Pornographic Crippleware?: Wrangles over porn billing software

[R.A. Hettinga]

No, it's not what *you're* thinkin', perv...

:-)

Cheers,
RAH
--------

<http://technology.guardian.co.uk/print/0,,329946551-117422,00.html>


Inside IT

Legal wrangles over porn billing software

MBS's popups seeking payment for access to websites have caused concern,
but it could be you breaking the law, not them

Michael Pollitt

Thursday May 31, 2007

Guardian

When Liz Humby allowed her two sons, aged seven and nine, to use her new
laptop, they did more than she bargained for. Although she thought them
well-briefed about safe surfing, her eldest accidentally installed the
program developed by Micro Bill Systems (MBS) of Leeds which provides a
subscription to sexxxpassport, a pornography site. Within days, that was
generating popups which stalled the machine for longer and longer, and
demanding payment of #19.99.

"I was very distressed and anxious. I contacted Trading Standards and,
while they took details, were fairly unhelpful," says Humby. "It seemed
that the easiest thing to do was to hand over the money."

She contacted MBS explaining the situation; it responded with an email
saying that she was responsible and requesting a legal declaration of her
son's age.

"It was quite heavy-handed, saying my nine-year-old had committed a
criminal offence, and they would only cancel the demand if the form was
signed in the presence of a solicitor," says Humby.

Porn links

Many other people have contacted the Guardian about the company's software.
Another woman told us her husband installed the software on his company
laptop without realising. Following our advice on discovering how, she ran
a program called Internet Explorer History View and sent the evidence.

"My husband had, as you can see, been Googling and following up on porn
links. Certainly he wasn't anticipating being billed for anything," she
says. "He was pretty terrified once he realised what was happening, and
sent off a postal order. He confessed to me the next day, mainly because
the popup bills were paralysing his work." Thanks to a sympathetic IT
expert, the popup software was removed and the couple has heard nothing
since.

But who has acted legally? Is a nine-year-old breaking the law by
installing software to access a porn site - or should the porn site be
prosecuted for allowing access to a minor? Or should the billing company
(here, MBS) be responsible in the latter situation?

And are people who remove MBS's software after they have clicked on
messages saying "I fully understand the full terms & conditions" and then
click "Get Instant Access Now" which confirms that "you are aged 18 or over
and have read, understand and accept the full terms and conditions" within
their rights? Or are they, and antivirus companies who help them remove it,
committing a breach of contract with MBS?

Since writing about MBS's novel software (My PC is being held to ransom,
March 1), the Guardian has learnt that a second porn site, mysexworld.com,
is to adopt it for a three-month subscription service, and that a
non-pornography video-on-demand site is also considering its use. That
makes it more important to clarify the legal position.

One aspect of MBS's operation remains clear: extensive investigation by the
Guardian and security companies has shown no evidence that it is ever
installed by stealth. In all the cases found, the program is explicitly
downloaded and installed, with the user giving permission at a number of
steps, before it runs. At that point, if MBS does not receive payment on
behalf of the site, the popups will begin.

But what of the legal position? Simon Briskman, a partner in the technology
law group at Field Fisher Waterhouse LLP, suggests that children who
unwittingly subscribe for these services are not committing a criminal
offence and that it would also be extremely difficult to enforce a contract
against someone under 18 in these circumstances.

"Companies like MBS can only impose standard terms on consumers if they are
fair. Under the Unfair Terms in Consumer Contract Regulations, contractual
provisions which cause a significant imbalance in the parties' rights and
obligations to the detriment of the consumer are not enforceable." He
thinks that MBS's software is more detrimental to the user than nonpayment
is to MBS, and that ultimately those affected might take the matter to
Trading Standards.

Removing the popup billing software has become a topic in the forums of PC
Advisor, a business and home PC user magazine in the UK. Briskman's advice
is that doing so is within your rights, although Micro Bill Systems may
pursue you for money - if you can be found.

"MBS could easily have found other ways of securing payment, such as taking
credit card details. They could have made it crystal clear to users that
their computers would be effectively disabled," says Briskman. "Its chosen
approach would be regarded by most of us as unfair and may well fall foul
of the regulations. Concerned consumers should complain to their local
Trading Standards and urge them to take action."

But what about those who enlist antivirus software to remove the MBS
product? MBS says it is considering legal action against Jacques Erasmus of
Prevx, following comments he made previously in the Guardian about the
company; it wants to stop Prevx's product from removing its software.
Symantec - which sells the Norton security products - has already agreed to
such demands.

Having received 191 inquiries, West Yorkshire Trading Standards knows all
about the problems that many consumers are experiencing. Broadly, though,
Trading Standards covering the Leeds area, where MBS operates, backs the
company's position. "West Yorkshire Trading Standards have recently held
meetings with the company in order to investigate complaints from concerned
consumers," says David Lodge, the divisional manager. "It would appear to
be very difficult to subscribe to the service without realising. As such,
any contracts that are entered into are likely to be legally binding." But
he says there will be further meetings with the company.

Ashley Bateup, its managing director, remains enthusiastic about providing
billing services by this method. One can see why: it is not open to credit
card fraud; and as long as Micro Bill Systems can remain certain that its
software is always being installed through direct user action, it should
have a good chance of being paid.

Bateup says the company has taken considerable legal advice and drafted its
terms to be fair. However, he takes a tough line with parents like Humby.
Minors who install the software, he says, enter the contract under false
pretences, which he reckons is a criminal offence of obtaining a service by
deception.

"It is very easy for a consumer to apportion blame on a minor in an attempt
to sidestep their responsibility," says Bateup. "We have to differentiate
between a genuine minor access and any unsubstantiated claims made by an
adult." Briskman, however, says that the idea of a child committing
"deception" only applies if they do so with criminal intent - which would
be difficult to prove in a court.

Due diligence

Bateup also talks about "consumer due diligence" - that is, reading the
terms and conditions and considering what they mean before subscribing. For
removing the software yourself is likely to become more difficult soon.

"We are taking legal action against a number of companies that promote
their software as being able to remove our software," Bateup says. "Their
actions constitute an offence since they are inducing consumers to breach
their contracts with us. We are taking legal action against all companies
that list our software as malware or spyware." Meanwhile, he adds: "We
continue to work closely with Trading Standards, who remain content with
the processes that we operate."

As aggrieved consumers and software companies face Micro Bill Systems and
its unique popup billing system head on, human nature mustn't be forgotten.
Some people pay scant attention to terms and conditions. A child's
curiosity and inexperience, coupled with easily installed software, could
also lead to trouble. And where computers are shared, one unthinking person
might cause headaches for all. But if more sites begin using the same
system, will we all have to read a lot more carefully before we click on
"OK"?


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'