A pal of mine recently moved out to rural Ontario and signed up his in-laws with the local cableco for Internet service. The cableco, COGECO, has one of the worst service agreements I’ve ever read. Check this out:
IMPORTANT NOTE: COGECO Cable Canada Inc. reserves the right to revise the Residential High-Speed Internet Service Agreement and Acceptable Use Policy attached as Schedule A to this Agreement at any time, effective upon posting of the new or revised version on the COGECO website at http://www.cogeco.com.
That’s standard Asshole Contract language, of course, but it just galls me every time I read it. Can you imagine the chutzpah you’d need to characterize this as an agreement? “Here’s something we’re shoving down your throat, agreed? What’s more, we reserve the right to shove more crap down your throat, without notifying you, and you’ll agree to that too. By the way, did you know that last week you agreed to let us come over and eat everything in your fridge? You’re so agreeable. That’s what we like about you, our customer.” But wait, there’s more!
The Service may not be used to breach the security of another user or to attempt to gain access to any other person’s computer, software or data, without the knowledge and written consent of such person…
Oh, really? So that means that if I want to get, say, an airfare from Expedia’s site, and Expedia doesn’t know who I am, I have to get written authorization from them or I’m violating the Acceptable Use Policy? Sure, they probably mean that it’s forbidden to illegally gain access to information on remote computers, but duh, they’ve already said that the service must be used lawfully. This clause reflects either ignorance or malice. But wait, there’s more!
Prohibited activities include, but are not limited to:
* Accessing data without express authorization of the owner;
* Logging into or making use of a server or account you are not expressly authorized to access;
* Probing the security of other computers/networks;
* Forging any part of the TCP/IP packet header or any part of the header information in an e-mail or a newsgroup posting…
Here we go again! Looks to me like this prohibits the use of any website for which you don’t have an account! That’s right, COGECO forbids the use of Google! And Boing Boing! And every other website whose terms of service don’t include an “express authorization” to send page-requests to their service. In fact, the default mode of Internet services is implicit authorization — if you send a request to my server and you get a response, you can assume that you’re authorized. If you get a “Forbidden” message or no response, then you’re not authorized. Even sending email to a webmaster to ask for express permission will “make use of a server that you are not expressly authorized to access” — i.e., the webmaster’s mail-server.
Forging headers is forbidden? What if you’re doing it to remain anonymous, say in order to participate in a secure protocol or to post to alt.anonymous? But wait, there’s more!
Use or distribution of tools designed for compromising security, such as password guessing programs, cracking tools, packet sniffers or network probing tools, is prohibited. The Service may not be used to collect, or attempt to collect, personal information about third parties without their knowledge or written consent.
So these tools — which sysadmins routinely use to scan their own networks, which have whole rafts of legitimate uses — are forbidden by COGEGO? What if you’re a crypto researcher? What if you maintain or contribute to nmap or ethereal or one of the many tools that violate this provision? Are you forbidden from posting updates to Sourceforge from your connection? What if your pal calls you up and says, “Dude, I think my network is vulnerable — can you tell me if you can get at my servers?”
Again, they probably mean that the illegal use of these tools is forbidden, but they’ve already said that using their service to break the law is forbidden (duh), so again, we’re left to wonder: is this malice or cluelessness?
The transmission or dissemination of any information or software that contains a virus or other harmful feature also is prohibited.
What’s a “harmful feature?” If you email an old copy of MSIE to a pal that has an unpatched back-door in it, are you violating the Acceptable Use Policy?
The Service may not be used to violate the rules, regulations, or policies applicable to any network, server, computer database, or web site that the customer accesses or to violate another internet Service provider’s acceptable use policy and/or terms of service.
So if any conduct is forbidden by any ISP anywhere in the world, it’s forbidden here? What about the Chinese ISP, which forbids accessing CNN? Or the Saudi ISP, which forbids accessing playboy.com? Or a German ISP, which forbids posting Nazi memoribilia? But wait, there’s more!
Sending unsolicited E-mail without identifying in the E-mail a clear and easy means to be excluded from receiving additional E-mail from the originator of the E-mail.
So if you send an anonymous, whistle-blowing email ratting out your boss for dumping toxic waste in the Rideau, you’d better sign it? But wait, there’s more!
Using automated programs, such as “bots” or “clones” when the Customer is not physically present at the device.
This appears to ban the use of things like download managers and cron jobs that access the network. But wait, there’s more!
COGECO may cooperate with law enforcement authorities in the investigation of suspected violations to any applicable law, regulation, public policy or order of a public authority having juristication. Such cooperation may include COGECO providing the customer’s username, IP address, or other identifying information based on reasonable evidence, receipt of warrant or order.
Reasonable evidence? What the hell does that mean? If there’s “reasonable evidence,” then why wouldn’t the cops be able to get an order or a warrant? Or does “reasonable evidence” mean, “good enough to convince us, but not good enough to convince a judge?” Based on the stunningly poor judgement demonstrated in this “agreement,” I’m not sure that I’d want to trust COGECO’s definition of “reasonable.”
ISP terms-of-service seem to be getting worse and worse. I advised my pal, the new COGECO customer, to quit the service and tell them why, but he says that they’re the only broadband service provider available where he’s at. No wonder they’re acting so badly — they’re the only game in town.
How bad are the ToS at your ISP? Post to the Discuss link.
(Thanks, Kernel Santos!)