Now that the "Obligatory Inflammatory Title" is out of the way, let's get down to business.
Microsoft is launching an upgrade to its Windows Activation Technology (WAT) as a part of Windows Updates. For those who don't know; WAT is basically a re-branding of Windows Genuine Advantage (WGA) made fun and famous in Windows XP and Vista for locking users out of their systems.
The WGA works by recording your hardware driver configuration at activation, pairing that with your activation key, and then reporting that to Microsoft. The software periodically checks your drivers against the saved configuration to make sure your OS hasn't somehow been installed on someone else's computer. If you update your drivers from the manufacturer's sources, you run the risk of the WGA being fooled into thinking that you are using a different computer with your OS. The problem is compounded if you flash your BIOS.
WAT functions in much the same way, with the added feature of scanning the system for 70 or so known Activation Hacks. The new upgrade will have Windows 7 check in with servers at Microsoft every 90 days to run validation rather than just doing it locally.
Unfortunately for many users, the manufacturer will push out automatic driver updates as a means of improving hardware functionality. These updates will often conflict with the MS driver updates that also get pushed out automatically. The net result is that there are a lot of users whom Microsoft has locked out of their computers (and essentially accused of being software pirates) just because they are installing driver updates from the manufacturer. Installing a new processor, video card, and sound card can very easily trigger WGA lockout. It remains to be seen if it will trigger WAT pestering.
Driver Issue
In Vista, users would get stuck in Reduced Functionality Mode. They would essentially be able to use the Internet for half an hour. The first page your browser would open to is the “buy a license key from Microsoft” page. After half an hour, bye-bye Internet.
In Windows 7, Microsoft reports that WAT will not reduce functionality, but it will pester users. It changes the background to a plain background, and will produce dialogue boxes that notify the user that they are using a non-genuine copy of Windows 7. This is a significant improvement over the Reduced Functionality Mode from Vista, but it's still irritating.
Windows Team Blog
Granted this didn't happen to everyone who updated their drivers, but Microsoft reports that between 2005 and 2007 roughly 22, 800,000 people were victims of WGA false-positives. (MS reported that 144 million systems failed the WGA test. MS estimates that 20% , or 22.8 million, of those failed due to issues other than piracy, such as the driver update problem described above.
Microsoft's Piracy Stats
That's more than the population of Australia. (21.8 million people in 2008.) It's also more than the populations of the Netherlands (16.4 million), Cambodia (14.7 million), Greece (11.2 million), Portugal (10.6 million), Sweden (9.2 million), Austria (8.3 million), Switzerland (7.6 million), Israel (7.3 million), Denmark (5.5 million), Norway (4.7 million), and Ireland (4.4 million).
Population Data
It can be argued that Microsoft is a victim of their own success. Microsoft has an install base of 500 million or more users. That's more than the combined populations of the US (304,060.000) and Japan (127,704,000) ; total (431,764,000). Every decision this company makes has global ramifications.
USA and Japan
More Pop. Data
Even More
In this case, their decision is that your computer must prove to them that you haven't pirated their software. While Microsoft does have the right and, the obligation to it's stockholders, to protect their product from theft, I do not believe they have the right to enter anyone's home without their consent and rifle through their things. People would be up in arms if a private company sent a person to their homes and rifled through their stuff every three months with the express purpose of checking the legitimacy of their material belongings. Why is it any different with their software?
Imagine if car companies did this. Your local dealer would send a repo man every three months and check your VIN numbers against the make and model of your car, and verify that against the customer information they have on file. If you make custom modifications to your car (the same way people upgrade their computer hardware), the repo man insists that you've attached the VIN to a different vehicle, and insists that you now pay to re-license the VIN with the new car. You have to argue with them, and prove to them that you are the legitimate owner and that this is the original vehicle to avoid paying anything.
Let's say that this car has a failure of some sort, and you need to install a replacement part. You know how to fix it, or you have a friend who can fix it for much less than the dealership. He doesn't use branded dealership parts, but uses a functional part from a junk yard for much less. (This is similar to the way computer techs will have to repair some users' computers, because nobody makes their frickin' recovery disks, or keeps track of them over the lifetime of their computer.) The dealership's repo man visits and checks the installed parts against the records and discovers a non-licensed part has been installed. They then take your vehicle away, or insist that you make payments on a second vehicle, or pay a small fee to re-license the VIN with the new parts. Again, you have to argue with them, and prove to them that you are the legitimate owner and that this is the original vehicle to avoid paying anything.
That would never fly. We would pull out the 4th Amendment, local trespassing laws, local breaking and entering laws (and in Texas, guns) and run the bastards off. We would say, “You need a warrant to search my stuff, and to get a warrant you have to have some proof that I'm a thief. You can't assume I'm a thief and check to see if I'm not.”
US Constitution, Bill of Rights, 4th Amendment:
“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”
Law.com
trespass
n. entering another person's property without permission of the owner or his/her agent and without lawful authority (like that given to a health inspector) and causing any damage, no matter how slight. Any interference with the owner's (or a legal tenant's) use of the property is a sufficient showing of damage and is a civil wrong (tort) sufficient to form the basis for a lawsuit against the trespasser by the owner or a tenant using the property. Trespass includes erecting a fence on another's property or a roof which overhangs a neighbor's property, swinging the boom of a crane with loads of building materials over another's property, or dumping debris on another's real estate. In addition to damages, a court may grant an injunction prohibiting any further continuing, repeated or permanent trespass. Trespass for an illegal purpose is a crime.
breaking and entering
n. 1) the criminal act of entering a residence or other enclosed property through the slightest amount of force (even pushing open a door), without authorization. If there is intent to commit a crime, this is burglary. If there is no such intent, the breaking and entering alone is probably at least illegal trespass, which is a misdemeanor crime. 2) the criminal charge for the above.
This is why Microsoft is making a big deal about announcing the change in advance, and making sure that it is voluntary. (Installing the update means you agree to invite them in to check out your computer.) Otherwise there could be grounds for charges of electronic breaking and entering or, at the very least, trespassing.
Trespass
more
Breaking and Entering
More
The Underlying Problem
So why do we allow companies do to this with software? I think it's for two primary reasons:
1.)Most people have no idea what is happening with their computers. They have no idea what Digital Rights Management is, nor do they have any idea what Product Activation entails. Many people have no idea what right-clicking is (it's the other button, no the one you haven't pressed, there's only two buttons!!!), let alone how to examine the registry. Their ignorance means knowledgeable people and companies can easily manipulate them.
2.)Companies have found a way to be unobtrusive with their intrusion. People have no real clue that someone is watching what they do with what they bought until something goes wrong and they can't use it anymore. They have no idea that, for all intents and purpose, companies are spying on them in their own homes. We would never let car dealerships get away with it, because we have a basic understanding of cars. We let software companies do it because Americans don't understand computers.
Companies such as Microsoft make a lot of noise about software pirates, but they seem to be very blasé about corporations trampling on citizens' right to privacy. The Digital Millennium Copyright Act of 1998 gave sweeping powers to corporations to enforce their intellectual property rights, while at the same time stripping US citizens of broad privacy rights and seriously hampering the development of the sciences of cryptography and cryptanalysis.
The DMCA makes it illegal to develop/distribute technology that by-passes digital rights management technology. Most DRM relies upon some form of cryptography. It essentially makes it illegal to write software that hacks or by-passes encryption. That gets really interesting when it comes to military applications, since a lot of cyber-defense involves breaking enemy encryption. It's essentially illegal to develop the technology we need to defend our country in the digital age.
This flies in the face of the constitutionally stated purpose of copyright and patent laws:
US Constitution Article 1 Section 8 line 1&8:
“The Congress shall have power to... promote the progress of science and useful arts, by securing for limited times to authors and inventors the exclusive right to their respective writings and discoveries”
Constitution
In 2001, a Russian doctoral student was arrested for presenting his findings on security flaws in Adobe's eReader. Dmitry
In 2008, MIT students were sued by the Massachusetts Bay Transportation Authority for presenting their findings on security flaws in the MBTA security network that would have allowed hackers to ride the subway system for free.
MIT Students
No one stopped to think that these students could have kept the information quiet, or published it anonymously and let the MBTA loose a lot of money. Instead, they presented their findings in a public forum, essentially airing a grievance with a computer security risk that effected tax-payers. If there had been a physical hole that people were using to slip onto subway trains, they would have been lauded as heroes for protecting citizens' safety and saving the city money. Since it was an electronic hole, their thanks was a lawsuit.
The American people have gone along with corporate revisions of copyright law and circumventing citizen's right to privacy because corporations are very good at selling ideas to people. They describe wanting to protect cherished American icons like Mickey Mouse and Superman from people who would use them to make strange Disney porn. (Disney did this themselves anyway. Disney They vilify college kids wanting to listen to cheap music, and nerds who want to practice their art. America is not listening to the nerds warning them about this because nerds are horrible at talking to regular people. Throw a hot girl into a room of nerds and they can't get out a coherent equation, let alone a sentence.
Hacking is viewed as a form of warfare. The US military has formed the US Cyber Command to defend it's network infrastructure from hostile foreign hackers (I did not mention China's alleged attempt to hack the US power grid.) Militaries around the world are following suit.
US Cyber Command
The weapons for this type of combat are not guns or martial arts, but computers, routers, operating systems, packet sniffers, cryptography, cryptanalysis, and a broad array of technical skills. Taking away the average citizen's right to learn how to hack through the guise of copyright protection, is like taking away the right to carry firearms or learn martial arts in order to help the government protect the military from us.
Companies are ultimately, and perhaps unintentionally, making it illegal for people to know how to defend themselves, and to develop the technology needed to defend themselves. The problem with this is the same problem you run into to taking away guns from law-abiding citizens. The bad guys wind up with all the guns, and the good guys get victimized. Black hat hackers, and aggressive nations will always find ways to circumvent DRM, and the DCMA won't give them a second's pause. These laws stop university students from developing skills and technology that our military and our industries will need. They punish legitimate owners of various software products, while software pirates go about their merry way. They invade American homes, and strip away our privacy for the sake of profits.
Remember, your personal information is a valuable commodity. There are companies that make their entire living from selling your information to third parties. These third parties then spam you with advertisements in the hopes that you will buy their products, or they sell it to other parties. It's not surprising, then, that you hear the CEOs of major technology companies pronouncing things like:
"If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place." Eric Schmidt, CEO of Google to CNBC reporter.
“You have zero privacy anyway, get over it.” -Scott McNealy, former CEO of Sun Microsystems
Eric Schmidt, hypocritically enough, has a problem with the shoe being on the other foot. He refused to allow anyone at Google to talk to Cnet.com reporters for a year, after they ran an article showing how much of his personal information they could get from a Google search.
slashdot
Cnet Ban
Cnet Ban
And all of this is happening in the legal realm. God only knows what malicious scammers and identity thieves are doing with your personal information. Privacy laws exist to protect the average citizen from malicious individuals. They also exist as a check against our Democracy slipping into Fascism.
Columnist Bruce Schneier wrote a brilliant article about the value of privacy in response to recent corporate statements.
The Eternal Value of Privacy
Another element of Fascism is a combination of corporate and government rule. Select corporations are given broad freedoms and de facto monopolies, while private citizens and other companies are prevented from competing. This ultimately leads to corporations running the government.
The Sonny Bono Copyright Act of 1998 extended copyright to 95 years, or life of the author plus 70 years. This is renewable as well. The DMCA criminalized some copyright infringement. The Family Entertainment and Copyright Act of 2005 criminalized even more instances of copyright infringement, and specifies prison sentences for something that was a civil matter for over 200 years of American history.
copyright
FMCA
copyright law
And let's not forget the indoctrination of children. The RIAA, the music industries legal help, has put together an “educational program” to teach America's school children that violating intellectual property rights is wrong. Schools are given badly needed funds in exchange for teaching the material to children. The packet includes a pledge form for children to sign and send in.
RIAA Curriculum
Solutions
As I've said before, companies do have the right and the obligation to protect their investments, but not at the expense of American civil liberties and constitutional rights. Many of these companies are operating on antiquated business models, and are trying to control consumer behavior rather than adapting to the new economic climate. An entire generation has grown up on-line, where freedom of information, sharing, and sampling are the cultural norms. These sentiments combine with a good-old American idea of ownership. If we pay for a product, we feel we should own it and be able to do whatever we want to with it (including share it with out friends.) We don't mind paying for what we use; we just don't want to be told what we can and can't do with it once we buy it.
Some companies are adapting. Apple Inc, for instance, removed all DRM from music sold through it's iTunes store. Wal-Mart followed suit shortly thereafter. Some big record labels followed suit as well. Still, theres a long way to go. A Google search of “Apple drm” will show that while they are open with music, they are quick to sue to maintain control in other arenas.
Microsoft details how DRM is built into their Media Player, how it is used, how end-users can use it, and why it's there. They are in the midst of a four year old hack war with an anonymous person or group known as Viodentia. Viodentia is producing and updating a utility to by-pass Windows Media DRM.
WMDRM
This goes to show, you can't stop hackers and pirates. They will find ways around the walls. Fighting them by stripping away civil liberties and rights just hurts innocent by-standers. It makes products difficult to use, and it makes corporations look like greedy monsters. This will invariably put Americans on the side of the underdog pirate who's fighting the corporate giant. “Sticking it to the Man,” is a part of the American cultural identity. If you want happy and loyal customers, don't be “the Man.”
So where do companies go from here? According to Microsoft's research, 20% of computers running Windows fail it's anti-piracy check. How do they protect their investment from profit-loss due to piracy?
It starts with a shift in thinking. Hacking and file-sharing can't be stopped without depriving future generations of the freedom to learn, and depriving our country of necessary technical resources and personnel.
One option is to stop pursuing the hackers as enemies, and embrace them as security testers. Offer rewards for teams that can hack the company's encryption and then offer workable solutions to improve it. This will bring around many of the hobbyist hackers. It also pits them against each other, rather than uniting them against “The Man.”
Provide cheap options that allow people do to what they want with what they buy. We teach kids that sharing is a virtuous thing. It is only natural that kids want to share music and movies with their friends, and it makes no sense for a multi-billion dollar conglomerate to send it's lawyers with a bill for $15,000 per mp3 after 12 year-olds. See here, and here here. Again, DRM free music has proven to be a viable business model. Apple is making a killing, having sold over $8.4 billion songs for about $1.00 each. Trent Reznor of Nine Inch Nails made $75,000 in three days offering DRM free music in various packages and at various price points, ranging from free to $300. Reznor
Provide additional features for validated copies of software, rather than locking customers out if they can't validate. Some DRM schemes completely lock customers out of playing games if they can't validate against the DRM server. That means you can't play a standalone, one player game, if you don't connect to the Internet. That's ludicrous. If you reward people for being honest, they like you better. Additionally, you can sell add-ons to your product and get a better return on investment since it costs less to produce additional content with the tools you've already developed. Ubisoft Snafu
Do better market research, and aim your products at customers who will pay. Two, little known, but high selling games of 2008 sold to specific markets, and offered games that were DRM free. The company, Stardock, worked on a small development budget ($1 million) and sold to a specific audience. Their two offerings for 2008 shipped nearly half a million units, and made eight figures. (Half a million units at $15 a piece is $75million. If you can't make it on $75million for a year's work, you're doing something wrong.) Ignore Pirates
Microsoft could easily adopt a combination of these proposed solutions. 80% of their user base are verified by them as legitimate users. That means most of the world's computer users are paying them. By their own reports they are making between $4 billion and $6 billion each year from operating systems sales alone. They make an additional $7billion to $9 billion from MS Office sales. This is in addition to servers, licenses, tech support, ad revenue, and a host of other services, which combined bring in about $51 billion a year. They don't really need to focus on chasing down pirates, and they are in the best position to offer incentives to hackers to help fix security problems in their software.
MSFT
Chart of the Day
