Wednesday, December 12, 2007

Can't Stop the Music

Sometimes, you've just got to wonder.

In a recent posting on his Recording Industry Vs. the People blog, lawyer Ray Beckerman maintained that the RIAA is now, in the case of Atlantic v. Howell, labeling any copying of music files as copyright violations, whether you share and/or re-sell them or not. ZDNet's Adrian Kingsley-Hughes immediately took issue with him, claiming that the RIAA said the defendant was in violation only when he copied the MP3 files to a shared drive.

In this particular case, Kingsley-Hughes may be right, but it hardly matters. The hostility of both the RIAA the the industries it represents to any copying of music and video files for any purpose at all has a long and shameful history (remember the Sony rootkit fiasco?). For that matter, the RIAA web site (as one of the Talkback responses to the article points out) explicitly states that any copying is unauthorized. And, of course, there are the clueless comments from chairman and CEO of Universal Music Group, Doug Morris, in the latest issue of Wired.

Let's be clear on what this means.

That mix CD you made for your wife's birthday? Bad.

The sound design you did for your local no-budget community theatre? Bad.

The customized Christmas CD you made for your car? Bad.

Let's get real, folks; the RIAA and the industries it represents know they haven't got a snowball's chance in hades of stopping the actual pirates. The entire intent of the various DRM schemes is to force law-abiding consumers to purchase the same material over and over - or to eliminate purchases entirely and make everything a rental. Their model is the software EULA, which basically says that your don't own zip.

So while the RIAA may not be saying all copying is illegal in this particular case, make no mistake: that is their ultimate goal, and they'll pursue it with all the lawyers and lobbyists at their command.

Friday, December 07, 2007

I Fought the Law and the Law Won

Urban Legend has it that when the late Willie Sutton was asked why he robbed banks he replied "because that's where the money is".

If he were around today he'd probably scoff at bank robbery. These days the real money is clearly in spyware.

It shouldn't be news to anyone, of course, that cybercrooks are using spyware to generate big bucks, primarily by stealing credit card and banking information and reselling it to other swine on the 'net. What may be news, however, is the fact that many of the tools used by these characters are completely legal and available at "crazy low prices", if not for free.

The bust of a couple dubbed "the Bonnie and Clyde of identity theft" illustrates the problem. As described in a recent article in Digital Journal (among other places):

Jocelyn Kirsch, 22, and Edward K. Anderton, 25, were living a lavish lifestyle: trips to Paris and London; salon visits costing $1,700 each; a $3,000-a-month apartment in upscale Philadelphia. Kirsch and Anderton didn't earn any of these luxuries – they stole money using a complex identity theft scam.

What's especially interesting about this is that the couple didn't need to invest huge amounts of money or technical expertise to do this. All they had to do was buy a $100 spyware program called Spector Pro (from Spectorsoft). Although widely identified as malware by major anti-virus vendors such as Symantec and Safernetworking.org (the makers of Spybot Search and Destroy, one of the better anti-spyware products around), Spector Pro is also a PC Magazine Editor's Choice award winner and touts itself as a tool for enhancing corporate security by allowing employers to monitor employees' internet activity.

The thing is, the behavior of the program itself is indistinguishable from that of other forms of malware. Here's how Symantec describes it:

Spyware.Spector functions in a manner that is similar to a Backdoor Trojan Horse. When it is installed, it logs all the activity on the system. The person who installed it can then watch all the logged activity.

Spectorsoft president Doug Fowler, of course, disclaims any responsibility for the nefarious use of the product. According to ABC News (where this story originally broke):

"SpectorSoft has never marketed its software as a way to steal from people, to assume another's identity," Fowler wrote in an e-mail. "Any piece of software has the potential to be abused."

If this sounds familiar, it might be because the same justification is offered by anyone who profits from the sale of dangerous and/or deadly items. Be it agribusiness, Big Tobacco, or the NRA, they all insist that it's not their fault if the folks to whom they have aggressively and expensively marketed their products wind up morbidly obese, coughing up a lung, or mowing down a few dozen family members, friends or acquaintances.

Legally, of course, they may be right. Attempts to hold the "Merchants of Death" accountable have largely failed thanks to flotillas of high-priced lawyers and a federal government that never met a corporate lobbyist it didn't like.

Legality and morality are hardly identical, however, and the ethical situation is far less clear. My take on this is that if you are selling a product that you know, beyond a doubt, is going to be used for a moral wrong, you better be certain that said product isn't designed primarily for that purpose and/or that you're serving a greater moral good by offering it.

For example: a hammer can certainly be used to commit murder, but that's not even remotely what it's designed to do. And in any case you're helping someone build something by selling it. Weapons, on the other hand, face a far higher hurdle since their principal purpose is to kill.

By that standard, Spectorsoft is treading on potentially thin ice. Yes, their software can be used by businesses to prevent unethical behavior by their employees, but Spectorsoft doesn't just market to businesses. Indeed, two of their products (the aforementioned Spector Pro and eBlaster) are targeted at individuals who want to spy on each other, including parents who want to spy on their children.

If it walks like a duck, quacks like a duck, and gobbles up your keystrokes like a duck, shouldn't we conclude that it's fair game during Duck Season?

Wednesday, December 05, 2007

Money (That's What I Want)

What would you call a business that secretly spies on its customers, threatens them with massive lawsuits if they refuse to re-purchase a product they've already bought, and generally assumes that they're all crooks out to steal merchandise?

Apparently, you'd call it the music business.

Many of you may already know about Sony's infamous rootkit scandal from 2005, in which the media giant was caught installing spyware on the PCs of everyone who bought their CDs - without, of course, bothering to ask permission first. Cybercrooks quickly figured out how to exploit the malware and Sony was faced with a raft of lawsuits, which are still wending their way through the legal system.

That was bad enough. Around the same time, however, the industry trade group The Recording Industry Association of America, began launching thousands of lawsuits against individuals who had shared songs they had already bought via Peer to Peer (P2P) networks such as Napster. The claim was that this was an effort to combat piracy and claims were made (wildly inflated, in my view) of the amount of revenue lost by the industry - despite the fact that industry profits remained spectacular.

It's an odd claim, considering that the victims of these lawsuits weren't actually making any money from their infringement. If piracy of copyrighted material is an issue why not go after the big international pirates who are selling the stuff for a profit, largely overseas?

The answer - if a recent “Justice” Department ruling is any indication - is that it's cheaper to take every last cent of song sharers here in the USA than it is to go after the big-time international crooks who are really eating your lunch. Taking a couple hundred grand from some poor schlemiel who shared tunes with his buddies is easy money when you already have an army of lawyers on retainer.

Will this have a deterrent effect of P2P music sharing? Probably. Will it have a deterrent effect on the big-money pirates? Almost certainly not. But if you've already decided that suing your customers is a valid business model, maybe you don't want the pirates to stop selling your stuff for $4.00 in Beijing. You've already given up on that, and having them around allows you to continue to make exaggerated claims about how much money you're losing.

Pay no attention to those massive profits behind the curtain. Government of the corporation, by the corporation, and for the corporation shall not perish from this earth.