January 8, just a few days away, is the revised deadline in the
California antitrust
class-action settlement against Microsoft, according to this
NYT
article (soul-sucking registration required, or use
BugMeNot).
Anyone in California who bought Windows (even if it was bundled on a PC),
DOS, MS Office, Works, or similar products between February 18, 1995 and
December 15, 2001 is eligible for a rebate,
in the form of a voucher redeemable for any tech hardware or
software, not just Microsoft products.
Microsoft gets to keep 1/3 of the settlement left unclaimed,
so claim the money you're entitled to now before it's too late!
Go to microsoftcalsettlement.com
to fill out your claim form.
Tags: tech
[
22:58 Jan 05, 2005
More tech |
permalink to this entry |
]
An article in the
LA Times on New Year's Day caught my eye:
California has an anti-spyware law going into effect as of January 1.
The
Times was rather sketchy, though, on what constitutes
spyware, though they did say that there were no actual penalties
under the law, merely that the law makes it possible to sue a
company for installing spyware (whatever that's defined to be).
I've seen it covered in other publications now as well, and
every article I read defines spyware differently,
without mentioning how the actual law defines it
(which you might think would be somewhat relevant).
Nor do any of them provide, or link to, the text of the law,
or its number in the CA code.
It turns out the bill was SB 1436, with a history
here: and here
is the text of the bill.
It amends section 22947 of the Business and Professions code:
here's an
attempt at a link to the actual law, but if that doesn't work,
go to leginfo
and search for 22947 in the Business and Professions code.
It's fairly concise and readable.
One point which on which I've long been curious is whether
the various proposed anti-spyware laws cover the invasive end user
license agreements, or EULAs,
which Microsoft, Apple and other software companies love so much
these days. You know, "clicking here gives you permission for
us to snoop on what files you have on your system, what songs you've
been listening to, and what extra software you have installed, and
you have to click here or you can't get security updates"
(stories on Win2k,
WinXP,
and issues
with Windows Media Player; I think Apple does similar things with
iTunes but don't have any story links handy).
It turns out that SB 1436 specifically disallows
collection of a user's web browsing history, or browser bookmarks
(so google search might be in trouble, depending on how it works)
because it's "personal information", along with your name, address
and credit card information;
but it says nothing against collection of information regarding files,
installed software, music, movies, or email. I guess none of those
constitute "personal information" and it's fine to sneak software onto
your system to collect such details.
However, consider this interesting section:
22947.4. (a) A person or entity, who is not an authorized user,
as defined in Section 22947.1, shall not do any of the following with
regard to the computer of a consumer in this state:
(1) Induce an authorized user to install a software component onto
the computer by intentionally misrepresenting that installing
software is necessary for security or privacy reasons or in order to
open, view, or play a particular type of content.
At issue here is the definition of "software component". If a system
update installs a new media player with a new invasive EULA which
suggests that the player may collect information on songs installed or
played, under the aegis of a security update, wouldn't this fall afoul
of the new law?
22947.2 (c) is also interesting:
[an entity who is not the owner or authorized user of a computer shall not]
Prevent, without the authorization of an authorized user,
through intentionally deceptive means, an authorized user's
reasonable efforts to block the installation of, or to disable,
software, by causing software that the authorized user has properly
removed or disabled to automatically reinstall or reactivate on the
computer without the authorization of an authorized user.
If you've ever disabled a feature in a piece of software,
only to have it mysteriously re-enable itself the next time
you updated the software, or if you use software whose EULA
allows that, you may have grounds to sue if you
can prove that it was re-enabled intentionally. This may be a bit
farther than the authors of the bill really intended to go; quite a
lot of software companies (and perhaps some freeware and open source
authors as well) may be exposed here. Software providers beware!
SB 1436 has some good and non-controversial effects.
It explicitly makes it illegal to install, without the user's knowledge:
keystroke loggers (presumably this does not apply to the CIA or
anyone else operating under the Patriot Act), spam email relays,
denial-of-service zombies, multiple popup ads which can't be closed
(we're in 22947.3 (a) now, which applies to software copied onto the
user's computer; but this may apply even to Javascript on a web page,
if you read the definitions at the beginning of the bill).
All good things to disallow.
What about that no-penalty comment in the Times?
As far as I can tell, they're right.
SB1436 makes no mention of fines or other punishments.
This
Infotex post says there's a $1000 fine per incident, plus
attorney's fees; but I can't figure out where they're getting that:
I don't see it in either the bill or the law anywhere.
Tags: tech
[
11:45 Jan 05, 2005
More tech |
permalink to this entry |
]
![[RSS feed]](https://shallowsky.com/images/logos/rssicon-25x25.png){kind=small}
![[Twitter]](https://shallowsky.com/images/logos/twitter-bird-white-on-blue-25x25.png){kind=small}
![[envelope]](https://shallowsky.com/images/logos/envelope-25x25.png){kind=small}