Tuesday, February 08, 2005

VeriSign and the Spyware Cos

James Grimmelmann points me at Ben Edelman's latest piece of smart digital detective work, which says James,

"turns the harsh light of public scrutiny on VeriSign's grubby practices in issuing digital certificates to vendors who try to install spyware by tricking users into clicking 'yes' with low-down dirty lying dialog boxes.

Now, Ben wants VeriSign to clean up its act: it should refuse to issue certificates to companies that use obviously fake names (such as "CLICK YES TO CONTINUE") or that use those certificates to deceive consumers. For Ben, it seems to be a matter of moral suasion: he points to VeriSign's anti-spyware public statements and he points to terms in VeriSign's contracts with companies that use its certificates that give VeriSign the right to revoke those certificates in exactly these situations.

I agree wholeheartedly, but something else is bothering me about VeriSign's actions in digitally signing certificates with obviously faked company names. Isn't that illegal? Why do we have to ask VeriSign to do right voluntarily, pretty-please?"

BTW James had a really interesting article, Virtual Worlds as Comparative Law, 49 N.Y.L.S. L. Rev. 147 (2004), published in the New York Law School Law Review, just before Christmas. (Like all law journal articles it's not for the average reader but it does use the architecture of digital games to draw some enlightening lessons in thinking about the law, which most of us don't realise is quite a technical, sometimes even mathematical subject area).

No comments: