Microsoft has just been sued over its Windows Genuine Advantage tool. Here's the complaint [PDF], and you can read all about it in Todd Bishop's article in SeattlePI. It was filed in California, and seeks to be a class action lawsuit, similar to the Sony rootkit ones:
A computer user is suing Microsoft Corp. over the company's Windows Genuine Advantage anti-piracy tool, alleging that it violates laws against spyware.
The suit by Los Angeles resident Brian Johnson, filed this week in U.S. District Court in Seattle, seeks class-action status for claims that Microsoft didn't adequately disclose details of the tool when it was delivered to PC users through the company's Automatic Update system.
I can't say I'm surprised. When I read David Berlind's piece demonstrating that the tool downloaded without adequate and clear notice first, I was pretty sure this would happen next. Then when I heard Microsoft had changed its EULA and its WGA policy, I knew there was a lawsuit in the air.
Ben Adelman is quoted in the article as calling the disclosure "slim to none." The lead lawyer representing the plaintiff is Scott Kamber of Kamber & Associates, a New York firm. Kamber was also involved in suing Sony:
"The statute says that people have a right to know what's on their computer," Kamber said. "We're at a point in time right now where people's rights on their own computers and technology are really at issue."
The article mentions that some feel that there was no harm done. That depends on how you define harm. Some might well feel that the undisclosed "calling home" feature was harmful, precisely because it wasn't disclosed, and because anything on your computer that is running that you don't know about is a security issue for you, if only because you don't know how to protect your computer or even that there are potential issues. Then there is the issue of private information about you being collected by Microsoft without your knowledge or control. On what basis is that not at least potentially harmful? What does Microsoft do with that collected information? Whose data is it, anyway?
Another problem with a system like this is very much the same problem with DRM and why DRM will never work. Here's why: your computer is dumber than your dog. At least your dog knows who you are and that you are really you.
Computers regularly mess up with such simple tasks. Exhibit A: I broke down the other day and backslid on my decision not to buy from iTunes. I felt I just had to buy a song I was longing to hear, so I went to iTunes, which I no longer was buying from due to Apple changing the terms of the deal after the fact. (I know. I am imperfect. I yam what I yam.) Anyway, the system thinks I have used up three computers now. You only can "authorize" 5 or 6 computers to use iTunes.
But the funny thing is, this is the same computer I first used with iTunes. It broke down a couple of times and I got a new hard drive and I reinstalled the software without reinstalling the iTunes Library, but it's the same one and only computer. Try telling that to their system. And you know how it is. If you argue with a computer, the computer wins.
That is a problem with WGA also. I read that it has been calling folks pirates who are not, who sent in their computers to be fixed and now trigger the stupid computer problem.
That is an issue in the litigation, interestingly enough:
21. However, WGA can malfunction and mistakenly identify a licensed Windows XP copy as unlicensed when, for example, a user transfers his legitimate Windows XP copy to another system with different hardware or significantly changes the hardware on the original system (e.g. installs a new hard drive). In this way, WGA impinges on users' fair use rights under 17 U.S.C. Section 117(a)(2) to use legally space-shifted Windows XP copies
Finally, someone is raising the destruction of users' fair use rights in a court of law, even if somewhat tangentially. I am sure this is just the beginning of this issue being brought to the courts.
The statutes that Microsoft is being sued under include Washington State's Consumer Protection Act, Washington Rev. Code Section 19.86.020; Washington's anti-spyware laws, specifically Washington Rev. Code Section 19.270.040; the California Consumer Legal Remedies Act, California Civil Code Section 1750 et seq.; California's anti-spyware laws, specifically California Business & Professions Code Section 22947.4; and California's Unfair Competition Law, California Business & Professions Code Section 17200.
As for relief, among other things like damages, they are asking for injunctive and equitable relief, "prohibiting Defendant from engaging in the acts of unfair competition or deceptive trade practices alleged" and requiring Microsoft to delete "all data surreptitiously or otherwise collected" and "ordering data, funds or other assets obtained by unlawful means as alleged above to be impounded, or a trust imposed, to avoid dissipation, fraudulent transfers, and/or concealment of such assets by Defendant."