350 likes | 606 Views
Spyware – the ethics of covert software Mathias Klang. Synopsis & Presentation By: Jeremy Dobs. Overview. The Technology of Spyware Legal Issues Spyware Business Model Privacy Theory Market Solutions Legislative Approach Ethics of Spyware Market vs. Legislative Solutions Conclusions.
E N D
Spyware – the ethics of covert softwareMathias Klang Synopsis & Presentation By: Jeremy Dobs
Overview • The Technology of Spyware • Legal Issues • Spyware Business Model • Privacy Theory • Market Solutions • Legislative Approach • Ethics of Spyware • Market vs. Legislative Solutions • Conclusions
The Technology of Spyware • What is Spyware? • Spyware is an agent technology or software which is bundled with another form of software • Collects information and returns that information to the “information gatherer”
The Technology of Spyware • Getting Spyware • Installed with larger software packages. Typically with ‘freeware’ software • Mentioned in the End User License Agreement (EULA) • Most users don’t want the technology; however, it is included without their explicit knowledge
The Technology of Spyware • There are three main attributes that all spyware must have in order to be considered spyware • Installation occurs without the explicit knowledge or consent of the user • The software collects personal data about the user and creates a unique ID for that user • Uses the internet to transmit the data back to the source
The Technology of Spyware • Comet Cursor • Provides new mouse-cursor look and feel • Secretly installs a GUID identifier and tracks online browsing habits • Company is no longer in business
The Technology of Spyware • Kazaa and Altnet • File sharing service • Installs Altnet • Steals CPU resources • Distributed Network
The Technology of Spyware • Gator • An online behavioral marketing company • Gator is a digital wallet • Stores information for later use • Installs OfferCompanion, which launches with the Gator program • Causes pop-up ads to appear onscreen
Legal Issues • Despite legal actions, the position of spyware is unclear • Spyware, from a certain perspective, is totally legal • The right to privacy is fundamental and is protected in international conventions
Legal Issues • Why is spyware ‘legal’? • EULA • Binds the user through liberal contract law • User ‘consents’ to having the software installed • We need to fundamentally re-examine contract law
Legal Issues • Shrinkwrap & Clickwrap • When you buy software, you enter into a contract with the vendor • Contract = You pay for the product • Documents are often included with the software • This is called shrinkwrap • Somewhat binding obligations • During installation, more terms appear • This is called clickwrap • More binding than shrinkwrap
Legal Issues • Contract D’adhesion • A situation “in which one predominant unilateral will dictates its law to an undetermined multitude rather than to an individual” (http://www.harp.org/mariner.htm, 119) • The multitudes have no ability to affect the terms • The only way to stop it: don’t install the software
Legal Issues • Courts have strengthened shrinkwrap and clickwrap licenses • Places users in a weak position • Additionally, users know little legal terms • Cannot defend themselves
Spyware Business Model • Software Manufacturers need money • Users expect and demand free software and services • There is a tendency to share and barter intellectual property • “Barter” = Illegal exchange and piracy
Spyware Business Model • The desire for free software is hurting software companies • Lost revenues • Software companies need a source of income • Turn to marketing companies • Pay a sum to have their software included • This is the source of spyware
Spyware Business Model • So, what do we have… • Users get free software • Software developers get the revenue they need • Marketing companies get the information they need • Therefore, spyware is not bad or evil • Certainly, this is over-simplifying the problem
Privacy Theory • Unhappy users argue from a privacy point of view • However, their position is weak • Need to prove their position exists and, • Need to show that theirs is the worst situation • There is no international consensus here
Privacy Theory • Is there a right to privacy? • Yes? • Then, to what degree? • Should privacy be limited, or expansive?
Privacy Theory • Privacy and Technology • The level of privacy stands in relation to how well it can be invaded • Technology allows for more invasion into personal privacy • Discussions focus on voluntary privacy • Spyware is involuntary in most cases and takes information without telling the user
Privacy Theory • Privacy and Law • The amount of privacy is a function of the laws of the time • This leaves us with contract law • Users left in a weak position
Market Solutions • One attempt to defeat spyware is through market solutions • These include anti-spyware programs • Spysweeper • Ad-aware • Spybot • Some are proprietary, some are free
Market Solutions • Some say this is the ultimate solution • Removes spyware programs permanently • However, there is another issue • Anti-spyware can damage legitimate business interests and harm companies • The question: To what extend are anti-spyware companies liable for their activities?
Market Solutions • Anti-Spyware: The Gatekeeper • Another hurdle software developers must pass • Spyware companies are fighting back • Some companies actually disable anti-spyware programs • This is again legitimized using the EULA
Legislative Approach • People turn to legislators for help • There have already been actions taken • The “Spyware Control and Privacy Protection Act of 2001” is an American response to spyware • Manufacturers must be more open • Limits data transmission
Legislative Approach • However, ‘The Act’ may not go far enough • No regulations on the actions of spyware producers • European response • Classify data into two categories • Sensitive: Cannot be collected • Non-sensitive: Fair game • What is sensitive data?
Legislative Approach • Problems with legislation • Concepts like spyware, user consent are vague • Must obtain a balance of needs and wants amongst all parties • Limited to the nations and locales where the laws are passed
Ethics of Spyware • Two different views • Friedman’s: Corporations have a duty to maximize profits and return gain to the shareholders • Kantian View: View people as ends unto themselves and not use them merely as means • Using this principle, we conclude that spyware is unethical
Ethics of Spyware • Spyware: A Necessary Evil? • Free software creates more utility than the evil generated • Reinforced by the fact that there exists software that can remove this problem • Growing number of anti-spyware programs and user discontent suggests most users believe spwyare is wrong
Market vs. Legislative Solutions • What is the right way to go? • Use of anti-spyware software is a market solution • User needs to be aware of the problem, solution • Needs access to the tools to remove the spyware • However, most internet users are unaware of the problem
Market vs. Legislative Solutions • What is the right way to go? • Regulation = Legislation • Problems • Takes time and a lot of effort • Not enough public debate on the issue • In the end, the problem resides with the user, so the user is left to the challenges of dealing with it
Conclusion • Privacy is the price we pay for our infrastructure • The issue here is that many don’t even realize the price they are paying • Not able to willingly enter into an agreement
Conclusion • Alternatives to Spyware • Don’t use the software that it comes with • Requires knowledge of the problem, however • May hurt the economics of free software • Eliminate the problem with market solutions • Again, requires knowledge of the problem
Conclusion • Alternatives to Spyware • Legislative regulation • Difficult to enforce local laws when dealing with a global problem • There needs to be more public debate among the concerned individuals • Without public debate, we will never achieve a balance between technology and the needs of society