For more information check out the C:> Prompt web site...
Before I get into this month’s topic, please remember to check your computers for the CIH 1.2 virus. This virus is a particularly nasty sleeper which is scheduled to trigger on April 26. You can detect this virus using any up to date virus scanner such as Norton or Mcafree.
Privacy Games... and the anti-piracy agenda
The last 30 days of computer news has been filled with comments over the privacy issue. In typical Microsoft fashion, as seen in the anti-trust trial, this industry giant has again shoved its collective foot into its mouth. Early in March it came out that Microsoft programs were tagging user files with a hidden identification code. Every Word document, Excel spreadsheet, (maybe even Outlook) could have this identification code hidden in it. The Privacy Advocacy groups are up in arms. News sources are reporting that Big Brother is here and the name is Microsoft. Here’s the basic facts:
Warning! If you are using an unregistered version of Word, don’t e-mail any files to Microsoft! I am just kidding, but the inference can easily be made that this was a clandestine move by Microsoft to catch software pirates and cheats.
This identification scheme does have a major weakness. It uses a unique address burned into every network adapter card. This means that if you change your network board, your identification number will be different… And this leads us to the Intel part of the story.
Intel also received a deserved reaming from the press when it was discovered that the new Pentium III chips and some Pentium II chips have an identification code burned in at the factory. Mix one-part Microsoft’s embedding document codes and one-part Intel’s Pentium identification code, and you have a very powerful identification and tracking scheme. Thank god Intel and Microsoft are not buddies… ‘uhhh I think they’re not buddies? They certainly never talk to each other… right?
The damage control spin from Intel was that the identification code was a feature. This new code according to Intel, would allow people to identify themselves to on-line merchants before making a purchase or to identify themselves to their broker before making a stock trade. What a great idea! I’ve already started carrying around my desktop computer. That way the next time I’m at a friend’s house and I want to sell IBM stock short, I’ll just whip out my desktop computer to identify myself. That’s much easier than using my friend’s computer. Just think about the time saving possibilities. When I’m travelling, I’ll not only bring my notebook computer, but I’ll tote along my desktop machine. You’ll never know which computer ID you might need when making that rent-a-car reservation. Come to think about, what about that old computer I just sold? Maybe those nice folks would like to peek at my bank account using that Intel ID code that I had no choice but to leave burned into my old machine? (tech note: the implications are even worse for Internet appliances and thin clients).
The notion of identifying yourself using a Pentium processor is ridiculous. Most consumers wouldn’t mind inserting a credit or ID card into a computer to identify themselves. We do this all the time at every store when we present our credit cards. It’s easy to carry an ID card or remember a password and that card or password would more reliably identify us. After all, we may be spending more time with our computers than ever before, but we still are people. We carry our identity with us, we don’t leave it behind in a computer box.
It is obvious that this Intel identification number was intended for use in auditing and controlling the contents of a computer. It would be useful to businesses that want to insure legal use of registered software. It could also be used by companies like Microsoft to stamp out that modern terror called Software Piracy. I am all for stamping out software piracy. The only problem is that these schemes have huge holes in them that make it very hard for legal software users to maintain their computers. What happens when you upgrade to a new computer and your ID code is in the old computer? What happens if you sell a piece of software to a friend? What happens when a hacker clones your ID code?… and the list goes on. Software companies (including Microsoft) have been trying since the early 1980’s to come up with an anti-piracy scheme. They have all failed in grand style. A few companies were even put out of business when consumers cast their vote by buying a competing product that did not have a cumbersome software lock on it. Microsoft claims that it loses billions of dollars a year to piracy. This figure is so exaggerated it’s almost laughable. Does Microsoft really believe that everyone in China that has a pirated copy of Word on their computer would have run out and purchased a real copy for the equivalent of a year’s income? I am not kidding… This is the kid of stuff that Microsoft counts when tallying their piracy losses. If Microsoft would put the effort it wastes on anti-piracy into developing software that worked, then maybe more people would buy their products and maybe Windows 95/98 wouldn't crash so much?
Very shortly after the news about Intel broke… the company announced a program to turn off or block the identification number. The public relations nightmare was not fixed when about a day later www.zks.net announced a simple procedure to disable Intel’s switch and gain access to the blocked identification number. To reverse the code blocking does require rebooting your processor so it is unlikely that a web site will be able to hack this id code from your machine… but then again the unlikely is just something that hasn’t happened yet.
Intuit is guilty of the same myopic behavior as Microsoft and Intel. If you own a copy of QuickBooks you know what I am talking about. After using QuickBooks for a few days, the software will stop working and force you to call Intuit to register the product. Intuit doesn’t care that your business just suffered an interruption loss because you couldn’t enter that customer order, and instead had to call Intuit and wait 30 minutes on hold to hand over your identify for a registration key code. This is outrageous behavior. I bought the disk. I bought the books… but Intuit wants my business name or my e-mail address! I wonder if they are in the business of selling this information or writing software? I love QuickBooks. I’ve used it for years and recommend it to my clients… but I am now looking at competing products because I am disturbed and fed up with this Mafia like behavior. "Put ‘em up and hand over your personal information… or I’ll shutdown you business accounting system." The public needs to say no to this kind of highway robbery of personal information.
Intuit is not alone in this arrogant behavior, there are dozens of other companies that do the same things and surprise, Microsoft has just announced it’s intentions to implement mandatory annual registration and payment (the story). I guess not enough people are upgrading each year, so Microsoft is going to squeeze it out of you, its loyal customers, another way.
Privacy games when is there too much privacy and when is there not enough?
I am not against identifying myself. In fact I am all for it… but I should be the one to decided where and when my name is recorded in a commercial or governmental database. The only exception to this privacy rule comes into play when public discourse on the Internet is involved. If someone is labeling you a crook, it is your right to know your accuser. Internet chat rooms, e-mail, and web sites allow for anonymous statements. This means that anyone can make up a lie, broadcast it to the world, and not be held accountable. This is not the way newspapers and magazines work… and this is not the way the Internet should work. Some people believe that anonymous discourse allow for a freer exchange of ideas. I believe that anonymous discourse encourages irresponsible statements and malicious acts. Why bother checking the facts when you can smear someone and no one will know it was you who pulled the trigger?… Forget innocent until proven guilty and all that silly constitutional stuff… If you are making a public statement the least you can do is sign it.
On the opposite end of this spectrum is the federal and state law enforcement agencies. Agencies like the FBI and the NSA believe in essence that we should not be allowed to have a private conversation via the Internet. In their way of thinking, to allow private conversations would make it too easy for terrorist or criminals to escape detection. The Kremlin had similar ideas and look where it got them. Most people I know believe that the government should not be reading their postal mail or their e-mail. I agree. It is our constitutional right to encrypt a letter before sending it to a business associate. If I were a lawyer, it would be my ethical responsibility to encrypt e-mail before sending it to a client. It's also the responsibility of an on-line merchant to encrypt your credit card information. The FBI and the NSA disagree. No encryption or weak encryption is their stated goals.
The arguments on this topic could fill a book. The executive summary is that anyone can buy undefeatable encryption products over-the-counter in Europe and the rest of the world. That includes those terrorists that the FBI is worried about. Does anyone really believe that someone planning a terrorist act is going to worry about breaking a little old U.S.A. encryption regulation or two? The only people that are hurt by Unites States encryption regulations is the American public and American Businesses. The congress is once again making noise about voting on a bill that would eliminate or liberalize the current draconian encryption policies. I encourage everyone that uses the Internet to write their government representative in support of this bill. http://www.eff.org/goldkey.html
Privacy games and the profiteers
Who is it exactly that is happy with all this privacy nonsense? Companies that are selling programs that disguise your identity on the Internet. I guess this is proof that the Internet will always find some way to work around every problem or obstacle? www.zks.net is a Canadian company that sells these kinds of services.
Users of this software can visit a cancer help site without their insurance company finding out about the visit the next time they check their insurance rates on-line. With the identification number in your computer and a web site which uses cookies, this privacy risk is a current reality!
Next months issue will be Y2K and small business…