In the good old days of 2001, Microsoft started an aggressive anti-piracy initiative that is still alive today. Called "Windows Product Activation," Microsoft’s early iterations attempted to verify copies of Windows online, going so far as to scan system components in an effort to individually identify machines. Some five years later Microsoft is still trying to keep an eye on piracy online, but they’re going about it in a way that angers many.
Los Angeles resident Brian Johnson has field suit against Microsoft in the U.S. District Court in Seattle, charging the company with failing to disclose the true nature of a similar anti-piracy tool that Microsoft has distributed. The tool in question is the now-notorious "Windows Genuine Advantage"—an descendant of sorts from the old WPA approach. Johnson’s complaint centers around the fact that previous versions of WGA constantly "called home" to Microsoft, which in his view constitutes a a violation of anti-spyware laws in both California and Washington State. Johnson’s suit seeks class-action status for the complaint, and it is being fronted by Scott Kamber of Kamber & Associates LLC in New York. Kamber recently served as plaintiff’s counsel in the rootkit fiasco centering on Sony.
According to the complaint, "Microsoft effectively installed the WGA software on consumers’ systems without providing consumers any opportunity to make an informed choice about that software." Furthermore, Microsoft was accused of "misleading and unlawful conduct in installing uninstallable licensing enforcement software under the guise and misrepresentation of a security update…" Microsoft has dismissed the complaint, calling it "baseless."
Of the many issues that surround the case, one that will be particularly important as it moves forward relates to the definition of spyware. In legislative debates over the matter, legislators, lobbyists, and software representatives couldn’t agree on the essential definition of spyware, and many software companies were concerned that a loose definition could result in frivolous lawsuits. Microsoft’s position on the matter seems to adopt this view. Jim Desler, a Microsoft spokesman, said that "spyware is deceptive software that is installed on a user’s computer without the user’s consent and has some malicious purpose." As such, he argued, WGA doesn’t fit the bill.
Technically speaking, WGA does require the "consent" of a computer’s operator to be installed, although that consent could be considered somewhat weak given that it is presented as a mandatory update. To Microsoft, however, the fact that the tool once called home daily is of little significance, inasmuch as what it is designed to do is singular in its purpose: to constantly monitor the licensed state of a Windows install. In their view, WGA would have to have some ulterior functionality to be true spyware. Nevertheless, the company changed the frequency of callbacks to something closer to every 90 days, although the company has not explicitly said what the periodicity is.
To be sure, while rumors relating to WGA’s supposedly nefarious capabilities are rampant (and include the possibility of it housing a kill switch), nothing has been "found in the wild" (so to speak) that rises to the level of Sony’s rootkit, which made demonstrably unsound changes to the Windows operating system. The Seattle Post-Intelligencer, which broke the story, quotes the co-founder of People for Internet Responsibility as saying that WGA doesn’t cause "anywhere near the kind of damage that is normally associated with spyware." Nevertheless, pervious versions of the tool did not disclose details of the "phone home" system, and questions remain regarding the propriety of distributing an anti-piracy tool as a security update.
As of yet, no court dates have been set.