Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Friday, 10 February 2017 16:25

We are heading into very un-private EULA, OTA time


In the early 1980s, when I first bought a computer, I owned DOS, later Windows, and then Office. Then the lawyers got involved and now I own a licence to use them – these programs are not mine, I just get to use them under the terms of an End User Licence Agreement.

What about the operating system and security/patch over the air (OTA – really means via wired or wireless Internet) updates “forced” on us by Apple, Google, and Microsoft? Are we able to switch them off, and stick with earlier versions of macOS, iOS, Android or Windows?

In theory, you can, but in practice, that right has led to fragmentation of the OS to such an extent that users are easy prey for cyber criminals. You cannot opt out unless you live in a cave and don’t connect to the Internet. Yet we still have the vocal minority pillorying these companies for wanting to keep us safe and patched.

How many of us read the EULA for anything?

Certain Android smartphone brands used ADUPS to update the OS. That fiasco was evidence that OTA and EULA were gathering far more personally identifiable information (PII) that was reasonably expected. In the name of software updates, it collected the full body of text messages, contact lists, call history with full telephone numbers, unique device identifiers including the International Mobile Subscriber Identity (IMSI) and the International Mobile Equipment Identity (IMEI). The firmware could target specific users and text messages matching remotely defined keywords.

The firmware also collected and transmitted information about the use of applications installed on the monitored device, bypassed the Android permission model, executed remote commands with escalated (system) privileges and could remotely reprogram the devices.

Per the New York Times, American authorities say it is not clear whether this represents secretive data mining for advertising purposes or a Chinese government effort to collect intelligence.

The same goes for the recent storm in a teacup when Samsung announced that it would send OTA updates to the Note7 to restrict battery charging. While the din was not as audible, some owners objected to the intrusion on a device they thought they owned. Samsung could only take the Note7 off carrier networks once a complex, country by country legal process determined that under the EULA — nothing to do with public interest — it could do so.

Then what about the news that certain athletes, as part of their contracts, must wear fitness trackers 24x7? That means no privacy while they sleep, are on the toilet, having a few drinks, during training and having sex. Great idea in theory to improve performance but it is lead balloon material to the athletes. And it won’t be long before life insurance companies mandate fitness trackers and car insurance companies want telemetry from dash cams and GPS.

Want to use the cloud? Most public clouds have EULAs that allow them to do pretty much anything with your data. It gets worse the lower the costs you pay – free storage usually means open slather for whatever you store there.

Want a free app? By downloading you agree to an EULA that may be damned hard to find, let alone wade through the legalese. You would be horrified at what free mail, contacts, calendar and flashlight apps collect.

Visiting websites can also contain automatic acceptance of the EULA. One cyber criminal has a flash-up message about cookies that has three-point type that warns you that by clicking on the cookie acceptance you will be infected, and have your ID stolen etc.

Fancy a bit of live TV or streaming? There is an EULA for smart TVs that can tell who is watching, what they watch, and when they watch. It will get worse with remote controls that can recognise voices and it won’t be long before we must log in to view content. Siri, Alexa. OK Google and Cortana can spy on us under the guise of helping us. The information is advertising gold and it is sold.

Want to make a phone call? There is no specific EULA for a landline call but the moment you venture onto wired or wireless broadband there is – not to mention the layers of EULA that sit over telco carrier conditions for apps like Apple iMessage, Viber, WhatsApp, Skype, Facebook Messenger, etc.

There are even EULAs for cars. Tesla may have been the first with a 30-page agreement but increasingly any smart car device (think Apple CarPlay, Android Auto, BlackBerry QNX, Windows embedded), comes with one that allows the manufacturer, or their agent, considerable latitude to upgrade, downgrade, remove from service and more.

Many EULAs go too far with restrictions on use on different devices (can’t install more than once), ability to resell, limits of liability, and where a click-through to use signs away your rights. While the law has ways of determining what are unconscionable clauses, the great bulk are never challenged because the plaintiff bears the considerable costs of litigation should they lose to a cleverly crafted EULA.

And then there is lying by omission. Many legal cases have been lost by plaintiffs, not because the EULA specifically stated terms but because it banned any unforeseen use outside those terms.

One common criticism is that EULAs are often far too lengthy for users to devote the time to thoroughly read them. In March 2012, the PayPal EULA was 36,275 words.

In May 2011, the iTunes agreement was 56 pages – just to purchase a song or an app! South Park parodied this in the episode "HumancentiPad", where Kyle had neglected to read the terms of service for his last iTunes update and, therefore, inadvertently agreed to have Apple employees experiment upon him.

We are stuck with EULAs and, by and large, most of us are not equipped to handle the legal issues, let alone the ethical issue of who owns the software, devices, and personal information, and what the company in question does with it all.

Examples of ridiculous EULA clauses

Apple’s iTunes EULA expressively forbids you from using iTunes to create missiles and biological, chemical, or nuclear weapons.

For six months after Safari For Windows was released, Apple had the following clause in Safari for Windows’ EULA: You Can’t Install It On Windows

Google Chrome owns you. “You give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive licence to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services."

Facebook terms and conditions include a clause that states: "By posting User Content to any part of the Site, you automatically grant... to the Company an irrevocable, perpetual, non-exclusive, transferable, fully paid, worldwide licence (with the right to sublicence) to use, copy, publicly perform, publicly display, reformat, translate, excerpt (in whole or in part) and distribute such User Content for any purpose, commercial, advertising, or otherwise..."

Sony PlayStation and EA has a clause that says. "Any Dispute Resolution Proceedings, whether in arbitration or court, will be conducted only on an individual basis and not in a class or representative action…

Amazon Kindle: Your rights under this Agreement will automatically terminate if you fail to comply with any term of this Agreement. In case of such termination, you must cease all use of the Software, and Amazon may immediately revoke your access to the Service or to Digital Content without refund of any fees.

What can be done about EULAs?

Not a lot – in general, they have been upheld by the highest courts, largely backed by mega-corporation money. The only valid suggestion is to get your dog or cat to sign it and plead pawsible deniability!


Subscribe to ITWIRE UPDATE Newsletter here

Active Vs. Passive DWDM Solutions

An active approach to your growing optical transport network & connectivity needs.

Building dark fibre network infrastructure using WDM technology used to be considered a complex challenge that only carriers have the means to implement.

This has led many enterprises to build passive networks, which are inferior in quality and ultimately limit their future growth.

Why are passive solutions considered inferior? And what makes active solutions great?

Read more about these two solutions, and how PacketLight fits into all this.


WEBINAR INVITE 8th & 10th September: 5G Performing At The Edge

Don't miss the only 5G and edge performance-focused event in the industry!

Edge computing will play a critical part within digital transformation initiatives across every industry sector. It promises operational speed and efficiency, improved customer service, and reduced operational costs.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

But these technologies will only reach their full potential with assured delivery and performance – with a trust model in place.

With this in mind, we are pleased to announce a two-part digital event, sponsored by Accedian, on the 8th & 10th of September titled 5G: Performing at the Edge.


Ray Shaw

joomla stats

Ray Shaw  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News