Slashdot’s nightly headlines brought this bit of news from Information Week and Ars Technica to my attention last night: Microsoft submitted an adware patent back in 2006 that will use “context data” from your hard drive to select focused advertising for you to view while you’re surfing, reading your email, working on Word and Excel documents, etc.
That’s right – their patent covers adware that could reside in the host Windows operating system, reside as a “feature” of an application like Word or Outlook, or be installed as a specific, stand-alone application. And it would search the context of the files you have open to target ads to your desktop or application while you’re working on them.
I can see it now – someone’s working on a vampire cyberpunk short story and they get distracted every few minutes by ads for Anne Rice’s Interview with the Vampire and for the RPG CyberPunk 2020. And, just in the process of writing this very post, I can imagine getting context-based ads about patent law firms, cyberpunk and vampire literature, Microsoft products, and even companies offering adware. Just great.
Unfortunately, according to both articles, the patent application includes nothing about how it will guarantee data security or protect personal data. I can’t imagine that this is really a good idea for any industry, or any person, except the advertising firms who’ll use it.
Let’s assume you’re a telecommunications equipment manufacturer (a prior life of mine, actually). You are engaged in a massive price and feature war against all comers on your telephony, wireless, and DSL products. In the process of doing your job, you build Excel spreadsheets called Bills of Material (BOMs) that have the exact part numbers, quantities, prices, and suppliers for all the electronic components you’re using in your Latest Big Thing. In addition, you write your product specifications, test procedures, and marketing documents in Word and FrameMaker respectively. Even if we assume that the adware can’t scan files that aren’t actively in use (a very bad assumption), the adware will still gradually gather that you’re using Arrow as your primary component distributer, that you use Texas Instruments DSPs on your product (both from the BOM spreadsheets), that your company uses Tyco to manufacture your electronics (from the product specification), and that you use HP test equipment to verify that your product works right (from the test procedure). From the marketing documentation, the adware will know just what you’re planning on announcing at the next SuperComm expo, what new DSL features and routing functions it will have, how big it is, etc. And in the process, TI may learn from the adware that you’re considering buying their latest DSP chip before you’re purchasing negotiators tell them, putting your people at a significant disadvantage in negotiations. And that’s the least of your worries – what if a competitor buys advertisting time on the adware service and gets access to your company’s proprietary intellectual property (IP)?
If the adware is a stand-alone application, it could be uninstalled. But if the adware is built into Office programs like Word and Excel (never mind Outlook), or even worse, if the adware is built into Windows itself, the only obvious way to keep this example from happening is to totally isolate the company’s network from the Internet altogether. Think about the amount of work you do via the Internet in some fashion – you can’t tell me that isolating your desktop computer from the Internet so you can securely work on company IP is a good thing. And these days, many companies have network access configured so that employees can work remotely while on vacation or at home – doing so would give the adware on a private computer access to the clean network at the company.
As bad as the corporate picture looks, the personal picture is much, much worse. Most companies at least have people who will be trained on how to disable these functions so that company IP is protected. But individual users simply don’t have that kind of support, and so all sorts of private data will be available to the adware. Just to use some innocuous examples from my own home computer, I don’t really want to be targeted with ads for Dungeons and Dragons books because I run a D&D game. And I don’t want advertisers to know who my insurance company is by scanning my PCs “bookmarks” file. And I don’t want to see ads for dial-up access services just because I had to use dial-up for a week instead of my DSL while I was on vacation. But what about those people who keep things like their taxes (TurboTax), bank account information (Quicken), health insurance records (Word, searchable .pdf files), mortgage data (also Quicken), children’s names and ages (Word letters, blog archiving software), etc. Do you want an advertising program, and thus the massive database(s) it feeds and the customers who mine that database, to have detailed private information about you? I don’t. Hell, Gmail is a lot less intrusive than this patented adware would be, and yet I will never use Gmail myself because I don’t want Google and its advertisers to have access to private communications.
Whether or not Microsoft wins this patent, some adware like this will eventually come into existence. And when it does, it will only be a matter of time before some enterprising virus writer reverse-engineers it to snag personal information that the original adware excluded. If Microsoft integrates this into their operating systems, I’ll probably stop using PCs altogether and migrate to a Mac.
This kind of adware is a boon only to the advertisers who would use it – to everyone else it’s a bane. Ok, maybe not everyone – spy agencies would love it. So would the data mining companies who sell correlated personal data to the government (and that the government is legally prevented from producing itself), especially given how easily this adware could be modified into true spy-ware.
Some things should never come to pass – this is one of those things. To paraphrase Ripley from Aliens, “Nuke the patent from orbit – it’s the only way to be sure.”