Spyware – the ethics of covert software Mathias Klang

1. Spyware – the ethics of covert softwareMathias Klang Synopsis & Presentation By: Jeremy Dobs

2. Overview • The Technology of Spyware • Legal Issues • Spyware Business Model • Privacy Theory • Market Solutions • Legislative Approach • Ethics of Spyware • Market vs. Legislative Solutions • Conclusions

3. The Technology of Spyware • What is Spyware? • Spyware is an agent technology or software which is bundled with another form of software • Collects information and returns that information to the “information gatherer”

4. The Technology of Spyware • Getting Spyware • Installed with larger software packages. Typically with ‘freeware’ software • Mentioned in the End User License Agreement (EULA) • Most users don’t want the technology; however, it is included without their explicit knowledge

5. The Technology of Spyware • There are three main attributes that all spyware must have in order to be considered spyware • Installation occurs without the explicit knowledge or consent of the user • The software collects personal data about the user and creates a unique ID for that user • Uses the internet to transmit the data back to the source

6. The Technology of Spyware • Comet Cursor • Provides new mouse-cursor look and feel • Secretly installs a GUID identifier and tracks online browsing habits • Company is no longer in business

7. The Technology of Spyware • Kazaa and Altnet • File sharing service • Installs Altnet • Steals CPU resources • Distributed Network

8. The Technology of Spyware • Gator • An online behavioral marketing company • Gator is a digital wallet • Stores information for later use • Installs OfferCompanion, which launches with the Gator program • Causes pop-up ads to appear onscreen

9. Legal Issues • Despite legal actions, the position of spyware is unclear • Spyware, from a certain perspective, is totally legal • The right to privacy is fundamental and is protected in international conventions

10. Legal Issues • Why is spyware ‘legal’? • EULA • Binds the user through liberal contract law • User ‘consents’ to having the software installed • We need to fundamentally re-examine contract law

11. Legal Issues • Shrinkwrap & Clickwrap • When you buy software, you enter into a contract with the vendor • Contract = You pay for the product • Documents are often included with the software • This is called shrinkwrap • Somewhat binding obligations • During installation, more terms appear • This is called clickwrap • More binding than shrinkwrap

12. Legal Issues • Contract D’adhesion • A situation “in which one predominant unilateral will dictates its law to an undetermined multitude rather than to an individual” (http://www.harp.org/mariner.htm, 119) • The multitudes have no ability to affect the terms • The only way to stop it: don’t install the software

13. Legal Issues • Courts have strengthened shrinkwrap and clickwrap licenses • Places users in a weak position • Additionally, users know little legal terms • Cannot defend themselves

14. Spyware Business Model • Software Manufacturers need money • Users expect and demand free software and services • There is a tendency to share and barter intellectual property • “Barter” = Illegal exchange and piracy

15. Spyware Business Model • The desire for free software is hurting software companies • Lost revenues • Software companies need a source of income • Turn to marketing companies • Pay a sum to have their software included • This is the source of spyware

16. Spyware Business Model • So, what do we have… • Users get free software • Software developers get the revenue they need • Marketing companies get the information they need • Therefore, spyware is not bad or evil • Certainly, this is over-simplifying the problem

17. Privacy Theory • Unhappy users argue from a privacy point of view • However, their position is weak • Need to prove their position exists and, • Need to show that theirs is the worst situation • There is no international consensus here

18. Privacy Theory • Is there a right to privacy? • Yes? • Then, to what degree? • Should privacy be limited, or expansive?

19. Privacy Theory • Privacy and Technology • The level of privacy stands in relation to how well it can be invaded • Technology allows for more invasion into personal privacy • Discussions focus on voluntary privacy • Spyware is involuntary in most cases and takes information without telling the user

20. Privacy Theory • Privacy and Law • The amount of privacy is a function of the laws of the time • This leaves us with contract law • Users left in a weak position

21. Market Solutions • One attempt to defeat spyware is through market solutions • These include anti-spyware programs • Spysweeper • Ad-aware • Spybot • Some are proprietary, some are free

22. Market Solutions • Some say this is the ultimate solution • Removes spyware programs permanently • However, there is another issue • Anti-spyware can damage legitimate business interests and harm companies • The question: To what extend are anti-spyware companies liable for their activities?

23. Market Solutions • Anti-Spyware: The Gatekeeper • Another hurdle software developers must pass • Spyware companies are fighting back • Some companies actually disable anti-spyware programs • This is again legitimized using the EULA

24. Legislative Approach • People turn to legislators for help • There have already been actions taken • The “Spyware Control and Privacy Protection Act of 2001” is an American response to spyware • Manufacturers must be more open • Limits data transmission

25. Legislative Approach • However, ‘The Act’ may not go far enough • No regulations on the actions of spyware producers • European response • Classify data into two categories • Sensitive: Cannot be collected • Non-sensitive: Fair game • What is sensitive data?

26. Legislative Approach • Problems with legislation • Concepts like spyware, user consent are vague • Must obtain a balance of needs and wants amongst all parties • Limited to the nations and locales where the laws are passed

27. Ethics of Spyware • Two different views • Friedman’s: Corporations have a duty to maximize profits and return gain to the shareholders • Kantian View: View people as ends unto themselves and not use them merely as means • Using this principle, we conclude that spyware is unethical

28. Ethics of Spyware • Spyware: A Necessary Evil? • Free software creates more utility than the evil generated • Reinforced by the fact that there exists software that can remove this problem • Growing number of anti-spyware programs and user discontent suggests most users believe spwyare is wrong

29. Market vs. Legislative Solutions • What is the right way to go? • Use of anti-spyware software is a market solution • User needs to be aware of the problem, solution • Needs access to the tools to remove the spyware • However, most internet users are unaware of the problem

30. Market vs. Legislative Solutions • What is the right way to go? • Regulation = Legislation • Problems • Takes time and a lot of effort • Not enough public debate on the issue • In the end, the problem resides with the user, so the user is left to the challenges of dealing with it

31. Conclusion • Privacy is the price we pay for our infrastructure • The issue here is that many don’t even realize the price they are paying • Not able to willingly enter into an agreement

32. Conclusion • Alternatives to Spyware • Don’t use the software that it comes with • Requires knowledge of the problem, however • May hurt the economics of free software • Eliminate the problem with market solutions • Again, requires knowledge of the problem

33. Conclusion • Alternatives to Spyware • Legislative regulation • Difficult to enforce local laws when dealing with a global problem • There needs to be more public debate among the concerned individuals • Without public debate, we will never achieve a balance between technology and the needs of society

34. Questions?