FoRK This Action!! (P2P's Dark Side)

From: Derek Robinson (nnvsnu@yahoo.com)
Date: Thu Mar 01 2001 - 12:45:25 PST


[Tripped across this today, thought it was worth FoRKing ...]

"Peer-To-Peer's Dark Side: Vendors May Demand A Piece Of Your CPU"
By Fred Langa, February 26, 2001.

http://www.byte.com/column/BYT20010222S0004

... Juno, the giant ISP with over 14 million subscribers, recently altered
its Terms Of Service to include something that on the surface is a fairly
standard P2P implementation: Juno will connect its subscribers' computers
as an ad-hoc distributed computing network.

Someone with a large computational problem will contract with Juno, which
will divvy up the large problem into smaller chunks and feed it into its
subscribers' PCs, which will execute this external code and send the
results of the computations back to Juno. The process then repeats.

But it's the implementation that makes my neck hairs stand up, as you can
see from this amazing paragraph taken from the current Juno Service
Agreement (yes, it's long, but trust me, it's worth reading through it
all!):

"2.5. You expressly permit and authorize Juno to (i) download to your
computer one or more pieces of software (the "Computational Software")
designed to perform computations, which may be unrelated to the operation
of the Service, on behalf of Juno (or on behalf of such third parties as
may be authorized by Juno, subject to the Privacy Statement), (ii) run the
Computational Software on your computer to perform and store the results
of such computations, and (iii) upload such results to Juno's central
computers during a subsequent connection, whether initiated by you in the
course of using the Service or by the Computational Software as further
described below ... you agree not to take any action to disable or
interfere with the operation of ... any component of the Computational
Software.

"You agree that, as between you and Juno, you shall be responsible for any
costs or expenses resulting from the continuous operation of your
computer, including without limitation any associated charges for
electricity, and that you shall have sole responsibility for any
maintenance or technical issues that might result from such continuous
operation.

"You agree that, as between you and Juno, Juno shall have sole rights to
the results of any computations performed by the Computational Software,
including without limitation any revenues or intellectual property
generated directly or indirectly as a result of such computations, without
further compensation to you. ...[Y]ou expressly permit and authorize Juno
to initiate a telephone connection from your computer to Juno's central
computers using a dial-in telephone number you have previously selected
for accessing the Service ... you agree that, as between you and Juno, you
shall be responsible for any costs and expenses (including without
limitation any applicable telephone charges) resulting from the foregoing
... You agree that you will not attempt to reverse engineer any such
software, data, or other materials or transfer or disclose any such
software, data, or other materials, or the results of any such
computations, to any third party.

"You acknowledge that your compliance with the requirements of this
Section 2.5 may be considered by Juno to be an inseparable part of the
Service, and that any interference with the operation of the Computational
Software (including, but not limited to, any failure to leave your
computer turned on at all times) may result in termination or limitation
of your use of the Service. ..."

In effect, Juno is saying that you must give it the right to use your PC
for whatever purposes it chooses, when it chooses. You have no rights to
what it does with or on your PC. You can't even try to find out what
Juno's doing. You must perform these forced services at your own risk and
expense. You must keep your PC on at all times in order to run Juno's
calculations. If you don't leave your PC on -- say you want to perform
system maintenance or just save some energy -- Juno can cancel your
account. You pay for the call (if needed) to send in the results, and if
Juno's software crashes your PC and eats your data, well, tough luck.

It even emphasizes its total lack of liability, even in cases where it is
clearly at fault, in another part of the service agreement, done up in
shouting capitals: "6.4. UNDER NO CIRCUMSTANCES (INCLUDING NEGLIGENCE AND
FUNDAMENTAL BREACH) WILL JUNO OR ANYONE ELSE INVOLVED IN PROVIDING THE
SERVICE OR SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL OR CONSEQUENTIAL DAMAGES OR LOSSES FROM OR THROUGH THE USE OF OR
INABILITY TO USE THE SERVICE OR THAT RESULT FROM MISTAKES, OMISSIONS,
INTERRUPTIONS, DELETION OF FILES OR E-MAIL, DEFECTS, VIRUSES, DELAYS IN
OPERATION OR TRANSMISSION OR ANY FAILURE OF PERFORMANCE, EVEN IF ADVISED
OF THE POSSIBILITY THEREOF."

I like the part where it absolves itself of liability even in cases of
negligence or fundamental breach of the agreement. It can't lose! Amazing.

If you want to read the whole thing in context, the entire agreement is
posted: http://help.juno.com/privacy/agreement.html

All this might be somewhat more palatable if it were really out in the
open. But Juno's sign-up materials make no mention of any of this. If you
surf into Juno's home page you'll see various come-ons for Juno 5.0;
following those links takes you to a download page. But neither that page
nor the "more info" link on the page mentions anything about the P2P
software.

Worse, you must download AND INSTALL the Juno software before you're
presented with the service agreement; and of course, most people never
read those long legal documents anyway.

It gets better: For all the millions of current Juno subscribers being
enticed into upgrading to the new version, the current Service Agreement
contains the following:

"...[Y]ou agree to accept the terms of the Agreement... as if you had
signed it. Juno may change this Agreement at any time; such changes will
be effective immediately upon transmission.... Each time you use the
Service reaffirms your acceptance of the then-current Agreement."

And when they do post a new agreement, it includes the magic phrase: "This
Agreement, the Guidelines and the Privacy Statement supersede all prior
communications and agreements."

So, it's both stealthy and ironclad: Juno can post software that takes
over your PC and makes it part of a P2P network over which you have no
control. It can notify you of this change via paragraphs buried inside a
legal document you may never see. And if you do, it doesn't matter because
it's wonderfully worded so that Juno can do what it wants with your
system, and yet is totally free of any liability or obligations to you if
its software screws up your system in any way.

Imagine the benefits to Juno: It gets, in effect, a risk-free, low-cost
supercomputer it can use for whatever purpose whatsoever. It's a potential
gold mine!

"Today, Juno. Tomorrow...?"

You might be tempted to blow this off with the thought "Hey, Juno's a free
ISP, and people who use it deserve what they get."

Even if it were just Juno, with over 14 million affected subscribers, it's
not a small thing.

But I think that Juno's model may prove hard for other companies to
resist. Think about how many software updates you routinely install over
the course of a year. Worse, think of the auto-updaters you probably use
for your OS, your office suite, your anti-virus definitions. It would be
incredibly simple for a software vendor to add a P2P component into its
next update download. The thinking might go like this:

"Let's see. If we slip a P2P component into our next software update,
adjust our Terms of Service to make it all retroactively mandatory, legal
and risk-free for us, then we can build a distributed supercomputing
network at our customers' risk and expense."

And you might not even know that P2P software had been installed on your
system ... until your system maintenance no longer worked (because there
were no idle times when it would kick in); or when your or your business'
own P2P projects got derailed because something else was already sopping
up all the spare CPU cycles. Then there's the extra wear and tear on the
system, the electricity consumed by systems that never go into sleep mode.
... Well, you get the idea ...

__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/



This archive was generated by hypermail 2b29 : Fri Apr 27 2001 - 23:13:14 PDT