REPORT OF THE US CHESS LIVE SUBCOMMITTEE OF THE USCF
INTERNET COMMITTEE
The USCF Internet Committee has established a subcommittee to
monitor US
Chess Live, evaluate the status and any changes, and address concerns or
problems associated with the service. I would like to express my thanks to
George John, Susan Strahan, and Michael Gosselin for
their work on the
subcommittee to date. I also would like to thank Laura Martz for
representing the USCF office and Amy Sullivan, Shawn Sullivan, and Joel
Berez for representing Games Parlor. Their timely
assistance and cooperation
made this report possible.
Myron Lieberman
Chairman, US Chess Live Subcommittee
The US Chess Live Subcommittee explored three concerns regarding the current
procedures and software in use on US Chess Live (USCL). They were (1)
Registration procedures, (2) Conducent software, and
(3) Anti-cheating
measures.
(1) CONCERN: Registration has not yet been automated. When someone registers
they are informed that they will receive their username and password within
48 to 72 hours. This is because the process is done manually. It does not
take very long to register a player, but the time is needed because the
process is subject to backlog, workload and other human delays. The process
essentially involves verifying USCF membership information, possible
duplication of usernames, etc. There are times when people claim to have
waited much longer than the 72 hours. This in many cases was not really
true, but where there has been an unusually high backlog or if a
weekend was involved there have been such cases. Possibly the message should
have specified business days rather than hours but, as will be shown, that
is now a moot point.
There is no dispute that the registration process must be automated,
especially in a situation where other servers (where membership verification
is unnecessary) have automated registration and the process takes minutes or
less, not days.
(1A) SOLUTION FOR FUTURE - Efforts to automate registration in the past have
.not worked out due to technical problems, but we have been advised by Games
Parlor that a new system for automated registration will be ready for
inclusion on the new version of the USCL client, scheduled for release in
March, 2001.
(1B) WORKAROUND FOR PRESENT - Many people want to get online and start
playing rated games immediately. Others are happy to wait the few days
before playing as a registered member. It should be pointed out that during
the time between a member registering and the registration being completed,
that player may sign on as a guest. As a guest unrated games can be played,
lectures and battles of the mind can be observed, and most other features
are available. Some players actually find the time delay helpful because
they can sign on as a guest and learn how to use the system before they
start their history as a registered player. Those that want to play rated
games immediately can sign on as a guest and expedite their registration by
providing the necessary information to an appropriate person who can
register them in real time. Thanks to Laura Martz and to Games Parlor for
setting up this procedure. Nobody who is unwilling to wait for their
registration to arrive needs to wait more than a few minutes if they handle
it online.
(2) CONCERN - There have been public outcries that the USCL client software
contains "Spyware" and is capable of
stealing a wide range of personal and
other information from users' hard drives.
(2) HISTORY - Games Parlor does not charge USCF for development and
maintenance of US Chess Live (USCL). Their expenses are paid by
advertisements that appear on the site. When USCL was first introduced the
ads were managed by software from Radiate, an advertising aggregator that
included an executable file with the USCL client download. That file could
be run by Radiate any time the computer was connected to the Internet. It
could provide a range of information to Radiate (and possibly others)
without the user being aware of it. This was not known at the time and as
soon as it was discovered that the Radiate software was handled in this
manner Radiate was dropped as a provider of ads. Given the best of
intentions, the idea was to generate information to customize the ads that
are shown to fit best with the users' interests. The problem is that there
was no control over what the software did or what information was being
obtained. The only notification to the user was a statement about
customizing ads.
Games Parlor arranged with Conducent to be a
replacement for Radiate as a
provider of ads. They made it clear that the "Spyware"
method used by
Radiate was unacceptable. Conducent's "Timesink" software normally does
include a similar executable file, however Conducent
agreed to use a version
of their software that did not include that file. When the USCL client
software is downloaded the license agreement discloses that the Internet
connection may be used by the Conducent software to
transfer information and
reference is made to Conducent's privacy statement,
which can be found at
(http://www.conducent.com/privacy/index.html).
The Conducent privacy
statement indicates that it may collect non-personally identifiable
information over the user's Internet connection. It is written in a vague
enough way to where there could be real concerns over what is not said.
Please keep in mind, however, that this privacy statement is written to
apply to all versions of the software, not just the version used with USCL.
Conducent, like Radiate and many other companies, has
been under fire as a
supplier of "spyware". Privacy oriented web
sites such as
www.grc.com/output.htm, www.lavasoft.de, and others refer to Conducent /
Timesink software as "spyware",
primarily because of the executable file
that is not included with the USCL client. Message boards such as Usenet
newsgroup alt.privacy.spyware and www.cookiecentral.com/board.htm.
are worth
checking for those that want to learn more in general about privacy on the
Internet.
The Conducent software currently included with the
USCL Client software does
not pose a greater risk to having credit card numbers, passwords, etc.
stolen than any Internet connection would without that software. Information
such as advertisements, their scheduling, and user information are stored on
the user's hard drive. Conducent states that no user
identifiable
information is collected other than what is provided voluntarily. Users have
the option of providing Conducent with demographic
information by filling
out a form when they first sign on. The form can be ignored by the user. It
is optional. Technical information such as IP address and operating system
can be public without Conducent software. The
Internet is simply not a
private place. It is millions of computers linked together. That is a very
public situation. Netscape, Internet Explorer, and other web browesrs know
what websites you visit and web hosts can get that information from the
browser. Internet service providers and web hosts store your information on
their computers. Certainly they have access to that information if they
choose to abuse their trust, as does Conducent.
What is "spyware"? It was best said by a
post in alt.privacy spyware
which
stated, in part, "...squabbling over precise definitions is a good way to
(a) waste opponents' time and (b) divide them." There is disagreement on
the
definition, so instead of using that term, let's look at what we want and
don't want. Acceptable software must not collect or provide to a third party
any personal information without the consent of the user. It must follow the
terms of its privacy policy, and it must be uninstallable
if the user no
longer wants to continue using it. It should be noted that uninstalling
software that is coupled with another application (such as USCL) can make
that application useless or require its uninstallation
as well. We have no
evidence to indicate that the version of Conducent / Timesink software
included with USCL violates the Conducent privacy
policy. A procedure must
be provided that would allow for the complete uninstallation
of Conducent
software by any user that chooses to uninstall it. Such a procedure is not
currently posted, although it exists.
(2) SOLUTIONS FOR FUTURE - Games Parlor has indicated that the new version
of USCL, due to be released in March, will no longer contain Conducent /
Timesink software. They will be using standard HTML
banner ads provided by a
new advertising aggregator, ValueClick. The ValueClick software will not
install on or transfer from any user's hard drive any information without
the user's knowledge. When the new version is released, the current version
and any older versions will be blocked. The installation of the new version
will include a complete uninstallation of the old
version(s) and all of the
Conducent software.
There are several bills in Congress that currently deal with Internet
Privacy
issues. Their status can be checked by going to the Library of Congress
website (www.loc.gov) or to the Senate and
House sites. The most directly
applicable bill is Senate Bill S197 IS, which is the "Spyware
Control and
Privacy Protection Act of 2001." The wording can be found at the above
sites.
(2) SUGGESTION FOR PRESENT - While we do not believe that the
Conducent/Timesink software installed with USCL
constitutes a threat to
information that is stored on a user's hard drive, we ask that until the new
version of USCL is released a complete procedure for the uninstallation
of
the Conducent software be made available for those
who want to uninstall it.
(3) CONCERN - There is a problem with cheating by people who use computers
while playing rated games on USCL. Other servers have found it necessary to
include anti-cheating software as part of their client software. It has been
proposed by the USCF office and Games Parlor that USCL do the same. This
becomes another privacy related issue at a time when everyone is sensitive
to privacy, but USCL can also lose credibility by being seen as allowing
cheating.
Currently USCL has established a task force of people whose primary
responsibility is to detect cheating by computer abuse. They use empirical
evidence including such things as performance, move timing, etc. to build a
case that a person may be using a computer while playing a rated game. When
enough evidence is gathered to indicate that computer assistance is being
used, that player's account is flagged as a computer account so that
opponents are aware they can expect to be playing against a computer. The
problem is that as more games become rated and more tournaments are held,
the likelihood of cheating increases. Serious players will tend to not want
to play on a server where cheating is likely.
The suggested software would log the existence of any chess playing or chess
database programs that are running and in use during a game. The information
would go to the computer abuse task force to provide additional evidence for
it to make the final determination. If a program is simply on a hard drive
or running in an open but not active mode it would not be logged, but if it
were active (studying or playing a game or position), that activity would be
logged. It would not detect or log a player who is using another computer, a
standalone, or a book.
The key privacy issue with anti-cheating software is full disclosure. The
player must be aware that software aimed at the detection of cheating
will
be included with the USCL client software at the time that the USCL software
is downloaded. Downloading the USCL software should constitute acceptance of
a stated privacy policy and user agreement which discloses the existence of
anti-cheating software. The wording must be general enough to allow it to be
effective (so as not to specify how to defeat the software) but specific
enough to make it clear that the possibility of cheating is being monitored.
(3) SOLUTION - Games Parlor will include a statement in both the User
Agreement and the Privacy Notice that explains what the anti-cheating
software does and what information it records. Players may use other
interfaces that do not contain anti-cheating software, but they will not be
allowed to play in tournaments unless they are using the USCL client
software.
There was substantial discussion on the subcommittee as to whether or not
the
anti-cheating software should be able to be turned on and off at the
player's discretion. Based upon the strong preference of both the USCF
office and Games Parlor, the anti-cheating software will be on continuously.
Since anti-cheating software is only needed during rated games and
tournaments, and the primary difference between a registered player and a
guest is the guest cannot play rated games, it may be possible for a player
who doesn't want the anti-cheating software to be active to simply sign on
as a guest.
Respectfully submitted,
Myron Lieberman for the US Chess Live Subcommittee
----------------------------------------------------------------------------
----------------------------------------------
Again, thanks to everyone involved for their help on this project.
Regards,
Myron