News

The Canadian Link to Copyright Enforcement Spyware Tools

The Internet is buzzing over a new report  from the Commission on the Theft of American Intellectual Property that recommends using spyware and ransom-ware to combat online infringement.  The recommendations are shocking as they represent next-generation digital locks that could lock down computers and even “retrieve” files from personal computers:

Software can be written that will allow only authorized users to open files containing valuable information. If an unauthorized person accesses the information, a range of actions might then occur. For example, the file could be rendered inaccessible and the unauthorized user’s computer could be locked down, with instructions on how to contact law enforcement to get the password needed to unlock the account.

While many of the recommendations sound outrageous (see further details here and here), it is worth noting that earlier this year Canadian business groups led by the Canadian Chamber of Commerce recommended that the Canadian government introduce a regulation that would permit the use of spyware for these kinds of purposes.

The proposed regulation would remove the need for express consent for:

a program that is installed by or on behalf of a person to prevent, detect, investigate, or terminate activities that the person reasonably believes (i) present a risk or threatens the security, privacy, or unauthorized or fraudulent use, of a computer system, telecommunications facility, or network, or (ii) involves the contravention of any law of Canada, of a province or municipality of Canada or of a foreign state;

As I noted at the time, this provision would effectively legalize spyware in Canada on behalf of these industry groups. The potential scope of coverage is breathtaking: a software program secretly installed by an entertainment software company designed to detect or investigate alleged copyright infringement would be covered by this exception. This exception could potentially cover programs designed to block access to certain websites (preventing the contravention of a law as would have been the case with SOPA), attempts to access wireless networks without authorization, or even keylogger programs tracking unsuspecting users (detection and investigation).

24 Comments

  1. Junji Hiroma says:

    This won’t fly
    “a program that is installed by or on behalf of a person to prevent, detect, investigate, or terminate activities that the person reasonably believes (i) present a risk or threatens the security, privacy, or unauthorized or fraudulent use, of a computer system, telecommunications facility, or network, or (ii) involves the contravention of any law of Canada, of a province or municipality of Canada or of a foreign state.”

    But it still violates Section 8 of the Charter: “Everyone has the right to be secure against unreasonable search or seizure.”
    “Any property found or seized by means of a violation of section 8 can be excluded as evidence in a trial under section 24(2).”

    So in reality the spyware will be used to search your hdd,seize your files and yourself for doing piracy.I don’t think that’s invasion of privacy and my rights & freedoms then i don’t know what is….

  2. Junji Hiroma says:

    *If i (sorry,did a typo)

  3. Sure, that’ll work …
    First of all … the people behind this really do not have much of an understanding of how computers (or people) actually work, or how difficult if not impossible, this would be to implement. What we have here are a bunch of media execs with clueless pipe dreams.

    This has been tried before, the now infamous Sony Root-kit episode should have acted as a cautionary fable. If Microsoft cannot secure the Windows operating system from exploits cropping up all the time, how can we expect **AA coded spyware to be secure. And if it is not secure, the liability of causing harm to peoples systems or data would be enormous.

    Lastly, if you thought suing people for a few songs got you bad press just imagine if people’s computers start locking up, or data is stolen. This whole idea is such a non starter I wonder if is legit or just another ‘scare’ tactic.

    It is obvious to me at least, that innovation, value and service are the best tools to combat copyright infringement. As good as bashing people with a stick might feel, it will just drive customers away from your products & services while breeding resentment over loyalty.

  4. Wow, this is just so damn broad.
    It seems to me that this gives anyone (not just those with law enforment) the right to install an app that will turn your video camera and microphone into surveillance tools for just about any excuse that can be thought up.

  5. What about if it was confined to child pornography? Still unnacceptable?

  6. And if part of the pushback on this is invasion of privacy and “innocent until proved guilty”, why do universities run student assignment through anti-plagiarism software?

  7. Crockett says:

    Meet me in Manhattan …
    Bob, regardless if you think the purpose is valid … its the technical challenges, or rather impossibility of being able to implement such a scheme in a fair & safe manner. The possibilities for abuse and unintended consequences are just too high. Never mind the social blow-back that would flatten any company who tried this.

    Such widespread software, that would necessarily need to have access to the core OS to lock it down, would instantly be target #1 for hackers & criminals. Bob would you honestly be fine having such software installed on your computer with your financial records, email, photo etc?

    If so I have a bridge for sale.

  8. Chris Braid says:

    Unbelievable
    Basically the Chamber of Commerce is setting forth its aspirations to become a criminal organization.

  9. Offline
    The second I find *ANY* company/government agency had installed any piece of software on my computer without my permission, I pull the plug and totally go off line. The internet then becomes a permanent ban in my house.

  10. Fast way to cause problems
    Effectively, it legalizes shutting down hospital, nuclear reactor, business and safety critical systems to combat music and video piracy.

    These systems run the same Windows 2000/XP/7 operating systems as regular PCs, and then once malware is loose on the network – it is game over. Hard safeties generally stop dangerous things from happening. However, in a hospital, it is easy to stop life-saving procedures from happening too.

    And just because a user is doing something stupid and unauthorized, doesn’t mean the computer is not connected to something big, important and critical. With modern malware, the downloader may not even be in-front of the compromised computer. It is really easy to compromise computers that run old versions of Windows, because the multi-million dollar piece of medical, business, or nuclear equipment isn’t brand new.

  11. @Bob “What about if it was confined to child pornography? Still unnacceptable?”

    That’s a good question, run it by Vic Towes and his babysitter. The “but think of the children” card should not be flippantly played lest it lead to cry wolf syndrome, and that truly would be a crime.


  12. @Bob “What about if it was confined to child pornography? Still unnacceptable?”

    Ok…

    1) Why is it that pro-copyright folks love to talk about child pornography so much? I mean, it’s like the #1 reason for you guys use to pass stupid legislation that doesn’t even help with the issue at hand (see the UK),

    2) So you think that these overly draconian, flawed laws are an effective response to child pornography? These laws have the obvious potential to be abused and effect several unrelated people. Not to mention the fact they are essentially calling for *legal breaches into people’s private property*, even without a warrant. And of course, this will only succeed it pushing those involved in child pornography further underground and use more extreme methods. Congrats, you have solved nothing and made things worse.

    “And if part of the pushback on this is invasion of privacy and “innocent until proved guilty”, why do universities run student assignment through anti-plagiarism software?”

    Well, maybe because the student is sending what is essentially a public copy to them willingly and knowingly? It’s not like the university is actively unlawfully accessing student computers and scanning for plagiarized material. So basically, your logic is that since some people donate blood and it is screened for potential problems, then it’s OK for hospital employees to break into your home and test your blood without your permission.

  13. RE: Bob
    Really Bob, I can’t get over how stupid your analogies are. By any chance are you related to Bobmail on Torrenfreak? Because your level of nonsense is strikingly similar.

  14. Re: Bob
    What Bob proposes is the equivalent of burning down an entire cornfield just to kill a single white grub. You don’t cure the disease by killing the patient. In other words yes, it would still be unacceptable for obvious reasons. Saying spyware is unacceptable does not mean I support child pornography in any way though, which is the obvious fallacy you were trying to set up as usual.

    So here is a counter question for you, Bob. If spyware and viruses were to remain outlawed, would that prevent the police from ever finding those guilty of creating/owning child pornography? The answer seems pretty obvious to me. There is no substitute for good old fashioned police work by well trained, highly experienced individuals authorized to do so. Plus they’ve always had the option of putting “spyware” on a suspects PC so long as a judge first gave them permission to do so, aka wiretapping. It’s all part of a system of checks and balances designed to make sure the charter of rights is upheld and that this incredible power to thoroughly invade privacy isn’t abused, as it most assuredly would be if corporations were allowed to have their way.

    As to your second post, the answer is obvious there as well. You actually gave the answer yourself; innocent until *proven* guilty. Since no invasion of privacy is involved in that instance, I fail to see what point your making. You second post is a red herring and not worth pursuing as the only thing it can do is take the discussion off topic, which no doubt was the point given your history.

  15. pat donovan says:

    yer way late bob
    pick up a copy of prirates of the carribean. dvd, run it thru a linx mavchine.

    it deletes the a few files for you.

    and that’s more than a decade old.

    i agree that the orgs are lining up to become criminal organizations. The corps beat them to it by decades, thou.

    The gov’r is desperately trying to put a shhen of legitimacy on it.

    pat donovan

  16. XOR EAX,EAX says:

    This is awesome!
    “a program that is installed by or on behalf of a person to prevent, detect, investigate, or terminate activities that the person reasonably believes (i) present a risk or threatens the security, privacy, or unauthorized or fraudulent use, of a computer system, telecommunications facility, or network, or (ii) involves the contravention of any law of Canada, of a province or municipality of Canada or of a foreign state; ”

    I really hope hackers read this as “anybody you reasonably believe presents a risk of ‘unauthorized use’ of a computer system is can be legally rootkitted – by anybody.” ‘Unauthorized use’ is such a broad term that it can even encompass typing a URL manually into your browser to visit a webpage – just look at Weev. Provided a fake name? Address? Or other personal details on some website violating their terms of service? Oops! Unauthorized access! Reasonable suspicion of contravention of any law in Canada… hrmm… Time to rootkit campaign expenditure law violating politicians, crack smoking mayors. etc. This has the potential for pure awesome :) Time to brush up on your OpSec kids.

  17. The CFAA?
    How would this interact with the US CFAA? It certainly seems to be “accessing” and “exceeding authorization”.

  18. US CFAA?
    How would this law interact with the CFAA? As “access” and “exceeding authorization”, it certainly seems to count as a violation.

  19. Essentially leagizes all malware
    This would essentially legalize all malware.

    The problem is how you go about defining who is a “legal” distributor of malware and who isn’t. Once you attempt to put that definition into place, there will be many organizations that find a way to minimally meet that definition.
    Heck, I might even join that crowd. If the game changes to allow “blackhats” to legally operate as a “whitehat”, what is the point in being a “whitehat”?

    If the “legalization” is dependent on defined code behaviour (don’t capture CC info or bank account login data or deleting data on invalid conditions or other nefarious operations), then we will have millions of people attempting to “coerce” the legal stuff into misbehaving. And they will succeed. Since the only valid punishment for such behaviour is jail time, I would expect to see the complete Board of Directors of certain organizations doing jail time in short order. If you are an artist whose work is being “protected” by such measures, you would also qualify for jail time.

    In effect this proposal is a legal definition of a “Licence to Kill” on any basis. If someone else has that licence, I want mine too. As will every “hat” out there. At the very least, I can create conditions where that “licence” will be revoked with consequent jail time.

    Sure, bring it on.

    On the other hand, if this is simply an example of an “extreme” position taken during initial negotiations, it is way too far out to be taken seriously.

  20. As someone in the reddit thread mentioned, this is likely a report meant to be so extreme and so out there, that whatever terrible privacy revoking bill they come with next will look reasonable in comparison.

    We will need to stay vigilant, without question.

  21. The Doghouse says:


    Duh! The point is: COPYRIGHT IS UNREASONABLE. It’s always been so- at first to maintain publisher’s high prices, and then, to maintain control over a population. Look at the “feature creep”: first it attacked _publishers_, then it covered _remixers_ and _expanders_, and now, it’s attacking _joe public_. Goddamn, people! 14 years is enough time- and there is no need to make derivative works illegal. We’ve been remixing stories since the dawn of time, retelling. It’s what we do. Don’t punish us for what we’re born to do.

    “From ancient days, our ancestors told stories of ordinary men and super humans overcoming common and extraordinary difficulties, adding, embellishing, and extending as each time it got passed down. Soar the Fisherman became Thor, the god of Lightning. Today, we do the same. But things have changed; no longer is it acceptable to turn Thor in Soar (or Superman into a janitor). What is the cause? A horror lurking in the shadows. It’s name? Copy….right.”

    In fact, I think we should push for an “eternal” implementation of our man Eric Flint’s proposal: cover the original work and commercial transformative or derivative uses, let it last for forty years or life, whatever comes later. This might be tweaked as lifetimes get extended-

    - or ignored altogether. To quote my alter Torrentfreak ego:

    –[[

    Wot, ye say? I can't sail me ship on me high seas? I can't make no honest living this way no more? Wot ye mean, I'm not allowed to tax merchants? Arrrgh!

    Copyright _infringement_ is illegal in a ton of places. It (copyright) was originally designed to protect publishers from rivals copying and running off huge runs of stuff and undercutting the price. It wasn't designed to go after people drawing comics for their kids. It wasn't designed to go after families singing around campfires. But it does- we call that Piracy.

    Is lending a friend a copy of a disc you own illegal? Yes. Is it smart? Yes- who wants something YOU paid for scratched? Is downloading a copy of something you "bought" illegal? Yes. Is it smart? Yes.

    Copying files is our civic duty in a society built on mutual assistance. Sharing is caring. Should society help those who contribute? Yes. Should those who contribute decide what they get paid? Not always- the value to society doesn't always equal what somebody believes they deserve.

    But. There is a way to make artists happy-

    TAXES. Yes, an internet tax, of which the money would be divided among artists according to how much one is bit-torrented on the national tracker. Thirty bucks a month per connection, and everybody wins.

    According to the CIA, 79.2% of Canadians use the 'net. Even if only one in five users actually had a subscription- that's still 5,392,000 subscribers. At thirty bucks, that's $161,760,000 a month. A pretty darn big pot. $1,941,120,000/year.

    Holy cow, that's more than the current earnings of Canadian artists (excluding game studios, which get smaller salaries, cuz they're owned by big American corporations)!

    Come on, people! Would you be willing to pay slightly higher taxes if it meant 1) personal use was legal and 2) more artists could be supported? I would!

    ]]–

  22. dillyhammer says:

    Control
    Governments are conspiring with certain key industry groups to control the flow of data, information, and communication. As the uprisings continue around the planet, the systems we refer to as democracy, capitalism, and freedom are collapsing under the weight of the chronic systemic corruption. This isn’t about copyright. That’s just the smoke.

  23. Software sales, or setup for next step
    Installing and/or running software on my computer is not possible unless you are me. This is true for many machines where only the owner has control of file permissions. Either the proponents of this bill are unfamiliar with computers, or they only know about Microsoft Windows, where what they talk about is entirely possible. I wouldn’t think that they are quite so ignorant however, since everyone has access to the internet these days and operating system fundamentals are open to everyone to read about – even politicians. I rather feel that where they are heading is to make it so that everyone has to buy a Microsoft Windows license. Is MS sweetening the pot for them or whispering in their ear? Quite likely. The only other possibility is that they are not serious at all and, as someone above suggested, are setting us up for something else which is a little bit less outrageous and thus will be acceptable to the majority by comparison.

  24. how about privacy
    sadly politicians runnig the country aren’t aware how dangerous these tools could be let say a spyware program is runnig on a computer and it tracks information on websites visited and user habits nothing garantee that those information would not be given or sold to 3rd parties. we all knows that internet is not safe and everything you do on internet could be tracked (hello cookies) but giving up privacy laws and legalising hacking even to investigate is very dangerous