FTC spyware suit highlights need for standards-backed protection against abuse.
Perhaps Im getting too good at seeing the glass as one-tenth empty,
instead of nine-tenths fullbut Im wondering, you see, what someone
might pour into that remaining empty space. Web services technologies
offer exceptional power for crafting
enterprise IT architectures,
but I sometimes wonder if they have
what it takes to survive out there on the street: There are plenty of
people with their own ideas for what to add as a final
unwelcome ingredient to the services cocktail.
My suspicion in these matters is long-standing. It goes back to when
Microsoft was still talking about Windows
about four and a half years ago, which was the first
time that I heard someone describe a specific, service-for-sale vision
of what was then called, at least by Microsoft, the "programmable Web."
The service in question was the calculation, hypothetically, of
sales tax on Net-based transactions. Rather than having every Internet
retailer maintain its own map of myriad sales tax districts and rates,
this imagined service would take the locations of seller and buyer, and
the dollar amount of the transaction, and would return an accurate
determination of what taxes were due to whom.
Yes, I know that Internet-based transactions are at present exempt
from most taxes, but that cant last
The service Ive just described would be, at some point,
worth havingbut call me nasty and suspicious, because the first
thought that went through my head was, "What a scam." Buyers of this
service would be feeding the provider a real-time stream of data on
whos buying stuff, in terms of locations if not individual names, and
how much those customers are spendingand they would be paying for the
privilege of divulging that valuable market intelligence. Nice work if
you can get it.
What brings this memory to mind is the FTCs first filing, last
week, of a lawsuit seeking
court blockage of spyware operations.
If you think the spyware
problem is out of hand already, just wait until theres a far richer
ecosystem of Web services message traffic on which to feed. Weve
barely begun to suffer. In the present case, were talking about the
actual uninvited installation of unwanted software on peoples
machines, and yet its still possible for a reasonable person to
contend that no law is actually being broken: How much harder will it
be, I wonder, to protect users privacy interests in their
stream-of-service messages that are traversing public network links?
The question isnt just sitting there, waiting for a disappointing
answer: Its being addressed, in particular, by the multilayered
by WS-Security 1.1.
Its essential that this and other protections
stay abreast of the growing mischief-making
potential of interacting services,
as we leave the benign era of
trying to prove that the technology can work and enter a more
challenging era: one in which people want it to work in their own
One way or another, developers will take advantage of all the effort
thats being invested in making
targets of opportunity ever larger,
with ever more bandwidth
available to be used for good or for ill.
Tell me what other unwanted
ingredients might wind up in the services glass at firstname.lastname@example.org.
To read more Peter Coffee, subscribe to eWEEK magazine.
Check out eWEEK.coms Web Services Center
for the latest news, reviews and analysis in Web services.