&
Canada Computes
Wednesday, February 28, 2001

Snooping Web tool walks fine line
between 'power' and 'privacy infringement'

by Stefan Dubowski, Stefan_Dubowski@tcp.ca

[Privacy] With Internet propositions, simple plans often yield complicated executions. In the case we describe here, potential privacy problems threaten to wreck innovation before it bares fruit.

A new software company plans to market the power of peer-to-peer networks with a twisted -- but intriguing -- turn on a simple operating system tool.

ShareSniffer Inc.'s software of the same name gives users a glimpse into hard drives connected to the Internet. According to company president Michael Pommerer, this is the promise of "P2P" unleashed.

"What we want to promote is uncensored file sharing across the Web", he said during a telephone interview. "This is true peer-to-peer, unobstructed file sharing."

But ShareSniffer might also unleash a volley of complaints from computer users who don't realize the power of the company's product.

Here's how the program works: it scans the Internet for protocol addresses attached to open hard drives. ShareSniffer sends this information to its animator, who in turn might scan the discovered drives for music files, videos, whatever.

It's fine for those of us who mean to leave a back door open on our hard drives -- some of us want such accessibility, afforded by the file and print sharing function in Microsoft's operating systems.

"Our directive is to promote open sharing", Pommerer said. Thus musicians bypass record companies and authors realize a fan base even before they submit work to publishers.

The ShareSniffer team looks forward to a future featuring ultimate collaboration, the promise of this World Wide Web, Pommerer said.

But ShareSniffer snoops even where it's not wanted. Let's say you turned on Microsoft's file and print sharing simply for easy access to your own files. You didn't expect anyone else to be glancing your work.

"It will find those addresses too, unfortunately", Pommerer said. "We're hoping to give everyone the knowledge to take responsibility for their own systems."

It's simple, Pommerer figures. If you want to keep ShareSniffer out of your hard drive, don't enable file sharing. Or, if you insist on keeping this function up and running, use a password to protect access.

"If you don't want to share, please protect it ... Be responsible."

ShareSniffer directs curious Netizens to this Web site among others to learn how to properly enable or protect file sharing privileges.

For others, however, it's not enough for ShareSniffer to say, "Act responsibly online". As a result, the company might find itself on the stake for disturbing the peace and privacy many have come to expect on the Web.

"Not every open door is an invitation", said Mark Rasch, vice-president of cyber law with Predictive Systems Inc., a network consultation company.

For Rasch, ShareSniffer violates an important rule of netiquette: ask first.

"The trick is to gain consent", he said. "If a person has consented to allow you access, it's okay."

Otherwise Rasch says using ShareSniffer is like walking through a door without an invitation. And it's no stretch to liken this file-sharing fix to rummaging through your neighbour's closet when he's not looking.

Which begs the question: might ShareSniffer be on the hook for facilitating a crime? After all, Canada's Criminal Code is strict on the matter of unauthorized computer use: Section 342.1 of the Code says anyone who "intercepts or causes to be intercepted, directly or indirectly, any function of a computer system ... is guilty of an indictable offence and liable to imprisonment for a term not exceeding ten years, or is guilty of an offence punishable on summary conviction."

But David Jones, president of Electronic Frontier Canada says ShareSniffer is likely off the hook.

"Importantly, the people who created ShareSniffer are not breaking the law since they only make a tool, and don't commit the crime", Jones said in an e-mail to CanadaComputes.com.

But as for those of us who use ShareSniffer's sneaky software, "Canada has a law that criminalizes 'unauthorized use of a computer'", Jones said, "and people who use ShareSniffer could be breaking the law".

It's no different south of the border, if what Rasch said is right. He told us that "there is a crime of possession of burglars' tools. But there's no crime that I know of for the creation of burglars' tools."

Pommerer said his team sees it like this: Few would consider suing a carmaker if someone uses its product to murder another. Cars weren't built to be used as weapons. ShareSniffer wasn't built to break in to people's hard drives.

Sure. Meanwhile Napster Inc. argued that its file sharing client is likewise innocuous. Its legal adversaries shouldn't expect the firm to police who does what with its software. Napster was not built to help people violate copyright.

Napster as much as lost its most recent legal round.

Rasch said an enterprising lawyer might argue ShareSniffer is in violation of the U.S. Digital Millennium Copyright Act, whereby it's illegal to build tools designed to defeat copyright protections.

Pommerer said of inadvertent file gazing, "We recognize it's possible. We certainly hope it doesn't happen. We're promoting responsible use. It's a powerful tool."

But "hope" might not be enough to stave off the Internet's privacy watchdogs -- some of whom, we've been told, plan to watch ShareSniffer closely.

Rather unlike Napster, ShareSniffer had a business plan from the get-go. If you download the client now you'll pay $4.95 US for a yearlong subscription. But over time the price rises. The company says $99.95 US will net you an "unlimited" account.

Pommerer knows some of us will question ShareSniffer's validity, but he figures time will dull the barbs of untried practices. After all, he said, how can anyone deny the encroaching power of P2P?

"Maybe you'll get that contract you were bidding for, maybe you'll get that call", he said. The point is, you don't need to build a fancy Web site to use the Internet for promotion.


Copyright © 2001 by Canada Computer Paper, Inc. All Rights Reserved. Reprinted with permission.