Text: Small Text Normal Text Large Text Larger Text
  • Blog
  • Sony Rootkit Redux: Canadian Business Groups Lobby For Right To Install Spyware on Your Computer

Bill C-32 (Copyright Reform)

ACTA - Latest News

ACTA - Latest News

Blog Archive

PrevPrevFebruary 2013NextNext
SMTWTFS
     12
3456789
10111213141516
17181920212223
2425262728

Sony Rootkit Redux: Canadian Business Groups Lobby For Right To Install Spyware on Your Computer

 PDF  | Print |  E-mail
Wednesday February 06, 2013
The deadline for comments on Industry Canada's draft anti-spam regulations passed earlier this week with a group of 13 industry associations - including the Canadian Chamber of Commerce, the Canadian Marketing Association, the Canadian Wireless Telecommunications Association and the Entertainment Software Association of Canada - submitting a lengthy document  that, if adopted, would gut much of the law. The groups adopt radical interpretations of the law to argue for massive new loopholes or for the indefinite delay of several provisions. I will focus on some of the submissions shortly, but this post focuses on the return of an issue that was seemingly killed years ago: demands to permit surreptitious surveillance by the copyright owners and other groups for private enforcement purposes.

During the anti-spam law debates in 2009, copyright lobby groups promoted amendments that would have allowed for expansive surveillance of user computers. Coming on the heels of the Sony rootkit scandal, the government ultimately rejected those proposals (the Liberals had plans to propose such amendments but backed down), leaving in place an important provision that requires express consent prior to the installation of computer software. The provision states:

8. (1) A person must not, in the course of a commercial activity, install or cause to be installed a computer program on any other person's computer system or, having so installed or caused to be installed a computer program, cause an electronic message to be sent from that computer system, unless
(a) the person has obtained the express consent of the owner or an authorized user of the computer system and complies with subsection 11(5); or
(b) the person is acting in accordance with a court order.

The law adds several wrinkles to this general requirement, including the need for clear and prominent descriptions of the functionality of the software in certain circumstances (including the collection of personal information, changing user settings, or interfering with user control over their computer) and exemptions for programs such as cookies, HTML code, and javascripts.

The industry groups are now demanding that the government overhaul these requirements. Its preferred approach is to simply kill the provision altogether by referring it to a "Review Body", which it says could be a task force or another public consultation, before taking effect. In other words, despite considerable debate and approval on this specific provision by Members of Parliament from all parties, these industry groups still want it placed in legislative limbo. 

Alternatively, the groups want at least ten kinds of computer programs excluded from the express consent requirement. The very first should set off alarm bells for all Canadians:

a program that is installed by or on behalf of a person to prevent, detect, investigate, or terminate activities that the person reasonably believes (i) present a risk or threatens the security, privacy, or unauthorized or fraudulent use, of a computer system, telecommunications facility, or network, or (ii) involves the contravention of any law of Canada, of a province or municipality of Canada or of a foreign state;

This provision would effectively legalize spyware in Canada on behalf of these industry groups. The potential scope of coverage is breathtaking: a software program secretly installed by an entertainment software company designed to detect or investigate alleged copyright infringement would be covered by this exception. This exception could potentially cover programs designed to block access to certain websites (preventing the contravention of a law as would have been the case with SOPA), attempts to access wireless networks without authorization, or even keylogger programs tracking unsuspecting users (detection and investigation). Ensuring compliance with the law is important, but envisioning private enforcement through spyware without the involvement of courts, lawful authorities, and due process should be a non-starter.

The Canadian Chamber of Commerce and other business groups want to ensure that the anti-spam law does not block their ability to secretly install spyware on personal computers for a wide range of purposes. In doing so, these groups are proposing to turn the law upside down by shifting from protecting consumers to protecting businesses. The comment period on the draft regulations may have closed, but it is not too late to tell Industry Minister Christian Paradis or your local Member of Parliament to reject demands that would gut the anti-spam bill and legalize spyware for private enforcement purposes.
Comments (6)add comment
feedSubscribe to this comment's feed

Devil's Advocate said:

That continuing sense of entitlement
Big Business is a psychopathic force that doesn't care how many boundaries of common sense, privacy, decency, freedom, or property it has to cross in order to continue its mission.

This particular "mission", by any definition, is to be able to SPREAD MALWARE. That is clearly psychopathic.

This tremendous sense of entitlement we keep seeing from the business world needs to be corrected, and soon!

Even if they get their way on this, various entities on the "user side" will likely decide to start getting even with them. Big business should be asking itself how it could even begin to deal with that kind of threat.
February 06, 2013

Leathersoup said:

Legal issues?
So what are the legal ramifications surrounding what would happen if they get their root kit on a computer that is used to create content for sale? Wouldn't that be considered corporate espionage?
February 06, 2013

Ashley Zacharias said:

I like it!
Do these idiots think that sword cuts in only one direction? I self-publish stories and earn a couple of thousand dollars in annual revenue. That means that I own the copyright on content with small but measurable commercial value. Soon I'll be able to hire a Russian teenager to write a virus for me so that I can sneak into corporate computers and examine everything on their disk drives. And when the RCMP comes knocking on my door: "I'm a law-abiding citizen. I'm just making sure that nobody in those companies has an illegal copy of one of my stories. I have a right to protect my intellectual property."
February 06, 2013

Kerry Brown said:

...
I urge people to ask there local chamber if they know of this and if they support it. Maybe it will start a bottom up grassroots movement to stop the Canadian Chamber of Commerce from supporting this.
February 06, 2013

To Ashley said:

I doubt it would fly
The invisible double standard always applies vis a via individuals and corps. A corp can do but a person cannot. Forget corporate personhood. Corporate godhood is more appropriate.
February 06, 2013

Michel Matton said:

take that Corporate Canada
Well said Ashley! You've got them thinking now. I would do the same just to make sure that none of my photographic images aren't being used as wallpaper on those corporate desktops. :)
February 06, 2013

Write comment
smaller | bigger

busy
Tags:, , , Share: Slashdot, Digg, Del.icio.us, Newsfeeder, Reddit, StumbleUpon, TwitterEmailPrintPDFWednesday February 06, 2013
Related Items: