Is the Lenovo/Superfish Debacle a Call to Arms for Hacktivists?

Image: Kutay Tanir/Getty Images

As Lenovo has come under fire for pre-installing on their computers the intrusive Superfish adware — and as lawsuits are now being filed against the laptop-maker for compromising its users’ security — one solution to the problem may have been given short shrift. Maybe it’s time, in other words, to release the hackers.

To be clear, nothing here should be read as an inducement to any sort of malicious hacking or other nefarious cyber-activities. The call to arms is instead to hacking in the old Homebrew Computer Club, touch-of-code-and-dab-of-solder sense. After all, when pop-up ads became a scourge of the late 1990s Internet, coders behind the smaller Opera and Mozilla browsers rolled out their pop-up blockers to restore a touch of sanity. Major commercial web browsers like Internet Explorer and Safari only rushed in after the nimbler first responders proved the consumer demand.

Over the nearly half-century of the modern amateur computing movement, makers, modders and homemade tech enthusiasts have never come up short on creative solutions to big marketplace challenges. What’s needed in response to the proliferation of Lenovo/Superfish, Samsung Smart TV, and many other security debacles in recent months is more openness and encouragement to let hackers (in the old-school sense of hackers as above) be hackers.

“It comes down to device autonomy, whether users have control over the software and hardware they run,” says Parker Higgins, director of copyright activism at the Electronic Frontier Foundation. “I worry that people may lose the understanding that they deserve that kind of autonomy and that level of privacy and that entitlement to be left alone when they want to.”

In fact, just this month EFF has completed its latest round of petitions to the U.S. Copyright Office to enable exceptions to the Digital Millennium Copyright Act that allow for car repair that involve a car’s onboard computers, Fair Use video remixes, jailbreaking phones and tablets and modifying older video games that require authentication from servers that no longer exist.

“There’s a rulemaking process that happens every three years,” Higgins says. “Every three years you have to submit your exemptions de novo. It doesn’t carry over. We’ve gotten exemptions for jailbreaking phones in the past, and we’ve had to apply it completely from scratch this year.”

So as dry as the DMCA’s exemption-making process may be, he says, it’s still necessary to carve out spaces in the marketplace where consumers can continue to develop new and productive uses for technology whose original manufacturers might otherwise try to shut it down via claims of copyright infringement.

Higgins adds that with enough groundswell of frustration at the proliferation of adware, bloatware and consumer snooping in tech today, legislation like the Unlocking Technology Act of 2013 (which would allow for more hacking of the kind described here — but also died in committee) might one day make it onto the books.

And the reason this matters to aggrieved Lenovo or Samsung SmartTV owners (among numerous known and suspected privacy violations in consumer electronics) is that owners of these devices should be able to build and distribute their own workarounds to spyware or other unrequested and unadvertised technologies they find onerous. And maybe then some smart appliance equivalent of the popup ad blocker will bubble up to restore a touch of sanity again. 

Advertisement

Risk Factor

IEEE Spectrum's risk analysis blog, featuring daily news, updates and analysis on computing and IT projects, software and systems failures, successes and innovations, security threats, and more.

Editor
Robert Charette
Spotsylvania, Va.
Contributor
Willie D. Jones
New York City
 
Advertisement