Canadian Chamber Of Commerce Wants To Legalize Spyware Rootkits To Help Stop 'Illegal' Activity

from the this-is-a-bad-idea dept

As a whole bunch of folks have been sending in, up in Canada, as part of a discussion on anti-spam laws, the Canadian Chamber of Commerce is proposing a very troubling idea: allowing rootkit spyware to be installed surreptitiously for the purpose of stopping illegal activity. As Geist notes, the last time this battle was fought, it was fresh on the heels of the Sony rootkit debacle, so there wasn’t much support for these concepts. But, with a few years distance, the industry groups are trying again. Specifically they either want to remove language that prevents the surreptitious installation of spyware — or they want specific exemptions. For example, in the case of the following, they argue spyware should be allowed:

a program that is installed by or on behalf of a person to prevent, detect, investigate, or terminate activities that the person reasonably believes (i) present a risk or threatens the security, privacy, or unauthorized or fraudulent use, of a computer system, telecommunications facility, or network, or (ii) involves the contravention of any law of Canada, of a province or municipality of Canada or of a foreign state;

Basically, as long as you claim that you’re going after someone for breaking the law, surreptitious installs are allowed. Geist points out the obvious: copyright holders will salivate over this.

This provision would effectively legalize spyware in Canada on behalf of these industry groups. The potential scope of coverage is breathtaking: a software program secretly installed by an entertainment software company designed to detect or investigate alleged copyright infringement would be covered by this exception. This exception could potentially cover programs designed to block access to certain websites (preventing the contravention of a law as would have been the case with SOPA), attempts to access wireless networks without authorization, or even keylogger programs tracking unsuspecting users (detection and investigation). Ensuring compliance with the law is important, but envisioning private enforcement through spyware without the involvement of courts, lawful authorities, and due process should be a non-starter.

If this works in Canada, expect to see similar provisions start popping up elsewhere around the world in short order.

Filed Under: , , ,
Companies: canadian chamber of commerce

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Canadian Chamber Of Commerce Wants To Legalize Spyware Rootkits To Help Stop 'Illegal' Activity”

Subscribe: RSS Leave a comment
82 Comments
Anonymous Coward says:

Re: Interestingly enough...

“… they argue spyware should be allowed … to prevent, detect, investigate, or terminate activities that the person reasonably believes … threatens … privacy”

Content cartel installs spyware onto my computer, which threatens my privacy. I therefore get to install spyware on the suspected intruder’s computer to see what they’re up to.

Ninja (profile) says:

Yes, right, open up more and more security holes and see zombie botnets fck up you as it backlashes in a very entertaining way.

If this passes I for one will completely halt any and all acquisitions of any official content to be sure my machine will not be punctured into a Swiss cheese.

In trying to stop piracy they are driving people away from buying. Way to go.

Machin Shin (profile) says:

Re: Re:

Yeah that really does remove the only big reason not to pirate doesn’t it?

You know if you go to the store and buy a copy that your relatively safe in assuming their is no extra code hanging around. That is a huge advantage over pirating content.

Now they are going to make it so that pirating is even SAFER than buying? What genius thought this plan up?

ldne says:

Re: Re: Re:

“You know if you go to the store and buy a copy that your relatively safe in assuming their is no extra code hanging around”
Did you sleep through the Sony RootKit debacle or what? They were installing rootkits on peoples’ machines through legitimately purchased disks, the toxic software was coming from the manufacturer, not pirated content.

Rex Karz (profile) says:

Re: this can't be legal ...

At the time the Sony rootkit came to light, the Canadian government in extracting its settlement with Sony made them promise to never do it again or they would open Sony up to tens, if not hundreds, of thousands of individual lawsuits.

In the USA, however, Sony fought tooth and nail to keep “promise not to do it again” provision out of the FTC settlement. … So, in the USA, there is nothing to prevent Sony or anyone else from installing a rootkit on your PC.

Maybe US Attorney Carmen Ortiz should go after the chairman at Sony like she did with Aaron Schwartz.

John Fenderson (profile) says:

Re: Re: this can't be legal ...

So, in the USA, there is nothing to prevent Sony or anyone else from installing a rootkit on your PC.

Yes there is. The CFAA. You’d think Ortiz would be all over this, except that unlike the Swartz case, this would be using the law for the purpose it was intended, so I’m sure she wouldn’t be interested.

DannyB (profile) says:

Wow, so can I propagate and install my own rootkit now?

They argue for:

a program that is installed by or on behalf of a person to prevent, detect, investigate, or terminate activities that the person reasonably believes (i) present a risk or threatens the security, privacy, or unauthorized or fraudulent use, of a computer system, telecommunications facility, or network, or (ii) involves the contravention of any law of Canada, of a province or municipality of Canada or of a foreign state;

So if I believe that someone may be making unauthorized copies of photographs of my cat, I can install a rootkit on all PCs in Canada?

Cool!

DannyB (profile) says:

Re: How can this be (ab)used? Let me count the ways.

Suppose you are an artist and you think that your record really is profitable, but that you are being defrauded, can you install a rootkit onto the PCs of all record company execs and other persons, in order to investigate?

Suppose you reasonably believe that the music industry is installing rootkits onto computers without having reasonable belief of [laundry list of bad things], then can you install a rootkit onto their computers?

Suppose you reasonably believe your government officials are bought and paided for pawns of the music and movie industry. Can you install rootkits onto the computers of the industry and officials in order to investigate?

Anonymous Coward says:

Re: Wow, so can I propagate and install my own rootkit now?

“So if I believe that someone may be making unauthorized copies of photographs of my cat, I can install a rootkit on all PCs in Canada?”

You don’t even have to believe that much. You just have to believe that those hypothetical unauthorized copies would be illegal.

Anonymous Coward says:

Re: Wow, so can I propagate and install my own rootkit now?

“So if I believe that someone may be making unauthorized copies of photographs of my cat, I can install a rootkit on all PCs in Canada?”

Yes but your rootkit is in itself a threat to canadian privacy and may or may not be exploited as botnet. Which gives probable reason to ‘investigate’ every canadian PC with spyware.

I honestly can’t tell if the recursive nature of this law is intended or not… If it is I’ll tip my hat at whatever entity came up with this specific wording. If not intended it’s worthy of a double facepalm. And In any case, I’ll grab some popcorn and watch the resulting cyber war since this effectively turns their country into a international cybarwar shooting range.

Anonymous Coward says:

and given the stupid nature of how the government usually behaves in the UK, it will be one of the first to follow. that would be after the US, that is!

once this road is gone down, what would the next one be designed to do? who would install it and on which machines? who would know it was there? who could distinguish between the ‘official’ one and the non-official’ one? what privacy would people have left?

Anonymous Coward says:

Re: Re:

There is only one clear and obvious solution to this. Declare war on Canada.

Canada would be condoning piracy and spying by making themselves allies with the corporate hackers. This sort of hacking is a form of terrorism deserving only the most stringent response by our military. Drone attacks for the corporate presidents, lawyers and lobbyists who should all become rapidly unpopular with the Canadian parliament.

Jessie (profile) says:

or (ii) involves the contravention of any law of Canada, of a province or municipality of Canada or of a foreign state;

So if this passes, all you would need to do is get some country with a corrupt government, besides the US, to pass a law saying it’s illegal to Rip a legal CD to your computer to listen to on a media player, and if I’m reading this right, that’s all they would need to put the rootkit on someones computer. “He’s got an iphone, maybe he copied some of his CD’s, better stop him.”

That could get out of control so fast it isn’t funny. dictators would be falling all over themselves to sell access to their law making process.

Anonymous Coward says:

I keep waiting for the story to break where someone in on the conspiracy lets the rest of us know that this is really just a plot to cause the younger generation extra work.

“Hahahaha look at all the dumb things we enacted that you have to deal with. Enjoy!”

I’m starting to fear that they really believe their own BS…

Anonymous Coward says:

Re: Re:

It’s a plot to kill modern technology.

The internet is a huge threat to the media industry publishers since it would allow artists to self-publish easily.

The media industry is trying to make use of that technology as difficult and risky as possible so that people will be dissuaded from using it. They truly believe they can accomplish this. And once this happens, they think people will not be interested in buying music and movies online directly from the artists and will go back to the store to buy CDs made by them (the publishers).

Tom (profile) says:

Who, what and why?

The really idiotic part of this is that the way it is written, anyone for any reason can install a rootkit and start collecting unspecified data. Sure, there is the BS about “suspicion”, but that’s a pretty low bar.

The unwritten part is that the only ones permitted to do this legally will be the content monopolies and, of course, the government(s).

Assuming this sees the light of day, I can’t wait for clever citizens to figure out how to intercept, isolate and decrypt the data being collected and start publishing the embarrassing habits of government officials and industry executives.

Anonymous Coward says:

Such a dumb law

“a program that is installed by or on behalf of a person to prevent, detect, investigate, or terminate activities that the person reasonably believes (i) present a risk or threatens the security, privacy, or unauthorized or fraudulent use, of a computer system, “

But if someone installs a spyware program on MY computer, that by definition involves the security, privacy, and unauthorized use of MY system. So I would be automatically able to do the same to them.

“or (ii) involves the contravention of any law of Canada, of a province or municipality of Canada or of a foreign state; “

Seriously? FOREIGN laws? If Iran declares websites on Christianity to be illegal, then anyone can hack any computer in Canada relating to a Christian website? If some third world country declares computers to be illegal, then anyone can hack any computer in Canada?

Anyway, this is a HORRIBLE law. This is akin to allowing anyone to break into my storage locker if they think I have something of theirs, or something illegal. You know what you’re supposed to if you think someone has something of yours, or is breaking the law? You CALL THE POLICE and have THEM investigate. If there’s evidence, they can get a warrant. You don’t take some bolt cutters and rummage through my stuff yourself.

Anonymous Coward says:

Safeguards

And if they’re going to go through with this no matter how horrible it is, how about some safeguards:

A requirement that the police or some authorized agency be notified of each install of the spyware. This is needed to enforce the other safeguards:

A time limit of 30-60 days, after which the program must be uninstalled and the person NOTIFIED that they were subject to this. In extraordinary circumstances a single extension may be applied for. You cannot simply install it and leave it on forever. This notification may discourage frivolous use of the spyware, and is also necessary to enforce the last point:

Strict liability on the installer for all costs involved. Including any damages from third-party hackers that may have used the hole the program opened. And including any costs in uninstalling the spyware, and any costs incurred if the user noticed something wrong and attempted to do something to fix it – for example, by buying more memory, or even a new computer. And including the costs of any loss of processor time, network lag, additional bandwidth costs, additional electricity costs, and additional cooling costs caused by the extra program running. If a business lost a sale because the system was running slow due to spyware running, the spyware installer should be liable.

And hey, while I’m at it, how about this only gets done by police with a warrant? No? Well, I had to try.

Coogan (profile) says:

sure, go ahead

I’ll let you do it on two conditions:

1. You provide the computer. You can install all the rootkits, spyware, etc you want on it. Drop it off at my place, activate it, do whatever you need. After you leave, I’ll put it on my neighbor’s WiFi and stick it in a closet. Then I’ll start using my own legally-bought computer to do whatever the hell I want.

2. As your own proposal says:

a program that is installed by or on behalf of a person to prevent, detect, investigate, or terminate activities that the person reasonably believes (i) present a risk or threatens the security, privacy, or unauthorized or fraudulent use, of a computer system, telecommunications facility, or network, or (ii) involves the contravention of any law of Canada, of a province or municipality of Canada or of a foreign state;

You have to hire a real person to make these decisions. No automated filters, no robots, no software of any kind. A real live person. You can pay them $50,000 a year to watch a live feed of the screen of the computer you provided to me, 24/7/365. After all, piracy never sleeps!

Anonymous Coward says:

They are fools to think this could never backfire on them. All this is going to is give hackers a open door to abuse countless systems.

Hackers don’t even have to worry about making a new virus since it’s safe to assume if it was government sponsor the major av players will be asked to not detect anything made by them.

Now you have free reign over all those computers.
You have a endless amount of time to do what you please since there is no risk of it being detected.
You don’t have to spend big bucks on new exploits.

crade (profile) says:

Re: Re:

Think is, they don’t care about effectiveness or whether or not it backfires. It’s not about the specific laws, they just need more laws under their control in as many countries as they can get.

They are trying to
1) Make laws more IP Maximalist for general corruption purposes
2) Hype the whole piracy is the apocalypse thing they’ve got going on
3) Establish more control over other countries laws.

Once they have established the control and the hype, it’s easier to change things how they want later. They will take this step, they say “oh nos, piracy is so strong it’s not enough” and rachet it up a little worse, and repeat until they can’t figure out how to change the law to get any more of our money without earning it anymore.

Bob Jonkman (profile) says:

Competing rootkits

Of course, removing rootkits is already illegal in Canada. All the rootkit authors need to do is declare that the rootkit is a Technological Protection Measure for their content, and it is automatically protected by the recently enacted copyright legislation (formerly Bill C-11).

There will need to be a central registry of rootkits and citizens whose computers have been rooted. Canada has lots of experience in that field, e.g. the gun registry.

Rootkits will need to be designed carefully to avoid collisions between competing rootkits. We’ll need an industry rootkit consortium, and a rootkit standards body.

If the law allows for only one rootkit on one PC then the government can initiate an auction to determine which “interested party” gets to put their rootkit on which PCs. This could be a revenue generator for the government.

Of course, there will be a new federal department, Rootkits Canada. Think of the civil service employment opportunities!

We can have rootkit lobbyists. Politicians can run on the Rootkit Platform. They can join Rootkit Party of Canada (who will probably be in opposition to the Pirate Party of Canada).

Exciting times ahead…

–Bob.

Anonymous Coward says:

Wait, it's worse than I thought,

The way it is worded, it would be legal to install a program to detect activities that you reasonably believe to present a risk or are illegal. It does not say that you need to reasonably believe that the computer you are installing it on is actually USED for those activities – only that those activities would be harmful or illegal.

So, I’m going to install a rootkit keylogger on every computer in Canada. This will allow me to find people who type the word “murder”. Or “jaywalking”.

dj says:

CCC rootkit

The CCC can’t make laws,but they can lobby for them. Rootkits are 2 way street,if you have one on your HD ,it’s very simple to find the 1st level ,with that info you send back DSD -this will send SDH on a ramp (have ip track V np to watch how this plays out)The tech at the server end will have to pull HD ,or risk a fire. Brings a whole new meaning to Sk 🙂 you may get a call from your isp ,just tell them someone put a RK on your HD an your trying to get it off.

Joe Magly (profile) says:

False Positives?

And how would such a program ever accurately tell someone has or is infringing? As time goes on and people collect more digital data from a dizzying array of sources how could any piece of software determine a “legal” file or resource from an “illegal” one?

I have been ripping MP3s and DVDs for personal streaming since the technologies were available. Further as a computer professional I have tons of software from multiple vendors with all kinds of different licenses (retail, volume, corporate, shared keys, etc).

It seems to me that the first people that would get in trouble with such spyware would not be actual pirates (and the criminality of piracy is HIGHLY questionable as it is) but rather digital pack-rats and professionals that may have more on their system (and a larger variety of esoteric types) than your average home user. I don’t pirate and everything I have and do is acquired legally. I am glad this is only in Canada for now, I really don’t want to worry about a software download potentially sending me through the legal ringer for a 8 year old MP3 I haven’t listened to in ages and ripped myself anyway.

Anonymous Coward says:

funny how whatever excuses they attach to these ‘laws’ they are really always only about protecting the entertainment industries. when are politicians and governments actually going to wise up to what is happening here and stop this practice? who else consistently demands more and more protection without doing anything for themselves except use the bought politicians and law enforcement agencies to shut down, close up and lock up competition? wankers!!

ahow628 (profile) says:

Better idea

Ok, this is a dumb idea that will never work because people will just either avoid buying the content or find a way to uninstall it.

Here is a better idea, just build a rootkit into the BIOS of every computer, smartphone, and tablet. If you don’t have said rootkit, the device won’t boot.

These idiots at the media companies are doing a piss-poor job at being evil.

Silver says:

Sure, they can install spyware on my PC..Oh, that’s right, I OWN my PC. GUess I’ll rent it out then. How does $5000/day sound?

If they want to install software on PC like this, the PC better be free, since it’s not my PC anymore if this infection is on there.

I also have the right to buy a computer from the store, wipe it completely clean, and install what I want on it, as it’s my computer, not theirs.

Anonymous Coward says:

Quote:

a program that is installed by or on behalf of a person to prevent, detect, investigate, or terminate activities that the person reasonably believes (i) present a risk or threatens the security, privacy, or unauthorized or fraudulent use, of a computer system, telecommunications facility, or network, or (ii) involves the contravention of any law of Canada, of a province or municipality of Canada or of a foreign state;

Is not even Christmas and they want to give Aanonymous and all hackers a gift?

Guns for hire prepare, musicians, actors, florists, and corn farmers will be hiring you to install and maintain spyware in the computers of the RIAA, MPAA, IFPI and others because you know they sure have reasonable belief that they are getting the shaft somehow LoL

Anonymous rejoice hacking computer networks could become fair game in Canada, and if they try to backpaddle we all know how to make a stink out of it.

Anonymous Coward says:

“a program that is installed by or on behalf of a person to prevent, detect, investigate, or terminate activities that the person reasonably believes (i) present a risk or threatens the security, privacy, or unauthorized or fraudulent use, of a computer system, telecommunications facility, or network,”

So, let me get this straight. This law would allow me write and install spyware rootkits on the machines of people who write spyware rootkits to install on my computer, because I’m targeting those who present a security risk to my computer? I’m game, bring it on bitches.

btr1701 (profile) says:

One-Way

How much you want to bet that this will only work one way: Big Copy gets to spy on you, but you don’t get to spy on Big Copy. If you get caught hacking into Copy’s servers to install spyware to “ensure they?re not violating the law”, you get sent to the Canadian equivalent of federal ass-rapin’ prison, but they’ll get to hack your computer whenever they feel like it.

lumatrix (profile) says:

Violence is legal when committed by police

No No No You all don’t get it. It does NOT mean YOU or any individual will be able to use this law. It’s only for THEM to use it against you. Here’s the scenario – You are accused of a crime – the police come, they assault you, they kidnap you and they put you in jail. New evidence is found you are cleared and found to be innocent. Does anyone then go and arrest the policemen that assaulted you, kidnapped you and then falsely imprisoned you? No of course not – they were only doing their job – right – right that’s what the concentration camp guard said. The Stones were right ‘all police are criminals’. It’s a requirement of their job – they believe in violence. Similarly the powers that be – the MPAA etc or their lackeys will be the ONLY people installing root kits.

Markham (profile) says:

Computer Fraud and Abuse Act.

In the United States, the concept of amending the Computer Fraud and Abuse Act (an act that has been in the news lately) to allow counter-hacking to protect one’s property has been the subject of debate. In addition, remember that in 2001, the some copyright owners’ organizations drafted an amendment to the CFAA that was proposed to be attached to the USA Patriot Act to allow a copyright owner to hack computers where unauthorized copies of the owner’s works might be found. The proposed amendment would have created an exception to the CFAA to allow hacking by copyright owners (pragmatically, a limitless universe of people)to search and disable the unauthorized use of copyrighted works. It also included a provision that limited the hackers’ liability if unintentional collateral damage was done to a user’s computer in the process.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...