From The Naked PC issue #5.01...

We Will Control All That You See and Hear

by T.J. Lee
January 3, 2002

Remember the Outer Limits series? "We will control the horizontal. We will control the vertical." Great stuff. A growing number of vendors in the computer industry are taking that old Control Voice monolog a bit too seriously to suit me.

Let's start with a bit of historical perspective and then conclude with a chilling real-world example of something that recently happened at our shop that should give every user of computer technology cause to wonder, "Just who IS in charge here?"

Vendors want to get paid for what they produce and sell and I certainly don't have any problem with this basic premise. But there are problems with the way overzealous manufacturers can go about ensuring that your money flows into their coffers. Let's stroll down memory lane for a moment...

Back in the early computer industry Mesozoic era came the software-based copy protection based on encryption technologies that were implemented to prevent the copying of popular programs of the day like Lotus 1-2-3. Not only was this methodology a failure, but it spawned anti-copy protection products (like the ubiquitous Copy2PC utility) that made tons of money for their industrious inventors.

Shortly thereafter the first hardware solution, the dongle, appeared. A dongle is a small doohickey that plugs into a computer's parallel port. The software that it is supposed to protect is written to query the dongle from time to time to see if it should keep working. Fortunately the dongle never caught on in a big way either.

With encryption and hardware solutions a failure, the manufacturers focused on the end user license agreement (EULA) to give them the power they sought over the end user. It used to be, back when software media consisted of a bunch of floppy diskettes in a small paper envelope, that there was a little sticker on the package that said if you opened the envelope and took the disks out you were agreeing to be bound by the EULA. Sometimes the EULA was only to be found in electronic format on the disks inside the envelope creating a bizarre chicken and egg paradox; you agreed to be bound by something you couldn't have read prior to agreeing to be bound. The good news is that courts have had a tendency to throw out the EULA when software manufactures have tried to hide behind the fine print as a defense calling them "contracts of adhesion" meaning something that is not negotiated prior to the sale of the product.

Fast forward to the present. The latest scheme to give all the power to the manufacturers of software and hardware is the Uniform Computer Information Transactions Act (UCITA). This is intended to be like the Uniform Commercial Code only dealing with "computer software, multimedia products, computer data and databases, online information, and other such products."

UCITA is one of those put-together-by-committee deals; only in this case the committee is the National Conference of Commissioners of Uniform State Laws, which is made up of 300 or so lawyers, judges and law professors. Pretty scary right there, no? The UCITA is designed to create a uniform commercial contract law for software and related products. Under UCITA a software company can do whatever it wants to you such as disabling your software if the manufacturer issues an update and you don't fall all over yourself to buy a copy. No kidding.

UCITA has not been adopted by many states outside of Maryland and Virginia, in my opinion because everyone and their brother who is not a software manufacture is against it.
http://www.TheNakedPC.com/t/501/tr.cgi?jim1

But this doesn't seem to be deterring companies that want this level of control over you and your computer. Consider the hoo-ha over the product activation scheme that Microsoft has incorporated into Windows XP and Office XP. If you upgrade your computer after a newer version comes out, will Microsoft force you to buy a new copy by refusing to issue activations beyond the date the upgrade becomes available? We can only wait and see.

Does all this sound too far-fetched? Consider the following true tale of horror before you decide.

Company "A" purchases a firewall device for cash from reseller "B" who is a distributor of these devices for manufacturer "C." All is peachy until reseller "B" goes out of business. This happens in both the software and hardware biz all the time so it's of little note in the grand scheme of things except reseller "B" never paid manufacturer "C" for that last shipment of firewall boxes including the one sold to company "A."

Unbeknownst to company "A" or any other end user of these firewalls that we know of, the manufacturer has cleverly programmed these devices to periodically phone home via the Internet connection and play a few rounds of Mother-may-I. As in "Mother may I keep working for the foolish jerks who think they actually own me or should I just shut myself down thereby taking their network firewall without warning?" One fine day the firewall in service at company "A" phones home and by setting a switch on their end the manufacturer turns off the firewall. Bang.

The company I work for gets a panic call from company "A" that their firewall has gone belly up, the reseller is out of business and can we fix the thing? We take a look; it's an InstaGate EX2, a firewall device that also provides remote VPN services. But we can't figure out why it stopped working so my boss contacts the manufacturer, eSoft (www.esoft.com). He's told that you betcha that firewall won't work because they (eSoft) have pulled the plug on it. They were never paid by their reseller for it and by golly, no money no firewall, friend, period, end of report, and don't let the door hit you on the way out.

Ah-ha! A misunderstanding of the ownership status of the device, we think. My boss explains to eSoft that their defunct reseller sold this device to our client, who paid cash for it. Surely, they just made a mistake and failed to consult their records to see that this particular device was indeed registered by our client. Just check the records and please restore the device to operation, right?

Wrong. eSoft didn't give a fig for who owned their device, what channel they purchased it through or how much they paid for it, and we should stop calling them Shirley. eSoft wanted our client to pay them, in cash, and pay now before they'd consider turning the box back on. Needless to say we were taken aback by this heavy-handed handling of the matter. eSoft never produced any documentation that said they had the power to shut down the InstaGate product remotely, nor any warning to the users of this device that unless they paid the manufacturer directly they were subject to cancellation without notice.

After much discussion, eSoft did finally (and reluctantly, in my boss's opinion) agree to reactivate the device in question. This long after our client purchased a firewall product from another manufacturer and who would rather heckle Godzilla than trust a critical network function to an eSoft product. Would you want a firewall that's really a firetrap, subject to the whims of company that could (and did) turn it off without warning? Talk about security threats! It's bad enough worrying about the guys in the black hats breaking into your network but now we have to worry about the guys that are selling the network protection devices too? Sheesh.

"There is nothing wrong with your television set. Do not attempt to adjust the picture. We are controlling transmission..."

You can reach T.J. Lee at:
mailto:tj_lee@TheNakedPC.com

Return to Top

TNPC Hot Tips:

• Email out of control? Spam filling your inbox? People trying to steal your identity? Same here - until I applied these tips. You can too in a new multimedia e-book. Tame Your Email.

• DO YOU MAKE THESE MONEY MISTAKES? Do you know that trying to pay off your high interest rate debts first and/or paying extra on more than one debt is the SLOWEST way to get out of debt? Don't make these same mistakes. Learn more at by clicking here...