decoration decoration
Stories

GROKLAW
When you want to know more...
decoration
For layout only
Home
Archives
Site Map
Search
About Groklaw
Awards
Legal Research
Timelines
ApplevSamsung
ApplevSamsung p.2
ArchiveExplorer
Autozone
Bilski
Cases
Cast: Lawyers
Comes v. MS
Contracts/Documents
Courts
DRM
Gordon v MS
GPL
Grokdoc
HTML How To
IPI v RH
IV v. Google
Legal Docs
Lodsys
MS Litigations
MSvB&N
News Picks
Novell v. MS
Novell-MS Deal
ODF/OOXML
OOXML Appeals
OraclevGoogle
Patents
ProjectMonterey
Psystar
Quote Database
Red Hat v SCO
Salus Book
SCEA v Hotz
SCO Appeals
SCO Bankruptcy
SCO Financials
SCO Overview
SCO v IBM
SCO v Novell
SCO:Soup2Nuts
SCOsource
Sean Daly
Software Patents
Switch to Linux
Transcripts
Unix Books
Your contributions keep Groklaw going.
To donate to Groklaw 2.0:

Groklaw Gear

Click here to send an email to the editor of this weblog.


To read comments to this article, go here
New PubPat Blog on Software Patents and Microsoft Does Something Right
Thursday, September 14 2006 @ 04:44 PM EDT

PubPat has just started a new blog on software patents, providing links to articles and resources. It's called Software Patent Watch. It's brand new, and I thought you might like to read one of the early entries, because it's on the subject of Microsoft's Open Specification Promise.

Microsoft, in this instance, has done a praiseworthy thing and they should be credited. Fair is fair. I earlier linked in our News Picks section to Andy Updegrove's article, in which he commended them too, but I want to have it here in the main section, because this really is a step forward and I want it in our permanent collection. Also, Software Patent Watch has an interesting angle on the story. [Update: So does Sun's Simon Phipps, who mentions three items he'd like tweaked, which you can read from a link on David Berlind's blog.]

Microsoft has made improvements on their Windows Genuine Advantage privacy statement in connection with their validation process too, as I'll show you after the blog entry.

First, here's the Software Patent Watch entry:

Microsoft Makes Open Specification Promise

Microsoft made an irrevocable promise yesterday to not assert any of its patents against the implementation of some web based standards. In drafting the promise, MS sought input from several folks within the Free / Open Source Software community, some of whom have their feedback publicly quoted. For one, Mark Webbink of Red Hat said

[T]he text of the OSP gives sufficient flexibility to implement the listed specifications in software licensed under free and open source licenses.

This is indeed a solid step of disarmament by a firm whose history was not built on sharing. It is also another significant piece of evidence that patent restraints on standards are not good for businesses involved with that standard or the public in general. Particularly, MS states:

Many of these specifications are currently undergoing further standardization in certain standards organizations. To the extent that Microsoft is participating in those efforts, this promise will apply to the specifications that result from those activities (as well as the existing versions).

So, MS is promising, in advance, not to assert patents over any standard that it helps to develop. This flies in the face of the patent hawk mantra that patents are "necessary to incentivize development." Truth be told, MS and others develop standards because they benefit from the existence of the standard itself, not some patent that they may some day receive.

I am not so naive as to think that praise will necessarily lead to all leopard spots changing overnight, but when folks do right, it's appropriate to say so, no matter what else they do or have done. So, I'm happy to be able to say, Well done!

Now, about the Windows Genuine Advantage story. For context, you might like to read this Business Week article on the EU-Microsoft verbal fisticuffs going on right now about Vista, and in the article it mentions in passing Microsoft's PDF viewer for Vista that the EU Commission is concerned about:

The Commission is also concerned about a file viewer called Metro that will be included in Vista. Metro can display documents created in the PDF format developed by Adobe Software (ADBE), which could erode Adobe's market leadership in PDF creation tools.

Meanwhile, though, before Vista arrives, Microsoft has just released a PDF plugin for free download by customers running "Genuine Microsoft Office." And that's how I ended up rereading the privacy statement.

The plugin file is humorously, to me, titled SaveAsPDFandXPS.exe, at least the one linked to by ZDNET's report. No doubt that will remind you that they have their own PDF-like format, XPS, which you can use instead of PDF should you so desire. You can get it as SaveasPDF.exe only or as SaveasXPS.exe only as well. In reading the Microsoft webpage, I noted this sentence: "As described in our privacy statement, Microsoft will not use the information collected during validation to identify or contact you." That reminded me that a few months ago, the validation process included such things as your hard drive serial number, which absolutely would identify you as far as I'm concerned, so I thought I'd take a look at the privacy statement again and see if I could put those two things together.

In fact, I believe there is some improvement. They now give you, as part of the validation process, a unique identifier, instead of collecting your hard drive serial number. That's a step in the right direction. And they provide now at least some information about what they retain. Here's what they collect now:

The tools collect such information as:
* Computer make and model
* Version information for the operating system and software using Genuine Advantage
* Region and language setting
* A unique number assigned to your computer by the tools (Globally Unique Identifier or GUID)
* Product ID and Product Key
* BIOS name, revision number, and revision date
* Volume serial number

In addition to the configuration information above, status information such as the following is also transferred:

* Whether the installation was successful
* The result of the validation check

As standard procedure, your Internet Protocol (IP) address is temporarily logged when your computer connects to an MGA website or server. These logs are routinely deleted.

Software piracy is a worldwide problem. To help spot possible systematic abuse of volume licenses, geographical location of the computer being validated is derived from its IP address. This is done at a precision that does not identify an individual user or computer. To help protect your privacy, only a non-unique portion of your IP address is used and retained with the information collected above.

The suspicious side of my brain notes that it says "such information as" which means to me that it isn't necessarily the complete and final-forever list. But even with that quibble, it's better than it was, if only because it tells you now what information is retained. Of course, two class action lawsuits probably were somewhat inspirational. And you have to like having your computer calling home to the mother ship with what is still quite a lot of information about you. But here's what they used to scoop up about you:

Q: What information is collected from my computer?

A: The genuine validation process will collect information about your system to determine if your Microsoft software is genuine. This process does not collect or send any information that can be used to identify you or contact you. The only information collected in the validation process is:

* Windows product key
* PC manufacturer
* Operating System version
* PID/SID
* BIOS information (make, version, date)
* BIOS MD5 Checksum
* User locale (language setting for displaying Windows)
* System locale (language version of the operating system)
* Office product key (if validating Office)
* Hard drive serial number

Q: How does Microsoft use this information?

A: The information serves three purposes:

* It provides Web page flow, tailoring the pages you see based on your responses.

* It conveys demographics, which help Microsoft to understand regional differences in Windows or Office usage.

* It confirms user input. User input is often compared against data collected from the PC in order to determine whether to grant a users request for additional access.

So, no more hard drive serial number collecting and what they do with the information has changed. [Update: Some readers point out that some call a hard drive a volume, and they are suggesting Microsoft has merely renamed the hard drive as a volume. If you are a customer, you might wish to ask, if privacy matters to you. Also, read the comments on this article. And if that is the case, and Microsoft is just playing with words, I retract half of my praise.]

It's awful still, to me, to be tracked at all, and I can't figure out why customers put up with it, but if you have to be tracked and followed around as you use your computer, an assigned number is probably better with respect to privacy than your hard drive's serial number. Also, hopefully it gives you the ability to swap in a new hard drive when the first one dies without WGA getting all hot, bothered and confused.

GNU/Linux software is better still, because nobody cares how many times you install or who you share the software with or who you are or what you are doing or your bios info or where you obtained your software and there is no calling home you must agree to, but fair is fair. Improvements should be noted, and this is an improvement.

So there you are, two sincere pats on the back from Groklaw to Microsoft.

[Update: Or maybe one, depending on what we find out about the hard drive issue.]


  View Printable Version


Groklaw © Copyright 2003-2013 Pamela Jones.
All trademarks and copyrights on this page are owned by their respective owners.
Comments are owned by the individual posters.

PJ's articles are licensed under a Creative Commons License. ( Details )