Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft To Court: Make Comcast Give Us Windows-Pirating Subscriber's Info (networkworld.com)

Posted by BeauHD on from the let-me-at-em dept.

An anonymous reader writes: Microsoft is using the IP address 'voluntarily' collected during its software activation process to sue a Comcast subscriber for pirating thousands of copies of Windows and Office. The Redmond giant wants the court to issue a subpoena which will force Comcast to hand over the pirating subscriber's info. If the infringing IP address belongs to another ISP which obtained it via Comcast, then Microsoft wants that ISP's info and the right to subpoena it as well. "Defendants activated and attempted to activate at least several thousand copies of Microsoft software, much of which was pirated and unlicensed," Microsoft's legal team wrote. The product keys "known to have been stolen" from Microsoft's supply chain were used to activate Windows 8, Windows 7, Office 2010, Windows Server 2012 and Windows Server 2008. The product keys, Microsoft said, were used "more times than is authorized by the applicable software license," used by "someone other than the authorized licensee," or were "activated outside the region for which they were intended." Whether or not the IP traces back to a Comcast subscriber or was assigned by Comcast to a different ISP, as the The Register pointed out, "It would be a significant gaffe on behalf of the alleged pirates if the IP address data pointed to their real identifies."

34 of 259 comments (clear)

  1. Uggggh by Anonymous Coward · · Score: 5, Informative

    So... Microsoft is protecting its intellectual property by using information that everyone knows is transmitted when Windows is activated? Why is this news?

    1. Re:Uggggh by maxrate · · Score: 4, Informative

      I see what you're saying, but we're talking about mass theft here. Not some little guy with a few illegitimate installations. Microsoft is a software business, you can't expect to pirate their wares and expect them to be okay with it.

    2. Re:Uggggh by arbiter1 · · Score: 4, Funny

      It is news since normally MS doesn't sue people, but this is a case of many thousands of activation's from 1 IP so.

    3. Re:Uggggh by FatdogHaiku · · Score: 2

      Oh, so now it's not OK for a grandmother to be a software pirate kingpin? (queenpin?)
      Or would that be a {king/queen}pin software pirate?
      Now I'm confused, but it's starting to look like it's got Broadway potential...
      Granny Queenpin, Software Pirate!

      --
      You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
    4. Re:Uggggh by bloodhawk · · Score: 3, Informative

      Well for post Gates/Balmer Microsoft has been trying hard to clean up its hard 80's style business tactics and move towards a friendlier company.

      This type of stuff shows its real DNA.

      Yep it shows they are a business that acts reasonably! I gather that is what your trying to say? or are you suggesting it is unreasonable for them to chase someone stealing or counterfeiting millions of dollars worth of licenses?

    5. Re:Uggggh by Etherwalk · · Score: 2

      It is news since normally MS doesn't sue people, but this is a case of many thousands of activation's from 1 IP so.

      Agreed. It is quite reasonable to track down a source from which thousands of copies were made. If it's a big IT shop that is doing unlicensed installs as part of a repair process without thinking it's a big deal maybe you let them settle for lawyer's fees, a big slap on the wrist, and a promise not to do it again--but if it's someone who made thousands of bootleg copies and sold them, more serious action is warranted.

    6. Re:Uggggh by JustAnotherOldGuy · · Score: 4, Interesting

      I see what you're saying, but we're talking about mass theft here. Not some little guy with a few illegitimate installations. Microsoft is a software business, you can't expect to pirate their wares and expect them to be okay with it.

      I agree...a little low-level piracy is one thing but something on this scale is hard to turn a blind eye towards. If this doesn't warrant some sort of response then I don't know what would.

      I'm certainly no fan of Microsoft to say the least, but I don't see this as some egregious or unreasonable behavior by them.

      --
      Just cruising through this digital world at 33 1/3 rpm...
    7. Re:Uggggh by Anonymous Coward · · Score: 3, Interesting

      What I don't understand is why Microsoft let it activate thousands of times. I mean, isn't this exactly the kind of thing that the activation is supposed to prevent? If the keys were activated too often and/or used outside their issued area, shouldn't the activation have failed? If so, why bother prosecuting since it won't be usable and no harm has been done? If the activation didn't fail, and the keys really were stolen, how do they know and if they know, why didn't they just blacklist them?

    8. Re:Uggggh by Anonymous Coward · · Score: 3, Insightful

      They stole and activated someone else's volume licenses out of the supply chain. That's a bit more serious.

    9. Re:Uggggh by sdinfoserv · · Score: 5, Interesting

      The obvious solution is to invalidate the authentication keys so no longer work. It's simple, can be performed digitally, and all those stolen keys are instantly useless. The rightful owner can prove themselves and new keys issued. Why wait for hundreds of thousands of bogus authorizations with the same keys then cry about it - unless you have an agenda.

    10. Re:Uggggh by ausekilis · · Score: 3, Interesting

      There must be some business operation happening. They don't say over what time period this has been happening, but given the number I'd say it's been happening for quite a while.

      My guess is it's some computer repair shop doing reinstalls of broken/virus riddled machines using a single (non-OEM) key. I doubt a single guy would reach thousands of machines, even over 5 years... Maybe a mom and pop shop. I think it would be hilarious if it tied back to a Best Buy or Microsoft Store.

  2. ok by Anonymous Coward · · Score: 2, Insightful

    I'm with M$ about this. Use Ubuntu and Libreoffice if you don't have the dough.

    1. Re:ok by fluffernutter · · Score: 4, Insightful

      .. or if you want a decent OS.

      --
      Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
  3. 192.168.0.2 Is The Offending IP by zenlessyank · · Score: 3, Interesting

    Saved by the NAT!!!

  4. Re:Why is this news? by malditaenvidia · · Score: 4, Informative

    As proven before, IP addresses are a really poor way to identify someone. Considering the circumstances, it could very well be a zombie PC in a larger botnet being identified.

  5. Probably not the owner of the IP who did it by ZorinLynx · · Score: 5, Insightful

    ...well, unless they are a complete idiot.

    I wouldn't do something like this from my own IP address. That would be quite daft. I would instead find an open Wifi, or use a VPN or some other network where it can't be traced to me.

    This is just going to get the owner of the IP snared up in the court system for no good reason. Microsoft should just invalidate the keys that were stolen and move on.

  6. Re:Why is this news? by jellomizer · · Score: 2, Insightful

    Being most PC come with a Windows license and with a stupid restore ability, and it's defaults are full of junk. A lot of people may just want a clean OEM install. Not the Lenovo or Dell install.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  7. Re:Why is this news? by Rockoon · · Score: 4, Insightful

    Considering the circumstances, it could very well be a zombie PC in a larger botnet being identified.

    ..and you wont know until its identified. Thats how evidence collection works.

    --
    "His name was James Damore."
  8. Re:i think one shouldn't be able to have it both w by HornWumpus · · Score: 2

    By extension. If you have a lock on your door, that I can break, you are fine with me taking all your shit?

    --
    John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
  9. No by sexconker · · Score: 5, Insightful

    While MS should go after piracy on this scale, they should be denied their request, because:

    product keys "known to have been stolen" from Microsoft's supply chain were used to activate Windows 8, Windows 7, Office 2010, Windows Server 2012 and Windows Server 2008.

    If they were known to be stolen, then MS has a duty to limit losses. They can blacklist the keys and prevent further activation. If they were "known to have been stolen" then MS should have limited their losses as soon as they found out.

    The product keys, Microsoft said, were used "more times than is authorized by the applicable software license,"

    Again, MS has the ability to enforce this. Activation is their job, and if they allow a key to be activated thousands of times that's their fault. I commend them for being lenient - I've certainly relied on being able to activate a single key several times when building / upgrading PCs. But allowing thousands of fraudulent activations is a joke. More than a few a year should trigger alarm bells at Redmond.

    used by "someone other than the authorized licensee," or were "activated outside the region for which they were intended."

    MS can't prove either of these. Even if they know the authorized licensee, they don't know who is using the keys thousands of times. They can't know who it isn't without knowing who it is. If they knew who it is, they wouldn't need to subpoena for info. The same thing goes for the region.

    It's also not the court's job to enforce the minutia of the license terms such as region, number of activations, transference, etc., especially when MS is so lackadaisical as to allow the keys to be stolen and for unauthorized activations to go on for so long.

    1. Re:No by MobyDisk · · Score: 2

      Suppose you work for the IT department of a Fortune 500 company, or a computer repair shop, or a university. You may activate thousands of Windows licenses per year. They could even be the same license key: Windows Embedded, for example, uses the same license key for each device. So Microsoft's automated system might not know if the activations are fraudulent. But if the IP address points to some individual's home, then there is a good chance they are fraudulent. Microsoft can't be sure without that information. It sounds like their system says "yes" until a human looks for a pattern of fraud. That sounds like the right way to do it.

      Now, after looking at the records, Microsoft has evidence of a crime. They want Comcast to do something that is trivial for their billing department to do. Note that this is very different from BMG music asking Comcast for 5000 people's information just because a bittorrent packet went to their address. There is real evidence of fraud here. They aren't fishing or anything like that.

    2. Re:No by DRJlaw · · Score: 3, Informative

      If they were known to be stolen, then MS has a duty to limit losses. They can blacklist the keys and prevent further activation. If they were "known to have been stolen" then MS should have limited their losses as soon as they found out.

      It's copyright infringement whether the copy was activated or not - the copyright act prohibits unauthorized reproduction, not unauthorized activation. The copyright is also registered. That means that they are entitled to statutory damages whether they could have acted to further limit their losses or not.

      But allowing thousands of fraudulent activations is a joke. More than a few a year should trigger alarm bells at Redmond.

      They have three years to file a claim.

      MS can't prove either of these. Even if they know the authorized licensee, they don't know who is using the keys thousands of times. They can't know who it isn't without knowing who it is. If they knew who it is, they wouldn't need to subpoena for info. The same thing goes for the region.

      They don't have to prove either of those at this time -- they simply have to show that what they are requesting is relevant to those facts. The identify of the subscriber is certainly relevant to determing whether that person is an authorized licensee and is licensed to use those keys within that region.

      It's also not the court's job to enforce the minutia of the license terms such as region, number of activations, transference, etc., especially when MS is so lackadaisical as to allow the keys to be stolen and for unauthorized activations to go on for so long.

      It's precisely the court's job to enforce the minutia of the license terms, because the license terms are a condition of the license (e.g., "we grant you the right to install and run that one copy on one computer (the licensed computer), for use by one person at a time, but only if you comply with all the terms of this agreement." Without the license it's copyright infringement. The rules don't change simply because it's Microsoft enforcing a windows license and not an open source advocate enforcing the GPL.

      Have fun with your theories of how this should work, but no Federal district court (or appellate court) is going to buy them because their job is to interpret and enforce the statute, not ad hoc theories of mitigation, laches, and evidence that you learned from poorly scripted TV dramas.

    3. Re:No by Gadget_Guy · · Score: 2

      You sound so adamant about this, but the law simply does not work that way. Just because their security isn't foolproof does not mean that it becomes legal to engage in mass piracy. You are wrong to say that it is not the court's job to enforce the license terms. It is exactly their job. Who else is going to do it?

      And I for one am grateful that they are more lenient on activations as it means that it is less likely to have a false positive prevent an installation. It does mean that they will let the casual pirate get through, but then can go after the institutional ones (like this one).

  10. Re:Why is this news? by Gadget_Guy · · Score: 4, Informative

    If a bank robber used a blue Ford as a getaway car, that doesn't mean that the bank can subpoena the ownership records for every blue Ford so they can stop by their houses and see if that was the car that happened to be used in the robbery.

    The bank can't do that, but the police said who investigate robberies can get the list for of blue Fords and compare the owner's names to known criminals. And to be a proper car analogy, they would be after a blue Ford with the license plate ABC123. If it turned out that the car was stolen for the bank job then that would be the same as a botnet that was using that IP address.

  11. Re:Why is this news? by KGIII · · Score: 2

    That may be true but I'm not sure that I'm seeing what point it is that you're trying to make?

    Are you saying that all these people didn't want OEM installs so took it to this one place, used this one particular IP address, and then activated Home, Professional, Server, Office, Enterprise, etc versions on this one particular IP address? I didn't know there was an OEM Server edition or OEM Office and they all had the same activation code.

    Someone, probably, was activating licenses from Technet or MSDN and, from the looks of things, was probably selling boxes with them pre-installed. They might be VL and gone over that number - probably stolen, and probably sold boxes with 'legit' on 'em. Alternatively, they patched it to pipe a cracked version through one particular IP address and sold them as legit.

    I mean, c'mon now... What kind of excuses are ya gonna make for this? "Oh, someone just didn't know how to find the decrapify application via Google and wanted to get a clean install instead of the OEM stuff." Sheesh...

    --
    "So long and thanks for all the fish."
  12. M$ is going to be disappointed.. by FirstOne · · Score: 3, Interesting

    When they find out that Comcast static IP address(Houston, Tx) is a VPN node setup by some hacker, and the owner had no idea.

    Or, it could be worse, and find out it's a Comcast public wifi IP addr that's been activating all those licenses.

    .

  13. Azure by minijedimaster · · Score: 2

    I'll laugh if they trace the IP back to their own Azure cloud system.

  14. a publicity strategy by swell · · Score: 2

    Companies on the way up embrace the PR related to minor theft- it shows how popular the product is. Game of Thrones, the TV series, was not at all concerned with the massive pirating of their series; it was good publicity (PR) and they made more money than they could count.

    Companies on the way down have a different perspective. It is theft, after all, and it can hurt. The PR that works for them is a very public warning that theft will not be tolerated. Spread the word and some users will go straight, others will reconsider or at least take better precautions when pirating.

    Microsoft has been very lenient for a very long time. Their day may be winding down and it is wise to protect any remaining property of value while they look for a breakthrough miracle product.

    --
    ...omphaloskepsis often...
    1. Re:a publicity strategy by thegarbz · · Score: 2, Informative

      Not at all. Microsoft has always chased down commercial level piracy. I find it incredible that people are upset about this. This is business as usual for them.

  15. Bet few knew this... by Trax3001BBS · · Score: 4, Informative

    Something many aren't aware of is if you change or upgrade your system you are subtracting numbers from a total allowed before your OS is no longer activated or legal and must be reactivated or re-purchased.

    I use to know them for NT but it's been awhile. A CPU change I know counts as 2 points, a trick was to claim you had a NIC card as it added 2 points to the total.

    “Significant” hardware changes can also trigger the Windows activation process again. For example, if you swap out multiple components on your PC at the same time, you may have to go through the activation process. Microsoft hasn’t explained exactly which hardware changes will trigger this.
    http://www.howtogeek.com/18284...

  16. I have seen how Microsoft troubleshoots a problem. by Blinkin1200 · · Score: 2

    This was probably just one guy, with one set of product keys, that had to keep reloading the software to try to fix a problem.

  17. Re:Why is this news? by Gadget_Guy · · Score: 4, Insightful

    But it's not the police that's trying to get the name of Comcast subscribers, it's Microsoft

    That's because copyright infringement is not really a police matter, so it is quIte right for Microsoft to pursue this matter in court. The difference with the police doing it is that they can lookup the registration records without having to get a court order. Microsoft do not have that ability to simply examine the IP records for themselves so they have to go to court to compell Comcast to divulge the information (although the police would have to do that too since they don't have access to Comcast's private information).

    Comcast were right in requiring Microsoft to get a court order to get the Customer details, and Microsoft were quite right for asking for them. If they aren't entitled to the details the the court will say no, but that won't be for the bogus reasons that have been stated here on Slashdot. Rather, it would be refused if they failed to show cause as required by the law.

  18. Re:Why is this news? by freeze128 · · Score: 2

    Since Microsoft controls all the activation servers, they didn't have to actually *ALLOW* the activation. At any time, they could have denied the activation because of the IP address it was coming from, or because the product key was a dupe, or because it was out of region.

    Wasn't that the reason for inventing product activation in the first place?

  19. Re: Install count limit? by drinkypoo · · Score: 3, Insightful

    Jesus, did IQs drop sharply round here or something?

    God is dead, and you must be new here. There have always been idiots clicking submit.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"