<<< Date Index >>>     <<< Thread Index >>>

[IP] How innocents can be penalized by Windows Genuine Advantage





Begin forwarded message:

From: Lauren Weinstein <lauren@xxxxxxxxxx>
Date: June 13, 2006 12:24:27 PM EDT
To: dave@xxxxxxxxxx
Cc: lauren@xxxxxxxxxx
Subject: How innocents can be penalized by Windows Genuine Advantage


Dave,

In the wake of the controversy triggered by my earlier discussions
regarding Microsoft's "Windows Genuine Advantage" (WGA) behavior,

( http://lauren.vortex.com/archive/000178.html ,
  http://lauren.vortex.com/archive/000179.html )

I've received a lot of e-mail from folks who assert that they are
being unfairly tagged by Microsoft WGA as having illicit systems,
with continuing warning messages and attendant future restrictions
on their ability to obtain non-critical updates.

As I've noted previously, I have no sympathy for genuine pirates.
However, there is a common thread running through many of the
reports I'm seeing, suggesting that innocent users may easily end up
with "pirate" versions of XP without their knowledge, and with no
entirely clear and practical path to rectifying the situation.

The scenario is obvious once you think about it.  People start off
with the legit copies of the Microsoft OS that come pre-installed on
their computers (relatively few people ever install their own OS, or
would care to risk the process in any case -- most use what comes on
their machines).  The OS copy is legal, authenticated, and paid for
as part of the system.

Now the trouble starts.  They have a disk crash or other serious
system problem.  They take their computer back to the store's repair
depot, or to a third party computer repair entity.  The computer is
fixed and seems to be fine again.  Then suddenly, they start
receiving WGA piracy warnings.

Why?  It appears that it is *exceedingly* common for repair
operations to reinstall based on "cloned" or otherwise duplicated
copies of the Microsoft OS, rather than try to restore or
reauthenticate based on the original users' OS serial numbers or
authentication codes.  Original restore disks and key information
cards/labels are frequently missing, making it difficult to
duplicate the original authentication environment.

Service depots tend to frequently have a working configuration that
they can easily clone to repaired systems, and since the user
originally paid for one copy of the OS (with their computer, now
wiped out as part of the repair process), and ends up with a single
copy afterwards, it's not like there's now an additional copy in use.

Once their systems have been flagged by WGA, users may have a
serious dilemma, even if MS is willing to provide clean versions of
the OS to persons who can demonstrate that they are unwilling
"piracy" victims.  Most of these users don't have original "pirated"
disks to send over to MS.  In fact, such users are likely not to
understand what is going on at all in this respect, since -- as far
as they knew -- their systems had simply been fixed and then were
working fine -- until WGA kicked in, that is.

If MS could provide such users with a simple way to update their
authentication keys that might be one solution, but an alternative
such as having to completely reinstall a fresh copy of the OS
would be completely beyond the pale for most users.

I have not yet received a response from officials at Microsoft to
e-mail I sent several days ago, asking specifically how they
intended to deal with these kinds of WGA situations.

As Microsoft ramps up WGA enforcement, we are likely to see
scenarios such as these -- involving innocent users -- appearing in
potentially very large numbers.

--Lauren--
Lauren Weinstein
lauren@xxxxxxxxxx or lauren@xxxxxxxx
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
Co-Founder, PFIR
   - People For Internet Responsibility - http://www.pfir.org
Co-Founder, IOIC
   - International Open Internet Coalition - http://www.ioic.net
Moderator, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
DayThink: http://daythink.vortex.com



-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/