[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Is Bill Gates a Cracker?

  One issue that I have not seen discussed here is the fact, fairly widely
  known in the computer industry but not among the general public, that
  the Windows 95 Online Registration Wizard originally searched the hard
  drives of those who utilized it and, unbeknownst to them, sent a partial
  list of its contents to Microsoft (the list was partial because MS was
  looking for specific things). Is this not cracking?! (commonly
  understood as forcing a computer to perform operations or surrender data
  without the consent or knowledge or its owner) 
  (I think there is a legal case to be made here, but I'm not a lawyer, so
  I would appreciate if some of the legal eagles on the list could examine
  the argument, which I have phrased in the language of principle rather
  than that of law, partly for lack of expertise, but also because it is
  ultimately principle on which law rests).
  If I read the hard disk of a computer belonging to Microsoft without
  their consent, I can face criminal charges, even if I do not actually
  cause Microsoft any demonstrable harm and even if the particular disk
  that I read has no sensitive data. If we believe in equality under the
  law, Microsoft must obey the same laws regarding my computer as I must
  obey regarding theirs. Note: if you're unfamiliar with this Win95 Reg
  Wizard situation, you can read about it at
  The rhetoric of the above-cited article is prejudiced towards the notion
  that it's "no big deal" from a privacy standpoint - a view I consider
  dead wrong. Nonetheless, the information is good. There will be
  predictable objections to this, which I'll answer below:
  1. It's no big deal. What do you have on your computer that should be
  secret anyway?
  Since I can be prosecuted for violating a Microsoft computer regardless
  of whether I cause harm, the question is not one of harm but one of
  rights. Someone who, unbeknowst to me, places a survelliance microphone
  in my car may not actually do me any harm, but they have violated both
  my privacy rights and my property rights over the car - the precise two
  sorts of rights that are at stake here. Of course, in some cases, it may
  be permissible for the government to do this, but Microsoft is not (yet)
  the government. Even in a more moderate (and less similar to the MS
  situation) case, someone who repaints my car without asking me may
  actually be doing me a favor, but is still violating my property rights
  over the car. And in no way can what Microsoft's Registration Wizard did
  be regarded as a "favor" to the user.
  As it happens, I work in the software industry as a independent
  contractor and sometimes (though not currently) do work for clients who
  are direct competitors of Microsoft. Therefore, there may well be
  material on my computer to which Microsoft should not have access. But
  anyone who thinks that my right not to have Microsoft search or control
  my computer without my consent relies on this fact has a serious and
  dangerous misunderstanding of the concept of rights.
  2. This is old news. Microsoft knocked this off after it was discovered
  and people began complaining.
  Since what is being argued here is a criminal offense (although that
  does not exclude civil remedies as well), the sense of "old news" that
  is relevant is that of the statute of limitations, which will not run
  out on this event until at least the year 2000. Crimes can seldom be
  prosecuted while they occur; therefore, it is the perfectly ordinary
  situation of law enforcement to be dealing with events that took place
  in the past, rather than present events.
  Furthermore, just because Microsoft ceased this specific instance of
  computer cracking does not mean it will not engage in others. The new
  Internet Explorer makes Web connections without the user's consent;
  reportedly, Windows 98 is even worse.  What is important here is the
  precedent. It must be made clear that Microsoft is violating the law
  when it violates the integrity of other people's or companies'
  3. People had to deliberately use the Registration Wizard. This
  constitutes "implied consent" for whatever functionality was embedded in
  that Wizard.
  By this logic, any "trojan horse" (a computer program with hidden and
  hostile functionality) is acceptable, and any deliberate act that
  creates security exposure constitutes consent to violation. If so, then
  a cracker has the right to break into any Microsoft computer that MS
  deliberately places on the Internet where the cracker can gain access.
  Where will this stop? If Microsoft has the right to search my computer
  just because I connect to their site, do they also have the right to log
  transactions against my bank account in Quicken (as was done through
  Microsoft's Active-X by German hackers)? What's the difference?  In both
  cases, Microsoft is using my computer for their benefit against my will,
  construing the fact that I chose to register the software I had
  purchased to constitute consent for additional operations of which I had
  no knowledge. 
  Consent is a mental act; it cannot be given inadvertently. The notion of
  implied consent, as I understand it, applies when consent can reasonably
  be inferred even though it was not directly expressed. That clearly is
  not the case here.  I very explicitly do NOT consent to this. 
  Perhaps consent can also be implied when I do consent to some activity
  A, and activity A requires that activity B take place. In that case,
  perhaps consent can be legally construed for activity B. But there is no
  such dependency here, as registering Windows 95 does not rely in any way
  on searching my hard disk.