Microsoft’s recent release of anti-piracy tools to detect authentic versions of its software have some customers crying foul about the company’s collection of personal information, but the lines are blurry when it comes to customer privacy laws in the U.S.
The Redmond, Wash., software giant was hit with two lawsuits in one week, alleging that the tools violate spyware laws and consumer rights.
Microsoft denies the charges, according to published reports, saying they are without merit and that they distort the image of the Windows Genuine Advantage program and Office Genuine Advantage program.
Those initiatives “are part of Microsoft’s ongoing effort to protect its customers and partners from counterfeit software, and to increase customer awareness of the value of genuine Microsoft software,” according to the company’s Web site.
The complaints tap into the growing concern over consumer privacy as identity theft and security breaches become more prevalent — or at least more acknowledged.
“Privacy’s become a dangerous area,” Richard Neff, chairman of the intellectual property and technology department of Greenberg Glusker and a longtime expert in international anti-piracy activity, told TechNewsWorld. “There’s a feeling of big entities like Microsoft having so much information on us they’re going to become another government.”
However, personal information is a gray area, and the definition of the term varies from country to country, Neff said.
The Windows Genuine Advantage tools do not collect the user’s name, address, e-mail address or “any other information that Microsoft will use to identify you or contact you,” according to the company’s policy statement.
However, WGA does collect the computer’s make and model, version information for the operating system and software using Genuine Advantage, region and language settings, a unique number assigned to the user’s computer by the tools, and the hard drive serial number.
As standard procedure, the user’s Internet Protocol address is temporarily logged when the computer connects to a Genuine Advantage Web site or server. These logs are routinely deleted, according to Microsoft.
The company has been taking several steps to combat piracy and is in its right to do so, in Neff’s view. “I am very sympathetic to the need to take action against piracy. I am not that sympathetic that someone would expect updates in the future when they’re not using a legitimate version,” he said.
“[However], if Microsoft is going to tell users that they are not legitimate, there better be a very quick mechanism to correct any mistake in distinguishing legitimate users from illegitimate users,” Neff added. “It’s a fluid world, because you have certain license rights.”
Honesty the Best Policy
The negative public relations hit is a wake-up call for Microsoft, which must recognize the need for transparency and honesty, Nick Selby, a senior analyst who covers enterprise security for The 451 Group, told TechNewsWorld.
“The real issue isn’t Microsoft protecting itself against piracy, but rather the sneaky way that it was done or perceived to have been done,” he said.
If a company calls something a “critical software update,” but it’s really only critical to the company from a financial perspective and does not benefit the customers, they will feel duped. If the company is honest and says it is taking steps to protect its intellectual property, customers will understand, he explained.
Users know that when they click “I accept,” they agree to certain legal terms protecting Microsoft, but from a marketing and customer relationship perspective, it makes more sense for the company to clearly outline its intentions, Selby said.
“People hear about data loss and identity theft and are really frightened when it comes to what information about them is transferred unbeknownst to them, especially from simple activities like installing software,” he said. “They feel doubly duped when they accept terms from a trusted publisher and they get something they didn’t expect, whether it was legal or not.”
Neff agrees. “To be fair to Microsoft, they weren’t using this information to prosecute any individuals,” he said. “[But] I also believe companies should act in a consumer-friendly way, especially when they have the market impact of Microsoft.”