Politech mailing list archives
FC: TiVo accused of privacy violations; more on "SpyTV" debate
From: Declan McCullagh <declan () well com>
Date: Mon, 26 Mar 2001 10:01:27 -0500
The Privacy Foundation folks today accused TiVo of transmitting dozens of pages of user viewing information a day to corporate HQ:
http://www.privacyfoundation.org/privacywatch/report.asp?id=62&action=0 TiVo responds: http://www.tivo.com/privacy_response.html News coverage: http://www.siliconvalley.com/docs/news/svfront/tivo032601.htm -Declan ************ To: declan () well com, jet () well com Subject: Re: FC: Response to SpyTV, interactive television, and free software From: corbet () lwn net (Jonathan Corbet) Date: Fri, 23 Mar 2001 09:12:13 -0700 > TiVo is based on open software (linux) and TiVo, Inc. has relased its > changes under the GPL. > > TiVo has also published it's privacy practices and policies on its > website. > > Maybe rms needs to learn to read before slagging people? TiVo has released its Linux kernel changes, as required by the GPL. The company has *not* released the source of any of its application-level software, though. That software is what makes the difference between a TiVo box and a normal PC, and is where any sorts of "interesting" behavior could be implemented. Including behavior like that described in the book, where information is not reported back to a central server. Quite a bit of manipulative behavior could take place without necessarily violating privacy guidelines. Basing things on Linux is a good start, but does not really solve the problem. I preached on this a bit on the LWN.net front page this week. The whole system needs to be open before you can trust it. jon Jonathan Corbet Executive editor, LWN.net corbet () lwn net ********** Date: Fri, 23 Mar 2001 10:30:38 -0800 (PST) From: "J. Eric Townsend" <jet () well com> To: corbet () lwn net (Jonathan Corbet) Cc: declan () well com Subject: Re: FC: Response to SpyTV, interactive television, and free software "Jonathan" == Jonathan Corbet <corbet () lwn net> writes: Jonathan> of its application-level software, though. That software is Jonathan> what makes the difference between a TiVo box and a normal Jonathan> PC, and is where any sorts of "interesting" behavior could Jonathan> be implemented. Including behavior like that described in Jonathan> the book, where information is not reported back to a Jonathan> central server. Quite a bit of manipulative behavior could Jonathan> take place without necessarily violating privacy guidelines. Yup, it *could* happen. Anyone have any evidence of it? Lots of people have ripped apart the Tivo code and hacked it to do all sorts of things, none of them have found any evidence of this sort of activity. It could also happen with a DSS receiver or digital cable box, for what it's worth. --jet ************ Date: Fri, 23 Mar 2001 20:39:47 -0700 (MST) From: Richard Stallman <rms () gnu org> To: declan () well com CC: politech () politechbot com, jet () well com Subject: Re: Response to SpyTV, interactive television, and free software Eric Townsend wrote: The book by the anti-tv folks lumps TiVo in with Microsoft et al, and rms' parrots it without doing any research. Does he think that nobody should mention a site to others without personally researching its subject? Or does this impossible standard apply only to people working 60-hour weeks on another issue? TiVo is based on open software (linux) and TiVo, Inc. has relased its changes under the GPL. The operative term here is "based on". TiVo is based on some free software, the GNU/Linux operating system, which includes a lot more than Linux the kernel. (See http://www.gnu.org/gnu/linux-and-gnu.html for more explanation of that.) But my understanding is that the software that implements the TV features is proprietary (someone please correct this if it is wrong). That being so, the fact is that you can't tell (except by reverse engineering) what it does, or what it could be told to do. Whether that proprietary software is running on GNU/Linux or Windows makes little difference for this issue. On the other hand, if the TV software were free, and you could install modified versions of it, the users would be able to control what it does. TiVo has also published it's privacy practices and policies on its website. I am not an Internet user, but if someone emails these to me I will take a look at them. They may not be relevant to this issue, though. One of the interesting points in the paper handout I read, which gave the URL www.spyinteractive.com, was that an interactive TV can be programmed to do things you might not like based on information it has gathered about you, even if it never sends that information over the network. This is an issue which privacy policies typically do not address. Even a very firm privacy policy, such as "We never distribute any of the information collected to anyone", does not preclude the interactive TV from using the information it has gathered about you to alter what it shows you in ways you would be shocked to know. Whether any specific company is doing this or plans to do this, I don't know. But the point that it is possible is interesting, regardless of whether it is happening now. ************ Date: Fri, 23 Mar 2001 23:59:12 -0800 (PST) Message-Id: <200103240759.XAA05433 () well com> From: "J. Eric Townsend" <jet () well com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: rms () gnu org Cc: declan () well com, politech () politechbot com, jet () well com Subject: Re: Response to SpyTV, interactive television, and free software In-Reply-To: <200103240339.UAA11450 () aztec santafe edu> References: <5.0.2.1.0.20010322112225.0246b0f0 () mail well com> <200103240339.UAA11450 () aztec santafe edu> As a consultant doing some security work for TiVo, I can't say much for the company officially. I can say that the people I've met there are very, very devoted to user privacy and not doing any sort of awful mind control projects. "Richard" == Richard Stallman <rms () gnu org> writes: Richard> That being so, the fact is that you can't tell (except by Richard> reverse engineering) what it does, or what it could be told Richard> to do. Whether that proprietary software is running on Richard> GNU/Linux or Windows makes little difference for this issue. On the other hand, if you go look at the TiVo web site, you can see their privacy policy in great detail. If you go look at the TiVo hacker sites, you can see what people have researched in terms of how TiVo works. I trust TiVo's motives as much as I trust the LPF/FSF (I say that as someone who used to hand out anti-Apple flyers for the LPF at ACM events back in the boycott days). If you can point me to the Microsoft privacy policy, I'd love to see it. I looked on the ultimate tv site and found nothing. I suggest using external, trusted auditors, they same way we do with financial information and non-profits. Set up a team of people and let them go thru the source code and say yea or nay without revealing company secrets or proprietary technology. Sure, reading the code is great for us geeks, but do you really expect my 54 year old mother to read source code, download stuff, type make install, etc? I sure as hell don't. Richard> I am not an Internet user, but if someone emails these to me Richard> I will take a look at them. They may not be relevant to this Richard> issue, though. I guess your email got to me via UUCP then, and not via SMTP. Odd, I didn't know UUCP was still supported at well.com. In any case, here's the URL: http://www.tivo.com/flash.asp?page=support_privacy In short, there are three levels: - opt out: nothing about your viewing habits ever goes back to TiVo. A phone call to TiVo and you are in the opt out category. - default: logs of what you did go back to TiVo but they get anonymized and lumped in with everyone else's data as soon as they are uploaded to a TiVo server. There is no way to correlate what you watched or did on your TiVo with you short of tapping your phone and decoding the modem call. - opt in: everything your TiVo does is tied to you. You have to call TiVo and give permission for this to happen. Why you would do this voluntarily is beyond me. Richard> [an] interactive TV can be programmed to do things you might not Richard> like based on information it has gathered about you, even if Richard> it never sends that information over the network. Yup. Your digital cable box or your DSS sat dish could be programmed to do the same thing. No need to have any sort of fancy equipment. Richard> Whether any specific company is doing this or plans to do Richard> this, I don't know. But the point that it is possible is Richard> interesting, regardless of whether it is happening now. I agree that it's interesting and should be investigated. There are people out there hacking on the TiVo et al verifying all sorts of things, but that's just a start. External auditing and verification by independent third bodies is one of the few ways to make people happy. However, I don't agree that jumping on the bandwagon of an anti-TV group without doing a little research is a good idea. If company ABC does awful, horrible things with technology in this space, that doesn't mean that the other companies are doing the same things. If you want, I can point you at some official people at TiVo who would love to talk about this. If you (rms, declan), or anyone else have suggestions or comments about how TiVo can open up their system without compromising their intellectual property or ability to make a profit let me know. If you don't want to deal with me, let Dave Platt know: dplatt () tivo com. He's probably the most sincere person I've met in ages when it comes to respecting personal privacy and not fucking with people's brains. We're probably on the same side on this issue. I just object to painting all media and technology companies with the same brush. --jet ************ Date: Sat, 24 Mar 2001 20:48:48 -0700 (MST) Message-Id: <200103250348.UAA12830 () aztec santafe edu> From: Richard Stallman <rms () gnu org> To: jet () well com CC: declan () well com, politech () politechbot com, jet () well com In-reply-to: <200103240759.XAA05433 () well com> (jet () well com) Subject: Re: Response to SpyTV, interactive television, and free software As a consultant doing some security work for TiVo, I can't say much for the company officially. I can say that the people I've met there are very, very devoted to user privacy and not doing any sort of awful mind control projects. I have little knowledge of TiVo in particular, so I won't say you are wrong about that company. But the issue here is much bigger and more general than TiVo in particular. The issue is about what can be done by a network-connected communication device, one that can be reprogrammed by the company that "sold" it, but not by the user who "bought" it. Perhaps TiVo is too idealistic to take advantage of these possibilities. But can we, should we, expect manufacturers in general to be so? Should we place the issue in their hands and trust them, or should we spread the idea that people should insist on being able to *check*? Even TiVo could change. Perhaps its current management have strong scruples, but they probably won't be in charge of the company five years from now. Management changes forced by investors are common in start-ups; so is being bought by another company, which also often leads to a start-up. You may think that "Changing this policy would make all the engineers quit", but even if you are right, that doesn't mean it won't happen. Such apparently stupid drastic policy changes are not unusual with new management. Let's not let the specific issue of what TiVo does get in the way of thinking about the larger issue. Sure, reading the code is great for us geeks, but do you really expect my 54 year old mother to read source code, download stuff, type make install, etc? I sure as hell don't. I don't expect her to check the source code, but she could appreciate the benefits if geeks can do it. Richard> [an] interactive TV can be programmed to do things you might not Richard> like based on information it has gathered about you, even if Richard> it never sends that information over the network. Yup. Your digital cable box or your DSS sat dish could be programmed to do the same thing. No need to have any sort of fancy equipment. Perhaps they can. The handout related to spyinteractive.com raised the issue for interactive TV, but the issue is more general in principle. It will become more general in practice too, over time. For this issue to arise, the equipment needs to be remotely reprogrammable, and it needs to be able to make some decisions or change some things on its own without your knowing it did so. For present-day cable boxes and/or satellite dishes, it may be the case that they are not remotely reprogrammable. Or it may be the case that what users expect them to do is so simple and predictable that there is no room for them to do anything but what users expect. But that would be a contingent conclusion, not a fundamental principle. Even if these devices don't present the potential problem today, they may present it in five years. ************ Date: Sun, 25 Mar 2001 13:26:38 -0500 From: Brian Ristuccia <brian () ristuccia com> To: "J. Eric Townsend" <jet () well com> Cc: declan () well com Subject: Re: FC: Response to SpyTV, interactive television, and free software Message-ID: <20010325132637.A19365 () osiris 978 org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline > The book by the anti-tv folks lumps TiVo in with Microsoft et al, and rms' > parrots it without doing any research. > > TiVo is based on open software (linux) and TiVo, Inc. has relased its > changes under the GPL. > While the TiVo may be based on Free Software, there is a significant amount of software responsible for its operation that is not Free Software. One who disassembles a TiVo and extracts the software will find that they are not permitted to redistribute anything but the base GNU/Linux system software on which it is based. Without the other software, the TiVo is basicly useless for its intended purpose of time shifting TV programs. Just like Microsoft, the folks at TiVo are publishers of proprietary software. > TiVo has also published it's privacy practices and policies on its > website. > Their privacy policy doesn't change the fact that the device is built to facilitiate monitoring, nor does it remove TiVo's ability to change that policy at any time. Indeed, we've seen a good number of fair privacy policies swing in the other direction as the issuing company's financial situation changed for the worse. > Maybe rms needs to learn to read before slagging people? > RMS's position is justified. -- Brian Ristuccia brian () ristuccia com bristucc () cs uml edu ********** Date: Thu, 22 Mar 2001 14:05:01 -0600 To: declan () well com From: Rajiv Shah <r-shah4 () uiuc edu> Subject: Re: FC: Response to SpyTV, interactive television, and free software Regarding Tivo Just to be clear Tivo has published their modifications to the Linux PowerPC Kernel http://www.tivo.com/linux/index.html However not all of the Tivo software is open source, for example the user interface myworld is not open source http://www.avsforum.com/ubbtivo/Forum6/HTML/002891.html Rajiv Rajiv Shah r-shah4 () uiuc edu http://www.RajivShah.com ********** ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if it remains intact. To subscribe, visit http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ -------------------------------------------------------------------------
Current thread:
- FC: TiVo accused of privacy violations; more on "SpyTV" debate Declan McCullagh (Mar 26)