Luke: "You lied to me. You said that Darth Vader killed my father."
Pat (to Mystic Seer): "You're just a stupid piece of junk, aren't you?"
Greetings. In yesterday's blog posting, I asked the implicit question: "Is Microsoft's update of their 'Genuine Advantage' OS validity verification tool behaving as spyware?"
Within hours of that text becoming widely public, I received e-mail and a call from the director and the senior program manager for Microsoft "Genuine Windows" (their anti-piracy division). We three had a lengthy and friendly chat, and I believe that I can now answer this question. However, as you have probably already guessed, the answer is, "It depends upon your point of view."
And perhaps of more importance, it's not clear that the spyware question alone is really the key issue in this case, since this is all part of a larger MS anti-piracy effort with broader implications for all concerned. In the long run, the real issues are clarity and control, as we shall see.
Microsoft has major piracy problems, on a massive scale -- this we all know. They have been ramping up their infrastructure to prohibit "non-validated" copies of Windows XP from installing non-critical software updates. What many people don't realize is that MS does not consider validation to be a necessarily permanent state. Even after a copy of XP has been validated, MS may choose to "revoke" that validation (via communications with their Windows Update site) at a later date if activation codes are found to be pirated in the future.
Why is the new version of the validity tool trying to communicate with MS at every boot? The MS officials tell me that at this time the connections are to provide an emergency "escape" mechanism to allow MS to disable the validation tool if it were to malfunction.
While most users will routinely accept the tool update from Windows Update, MS considers it to be (for now) an optional upgrade as part of a pilot program, as described in accompanying license information that (as we know) most users will never read. (I should note that while these materials do discuss Internet connections, they do not appear to notify users that the updated tool will make multiple connections to MS at various intervals, even on systems that are already validated.)
I was told that no information is sent from the PC to MS during these connections in their current modality, though MS does receive IP address and date/timestamp data relating to systems' booting and continued operations, which MS would not necessarily otherwise be receiving.
Apparently these transactions will also occur once a day if systems are kept booted, though MS intends to ramp that frequency back (initially I believe to once every two weeks) with an update in the near future. Further down the line, the connections would be used differently, to provide checks against the current validation revocation list at intervals (e.g., every 90 days) via MS, even if the user never accessed the Windows Update site directly.
Can you safely block the tool from communicating with MS using ZoneAlarm or another third-party firewall? The answer appears to be yes. I'm told that if the tool can't communicate with MS, validation checks will be made the next time the system communicates directly with the Windows Update site, in the same manner as has been done up to now since validation began.
We can argue about whether or not the tool's behavior is really spyware -- there are various definitions for spyware, and the question of whether or not you feel that the notice provided at upgrade installation time was sufficient is also directly relevant. I believe that the MS officials I spoke to agree with my assertion that additional clarity and a more "in your face" aspect to these notifications in such cases would be highly desirable.
But this is where an even more important question comes into play. Microsoft (and other software vendors) are moving inexorably toward a more "distributed" computing model where users are really "renting" software services, rather than buying commodity software products. The "rental" model implies long-term vender control over the use and applications of such software, with associated communications between user PCs and vender servers for ongoing authentication and other purposes.
The entire concept of authentication revocation will be utterly foreign to many users, who are used to assuming that once they've bought something that they believe to be legitimate -- and that in fact has initially been verified as legitimate -- it's then theirs forever and can't be disabled or restricted later.
And as we've now seen yet again, the communications issues associated with the rental/service model introduce a range of both real and perceived privacy factors and concerns that we've hardly yet begun to explore in depth as technologists or as a society.
One thing is certain regardless of your point of view -- the sorts of issues that relate to this particular case are but harbingers of what's to come, in terms of capabilities, controversies, risks, and more. The old models are dying, and if we don't get ahead of the curve by understanding and properly framing the new models, we are likely to be very sorry after the fact.
Blog Update (June 13, 2006): How Innocents Can Be Penalized by Windows Genuine Advantage