Before I dive right into the meat of my article, I will explain my hiatus. I live in Oklahoma, and recently legislation has been introduced into the Oklahoma house of represenatives that was co-authored by a big information technology company. I’ve been watching it’s development very intently and have been taking appropriate action, attempting to curb the bill from becoming law. Allow me now to explain why I think this is important.
The current anti-spy/malware bill introduced last week on the surface looks like a positive start in combating the perils of using computers. After all, how many of us really enjoy software hi-jacking our computing experience or enjoy our every moment being monitored by a company hundreds even thousand miles away?
However, the euphoric mood changes the minute you examine the purposed bill closely. If passed the bill enables ANY software developer open access to your computer system to examine for anything they deem to be illegal. In theory, if you agree to a software package’s EULA (End User Agreement) you are agreeing to random spot checks by the software developer to examine for things like illegally obtained and installed pirated copies of their software but their reach expands much further.
Imagine coming home and you obtain a letter from the State Attorney General explaining that pending charges are being filed against you because it was discovered by a 3rd party software company that you have Planet Poker software installed on your computer? Remember in the court of law, probable cause is all that is needed to seek an indictment. Regardless of the fact that you may or may not be gambling, the burden of proof is that you are using an application in conjunction with performing gambling activity and in Oklahoma where the practice is illegal anywhere except indian reservation, lawyers will just be chomping at the bit to make an example out of you.
Here is another startling scenario. With the recent trend of the music industry filing a large number of lawsuits against music piracy, this new legislation would make it a much easier process for companies to report back directly to the music industry if they feel the music that is on your computer could be misconstrude as ‘pirated’. Remember, when a typical user uses riping software to rip songs from a CD to put the songs on their computer’s hard drive it typically lacks any type of Digital Rights Management or DRM. It’s the DRM in the songs that give the music industry and it’s 3rd party interests the impression that the music you have installed is legit. Without that DRM, suspecion arises on the litimacy of the music on the computer thus launching a much costly and intrusive investigation for all parties involved.
What about about going to an adult web site?, many americans enjoy the ease and convience of enjoying viewing adult material on the web. Let’s just say for instance you go to a legitmate website that uses models over the age of 18, but you obtain popup advertisements for websites that push models who may or may not look 18 years old or older. Upon finding this, the software company gets in contact with the state attorney general with a complaint of suspected child pornography.
With these scenarios it becomes vastly apparent, that this bill has the potential to cause more problems then it attempts to fix. While it’s important that legislation needs to be constructed and passed to add some sort of accountabilty to those software developers who construct spyware and malware for commercial and sometimes destructive purposes, it’s important that we construct bills to go after those responsible instead of making criminals out of the average American.
Bill Matherly is a computer security consultant located in Oklahoma City. If you have questions or comments about this or any article he has written please contact him via email at firstname.lastname@example.org. The views and opinions expressed in this article may not be the views and opinions of those contributing to The Security Catalyst .