The February 2023 issue of IEEE Spectrum is here!

Close bar

Is the Lenovo/Superfish Debacle a Call to Arms for Hacktivists?

Proposed exemptions to the DMCA could free white hats to make networked devices more secure

2 min read
Is the Lenovo/Superfish Debacle a Call to Arms for Hacktivists?
Image: Kutay Tanir/Getty Images

As Lenovo has come under fire for pre-installing on their computers the intrusive Superfish adware — and as lawsuits are now being filed against the laptop-maker for compromising its users’ security — one solution to the problem may have been given short shrift. Maybe it’s time, in other words, to release the hackers.

To be clear, nothing here should be read as an inducement to any sort of malicious hacking or other nefarious cyber-activities. The call to arms is instead to hacking in the old Homebrew Computer Club, touch-of-code-and-dab-of-solder sense. After all, when pop-up ads became a scourge of the late 1990s Internet, coders behind the smaller Opera and Mozilla browsers rolled out their pop-up blockers to restore a touch of sanity. Major commercial web browsers like Internet Explorer and Safari only rushed in after the nimbler first responders proved the consumer demand.

Over the nearly half-century of the modern amateur computing movement, makers, modders and homemade tech enthusiasts have never come up short on creative solutions to big marketplace challenges. What’s needed in response to the proliferation of Lenovo/Superfish, Samsung Smart TV, and many other security debacles in recent months is more openness and encouragement to let hackers (in the old-school sense of hackers as above) be hackers.

“It comes down to device autonomy, whether users have control over the software and hardware they run,” says Parker Higgins, director of copyright activism at the Electronic Frontier Foundation. “I worry that people may lose the understanding that they deserve that kind of autonomy and that level of privacy and that entitlement to be left alone when they want to.”

In fact, just this month EFF has completed its latest round of petitions to the U.S. Copyright Office to enable exceptions to the Digital Millennium Copyright Act that allow for car repair that involve a car’s onboard computers, Fair Use video remixes, jailbreaking phones and tablets and modifying older video games that require authentication from servers that no longer exist.

“There’s a rulemaking process that happens every three years,” Higgins says. “Every three years you have to submit your exemptions de novo. It doesn’t carry over. We’ve gotten exemptions for jailbreaking phones in the past, and we’ve had to apply it completely from scratch this year.”

So as dry as the DMCA’s exemption-making process may be, he says, it’s still necessary to carve out spaces in the marketplace where consumers can continue to develop new and productive uses for technology whose original manufacturers might otherwise try to shut it down via claims of copyright infringement.

Higgins adds that with enough groundswell of frustration at the proliferation of adware, bloatware and consumer snooping in tech today, legislation like the Unlocking Technology Act of 2013 (which would allow for more hacking of the kind described here — but also died in committee) might one day make it onto the books.

And the reason this matters to aggrieved Lenovo or Samsung SmartTV owners (among numerous known and suspected privacy violations in consumer electronics) is that owners of these devices should be able to build and distribute their own workarounds to spyware or other unrequested and unadvertised technologies they find onerous. And maybe then some smart appliance equivalent of the popup ad blocker will bubble up to restore a touch of sanity again. 

The Conversation (0)

How Police Exploited the Capitol Riot’s Digital Records

Forensic technology is powerful, but is it worth the privacy trade-offs?

11 min read
Vertical
 Illustration of the silhouette of a person with upraised arm holding a cellphone in front of the U.S. Capitol building. Superimposed on the head is a green matrix, which represents data points used for facial recognition
Gabriel Zimmer
Green

The group of well-dressed young men who gathered on the outskirts of Baltimore on the night of 5 January 2021 hardly looked like extremists. But the next day, prosecutors allege, they would all breach the United States Capitol during the deadly insurrection. Several would loot and destroy media equipment, and one would assault a policeman.

No strangers to protest, the men, members of the America First movement, diligently donned masks to obscure their faces. None boasted of their exploits on social media, and none of their friends or family would come forward to denounce them. But on 5 January, they made one piping hot, family-size mistake: They shared a pizza.

Keep Reading ↓Show less
{"imageShortcodeIds":[]}