Security's Everyman

Security's Everyman

Wednesday, November 15, 2006

Legal Lies

I'm not a big fan of government getting involved in our daily lives beyond the basics of what is needed to keep us safe and secure. But stories like this put a smile on my face. :)

Just as government needs to do what is required of it and then leave it up to us, businesses need to do what they say they will do and make sure that they tell us what they are doing. If as a Security Professional I tell my employer (or potential employer) that I will do this and that then that is what I should do. I don't go behind their backs and read emails, modify documents, sell company secrets or install unauthorized software. In the same way when I, as a consumer, install software on my computer that is obtained from a "legitimate" company (meaning one that is out to make a profit either by selling it products or advertising) then they should tell me up front, in a way that is clear and easy to find exactly what this software will do to my PC. If it will install additional software let me know. If it will "phone home" let me know. If it will it collect data on my web surfing habits let me know. If it is going to download updates or other software let me know. This crap about hiding things in the EULA and installing things that are not needed or wanted is WRONG!

People are screaming because they say America is headed in the wrong direction because of this political party or that political party. America is headed in the wrong direction because we participate in unethical business practices such as this. We allow these companies to do what they want because the hid a clause deep in a EULA that can't be understood even if it is read by the average person. We require food companies to clearly explain what is in their products that will hurt or help us, but we allow companies to legally mislead and lie to us.

Then there is the whole notion of the security risk that the "unknown" and unwanted software can cause. If legally obtained software is collecting info and sending it home how am I to know that my financial transactions are secure or that it's not collecting things that it isn't meant to collect. We all know that software can do unexpected things and we can't rely on the companies to do the right thing if they discover that private data is "accidentally" being collected. After all they lied to us, or at least made it very difficult for us to know the truth, in the beginning. Not to mention the studies that show how unethical IT pros are now. Fred the Admin may be using your SSN or Credit Card right now.

When I buy a computer with my money and install legally obtained software (commercial or freeware) I feel that I have the right to know exactly what is going on my computer and I should be able to do it without a law degree.

That's my opinion and I welcome yours.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NC-SA 3.0.