This article is meant more as “food for thought” than as any sort of definative word on what MS’s policy and or implementation is of DRM when Windows 7 is finally released (this post was inspired by a strange claim on MSwatch that implied Windows 7 users would be reported on if they were believed to be pirates). We have already seen the allegations of China’s computer users getting targetted by MS software because they were believed to be running a pirate copy of Windows. Rightly or wrongly that matter is in the past, but where are Microsoft heading with their software? What lengths is Microsoft prepared to go to “safegaurd its investment” (which according to MS, their products are doing very well, so I fail to see why they would be considering any DRM or copy protection methods)
In the UK there exists a policy. Its called RIPA and stands for Regulation of Investigatory Powers Act (2000) this policy governs the use of covert observation on individual(s) and makes them comply with a set of procedures and best practice. Whilst breaches of this are not an offense in itself, its argued that failure to comply, may “prejudice” an investigation and also leave a body open to an allegation of breaches of the Human Rights Act.
So why do I mention this in the same post as Microsoft? Well, we are not sure what/if Microsoft montiors peoples activities on their platforms. There are plenty of allegations and IF they were true, AND no permission by the end user was given, wouldnt Microsoft be atleast going against RIPA guidelines, if not breaching Human rights?
In the UK even traffic enforcement “play by the rules” by having signs clearing indicating speed cameras. Highstreets have signs indicating the use of CCTV and even shops have the sign on the door, alerting customers to the use of CCTV, effectively entering the customer into an agreement that they will be recorded as part of a “condition of entry”. Football matches are another example. A steward has the ability to search a fan prior to entry, as its a condition of entry into the football ground. If a fan doesnt like that then they dont enter.
Now before all the Microsoft supporters jump on and say MS can make you aware, I understand that a MS product EULA can inform you of these methods and effectively make it a “condition of entry”, but am I the only one who would like to know exactly what and how Microsoft monitors its users? I believe whilst ignorance is no excuse, I also believe Microsoft will not be exactly “clear and open” when it comes to any software/policy/technique it employs to monitor your computer use.
Let me quote a little of RIPA which is from a PDF from ELMBRIDGE BOROUGH COUNCIL:
“The purpose of the Regulation Of Investigatory Powers act 2000 (RIPA) is to
provide a comprehensive regulatory structure governing interception of
communications, surveillance and associated activities. Whilst non-compliance
with the legislation is not in itself an offence failure to comply with it may
prejudice the success of any investigation and might provide the basis for a
challenge under Human Rights legislation. It is, in any case, good practice to
comply with this legislation and any codes of practice.”
and it goes on to say:
“The policy does not refer to Intrusive Surveillance, which the Borough Council is
not authorised to use. The definitions of each term used may be found at section
7. and guidance to assist in determining the need for authorisation together with
examples may be found at section 8.”
So when a commercial firm can monitor your activities remotely and record what packages you are using and/or installing, is that not intrusive, regardless of what has been put on a EULA which a company knows alot of people wont read, let alone understand?
On the other side of the coin, I am very supportive of online observation by Government bodies. There are many evils on the net, and I believe monitoring by government agencies is required, until we reach a time when people can be trusted to behave correctly. I am not saying for one minute that Government bodies do not make mistakes or are sometimes “too enthusiastic” but in light of no viable alternatives, its the best we have got.
I dont particularly want this article to get into a debate regarding the rights and wrongs of observation, but IF Microsoft does monitor its users, what gives it the right to be “gaurdian of our morals” when Microsoft themselves are at the recieving end of some very serious allegations concerning integrity and behaviour?
Now lets move on to look at the section 7 and 8 of the PDF, mentioned above. Section 7 explains the definition:
“Surveillance is covert if it is carried out in a manner calculated to ensure that the subject
of the surveillance is unaware that it is or may be taking place. Covert surveillance can
be either Directed or Intrusive.”
7.1.3 Directed Surveillance:
“Covert but not intrusive
Carried out for the purposes of a specific investigation
Likely to produce private information about a person
NOT an immediate response to events or circumstances the nature of which
means it would not be reasonably practicable to get an authorisation under
the Act for carrying out the surveillance”
7.1.4 Intrusive Surveillance:
Relates to anything that is taking place on residential premises (including
hotel rooms and prison cells) or in any private vehicle;
AND which involves the presence of a person on the premises or in the
vehicle or is carried out by means of a surveillance device (e.g. potentially a
sound level meter, tape recorder).”
I would like to see some clarification by Microsoft and any author of software as to what (if anything) they are using to monitor users. I would like to see a more comprehensive and accessable EULA for users who simply want to have an unfudged text on what exactly is the policy.
As always, my opinions. Id love to hear yours.
If you are interested to read the PDF in context from the Council site in question please click here!