Know your vendor
Digital privacy becoming more difficult
By John “jaQ” Andrews firstname.lastname@example.org.
I’m not on a privacy kick, I swear. But after the dreadful Google Buzz launch (which exposed a user’s e-mail contacts to, well, all their other e-mail contacts), the news last week of a Pennsylvania school district remotely activating the webcams of students’ laptops in their homes makes one just a touch paranoid.
Search your favorite news site for “webcam school” to read the latest on this case. In short, the school issued laptops to its students, and whenever one was considered “missing,” administrators had the authority to snap a quick photo with the built-in webcam in order to ascertain the computer’s location. The implications are clear: school officials could, in theory, eavesdrop on any student at any time, capturing sound, still pictures or video.
The only leg on which the district has even a teetering toe to stand is the fact that the laptops were school property. Were it really concerned only with the location of a missing or stolen laptop, a GPS locator chip would be a far more elegant, if slightly more expensive, solution. Dedicated webcam control seems an odd choice for a security measure. It’s far more likely that this was an improvised solution based on administrators’ ability to remotely access any software on the laptop.
I’ve written about such software in the past. Windows comes with its very own built-in software called Remote Desktop, and several free programs based on Virtual Network Computing (VNC) exist. Both of these methods allow someone to log into a PC over a network, either controlling the existing user’s desktop or starting an independent desktop session invisible to the local user.
Remote Desktop is switched off by default, and you have to download a VNC application. Still, what’s to prevent an unscrupulous electronics or software vendor from selling you a product that snoops on you without your knowledge?
In fact, spyware is all over the place. Some of it is so banal that it’s not even considered spyware, but an astonishing number of software products and Web sites do some kind of data tracking based on your activity.
The most egregious offenders can be blocked, detected or removed by operating system protections or third-party software like Spybot or Ad-Aware. That’s assuming you trust those software companies; for all its flaws, Microsoft is fairly up-front about asking customers to opt in to things like anonymously reporting software crashes or sharing Internet browsing statistics. Some of that is legally mandated and some is good customer relations.
You might be tempted to start using only open source software, so you can be sure that other users (or you yourself) have combed over the code and made sure there are no unexpected back doors. It’s a valid choice, but the possibility of snooping doesn’t end at your software. Pretty much every current cell phone has a GPS in it for Enhanced 911 location pinpointing, so a PC — or, let’s be honest, anything with a power source — could be sold with one without it being advertised as well. Want to use the Internet? All your habits are logged at the service provider and at many individual Web sites as well.
The technology isn’t the problem. The technology is here and has too many legitimate uses to blame it for distinctly human decisions about how to use it. When all your personal information is potentially everybody else’s business, the most essential feature to look for in any product is trust.