11 November 2005

Devil, he told me to roll
The Devil, he told me to roll
How to roll, but not collide
It’s nobody’s fault but mine, yeah
-Blind Willie Johnson as sung by Led Zeppelin

So in the wake of this sony/BMG thing i keep asking myself “what exactly is ‘informed consent’ in regards to computer software?” At what point is it OK for a product that you buy for one reason to put software on your computer that furthers their agenda?

Given that the public at large is woefully uneducated about computers and software in general, how much education about the effects of a rootkit is needed to pass the legal muster of “consent”? My roomate this week created an intranet for the non-profit for which he works. He gave people slips of paper with their name and password and the address of the intranet. Fewer that 10% of the people in the office were actually able to get to the address, log in and begin reviewing content. Are these the people we’re protecting? Should they continue to be protected when it’s in their best interest that they experience some bumps on the road in order to sharpen their computer skills?

I think we all can agree that if I put a cd in my computer and a program installs itself without my knowledge, that is (and/or should be) illegal. Period. But what about if I click “agree” on page of very small type… which I do almost daily… What is necessary to prove that that program fraudulantly installed “other” software that harms my computer? And what’s worse, what if the installed software doesn’t do the damage, merely leaves the computer open to further damage from another exploitive malware? Who’s at fault then? And what are damages? Are damages the price of the computer? The price of your internet service for one month or the period the installed software stayed on the computer?

Let’s de-computer-ify it… what if there were these new Tires for your car. The tires were all the rage… beautiful whitewalls that come with gold rims. But in order to secure these tires from theft, Bridgestone put a tracking device in the tires. Now let’s say this tracking device allowed theives to know when you’re on vacation or not at home and break into your house. Who’s at fault if/when you’re robbed? Or even when you’re not robbed, if you’re statistically more apt to have a robbery occur… is Bridgestone at fault?

At what point do we say that we are knowledgable, sentinet consumers with the ability to choose a tire that does or does not have the tracking device and if we choose the tracking device then we are responsible for the activities of our own automobile.

I believe the same is true with computers. If my computer gets hacked by something I’ve installed, … in the words of the immortal Led Zeppelin’s adaptation of Blind Willie Johnson’s song…. it’s nobody’s fault but mine.