Bill Totten's Weblog

Monday, January 17, 2011

What is Traitorware?

by Eva Galperin

Electronic Frontier Foundation (December 23 2010)

Your digital camera may embed metadata into photographs with the camera's serial number or your location {1}. Your printer may be incorporating a secret code {2} on every page it prints which could be used to identify the printer and potentially the person who used it. If Apple puts a particularly creepy patent {3} it has recently applied for into use, you can look forward to a day when your iPhone may record your voice, take a picture of your location, record your heartbeat, and send that information back to the mothership.

This is traitorware: devices that act behind your back to betray your privacy.

Perhaps the most notable example of traitorware was the Sony rootkit. In 2005 Sony BMG produced CD's which clandestinely installed a rootkit {4} onto PCs that provided administrative-level access to the users' computer. The copy-protected music CD's would surreptitiously install its DRM technology {1} onto PCs. Ostensibly, Sony was trying prevent consumers from making multiple copies of their CD's, but the software also rendered the CD incompatible with many CD-ROM players in PCs, CD players in cars, and DVD players. Additionally, the software left a back door open on all infected PCs which would give Sony, or any hacker familiar with the rootkit, control over the PC. And if a consumer should have the temerity to find the rootkit and try to remove the offending drivers, the software would execute code designed to disable the CD drive and trash the PC.

Traitorware is sometimes included in products with less obviously malicious intent. Printer dots were added to certain color laser printers as a forensics tool for law enforcement, where it could help authenticate documents or identify forgeries. Apple's scary-sounding patent for the iPhone is meant to help locate and disable the phone if it is lost of stolen. Don't let these good intentions fool you - software that hides itself from you while it gives your personal data away to a third party is dangerous and dishonest. As the Sony BMG rootkit demonstrates, it may even leave your device wide open to attacks from third parties.

Traitorware is not some science-fiction vision of the future. It is the present. Indeed, the Sony rootkit dates back to 2005. Apple's patent application indicates that we are likely to see more traitorware on the horizon. When that happens, EFF will be there to fight it. We believe that your software and devices should not be a tool for gathering your personal data without your explicit consent.

Related Issues: Digital Rights Management {5}, Innovation {6}, Intellectual Property {7}, Locational Privacy {8}, Privacy {9}











Bill Totten


Post a Comment

<< Home