The CueCat is a barcode scanner passed out with subscriptions to Forbes magazine and the Radio Shack catalog. The idea is that consumers will install the CueCat software and use the scanner to scan in the bar code associated with certain advertisements. Once the bar code is
scanned into the computer, the software will direct the user's browser to the
product's web page.
Essentially, this is a way of giving the user of the CueCat immediate and up-to-date
information on a product the user is interested in. If I am, say, interested in
Radio Shack's televisions, I can scan in the bar code associated with the
television I am interested in and be immediately directed to that product's web
page. Voluntary, targeted marketing: the CueCat is the retailer's dream device.
There is a hidden side to the CueCat however. With every scan of a bar code,
the CueCat gives out a unique serial number. When you receive a CueCat at Radio
Shack, or from Forbes for that matter, this serial number can be
associated with your name, address, phone number, or whatever else Forbes
or Radio Shack happens to know about you. This information could be used in
other, involuntary marketing campaigns. You could get junk mail or spam from
television companies, for instance. The CueCat could not only direct you to the
product you are interested in, it could be used for involuntary data mining.
The CueCat is being given out for free at Radio Shack and from Forbes. A
person does not have to sign a form explaining that the device is technically
on "loan" from Digital Convergence (the company which markets this
device). In fact, it is only after one has dug through the documentation for
the product that it says the device is still technically the property of Digital Convergence. As far as the costumer is concerned, they own the CueCat.
For this reason, various members of the open source community set about to
write software for the CueCat that would mimic the proprietary Windows software
provided. This process is called reverse engineering. Reverse engineering is a
legal process by which a device or software component is duplicated without the
aid of the originating company. When a device or software component is reverse
engineered for use with another set of devices or software, it is called
reverse engineering for purposes of interoperatibility. The purpose of reverse
engineering the CueCat was to allow its use with the Linux operating system.
Reverse engineering for purposes of interoperatibility is protected by the laws
of most countries because it encourages competition and innovation. Clearly,
the reverse engineering of the CueCat so that it could work with the Linux
operating system qualifies for this distinction.
The first steps to reverse engineer the CueCat were clear. They needed to
decode the CueCat's weak encryption system. Most bar code scanners do not have
encryption. The CueCat is not just a bar code scanner, however. The CueCat
sends along a unique serial number for the device every time something is
scanned. Decoding the encryption was trivial. Some simply scanned in a large
number of bar codes, finding patterns in the output from the CueCat. Not a
stretch for an interested mind. In the end, Jean-Phillipe Sugarbroad figured out that Digital Convergence uses a modified version of base 64 encoding, a very simple encoding scheme.
After the encryption scheme was decoded (one hesitates to call it encryption,
as weak as it is), developers began working on extending the CueCat's
functionality. One developer is working on software that, like the Windows
software, directs the user to a specific product page when it's bar code is
scanned. This software expands the user base of the CueCat from Windows users only
to include Linux users.
Recently, cease and desist letters were sent to the developer of this software,
Michael Rothwell, which forced him to stop distributing the software. Any
software that expands a company's market share would normally be praised,
unless that software limits a companys revenue in other ways -- such as
preventing that company from conducting data mining using the unique serial
number on each CueCat. All alternative uses for the CueCat device that do not generate marketing information for Digital Convergence, be it as a doorstop, nightlight, or whatever, reduces their return on investment in the manufacture and distribution of the device.
Naturally, they wish to maximize their profit. Apparently, they are willing to try frightening into submission people who's behavior conflicts with their plan to sell a database of individual's consumer habits, preferences, and interests.
This mirror list, and others like it, are an attempt to demonstrate that a
device, reverse engineered in a perfectly legal fashion, will ultimately be
enhanced by open source development efforts. That is the long-term goal of this
mirror list. The short-term goal is to increase development and distribution of
the CueCat software drastically in order to dampen the effects of whatever
legal action Digital Convergence might take against developers. If you have the
ability, please, mirror this software and help us coordinate efforts against
this affront on innovation.
Written by John Kew, with many suggestions and addtions from Karl O. Pinc (kop at meme.com) and the community peri@logorrhea.com