Our Full-Service B2B Marketing Program Delivers Sales-Ready E-Commerce Leads » Learn More
Welcome Guest | Sign In
Ideoclick eBook

Microsoft Slammed With Second Class Action Suit Over WGA

By Erika Morphy TechNewsWorld ECT News Network
Jul 6, 2006 7:43 AM PT

Two class action lawsuits are targeting Windows Genuine Advantage, one of Microsoft's initiatives to stem the massive piracy of its applications. Both suits claim that WGA, which is just a year old, functions essentially as spyware on licensed Microsoft users' PCs in violation of California and Washington's consumer protection and anti-spyware laws.

Microsoft Slammed With Second Class Action Suit Over WGA

WGA is an application Microsoft introduced last year that determines whether users have a valid license -- that is, whether the application is a counterfeit or not -- for the Microsoft products on a PC. It does this by regularly gathering data on the PC's hardware and software that is then sent to Microsoft.

Overzealous but Not Illegal?

The plaintiffs claim that Microsoft has misled consumers as to how often the application reported data to the servers, sometimes as frequently as once a day. Microsoft has signaled that it may have been overzealous in its development of the application. It has since scaled back its reach in some areas. Even so, it is not clear that the company's behavior constituted a violation of the anti-spyware laws.

Microsoft's WGA probably is not what California or Washington legislators had in mind when they wrote the anti-spyware laws, contends Charles Kennedy, a partner in the Washington, D.C., office of Morrison & Foerster. "In fact, the laws specifically state one can use programs that might work surreptitiously to protect the unlawful use of software," he told TechNewsWorld.

It is true that Washington's anti-spyware legislation, in particular, is somewhat untested. Only a few cases have been filed under the statute, the first by the Washington State Attorney General in January 2006, noted Michele Johnson, an attorney with the Florida firm of Fowler White Boggs Banker.

However, the suits against Microsoft are in the very early stages of the legal process, Johnson cautioned.

"This is a big deal because, obviously, it is a class action and because it is Microsoft," she told TechNewsWorld, "but whether the courts feel it is valid it remains to be seen."

No Harm, No Foul

No one has claimed that the WGA caused damage, Kennedy pointed out. "You have to keep in mind Microsoft is not alleged to have harmed anyone's computer or [to have] actually collected personal data," he said. "I have seen nothing to suggest that WGA has collected anything more than IP addresses and hardware information, which is not personal information under the spyware legislation."

The plaintiffs might find more success under the consumer protection statutes because those are more vague, Kennedy suggested. "The plaintiffs could argue that Microsoft did not sufficiently disclose what it was doing -- something Microsoft itself admits it could have handled better. So charges of deception might stick."

Pushing the Legal Envelope

While Microsoft's WGA might have pushed the envelope somewhat, the argument that the company did not act illegally appears to have weight in security circles. "The consensus here is that this is not spyware," Ron O'Brien, senior security consultant for Sophos, told TechNewsWorld.

Even if Microsoft were guilty of tracking more information than necessary, WGA could only be considered "borderline" spyware, at most, added O'Brien.

That said, "Microsoft should have disclosed all of the information they are collecting upfront," he acknowledged.

By revamping some of the methodologies supporting the WGA, Microsoft has taken the first steps toward mitigating any damage it might have caused with its customers.

For instance, the Microsoft server was pinged daily with reports, and that now has been stretched to 14 day intervals, O'Brien noted.

"I think these problems have all stemmed from an overzealous software developer," he observed. "Microsoft has a problem with piracy, and WGA's concept is a valid one."

Ekata Pro Insight Identity Review
What was your initial reaction to news of the Colonial Pipeline cyberattack?
It demonstrates that all critical infrastructure sectors are at high risk of disruption by cybercriminals.
Everyone will be paying for this attack in the form of higher energy costs.
Governments need to work more closely with private industries to protect networks for the sake of public safety.
It's a global problem. An international alliance must be formed to hold the perpetrators accountable and prevent future attacks.
Contact Center AI Explained by Pop Culture