Spyware – the ethics of covert software
Mathias Klang
Synopsis & Presentation By: Jeremy Dobs
Overview
The Technology of Spyware Legal Issues Spyware Business Model Privacy Theory Market Solutions Legislative Approach Ethics of Spyware Market vs. Legislative Solutions Conclusions
The Technology of Spyware
What is Spyware? Spyware is an agent technology or
software which is bundled with another form of software
Collects information and returns that information to the “information gatherer”
The Technology of Spyware
Getting Spyware Installed with larger software packages.
Typically with ‘freeware’ software Mentioned in the End User License
Agreement (EULA) Most users don’t want the
technology; however, it is included without their explicit knowledge
The Technology of Spyware
There are three main attributes that all spyware must have in order to be considered spyware Installation occurs without the explicit
knowledge or consent of the user The software collects personal data
about the user and creates a unique ID for that user
Uses the internet to transmit the data back to the source
The Technology of Spyware
Comet Cursor
Provides new mouse-cursor look and feel Secretly installs a GUID identifier and
tracks online browsing habits Company is no longer in business
The Technology of Spyware
Kazaa and Altnet File sharing service Installs Altnet Steals CPU resources Distributed Network
The Technology of Spyware
Gator
An online behavioral marketing company Gator is a digital wallet
Stores information for later use Installs OfferCompanion, which launches with
the Gator program Causes pop-up ads to appear onscreen
Legal Issues
Despite legal actions, the position of spyware is unclear Spyware, from a certain perspective, is
totally legal The right to privacy is fundamental and
is protected in international conventions
Legal Issues
Why is spyware ‘legal’? EULA
Binds the user through liberal contract law User ‘consents’ to having the software
installed
We need to fundamentally re-examine contract law
Legal Issues
Shrinkwrap & Clickwrap When you buy software, you enter into a
contract with the vendor Contract = You pay for the product
Documents are often included with the software
This is called shrinkwrap Somewhat binding obligations
During installation, more terms appear This is called clickwrap More binding than shrinkwrap
Legal Issues
Contract D’adhesion A situation “in which one predominant
unilateral will dictates its law to an undetermined multitude rather than to an individual” (http://www.harp.org/mariner.htm, 119)
The multitudes have no ability to affect the terms
The only way to stop it: don’t install the software
Legal Issues
Courts have strengthened shrinkwrap and clickwrap licenses Places users in a weak position
Additionally, users know little legal terms Cannot defend themselves
Spyware Business Model
Software Manufacturers need money
Users expect and demand free software and services There is a tendency to share and barter
intellectual property “Barter” = Illegal exchange and piracy
Spyware Business Model
The desire for free software is hurting software companies Lost revenues
Software companies need a source of income Turn to marketing companies Pay a sum to have their software
included This is the source of spyware
Spyware Business Model
So, what do we have… Users get free software Software developers get the revenue they
need Marketing companies get the information they
need Therefore, spyware is not bad or evil Certainly, this is over-simplifying the
problem
Privacy Theory
Unhappy users argue from a privacy point of view However, their position is weak
Need to prove their position exists and, Need to show that theirs is the worst
situation There is no international consensus
here
Privacy Theory
Is there a right to privacy? Yes?
Then, to what degree? Should privacy be limited, or expansive?
Privacy Theory
Privacy and Technology The level of privacy stands in relation to
how well it can be invaded Technology allows for more invasion
into personal privacy Discussions focus on voluntary
privacy Spyware is involuntary in most cases
and takes information without telling the user
Privacy Theory
Privacy and Law The amount of privacy is a function of
the laws of the time This leaves us with contract law
Users left in a weak position
Market Solutions
One attempt to defeat spyware is through market solutions
These include anti-spyware programs Spysweeper Ad-aware Spybot
Some are proprietary, some are free
Market Solutions
Some say this is the ultimate solution Removes spyware programs permanently
However, there is another issue Anti-spyware can damage legitimate business
interests and harm companies The question: To what extend are anti-
spyware companies liable for their activities?
Market Solutions
Anti-Spyware: The Gatekeeper Another hurdle software developers
must pass Spyware companies are fighting
back Some companies actually disable anti-
spyware programs This is again legitimized using the EULA
Legislative Approach
People turn to legislators for help There have already been actions
taken The “Spyware Control and Privacy
Protection Act of 2001” is an American response to spyware Manufacturers must be more open Limits data transmission
Legislative Approach
However, ‘The Act’ may not go far enough No regulations on the actions of
spyware producers European response
Classify data into two categories Sensitive: Cannot be collected Non-sensitive: Fair game
What is sensitive data?
Legislative Approach
Problems with legislation Concepts like spyware, user consent
are vague Must obtain a balance of needs and
wants amongst all parties Limited to the nations and locales
where the laws are passed
Ethics of Spyware
Two different views Friedman’s: Corporations have a duty
to maximize profits and return gain to the shareholders
Kantian View: View people as ends unto themselves and not use them merely as means
Using this principle, we conclude that spyware is unethical
Ethics of Spyware
Spyware: A Necessary Evil? Free software creates more utility than
the evil generated Reinforced by the fact that there exists
software that can remove this problem Growing number of anti-spyware
programs and user discontent suggests most users believe spwyare is wrong
Market vs. Legislative Solutions
What is the right way to go? Use of anti-spyware software is a
market solution User needs to be aware of the problem,
solution Needs access to the tools to remove the
spyware However, most internet users are
unaware of the problem
Market vs. Legislative Solutions
What is the right way to go? Regulation = Legislation
Problems Takes time and a lot of effort Not enough public debate on the issue
In the end, the problem resides with the user, so the user is left to the challenges of dealing with it
Conclusion
Privacy is the price we pay for our infrastructure The issue here is that many don’t even
realize the price they are paying Not able to willingly enter into an
agreement
Conclusion
Alternatives to Spyware Don’t use the software that it comes
with Requires knowledge of the problem,
however May hurt the economics of free software
Eliminate the problem with market solutions
Again, requires knowledge of the problem
Conclusion
Alternatives to Spyware Legislative regulation
Difficult to enforce local laws when dealing with a global problem
There needs to be more public debate among the concerned individuals Without public debate, we will never
achieve a balance between technology and the needs of society
Questions?