Thursday 1 December 2011

Works Cited

Aycock, John. "Spyware and Adware". Springer, New York. 2011. 1-4.

Andrejevic, Mark. “The Work of Being Watched: Interactive Media and the Exploitation of Self-Disclosure,” Critical Studies in Media Communication, Vol. 19(2), 2002. 231–233.

Bennett, Colin J. In defence of privacy: The concept and the regime. Surveillance & Society 8(4). 2010. 485-496.

Boyd, Danah. “Dear Voyeur, Meet Flâneur… Sincerely, Social Media.” Surveillance and Society 8(4), 505.

Bradner, Scott. “The FBI as an ethical hacker?” Network World. April 29 2009. 14.

Coustan, Dave. "How Spyware Works." How Stuff Works, Inc., 2005. Web. 28 Nov. 2011. Available from < http://computer.howstuffworks.com/spyware.html >.

Dimberton, Arnaud. “Sears utilise un logiciel espion”. LaPresse.ca. La Presse, ltée, Jan. 3 2008. Web. November 27th 2011.

Gabriella Coleman and Alex Golub. “Hacker practice: Moral genres and the cultural articulation of liberalism.” Anthropological Theory, 8(3), 2008. 242, 268.

Graham, Elaine L. “Nietzsche gets a modem: transhumanism and the technological sublime,” Representations of the Post/Human, 2002. 161.

Kharif, Olga. "Smartphones: A Bigger Target For Security Threats." Businessweek Online (2009): 11. Business Source Complete. Web. 29 Nov. 2011.

McLuhan, Marshall. “Media as Translators” from Understanding Media: the Extensions of Man. 1964. 57.

"Spyware." Dictionary of Media Studies. London: A&C Black, 2006. Credo Reference. Web. 28 November 2011.

“Spyware Statistic”. Lavasoft. Lavasoft, n.d. Web. November 28th 2011. http://www.lavasoft.com/support/spywareeducationcenter/spyware_statistics.php

Sterne, Jonathan. “Out with the Trash: On the Future of New Media.” Residual Media. C. Acland (ed.) Minneapolis: University of Minnesota Press, 2007. 16-31.

Viadhyanathan, Siva. “Render unto Caesar: How Google Came to Rule the Web” in The Googlization of everything: (and why we should worry), University of California Press, 2011. 26.

Wilburn, Rhoda L. "Computer Security." Encyclopedia of Management. Ed. Marilyn M. Helms. 5th ed. Detroit: Gale, 2006. 108-112. Gale Virtual Reference Library. Web. 28 Nov. 2011.

Spyware: the new James Bond


As Charles Fried, professor at Harvard Law School once said, privacy is “the control we have over information about ourselves” (Bennett, 486). Some scholars have argued that privacy is a common and collective value. This means that everyone values some degree of privacy and everyone has a similar minimum level of privacy (487). The question is however: To what extent do we have control over the information we send out about ourselves? With the increasing popularity of social media such as Facebook, we seem to be more and more willing to share personal information about what we do, where we are, and whom we are with. Obviously, users are not forced to upload pictures or update their statuses as soon as something happens. As Alan Westin puts it, privacy is the “claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others” (486). Is this a farfetched, utopian way of seeing things or is it realistic? A perfect example of modern media breaching privacy is through the concept of spyware; a kind of malicious software (or malware) which has existed for a decade or so. I would therefore argue that with the increasing popularity and use of computers and social media, and the progressive development of malware, privacy loses its meaning. Indeed, personal data is constantly sent through computer systems beyond users’ control. Throughout this paper, I will analyze the impact spyware has on privacy, and the implications it has for changing the ways we use computers. I will first explain what spyware is. Then I will present the different actors who use spyware and why they use it. Following that, I will analyze how spyware has impacted users and society. I will finally end with a brief analysis of how this malware has impacted conceptions of privacy.
What is Spyware?
It is important to first define what spyware is, though no real consensus exists. As a matter of fact, there is a lot of confusion between the various forms of malware including spyware, adware, viruses, Trojan horses, and worms. Spyware is defined as “software that is secretly installed on a hard disk without the user’s knowledge and collects encoded information on his or her identity and Internet use via an Internet connection” (Dictionary of Media Studies). In other words, spyware eponymously ‘spies’ on Internet users, just like a secret agent like James Bond spies on villains. Although the term spyware has been used since 1994, it was less prominent then than it is today. Indeed fewer people were using computers and there wasn’t quite the proliferation of online banking services, nor was there the widespread use of e-commerce we see today. After all, the core reason that spyware actually exists is because information has value, and in the 1990s, the little information that could be collected from users didn’t have much of it. Now that people make extensive use of the Internet for things ranging from making purchases to watching TV series to playing online games, there is much more useful and certainly profitable information available to hackers.
There is an ongoing debate about whether Trojan horses and adware should be considered spyware. Whereas viruses and worms can self-replicate, spyware usually can’t. It is thus safe to say that Trojan horses and adware don’t quite fit into the spyware category. In his book Spyware and Adware, John Aycock enumerates spyware’s most malicious spying behaviors. These include:
·      Capturing screen images
·      Stealing files from a computer
·      Changing web browser or network settings to facilitate stealing information
·      Logging keystrokes, mouse movements, and mouse clicks (Aycock, 2).
These behaviors obviously intrude on one’s privacy, as they entail collecting information that is  meant to be personal. However, spyware isn’t always malicious; this characteristic differentiates spyware from the other types of malware previously mentioned. Adware is an example of a less harmful and more overt form of spyware. Aycock also identifies the common behaviors of adware in his book:
·      Displaying context-sensitive ads
·      Tracking user behavior
·      Transmitting information about user behavior and the machine to the adware creator
·      Watching web browser activity (Aycock, 3).
Drive-by download popup window
http://en.wikipedia.org/wiki/File:Windows_ActiveX_security_warning_(malware).png
It goes without saying that the fact that hackers and even ‘reputable’ companies create spyware programs to gather user data goes against users’ rights of privacy. From the second it infects their computers, it is considered as a violation of privacy, because spyware is installed without user consent. One way spyware can be installed is through a ‘drive-by download’, which occurs when a website tries to download and install spyware on a user’s computer. There is often a popup window giving the name of the software and asking the user whether he wants to install it. Another technique is ‘piggybacked software installation’, which occurs when applications, usually free and peer-to-peer file-sharing applications, install spyware as part of the program’s installation. Unless the user reads the end-user license agreement (EULA) carefully, he won’t notice that spyware is being installed as part of the software. Browser add-ons such as toolbars, also called browser hijackers, represent an additional way spyware can access a user’s data. Finally, by tricking users into thinking they are downloading anti-spyware software, a hacker can access a user’s personal information without their knowledge (Wilburn). Since users don’t consciously permit the aforementioned programs to be installed on their computers, spyware can be considered as an infringement of users’ privacy.
Who is Using Spyware and Why?
Spyware can be used for different purposes and thus by different types of actors. Most of the time, spyware is created to profit from personal data collection. It is therefore not surprising that adware represents the main form of spyware. Users will recognize adware from its usual forms: pop-up, pop-over or pop-under ads. These ads may look inoffensive on the surface (when they are not pornographic), but the fact of the matter is they are based on the data found from spying on the user. Thereby the ads are specifically targeted to users based on the information collected about their online behavior. “[Users’] viewing habits, their shopping habits, even their whereabouts are subject not just to monitoring but to inclusion in detailed marketing databases” (Andrejevic, 231). The collected personal information is indeed sold to marketing companies without the user even realizing it. This might be a shock to some people, but one should keep in mind that even the companies we respect and support by using their services collect data on their users, in order to show them ads that are likely to interest them. Isn’t disturbing how the ads displayed on Facebook when you log in target you so well?  Even Google “collects the gigabytes of personal information and creative content that millions of Google users provide for free to the Web every day and sells this information to advertisers of millions of products and services” (Viadhyanathan, 26). Unfortunately, most people don’t realize that these giants make most of their money from naivety and ignorance, even though users such as those of Facebook intentionally and consentingly give out personal information through their posts, likes, and other activities.
Marketing companies’ prime agenda is quite obvious and logical considering how much easier it is to collect useful information from consumers with the help of spyware, compared to extensive (and expensive) research and surveys. But what could be the motives of individual hackers? It is first of all a matter of freedom. As Coleman and Golub put it, “elaborating a sense of what freedom is and what it means to be free constitutes moral discourse for hackers and shapes […] the hacker ethic” (Coleman and Golub, 242). The authors also add that different genres of hackers “rely heavily on the idea that coding is about the programmer, and that the action of coding is moral” (268). So where is the line drawn between a user’s privacy and a hacker’s freedom? Does one even exist? Is it acceptable for a hacker to violate someone’s privacy just to satisfy his/her need to create codes? There is a reason why I don’t run nude in public and why someone who is caught stealing a wallet is strongly punished. Does the disembodiment brought by new media technologies change these norms and rules? Is it more acceptable because “the medium somehow removes the body from the mind” (Sterne, 17)? These are the many questions that we have to answer as a society. Maybe the fact that hackers have to go through different steps that are not explicitly visible, the steps being “first the body, then the interface, then the computer” (Sterne, 17), makes the act less serious compared to someone who physically takes a wallet out of a woman’s purse. In addition, it is far more complicated to find a guilty hacker than a thief, as “the anonymity and disembodiment of electronic communication is held to undermine formerly binding categories of race, gender, bodily ability and class” (Graham, 161). I would compare this behavior to cyber-bullying; indeed, it is easier to bully someone through the Internet and social media than in person, since the victim can’t see the perpetrator. As ironic as this is, by using spyware, hackers violate one’s privacy while ensuring the privacy of his person by remaining anonymous.
To make the debate even more complicated, spyware can be voluntarily installed by an individual. This type of spyware is called domestic spyware. Such software can be used by employers who want to monitor their employees’ Internet activity, by parents who want to make sure their children don’t go on forbidden websites or even by husbands and wives who want to track their cheating spouse. Although domestic spyware is deliberately installed on one’s computer, the user that is monitored (the victim) is not aware that someone is looking at everything he or she is doing online. Therefore, it is still considered as a violation of one’s privacy. However, is the use of spyware in these instances more acceptable than when a hacker monitors someone’s online behaviors for the sake of a marketing company, or when a hacker steals someone’s identity? One would probably be tempted to say that it is not as serious, since the reason for installing domestic spyware in the first place is more legitimate and has less of an impact. Nevertheless I would argue that violating one’s privacy is a big deal no matter what the motive is. Stealing a car is just as bad as stealing someone’s purse. So shouldn’t domestic spyware also be considered illegal and thus be regulated?
How Has Spyware Impacted Users and Society?
Since its development, spyware has quickly become a threat that cannot be dealt with individually, because it affects the society as a whole. The increasing number of Internet users makes it easier for hackers and companies to access individuals’ personal information. In fact, around 90% of home computers in the United States have been infected by spyware (Lavasoft). Considering this high percentage, it makes sense to agree with Spiros Simitis on the fact that “privacy considerations no longer arise out of particular individual problems; rather they express conflicts affecting everyone” (Bennett, 488). This is why it cannot be considered on a case-by-case basis, especially since, as previously mentioned, privacy is a common and collective value. Every computer owner is at risk of getting their machine infected with spyware.
In most countries, it is a federal crime to install software that is very difficult to remove without the user’s consent. The Computer Fraud and Abuse Act and the Electronic Communications Privacy Act are two examples of American federal laws that attempt to reduce the impact of spyware by making it illegal to violate the security of users’ personal data (Wilburn). Although perpetrators are aware that these laws exist, they also know that they are very difficult to enforce in practice. Indeed, by clicking “accept” at the bottom of an installation window, users technically agree to download the spyware even though in reality they consent out of sheer ignorance. If users bothered to read the entire EULA, they would know that they were about to be tricked into downloading spyware onto their computers.
But what if the FBI uses spyware for the purpose of law enforcement? Then is it acceptable to spy on people? In a sense it is, since society will ultimately benefit from it, though this is also subject to debate. So do perpetrators have the same right to privacy as any one else? Furthermore, the Computer & Internet Protocol Address Verifier (CIPAV) represents an “officially sanctioned spyware, theoretically only used when permitted by the courts” (Bradner, 14). But there are risks associated with the use of CIPAV. Indeed, with time hackers will develop the expertise required to crack such spyware and find out how to use it for their own sake. Also, to help the FBI, some anti-spyware companies have agreed to ignore the FBI tool, which means that their software remains undetectable. This means that there is the considerable risk that hackers will ultimately find a way to create types of spyware that will trick anti-spyware programs into thinking that it is the FBI’s tool. Anti-spyware software would therefore ignore such spyware (Bradner, 14) and greatly assist hackers in penetrating users’ privacy.
The main impact spyware has on computers is that it slows down the operating system. Not only does it affect the performance of the computer, it can also change a user’s web-browser security settings and disable anti-spyware software to open the door for more infections, which will ultimately even further slow down the operating system. When a computer is badly infected, users tend to believe that it has a technical problem. Most of the time, they don’t suspect spyware to be the source of this slowdown. The consequence of this misunderstanding is that users will often buy a new computer instead of taking measures to clean up the computer. This unfortunately highly contributes to Sterne’s concept of computers’ obsolescence and disposability (424). In the long term, it will also have considerable consequences on the environment, as the act of computer disposal has a harmful, polluting effect (432). This goes to show that spyware impacts more than just the users and it must not be seen as an individual problem, with consequences beyond the violation of users’ privacy.
As previously explained, the purpose of spyware is to collect information that has value. In order for spyware to have access to this type of data, an important number of people must extensively use the networked technological product and above all, they must use it to transmit personal information. This is why Microsoft Windows for example is more easily subjected to spyware infections than Apple’s operating systems. It also explains why in the past few years there have been a growing number of spyware attacks on mobile devices. PDAs and smartphones are the most vulnerable devices, since people use them to read their emails and surf the Internet. Isn’t a cellphone the most private object one can possess after maybe a personal computer or a purse? However, unlike a laptop, it is much easier to lose a cellphone. Laptop thefts do happen, especially at school, but losing one is quite difficult. As if the possibility of losing this precious and private object wasn’t dreadful enough, we now have to deal with the risk of being spied on.
Another important consequence of the growing use of spyware and other malware is the creation of a new industry: the security software industry. Indeed, Jeff Wilson, a principal analyst at consultant Infonetics Research, estimated that “sales of mobile-security software for handsets will rise to $1.6 billion in 2013 from $113 million in 2008” (Kharif). As more users become aware of the risks and dangers of having spyware on their computer, there is no doubt that the profitability of anti-spyware companies, among others, will continue to increase. Although adware is not relatively harmful, identity theft cannot be taken lightly. Since spyware can log keystrokes, mouse movements, and mouse clicks, it is easy for hackers to find users’ passwords and credit card numbers. Like marketing companies, security software companies are also profiting from users’ concern with privacy as “a personal space; space under the exclusive control of the individual” (Bennett, 488).
How Has Spyware Impacted Conceptions of Privacy?
There is no doubt that spyware violates users privacy. However, nowadays, with the increasing popularity of social media, one doesn’t need to meet with someone and have a one on one over coffee to know everything about his past, his family, his activities, his tastes, and even personal information about his friends. A brief look at his Facebook profile for example will offer all of this precious data. On top of that, the information will be offered, in some instances, visually through the user’s pictures. Does this trend therefore reduce the severity of the spyware behaviors? Following this idea, Andrejevic argues that:
Opponents of corporate surveillance seem unable to provide a compelling rationale for privacy protection in an era when consumers remain surprisingly willing to surrender increasingly comprehensive forms of personal information in response to offers of convenience and customization. (233)
Other parties take advantage of users’ naivety when using social media. Indeed, we as Internet users, “translate more and more of ourselves into other forms of expression that exceed ourselves” (McLuhan, 57) without even realizing it. So considering the amount of personal information we voluntarily post online, it’s no wonder “the point at which information becomes personal information is increasingly difficult to determine” (Bennett, 492). Where privacy starts is therefore particularly subjective. In her article about surveillance and society, Danah Boyd elaborates on how social media has influenced the limits of privacy. As she says, “social norms – when contextually understood – highlight how privacy and surveillance are both being challenged by an increasingly networked society” (Boyd, 505).
Google and Facebook do utilize users’ personal information in order to make profits by selling it to third parties. However, they do not use spyware per se, whereas other well-known companies such as Sears and Kmart have been accused of spying on their customers’ habits through spyware piggybacked to seemingly inoffensive marketing software (Silicon.fr). They would even offer incentives to customers who installed the program. It was considered as a violation of privacy because they did not inform their customers that spyware was being downloaded with the installation of the software. and that it would spy on their online behaviors. Therefore, with the advent of spyware and its widespread, corporate applications, one can firmly see that ‘privacy’ has become an extremely flexible, ambiguous concept, encompassed by overall morally grey tones. 
Conclusion
            As Sterne explains, “computers have not yet stabilized as a medium, since technology is still evolving” (19). On one hand, this can be seen as a hope that the new versions of operating systems and security software launched every year or so will resolve all the problems computers currently have, including malware. On the other hand, it can also be seen as a threat, since the on-going technological evolution will lead to new opportunities for hackers to develop stronger and better malware. We can come to the conclusion that, like computers, privacy’s meaning is still ambiguous, and not clearly defined. And with the incessant development of new technologies, chances are that it will never have a final, explicit definition. This paper showed that many questions have yet to find answers. Until then, one thing is for sure: our personal information can only be safe as long as we do not transmit it whatsoever. So the final question is: How is it possible to be so secretive and to keep our precious information to ourselves when new technologies are more and more oriented toward increasing social connections? As Bennett says, “perfect privacy is violated when one enters into social relations” (486).

Works Cited