[Fsuk-manchester] Fwd: [ORG-discuss] Nokia privacy issues with software upgrade

[Tim Dobson]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

people may be interested in the implications of this... :)

- -------- Original Message --------
Subject: [ORG-discuss] Nokia privacy issues with software upgrade
Date: Sun, 11 Jul 2010 20:03:02 +0100
From: Graham Cobb <address@hidden>
Reply-To: Open Rights Group open discussion list
<address@hidden>
To: address@hidden

A recent article in The Register
(http://www.theregister.co.uk/2010/07/01/nokia_n900_update/) picked up on a
controversy in the Nokia N900 user community.  I believe it has some
implication for digital rights, in particular on whether it is
legitimate for
companies to sell hardware which can only perform the advertised
features if
users agree to give up some privacy, and on how far that should be
allowed to
go.

In summary, users of the N900 discovered that when they installed the
software
update Nokia recently pushed to their phone, the phone would no longer work
until they had agreed to a long set of legal terms (never seen before) and
also they had authorised the phone to send an SMS to Nokia with
(unspecified)
personal information(*).  It was not possible to opt-out or even to
manually
re-install the previous software version to make the device work again.

There are two, slightly separate, issues:

1) This is a policy Nokia seems to have introduced for all its new
phones: the
phone will not work unless you agree to register with their MyNokia
service.
This feels, to me, likely to be legal but it is unacceptable to me.  If I
found my phone would not do all the things mentioned in the advertising
without me agreeing to register, I would return it for a refund.  It
would be
nice to have Nokia making this requirement clear in their advertising
and/or
a very clear ruling that under UK or EU law the user is entitled to return
the device for a full refund (and cancellation of an associated mobile
phone
contract).  Better still, of course, Nokia should allow users to opt-out of
the registration!

2) In the case of the N900, it did NOT require that registration
initially --
the requirement has only been introduced several months later when you
install an upgrade, which made no mention of the new requirement.  To me,
that is exactly the same as malware which advertises a free game but
when you
install it, takes over your computer and demands you send money before it
will allow you to regain use of the machine. In fact it is worse as you
cannot even re-install the software to return to the previous, working,
state.

I am not anti-Nokia (on the contrary, I am a well known member of the N900
Maemo software community), but I am against this policy and would like to
convince Nokia to change it.  The Maemo Community Council (which represents
users to Nokia) has taken up the issues and some people have complained to
their local Nokia support lines but Nokia will not budge.  I'm not
expecting
ORG to take up this campaign as it is very much a niche issue.  But I would
welcome advice, from the list, on how to pursue this.

I have considered making a complaint under the UK Computer Misuse Act
(Section
1, or even Section 3) citing the "malware" behaviour.  But I do not know
how
to go about it or whether it would be effective.  I can't quite imagine
explaining the issue to someone at my local police station, even though
this
is a criminal complaint.

Is the only remaining option to engage a lawyer and get him to write
some sort
of formal letter to Nokia?

Any thoughts?

Graham


* The details are quite complex.  For example, the terms are different
depending on the country/operator of the phone's SIM card, with some not
being exposed to the issue at all.  Also, Nokia have stated that they
believe
the behaviour is legal, citing one sentence buried on the box in the middle
of very small text about trademarks: "Registration via SMS required".
It is
also bound up with issues about Maemo/MeeGo being supposed to be "Open" and
but this conflicting with the values of many in the Open Source community.
And there are people inside Nokia who support the community's concerns but
have been over-ruled by their management.

I would be happy to get into a discussion of the details either on or
off the
list, as people prefer, if there is interest.  In the meantime, If
anyone is
interested in more background see (in increasing order of length!):

http://maemo.org/community/council/nokia_response_to_mynokia_subscription_in_pr1-2

http://wiki.maemo.org/PR1.2_compulsory_My_Nokia_subscription

https://bugs.maemo.org/show_bug.cgi?id=10366

http://talk.maemo.org/showthread.php?t=53565

http://talk.maemo.org/showthread.php?t=57214

_______________________________________________
ORG-discuss mailing list
address@hidden
http://lists.openrightsgroup.org/mailman/listinfo/org-discuss
To unsubscribe, send a blank email to
address@hidden

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJMOmdFAAoJEFGyIhEBWd2JHcsH/iDDBmA6BtcPt0YyN0Np4xSl
mnvNBMRh54qwrFnd8AzxdVF61WxawbpLA2YQH/3aJfT8yCJE+2gxed/exD5oqLZ1
gEyDTdN3lxCFl5hInL0BLaSFQ67rZ6j91EHAHQzwiHDcNxSUu6qpNuz987RDGldK
PcTI9qBqD9B+qe1XvEDAjN2uO9rIsKDk66ycjDeOv/F1ani3J/1jvxM/ShXopvO5
O15BmZpmjElqsGPFv1dcHms41aF9aR+L0E/06BIREVp8GPBg65EnLzqx1dI9F2RW
hTzhIkwk5Fa6iczeVyOJCB1KoJkGYwdkCYx3moULuymK6q+nkiHs9U4RynBBsW8=
=H3PM
-----END PGP SIGNATURE-----