of their job – they believe in violence. Similarly the powers that be – the MPAA etc or their lackeys will be the ONLY people installing root kits.
Computer Fraud and Abuse Act.
In the United States, the concept of amending the Computer Fraud and Abuse Act (an act that has been in the news lately) to allow counter-hacking to protect one’s property has been the subject of debate. In addition, remember that in 2001, the some copyright owners’ organizations drafted an amendment to the CFAA that was proposed to be attached to the USA Patriot Act to allow a copyright owner to hack computers where unauthorized copies of the owner’s works might be found. The proposed amendment would have created an exception to the CFAA to allow hacking by copyright owners (pragmatically, a limitless universe of people)to search and disable the unauthorized use of copyrighted works. It also included a provision that limited the hackers’ liability if unintentional collateral damage was done to a user’s computer in the process.