Article 43


Privacy And Rights

Friday, July 07, 2006

The Plot To Hijack Your Computer

They watch you surf the Web.
They plague you with pop-up ads.
Then [LIKE MICROSOFT] they cripple your hard drive.

Cover Story
July 17, 2006

Consumers have strong opinions about Direct Revenue’s software. “If I ever meet anyone from your company, I will kill you,” a person who identified himself as James Chang said in an e-mail to Direct Revenue last summer. “I will f------ kill you and your families.” Such sentiments aren’t unusual. “You people are EVIL personified,” Kevin Horton wrote around the same time. “I would like the four hours of my life back I have wasted trying to get your stupid uninvited software off my now crippled system.”

Sifting through a stack of customer complaints in June, 2005, a Direct Revenue employee decided to tally the most frequently used words of aggression: “die” (103 times), “f------” (44), and “kill” (15). Douglas Kee, then Direct Revenue’s chief of quality assurance (QA), ribbed colleagues in an e-mail that with all the death threats, it was a “good thing QA sits farthest away from the entrance.”

According to angry consumers and the New York State Attorney General, Direct Revenue makes “spyware.” These programs track where you go on the Internet and clutter your screen with annoying pop-up advertisements for everything from pornography to wireless phone plans. Spyware can get stuck in your computer’s hard drive as you shop, chat, or download a song. It might arrive attached to that clever video you just nabbed at no charge. Web security company McAfee Inc. (MFE ) estimates that nearly three-quarters of all sites listed in response to Internet searches for popular phrases like “free screen savers” or “digital music” attempt to install some form of advertising software in visitors’ computers. Once lodged there, spyware can sap a PC’s processing power, slow its functioning, and even cause it to crash.

This explains the vitriol aimed at Direct Revenue. The company, located in a loft above a clothing boutique in New York’s hip SoHo district, has been a pioneer in a seamy corner of the booming Net advertising industry. Although it is small by some corporate standards, having generated sales of about $100 million since its start in 2002, its programs have burrowed into nearly 100 million computers and produced billions of pop-up ads.

Direct Revenue’s swift rise illustrates the intertwining of spyware and mainstream online marketing. The Web is the hottest game in advertising, but what’s rarely acknowledged is the extent to which unsavory pop-ups boost the returns. Here’s how it often works: Sellers of advertising, ranging from giant Yahoo! Inc. (YHOO ) to much smaller networks, recruit clients, tally the clicks their ads generate, and charge accordingly. But then Yahoo and the other advertising companies sign up partners that distribute the ads beyond their own sites in return for a fee, and those partners sign up other partners. Down the line, a big piece of the business winds up in the hands of outfits like Direct Revenue, which disseminate the ads as pop-ups and share revenue with their more mainstream partners. Some advertisers say their messages have appeared in pop-ups without their permission. Others seek out pop-ups, and Direct Revenue frequently sells ads directly to such advertisers.

Spyware rakes in an estimated $2 billion a year in revenue, or about 11% of all Internet ad business, says the research firm IT-Harvest. Direct Revenue’s direct customers have included such giants as Delta Air Lines (DALRQ ) and Cingular Wireless. It has sold millions of dollars of advertising passed along by Yahoo. And Direct Revenue has received venture capital from the likes of Insight Venture Partners, a respected New York investment firm.

Many of those impressive ties have frayed or ripped apart recently as Direct Revenue has struggled to fend off a lawsuit filed in April by New York Attorney General Eliot Spitzer. The state court action alleges that Direct Revenue crossed a legal line by installing advertising programs in millions of computers without users’ consent. Shining a light on the shadowy spyware trade, the suit asserts that the company violated New York civil laws against false advertising, computer tampering, and trespassing.

This article is based in part on more than 1,000 pages of Direct Revenue’s internal e-mail and other documents included in court filings. BusinessWeek has reviewed additional documents and interviewed dozens of industry insiders, including 12 current and former Direct Revenue employees and executives.

The company denies any wrongdoing. In a filing in June, it calls the Spitzer suit “much ado about nothing” and defends its past practices as “commonplace” in the industry. It calls its programs “adware” and says it has notified consumers when putting the programs on their computers. It insists that some of the methods Spitzer assails “were long ago changed.” And it argues that by accepting its ads, consumers get popular software applications free of charge that otherwise can cost up to $30 apiece.

In the wake of the litigation, Direct Revenue has shrunk in size, but it remains an important player on the spyware scene. Thousands of people still complain each month to Web security firms about new computer infections caused by Direct Revenue programs (although many users are baffled about what’s causing the maladies). And a new generation of spyware purveyors of equal or greater potency is imitating Direct Revenue’s strategies, infuriating customers, and threatening to taint the larger business of online advertising. Chances are you have some of their handiwork hidden within your hard drive right now.

Direct Revenue’s origins trace the rise of what might politely be called one of the more freewheeling sectors of Internet commerce. The company’s sales philosophy, according to current and former employees, was heavily shaped by Jesse Stein, a Wharton School-educated marketer whose successes before joining the company included selling VigRX, an herbal penile-enlargement supplement. VigRX may sound familiar because, to win customers, Stein inundated e-mail in-boxes with spam promoting the product. In 2003, when the ABC News (DIS ) 20/20 program identified what it said were the biggest online spammers, it featured VigRX and showed one of Stein’s e-mails. He reveled in the notoriety. On his desk at Direct Revenue, Stein, now 36, kept a framed 20/20 screen shot of his VigRX spam, former colleagues say.

His eventual boss, Joshua Abram, came to online hawking from a different angle. His family has a rich history of public service. Abram’s late father, Morris, was a civil rights activist in the 1960s who later served as president of Brandeis University and U.S. ambassador to the U.N. under President George H.W. Bush. Joshua’s sister, Ruth, heads the Lower East Side Tenement Museum in New York.

In 1999 Joshua Abram helped start, a benign precursor to later spyware operations. Dash attached an unobtrusive horizontal bar to the bottom of a computer user’s Web browser. As the user moved around the Internet, Dash would note the sites being visited and offer relevant text ads inside the narrow bar. Dash went out of its way to ask users’ permission to install the ad bar, and the company even shared its fees with consumers who made purchases. But Dash’s tactful text ads drew relatively few clicks, and its fee-sharing became an administrative nightmare. As the Internet market imploded in 2001, Dash folded.

Abram, known for wearing stylish suits amid a sea of techie grunge, kept developing ad software with several colleagues. They joined a broad post-bust move toward treating customers with less respect. One of the new spyware variants he helped create was called VX2, which a former colleague and computer security professionals believe was named after the deadly, undetectable VX nerve agent. In 2002, Abram, a father of two and husband of a fashion-industry executive, started Direct Revenue. His co-founders were fellow Dash alumnus Daniel Kaufman and a pair of data-mining entrepreneurs from a company called Pipe9, Alan Murray and Rodney Hook. The next year, Direct Revenue did business with and then acquired Stein’s online ad agency, forming a spyware powerhouse. Stein declined to comment. The four founders didn’t respond to numerous inquiries.

By early 2004, Direct Revenue, with Abram as CEO, had settled into its SoHo loft, employing two dozen programmers and salespeople. Current and former staff members say the place had an informal, often cynical atmosphere. The unsophisticated computer users subjected to Direct Revenue’s ads had a nickname among some staffers: “trailer cash.”

Knowledgeable consumers can reduce the risk of spyware infection by using widely available security software and steering clear of free online goodies. Direct Revenue and its rivals—companies with such names as eXact Advertising and Zango—say they employ “user agreements” that notify individuals when they are about to download their software. But the agreements typically can be found only by clicking on links deep within separate legal agreements related to the online freebies. The documents tend to be lengthy and opaque. Large numbers of Internet users who lack adequate security software and fail to read the legalese make themselves vulnerable.

Once embedded in your hard drive, spyware communicates via the Internet with the company that produced it. The company’s computer keeps track of your online meanderings and sends you pop-up ads relevant to the sites you visit. The travel-booking sites Travelocity (TSG ) and (PCLN ) have both been direct customers of Direct Revenue. People who picked up Direct Revenue spyware and then perused flights on Travelocity might find their screens obstructed by a pop-up for Priceline, or vice-versa. The travel sites say they stopped doing business with the company earlier this year.

Direct Revenue and other ad software creators struggle to balance an impulse to pump out waves of profitable pop-ups against the danger of enraging consumers who lose control of their computers. “Most of these companies can’t overcome their desire to make the most money right away,” says Sam Curry, vice-president for product management at Computer Associates International Inc. in Islandia, N.Y. (CA )

From early on, a small group of programmers at Direct Revenue focused on how to protect their employer’s programs once they were lodged in a computer, current and former employees say. The team called itself Dark Arts after the term for evil magic in the Harry Potter series. One of the biggest threats Dark Arts addressed came from competing software. The presence of multiple spyware programs can so cripple a computer that no ads manage to get seen.

Dark Arts crafted software “torpedoes” that blasted rival spyware off computers’ hard drives. Competitors aimed similar weapons back at Direct Revenue’s software, but few could match the wizardry of Dark Arts. One adversary, Avenue Media, filed suit in federal court in Seattle in 2004, alleging that in a matter of days, Direct Revenue torpedoes had cut in half the number of people using one of Avenue Media’s programs. The suit settled without money changing hands, according to an attorney for Avenue Media, which is based in Curaao. “This is ad warfare,” explains former Direct Revenue product manager Reza Khan. “Only the toughest and stickiest codes survive.”

In light of the Dark Arts stratagems, Direct Revenue management in early 2004 procured from its lawyers a modified user agreement that would supposedly be shown to PC owners. Within the densely written seven-page documentwas a declaration that Direct Revenue “could remove, disable, or render inoperative other adware programs resident on your computer, which, in turn, may...have other adverse impacts on your computer.”

Abram presented the new agreement to his troops with an impudence befitting the Dark Arts crew. “It’s a lawyer-approved license to kill,” the CEO said in a February, 2004, e-mail. He urged some restraint because at the time potential investors were examining the company: “I would think twice about going too aggressively on the offense during [due] diligence.” But he added: “Obviously, if we find someone is slaughtering us in the interim, we should not wait to counter.”

“It was like a big game of Dungeons & Dragons,” a current Direct Revenue manager says, and it was becoming lucrative. An ad software shop generally charges advertisers up to a penny a day for each computer that showcases its ads. A company with access to 10 million computers can make about $100,000 a day. With its “install base” soaring to more than 20 million computers by late 2004, Direct Revenue’s annual sales rose 450%, to $39 million. Its four founders took home a combined $23 million, with Abram enjoying the biggest share: $8.1 million.

This cash geyser drew investors’ attention. Insight Venture Partners, which has among its advisers Robert E. Rubin, former Treasury Secretary and now chairman of the executive committee at Citigroup (C ), poured in $27 million, court filings show. Andrew J. Levander, a lawyer for Insight, says the firm’s pre- investment due diligence “did not raise any issues concerning the lawfulness of Direct Revenue’s disclosure and distribution practices.” Rubin wasn’t involved with the investment, Levander says. When Insight learns of complaints, he adds, it works with the company to address them.

Complaints were certainly not in short supply. “You have 24 hours to provide me with a removal tool for your piece of crap spyware program,” Joe LoMoglio e-mailed the company in September, 2004. “Your pop-up ads popped up a few porn sites while my 6- and 9-year-old children were using the computer.” Reached by e-mail, LoMoglio says the company “refused to respond.”

As Direct Revenue surged in late 2004, its hyperactive sales force profited as well. Several top performers took home more than $300,000 apiece that year, current and former employees say, and a celebratory mood enveloped the fourth-floor ad-sales department. On Friday afternoons, employees opened bottles of beer, and Paul Nute, a top sales executive, occasionally blasted the pop song Everybody’s Working for the Weekend.

Nute had a trademark line for corporate sales pitches, according to current and former sales employees. “It’s like crack,” he would say. “Once you try it, you’ll keep coming back for more.” Nute declined to comment.

By early 2005, Direct Revenue had notched deals with JPMorgan Chase, Delta, and the Internet phone company Vonage, according to former sales staffers and Direct Revenue documents. Cingular Wireless spent more than $100,000 a month at the peak of its relationship with Direct Revenue, current and former employees say. Direct Revenue put Cingular pop-ups in front of other phone companies’ Web sites and news sites such as the one affiliated with tech magazine Wired. Vonage, meanwhile, was billed $110 for each customer that Direct Revenue delivered, according to a sales report from July, 2005. For that month, Direct Revenue billed Vonage for 287 new customers, or $31,570.

JPMorgan Chase confirms that it advertised with a Direct Revenue unit through the middle of last year, but says it was unaware of any spyware activity. Delta and Cingular declined to comment. Vonage didn’t respond to inquiries.

By mid-2005, Direct Revenue had grown to more than 100 employees, and its practices were drawing public notice. Bloggers, invoking the right to be free of uninvited ads, singled out Direct Revenue. Benjamin Edelman, a prominent Internet consultant and spyware foe in Cambridge, Mass., tried to shame advertisers away from Direct Revenue by displaying on his site the names of companies that appeared in Direct Revenue pop-ups. Jules Neuringer, owner of Portronix, a Brooklyn (N.Y.) computer-service firm, says that during this period about a dozen of his small-business clients complained about Direct Revenue spyware. Of these, he says he “was never able to bring an infected computer back to pristine operating condition.”

Direct Revenue insiders knew they were alienating consumers and even made tentative moves to clean up their act, court filings show. But when the result was fewer people getting stuck with its software, Direct Revenue pulled back from reforms.

In early 2005 the company was bundling its products with a file-sharing program called Morpheus, which users could download onto their computers. Morpheus required that Direct Revenue make its software easy to spot in a computer’s “Add/Remove” panel, which is the registry where a user can find most legitimate software and delete it. Direct Revenue agreed at first but after a few months noticed that thousands of new users it gained via Morpheus were quickly deleting the ad software. Kaufman, a co-founder of Direct Revenue, sent an e-mail to colleagues in February, 2005, saying the company should drop the Mr. Nice Guy routine. “We need to experiment with less user-friendly uninstall methodologies,” he wrote. The distribution agreement with Morpheus ended within three months.

The same ambivalence was evident in April, 2005, when Direct Revenue released a concoction known as Aurora. The program clearly labeled ads as coming from the company, a gesture designed to build credibility. But Aurora had powerful features that fought off competing spyware and security programs. The company also raised the number of pop-ups it sent users to as many as 30 a day.

Disaster ensued, as Aurora paralyzed thousands of computers. Matt Oettinger, who ran media operations at Fastclick (VCLK ), an advertising network that bought ads from Direct Revenue, found his home PC afflicted by Aurora, e-mails in court filings show. In June he ordered all Fastclick ads disentangled from Aurora. Branko Krmpotic, the managing director of Technology Investment Capital Corp. (TICC) (TICC ), which had invested $6.7 million in Direct Revenue, also caught the Aurora bug and couldn’t kill it, according to e-mails. Eventually, Direct Revenue had to send its customer support director to fix Krmpotic’s machine. After receiving complaints about Aurora, Insight Venture, another major investor, told the company to remove Insight’s name from the Direct Revenue Web site. Fastclick declined to comment; Krmpotic didn’t return calls.

Even Aurora’s creators fell victim as the program froze computers at Direct Revenue. One sales staffer, Judit Major, documented receiving more than 30 pop-up ads in one day, according to e-mails. Her computer crashed four times. “We are serving WAY TOO MANY pops per hour,” wrote Chief Technology Officer Daniel Doman in a June e-mail to the company’s brass. “If we overdo it, we will really drive users to get us the hell [off] their machine. We need to BACK OFF or we will kill our base.”

By then consumer complaints were pouring in to Attorney General Spitzer’s office. He filed suit in April, after his staff had hauled away 150 boxes of the company’s e-mails. Spitzer alleges that he found numerous examples of Direct Revenue spyware downloaded with misleading user agreements or no disclosure at all. In many cases, the download was performed by a distributor on behalf of Direct Revenue, but company executives repeatedly conceded in e-mail that users were in the dark about how its programs got into their computers. This, Spitzer argues, amounts to illegal deception.

A Direct Revenue spokesman, Michael Spinney, says the company is “mystified” by Spitzer’s allegations. It cleansed its practices more than nine months ago, Spinney says, and now puts its name on all its pop-up ads. It also now makes its software available for deletion in a computer’s Add/Remove Programs registry and has limited its use of distributors. Before these changes, Spinney asserts, Direct Revenue employed practices common in its industry. He wouldn’t comment on Spitzer’s individual allegations.

The anti-spyware activists and computer security firms confirm that Direct Revenue has dropped its most destructive programs, such as Aurora. But they emphasize that the company continues to cause serious headaches. Tokyo’s Trend Micro Inc. (TMIC ) offers an online service that scans customers’ troubled computers. In April it identified Direct Revenue’s spyware as the culprit in 9,400 computer scans. That’s down from 14,000 in January, but it represents a substantial level of annoyance. “Direct Revenue is still on everyone’s top 10” of reviled spyware companies, says Anthony Arrott, Trend Micro’s spyware research manager.

Deborah Maradei-Ugel, a loan officer in Santa Clarita, Calif., says she receives more than 20 pop-ups a day on her home computer as a result of Direct Revenue spyware. She complained to the company, but removal instructions it sent her are impossible to follow, she says. Her machine frequently stalls and requires restarting. “You hit your computer,” she fumes, “but it doesn’t help.”

The way Direct Revenue describes its software during the download process remains vague and misleading, Edelman and other critics say. The company now bundles ad programs with Kazaa, an online service offering music and other digital content. Kazaa gives users a choice between a $30 version of its program and a free version labeled “ad supported.” But few ordinary consumers would understand that ad-supported means they get separate software from Direct Revenue that will monitor them online and serve a steady stream of pop-ups, Edelman says. Kazaa declined to comment.

Direct Revenue has lost business and reduced its headcount to a couple dozen employees. The four founders still own 55% of the company, according to Spitzer’s filing, and Abram is still seen around the office in his sharp suits. But he no longer serves as CEO. Sales gurus Stein and Nute have moved on to another Internet venture. Many major companies, such as Cingular and Yahoo, have severed connections with Direct Revenue. But the ads of others, including Vonage, continue to appear in Direct Revenue pop-ups. Insight and TICC remain investors.

Among Direct Revenue’s alumni, pride over technical cunning mingles with regret for exasperating so many computer users. After waffling on the issue during a long interview, one former Dark Arts wizard sighs and sums up his version of the company credo with an elegiac observation by abolitionist Frederick Douglass: “Find out just what any people will quietly submit to and you have found out the exact measure of injustice and wrong which will be imposed upon them.”


Posted by Elvis on 07/07/06 •
Section Privacy And Rights • Section Microsoft And Windows
View (0) comment(s) or add a new one
Printable viewLink to this article

Saturday, July 01, 2006

Windows Privacy Flew Out The Window

Have you heard - or been stung by - WINDOWS GENUINE ADVANTAGE?

It puts Microsoft - not you - in ultimate control of your computer.

There’s a lot of press by Microsoft and coverd by the MEDIA that it’s WGA anti-piracy tools will only stop a suspected illegal installation of Windows XP from getting Windows updates, but the goal may be to CONTROL our computers with some flimsy and perhaps MISLEADING DISCLOSURE to back it up. My experience suggests not letting WGA phone home may disable the Windows XP desktop entirely.

After windowsupdate downloaded and installed WGA, Windows sent me to the product activation wizard (like when you first install Windows) claiming Windows needs to be (re)licensed, then not accepting the serial for the computer and OS a year old - forcing TWO CALLS TO MICROSOFT to get my desktop back, the day after WGA’s STEALTH installer SNUCK itself into my computer - and have what looks like related SPYWARE since.  That was three weeks ago.

Because I block software phoning home at the gateway (WGA CAN’T BE STOPPED WITH A BOGUS HOSTS FILE ENTRY), it’s fallback operation may be to deny the user his/her desktop if/when it can’t get through.  That may explain what happened to ME, PC-SHRINK, GUARAV1, PHIL, and countless OTHERS being kicked out of Windows by WGA’s spyware for whatever reason.

Yesterday, after following MICROSOFT’S INSTRUCTIONS, I’m still logging stuff to,, and  If the files listed in the Microsoft article - which I deleted - are still on the computer, then they may be hidden or something else may be up that may not have been brought out in the open.  Logs show the spyware is trying to phone home every hour or so.  For what?

Is it Microsoft’s intent from now on to regularly exchange data between our computers and somebody’s databank(s) by having their software make automatic and unannounced calls over the internet, and if those calls are unsuccessful or intentionally blocked - permanently disable Windows? Is there any truth to what the FOLKS ON ZDNET ARE SAYING?

Regarding the information that may be automatically collected by, and shared with third parties - Will Microsoft claims it owns the information not unlike what AT&T’S DOING with it’s new privacy policy and customer phone records? Will they CATALOG OUR SOFTWARE and sell that information without our CONSENT or proper disclosure?  It may sound paranoid to think so, but then again - it may not.

Will Microsoft let us permanently disable it’s spyware (even if extorted to pay extra for it), disclose it’s ultimate intent, and detail the information being collected by, and exchanged with - third parties?

Maybe they’ll claim it has something to do with homeland security, and the US GOVERNMENT NEEDS TO KNOW what’s on all our computers - with WGA and the parties collecting our data - cooperatives in the undertaking?

The folks at GROKLAW put the issue in perspective:

You have been given a vision of the future, where software will be a service, and all you get is a license to use it the way they allow you to use it. How do you like Microsoft’s Brave New World?

Surely they will find a way to check that you are complying with all the above, so I think it’s clear that if you stay with Microsoft products, you have to agree to share your computer with them, that your privacy will be in their hands, and that they can control your computer without your say so. And they won’t necessarily tell you clearly what they are doing, judging by this incident, or perhaps there will be no notice at all, as mentioned in the EULA. It’s not about you buying a product and using it any way you wish. They let you use their software only within strict limitations they set which by the way do not conform to your rights under COPYRIGHT LAW. This is a license, a kind of contract, whereby you waive rights you would otherwise have in order to use their software. And you are presented with a EULA at least one paralegal can’t even understand, too late to say no in a meaningful way.

If faced with a CHOICE to let your computer trade undisclosed information with whoever Microsoft wants, or loose the Windows software you paid for and are entitled to use - which would you choose?  Remember - laws may be nothing more than PIECES OF PAPER

Privacy and freedom are dying in America. 
Microsoft Windows’ WGA is it’s latest expression.
And we’re letting it HAPPEN.



Posted by Elvis on 07/01/06 •
Section Privacy And Rights • Section Microsoft And Windows
View (1) comment(s) or add a new one
Printable viewLink to this article

Wednesday, June 28, 2006

Is Microsoft About to Release A Windows Kill Switch?

DRM lets software companies plant back doors, hack your computer, or anything else you can think of - to allow them control of the software (and your computer) they sold you, to protect their interests.  Microsoft Windows is the latest to bring this to public awareness.  Our laws protect big-business, not consumer privacy.

ED BOTT’S Microsoft Report
June 27, 2006

Two weeks ago, I wrote about my serious objections to Microsofts latest salvo in the war against unauthorized copies of Windows. Two WINDOWS GENUINE ADVANTAGE components are being pushed onto users’ machines with insufficient notification and inadequate quality control, and the result is a big mess. (For details, see MICROSOFT PRESSES THE STUPID BUTTON.)

Guess what? WGA might be on the verge of getting even messier. In fact, one report claims WGA is about to become a Windows “kill switch” and when I asked Microsoft for an on-the-record response, they refused to deny it.

Last week, a correspondent on Dave Farber’s Interesting People list posted some COMMENTS ABOUT HIS EXPERIENCES with Windows OneCare Live. In the middle of the post, he added this tidbit:

I like to review updates before they are installed. The only update that I have not installed is the latest WGA because of the security issues related to it.

I called Microsoft support to see if there is a hidden option to say, “yep, I’ve got updates turned to manual it’s okay.” The rep said, “No and why wouldn’t you want to get the latest updates to Windows.”

I responded with the issues relating to WGA. He spent some time telling me that WGA was a good thing, etc. I reiterated that I have accepted all the updates except WGA and just want to review the updates before they’re installed on my machine.

He told me that “in the fall, having the latest WGA will become mandatory and if its not installed, Windows will give a 30 day warning and when the 30 days is up and WGA isn’t installed, Windows will stop working, so you might as well install WGA now.” [emphasis added]

I’m wondering if Microsoft has the right to disable Windows functionality or the OS as a whole (tantamount to revoking my legitimate Windows license) if I do not install every piece of software that they send it updates.

That canŒt be true, can it? Im always suspicious of any report that comes from a front-line tech support drone, so I sent a note to Microsoft asking for an official confirmation or, better yet, a denial. Instead, I got this terse response from a Microsoft spokesperson:

As we have mentioned previously, as the WGA Notifications program expands in the future, customers may be required to participate. [emphasis added] Microsoft is gathering feedback in select markets to learn how it can best meet its customers’ needs and will keep customers informed of any changes to the program.

That’s it. Thats the entire response.

Uh-oh. Currently, Windows users have the ability to opt out of the Windows Genuine Advantage program and still get security patches and other Critical Updates delivered via Windows Update. The only thing you give up is the ability to download optional updates. Hackers have been working overtime to find ways to disable WGA notification. If WGA becomes mandatory, would it mean that Microsoft could prevent Windows from working if it determines - possibly erroneously - that your copy isnt genuineҔ? Thats a chilling possibility, and Microsoft refuses an easy opportunity to deny that that option is in its plans.

Over at Ed Botts Windows Expertise, Ive been soliciting feedback from Windows users who’ve been burned by WGA. So far, Ive received 20 comments. Here’s a sampling:

· I have an XP Media center with a promise RAID 0 4-disc array. When I installed the WPA it broke the drivers for the array by causing failed delayed writes (half of the array just disapears.) If I do a system restore to before the installation of the WPA everything goes back to working just fine.

· [S]ince installing WPA I’ve had blue screens and a total inability to boot. I had to run the XP repair function to get the computer to boot. I had a damaged boot sector on the hard drive. I am running two drives on a RAID 1 config.

· I purchased a SEALED OEM copy of XP Professional. WGA said the license key was already used. I called MS and they said I should uninstall and buy another copy. I told them I wasnt made of money and hung-up.

· Microsoft rejected the product key that came with the ThinkPad I’m using. I had to call in and they gave me another code to enter which supposedly worked but now I get the blue screen of death about every other time I reboot. Ive also lost all internet connectivity.

· I sent my Compaq Presario notebook for service repair, and it fails the WGA check. I have a legal version of windows xp professional on it. But I have no way to correct this problem.

What’s most disturbing about this whole saga is Microsofts complete lack of transparency on the issue. And before the ABM crowd jumps in with predictable “What did you expect?” comments, let me argue that Microsoft actually has a fairly good track record on transparency issues in recent years. Windows Product Activation is very well documented, and when a similar uproar occurred in 2001, it was squelched quickly by some fairly prominent postings from high-level executives who provided details without a lot of spin. Likewise, the Microsoft Security Response Center has done an exceptional job at providing quick responses to security issues. (Just ask Adam Shostack.)

Currently, no one at Microsoft is blogging about this fiasco. No executive has been quoted on the record about it. There are very few technical details available, and those that have been published are being tumbled through the spin machine and spit out as press releases.

If Microsoft really does plan to turn WGA into a kill switch in September, be prepared for an enormous backlash


Posted by Elvis on 06/28/06 •
Section Privacy And Rights • Section Microsoft And Windows
View (0) comment(s) or add a new one
Printable viewLink to this article

Tuesday, June 27, 2006

AT&T’s New Privacy Policy - Phone Records For Sale


Sticking with AT&T? You’re a fool
June 27, 2006

[Editor’s note: In a discussion on June 29, AT&T stated their view that this column misrepresents the terms of their privacy policy and invites you to take a look for yourself. Click HERE to see AT&T’s privacy policy in their provided link.]

[Ira’s response, June 30: The link provided by ATT is not relevant to the article. It is the link to a high level description of privacy policy to AT&Ts retail customers and Web visitors. Two links further into the site, you get to the actual privacy policy for AT&T. That policy then states that “certain AT&T Internet services and AT&T U-VERSE TV and HOMEZONE services are subject to an additional privacy policy.” This is the policy that this article addresses, and it is not available at the link provided by AT&T. I believe that the choice to provide such a link for this article speaks for itself.]

AT&T’s new privacy policy for its Internet and video services is way out of line - an insult to genuine security efforts and a brassy attempt to make its profits your problem. The announced policy changes may just be a sign that cynically attaching the “war on terrorism” label to business initiatives has reached a new low, but anyone out there who believes that AT&T has announced this sweeping new data-collection policy to support the government’s fight against terrorism is truly a fool. This new privacy policy goes way beyond even the most absurd arguments for monitoring Internet users.

Recapping the basics, AT&T claims that it “reworded” the privacy policy for its Internet service to reflect what was previously “implied.” What the company claims was implied is to the effect that while you consider your account information personal, AT&T owns it.

Once you’ve caught your breath, let’s unpack what’s happening here. First, ask yourself how AT&T benefits from a clearly controversial policy change such as this. Do you think that AT&T is changing this privacy policy just so it can provide data to the U.S. government for good will, or because the government told it to? No. If the government wants your data it has, as we know, various mechanisms to acquire it - whatever AT&T’s privacy policy. A legal warrant is a legal warrant, for example.

The implication is that AT&T is making a profit from selling the data to the federal government. And that profit must be substantial; after all, there are clearly many customers who are dropping AT&T services as a result of this proposed change. (Including me—I actually stopped a switch to AT&T’s Cingular cellular services when I heard of this development.) Clearly, AT&T will lose business by implementing or even announcing such a profound change in privacy policies. I can only imagine how much money AT&T is receiving from the government for all those records if they believe it’s worth the hit.

Next, let’s look at what this change entails. The new privacy policy basically lets AT&T do anything it wants with your information. (Remember, according to the company, it’s its information.) The specific claim is that AT&T can do whatever it wants with your/its data “to protect [the company’s] legitimate business interests.”

But think: Making a profit is a legitimate business interest. Therefore, whatever the company wants to do with any of your information, for whatever it considers within its interests, is covered. AT&T makes no pretense about it. Not only would this explicit ownership claim help the company avoid lawsuits in the future for selling data to the National Security Agency for data-mining purposes, it basically lets AT&T do whatever it wants with any of your information. This isn’t merely a knee-jerk reaction to current lawsuits, but is a profit-making venture for it forevermore.

Not disturbed yet? Ponder this: The privacy policy can be theoretically used to justify AT&T offering a service that consists of selling your corporate e-mail messages to your competitors. If AT&T offers that “service” at a profit, it’s a legitimate business interest for the company. This sounds like an extreme, but the privacy policy allows for such extremes. Posing another problem, if you deal with data protected by such regulations as the Health Insurance Portability and Accountability Act or the Sarbanes-Oxley Act, you now have a whole new set of eyes potentially on that data, with no accountability to your firm or your customers and no means by which you can keep an eye on things.

AT&T isn’t protecting its ability to work with the government—it’s granting itself the right to do whatever it wants with any of your information or data passing through its service. While AT&T’s spokesmen may well say, “We would never do that,” you’d be a fool to believe them. The company employs any number of lawyers, and they didn’t pull the “complete ownership” language out of a hat. They are stating, as they mean to state, that they are claiming complete ownership of your data. That is a huge leap from cooperation with government for perceived national security purposes.

Even if you don’t use AT&T, you must potentially consider that one of your vendors, or anyone else you exchange e-mails with, might use AT&T. While you may not technically want to give up rights to your information, what happens if these other parties send your data, or data relating to you, through AT&T? The implications are really scary. Again, AT&T says that it’s protecting its legitimate business interests, not yours or those of the parties that you deal with.

It gets better. AT&T has also extended its claims on your information by claiming that it can monitor your video usage. There are laws on the book that state that cable companies can’t monitor or collect data on viewing habits. AT&T claims that it isn’t bound by those regulations because it’s an Internet provider and not a cable operator. Unless AT&T is offering pay-per-view terrorist training videos on its network, I don’t see how the company can claim that monitoring your video consumption is a matter of cooperating with law enforcement. That data contains value only for commercial interests.

AT&T’s concerns are not about national security, but about profit and future profits. So far, even other Internet providers are disagreeing with AT&T’s position. Unless there is a substantial backlash, though, it is likely that AT&T will extend this privacy policy to other AT&T operating units. Likewise, other Internet providers may follow suit if AT&T doesn’t take a big hit. They might want to start selling your data ... I mean their data ... as well.

So there you have it: You’d be a fool to continue to use AT&T now that its data grab is on the table. For that matter, you are a fool to do business with anyone who uses AT&T themselves. This isn’t about security in any way, shape or form—the motivation is clearly profit. Since AT&T isn’t cutting you in on its profit from your—I mean its data—don’t give it to the company in the first place.


Posted by Elvis on 06/27/06 •
Section Privacy And Rights
View (0) comment(s) or add a new one
Printable viewLink to this article

Sunday, June 25, 2006

America’s Dying Privacy

The Total Information Awareness program was killed in 2003, but its spawn present bigger threats to privacy.
By Jonathan Turley
Common Dreams
June 24, 2006

The Disclosure this week of a secret databank operation tracking international financial transactions has caused renewed concerns about civil liberties in the United States. But this program is just the latest in a series of secret surveillance programs, databanks and domestic operations justified as part of the war on terror.

Disclosed individually over the course of the last year, they have become almost routine. Yet, when considered collectively, they present a far more troubling picture, and one that should be vaguely familiar.

Civil liberty-minded citizens may recall the president’s plan to create the Total Information Awareness program, a massive databank with the ability to follow citizens in real time by their check-card purchases, bank transactions, medical bills and other electronic means. The Defense Advanced Research Projects Agency, or DARPA, was assigned this task, but after its work was made public, Congress put a stop to it in September 2003 as a danger to privacy and civil liberties.

However, when Congress disbanded the Total Information Awareness program, it did not prohibit further research on such databanks, or even the use of individual databanks.

And, according to a recent study by the National Journal, the Bush administration used that loophole to break the program into smaller parts, transferring some parts to the National Security Agency, classifying the work and renaming parts of it as the Research Development and Experimental Collaboration program.

It was long suspected that Total Information Awareness survived, and the disclosure this week of another massive databank operation has only reinforced that fear. The spawn of DARPA seem to be turning up in secret programs spread throughout agencies.

The administration learned that it could not create a network of databanks in one comprehensive system, but it could achieve the same results by creating smaller systems that could be easily daisy-chained at a later date into the same kind of massive computer bank that Congress thought it had shut down. It is DARPA, albeit with assembly required for the ultimate user.

Consider some of the recent disclosures:

· A domestic surveillance program operated without warrants involving thousands of calls that are isolated by computers at the NSA.

· A massive databank that contains information on hundreds of millions of telephone calls of Americans that is described as the world’s largest database.

· Access to information in a massive databank that carries 12.7 million messages each day on international financial transactions.

· Use of massive private databanks with access to an array of information on citizens, including at least 199 data-mining projects.

· Quiet support for a national registered-traveler program in which citizens voluntarily submit private information and subject themselves to background checks for faster passage through airport security. (The information would then be housed in a computer system accessible to the government.)

These computer databanks and programs are technically separate but collectively could exceed the dimensions of the DARPA program killed in 2003. Most of these systems have certain common characteristics, including the absence of congressional approval. Indeed, the recently disclosed financial transaction program was created by the Bush administration as an emergency program, but it has continued for years.

Although the administration has refused to involve the courts in such programs, it actually contracted out the role of oversight according to the New York Times, it hired a private auditing firm to make sure that the monitoring of financial transactions was not being misused. Such outsourcing of civil liberty protections is hardly what the framers foresaw when they created a system of checks and balances.

Most of these programs are designed to look for suspicious conduct from everyday transactions. By combining information, the government uses “link analysis” to find something suspicious among otherwise innocent-looking transactions. It also is a technique that necessarily exposes innocent citizens to constant forms of surveillance or monitoring ח the very danger of DARPA’s Total Information Awareness program that Congress wanted to avoid.

It now appears that the administration has achieved by stealth what it could not achieve by persuasion in Congress: the creation of a computer network that could follow millions of citizens to reveal their movements and transactions.

It is all part of this administration’s insatiable desire for information. With regard to its own conduct and information, the administration has fought against the notion of transparency from refusing to disclose meetings with lobbyists, to denying Congress information needed for oversight, to threatening journalists with prosecution for revealing secret programs such as the NSA domestic surveillance program.

Yet, when it comes to citizens, the administration demands total transparency to allow it to monitor everyday transactions and conduct.

It is perhaps the greatest danger that can face a free society: a government cloaked in secrecy with total information on its citizens.

For most of our history, one of the greatest protections for civil liberties has been the practical inability of the government to surveil a large number of citizens at one time. In the last couple of decades, those technological barriers have fallen away.

In the meantime, the Supreme Court has removed legal barriers to the government’s acquisition of personal information by allowing it to obtain the records of banks, telephone companies and other businesses without a warrant. This combination of legal and technological changes has laid the foundation for a fishbowl society in which citizens can be objects of continual surveillance.

Americans have long been defined by our privacy values. We have fiercely defended what Justice Louis Brandeis called “our right to be left alone.” It is only in the assurance of privacy that free thoughts and free exercise of rights can be truly exercised. Such privacy evaporates with doubt; it is why the Constitution seeks to avoid the chilling effect of uncertainty in government searches and seizures.

Yet, the problem has been that these programs have been revealed and analyzed in isolation. Each insular program has been defended in insular terms. It is just domestic telephone numbers or just international transactions. Citizens have become accustomed to a steady stream of secret programs and new forms of government monitoring. It is something that our fiercely independent ancestors would have never imagined.

Privacy is dying in America - not with a fight but a yawn.

Jonathan Turley is a law professor at George Washington University.


Posted by Elvis on 06/25/06 •
Section Privacy And Rights
View (0) comment(s) or add a new one
Printable viewLink to this article
Page 67 of 68 pages « First  <  65 66 67 68 >


Total page hits 8524789
Page rendered in 2.3050 seconds
35 queries executed
Debug mode is off
Total Entries: 3105
Total Comments: 337
Most Recent Entry: 04/23/2018 10:03 am
Most Recent Comment on: 01/02/2016 09:13 pm
Total Logged in members: 0
Total guests: 2
Total anonymous users: 0
The most visitors ever was 114 on 10/26/2017 04:23 am

Email Us


Login | Register
Resumes | Members

In memory of the layed off workers of AT&T

Today's Diversion

The man who craves disciples and wants followers is always more or less of a charlatan. The man of genuine worth and insight wants to be himself, and he wants others to be themselves, also. - Elberd Hubbard (1856-1915)


Advanced Search



July 2018
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31        

Must Read

Most recent entries

RSS Feeds

Today's News

External Links

Elvis Picks

BLS Pages


All Posts



Creative Commons License

Support Bloggers' Rights