Is Microsoft Using RIAA Legal Tactics?

Nom du Keyboard writes, "CNET reports, 'Microsoft has filed a federal lawsuit against an alleged hacker who broke through its copy protection technology, charging that the mystery developer somehow gained access to its copyrighted source code.' Looks to me like since they can't figure out how else he's doing it, they'll sue on this pretense and go fishing for the actual method through the legal system. They clearly have no proof yet that any theft of source code actually happened. This smacks of the RIAA tactics of sue first, then force you to hand over your hard drive to incriminate yourself. Isn't this something the courts should be putting a stop to at the first motion for dismissal?" Viodentia has denied using any proprietary source code, according to CNET.

Re:Why is it so hard?

[saleenS281]

Well... if Microsoft's coders were convinced it was uncrackable with access to the source code... of course they think it's impossible for someone to do it without.

Tenuous Grounds, IMHO

[ackthpt]

Microsoft has released two successive patches aimed at disabling the tool. The first worked--but the hacker, known only by the pseudonym "Viodentia," quickly found a way around the update, the company alleges. Now the company says this was because the hacker had apparently gained access to copyrighted source code unavailable to previous generations of would-be crackers.

Tenuous grounds -- Microsoft is in effect claiming nobody could have reverse engineered their code, or cracked it, so fast, therefore they must have cheated by having access to Microsoft's original sources. Sounds like a logical assumption, but it's a bit like claiming a driver went from Point A to Point B, 100 miles apart, in one hour must have been speeding, though there was no witness to the driver actually speeding.

I expect what Microsoft really wants is to find if they have an inside man leaking code. Have to get Viodentia to reveal that by poring over his/her drive, which may yield absolutely nothing and be fairly claimed as harrassment.

"FairUse4WM has been my own creation, and has never involved Microsoft source code," the developer wrote. "I link with Microsoft's static libraries provided with the compiler and various platform SDK (software development kit) files."

Sounds almost as if those at Microsoft pursuing this case do not even know what their own library routines may be capapble of.

well...

[skogs]

What I take from this is the following:

Even WITH the source code microsoft cannot figure out how their code works and issue patches...so how would they be able to tell if some 'hacker' is really hacking their ultra secure corporate network? What do they do when third parties issue unofficial patches for IE? Are they going to start filing lawsuits against the white hats too as they might have figured something out on their own?

I am neither for or against hacking DRM and such, but honestly, assuming somebody hacked their way in and stole source code is a little bit harder to believe than simply figuring out a way around what I'm sure is an elementary DRM code. Poking and testing is easy to do, hacking, finding, downloading, and analysing source code is probably adding a bit more effort to the process than most guys trying to beat DRM are willing to go through.

The simplest explanation is usually the correct one. If he just plain figured it out by trying several different things, I'm inclined to believe him.

SCO?

[Sketch]

> Tenuous grounds -- Microsoft is in effect claiming nobody could have reverse engineered their code, or cracked it, so fast, therefore they must have cheated by having access to Microsoft's original sources.

Sounds more like SCO's tactics than the RIAA's...

Re:Tenuous Grounds, IMHO

[Rob T Firefly]

Sounds like a logical assumption, but it's a bit like claiming a driver went from Point A to Point B, 100 miles apart, in one hour must have been speeding, though there was no witness to the driver actually speeding.

It's more like claiming a driver who went from point A to point B must have stolen your car to do so, despite the fact that your car is still in your garage.

Re:Tenuous Grounds, IMHO

[eric76]

but it's a bit like claiming a driver went from Point A to Point B, 100 miles apart, in one hour must have been speeding

That's nearly right.

More accurately, it's like claiming someone who managed to cover the distance from Point A to Point B, 100 miles apart, in one hour must have been driving and is therefore guilty of speeding.

Sounds a lot like SCO tactics to me...

[Eric Damron]

"This smacks of the RIAA tactics of sue first, then force you to hand over your hard drive to incriminate yourself."

This smacks of SCO tactics to me. Accuse first, offer no proof, sue so you can fish for evidence...

Say, didn't Microsoft indirectly fund the SCO fishing expedition? Nuff said...

Exhibit A, for the defense...

[Weaselmancer]

A disassembler.

I mean come on! Really! Read this from TFA:

Microsoft has released two successive patches aimed at disabling the tool. The first worked--but the hacker, known only by the pseudonym "Viodentia," quickly found a way around the update, the company alleges. Now the company says this was because the hacker had apparently gained access to copyrighted source code unavailable to previous generations of would-be crackers.

Um, hello? People have been disassembling code to disable copy protection since the first days of the warez scene. You don't need the source. All the source does is speed things up a bit.

Not that I'd know anything about that. *ahem*

The system works. Why are you bitching?

[RLiegh]

Our congressmen and senators look after the welfare of their constiuancy (sp?), and the courts come to a fair and balanced ruling which takes the best interests of the citizens into account and comes to a verdict which is most just for their citizenry.

It's just that now corporations are the only real citizens-- a situation no different than the late 1700's/early 1800s when only the rich white landowners were considered citizens.

Again, I'll ask --the system works; why are you bitching?

Re:Viodentia motive?

[geekoid]

because it was there.

Arrogance.

[Dogun]

"I don't know how GuyIDontLike did something, therefore he must have cheated."

Some developpers are extremely slow to realize that things which seem nigh impossible to them are in fact, run-of-the-mill easy for talented hackers, crackers, upper-teir skr1pt k1dd13s, and others. Code obfuscation is not by any means adequate protection.

Neither is sticking anti-debugger crap in your code, for that matter.

Re:Sounds a lot like SCO tactics to me...

[Mostly a lurker]

The difference here is that, unlike IBM (even with donations) I doubt Viodentia can afford a four year plus lawsuit costing tens of millions of dollars. Personally, I think the objective is to send a message to any other hacker with the same idea: if you try to circumvent our copy protection (legally or not) we are going to financially cripple you. It works as far as I am concerned.

Users are beta testing M$'s DRM implentation

[metoc]

Personally this is another great M$ beta test. They can't hope to find the flaws in their DRM design, and Windows Media software, so they get users to do it. If the flaw is not obvious and no one will volunteer the info M$ needs to correct it, they send in the lawyers. Makes me wonder if they will take HP's lead and get some PI to do a black bag job on someone's house. Hey, computers get stolen all the time :)

If they do end up in court, at the very least only third party investigators should have access so as to protect the defendents trade secrets and IP. Afterward, to top it off, M$ should open itself up to verify that it isn't secretly using anything it learned in the trial without paying compensation.

Mozart's Memory

[adamdrayer]

From an article I just started reading: ...when Mozart was a boy he traveled to the Vatican with his father. Since they happened to be there at Easter, they were able to take in a performance of Allegri's Miserere. The Miserere is considered by many to be one of the most beautiful pieces of music ever composed. It is so beautiful, in fact, that at the time the Pope allowed no copies of the score to be made, and it was only performed at Easter, and only at St. Peter's Basilica in Rome. Only the choir was permitted to see the score, which was otherwise kept under lock and key.
Mozart, being the prodigy he was, heard the piece once and memorized it in its entirety. When he got home he wrote down the score without a single missed note. When Church authorities heard that Mozart had an unauthorized copy of the Miserere they took him to court, accusing him of stealing a copy of the score. The young boy was able to prove that he had not stolen the work only by writing down the piece again, perfectly, from memory in the presence of the court.

Obviously this probably isn't the case here, but isn't this a good example that you should not be allowed to sue somebody for copyright infringement unless you have some proof they obtained what they got thru illegal activity?

Re:RIAA's Legal Tactics

[AnalogDiehard]

I've read a lot of cases about the RIAA in court and I have to say there's some common tactics that this article doesn't mention:

10. File suit against 5 month old infants, senile great grandmothers, and the deceased.

Re:Dismissal?

[Anonymous Coward]

Even if they are using the legal system to "find out how he did it," if someone committed a tort against them, they have a right to figure out exactly what happened.

Yes, but if someone did not commit a tort against Microsoft, what right does Microsoft have to use the court system to find out how someone did something?

Don't write about law if you know nothing about law

The legal system continues to claim ignorance of the law is not a defense. Until the legal system owns up to the fact that this is bullshit because the laws themselves are contradictory, the people empowered to enforce the laws break the laws (who is spying on Americans?), and the judges don't even know all of the laws (they make the lawyers tell them what laws matter to the case and then hide behind this limited set of laws as being the laws pertinent to the case, unless they want to find another law on their own to rule the way they want).

Don't write about law if you know nothing about law

The Patriot act was passed without even a single legislator having read its contents. If the laws are passed without being known by those who pass them, why do you expect Slashdot to give a shit about your desire we not talk about the law?

Re:Why is it so hard?

[IAmTheDave]

Which makes this more like Apple then the RIAA. Apple sued various rumor sites to try to fish out a leak in their own organization. MS wants to sue to figure out how their information was broken.

Although it's not like MS and Apple aren't, the RIAA is simply interested in money and control, not information. This isn't RIAA style extortion so much as Apple style ass-backwards investigatory tactics.

Re:The system works. Why are you bitching?

[Anonymous Coward]

>In the United States, individuals are supposed to be citizens as well.

Whenever I scratch a lotto ticket, it's "supposed" to be a winner. Modern Americans are nothing more than smug, fat, indolent and apathetic consumers, who serve no purpose other than to feed cash into the system. They have no worth beyond the number of eyeballs which view the corporations' ads, or the number of tickets which by the corporations' movies, or the numbers which buy the corporations cds.

You are viewing your status through the lens of an early-20th century mindset, but that doesn't change the truth. You -as a citizen of the EU or US- are nothing more than a serf whose place it is to channel your economic allotment to the content industries you are told to, and to be used as pawns in a larger game which is -in all honesty- not your place to worry about.

Work. Consume. Die.
That is your place.
If you are not a corporation, you're a serf; remember your station and do not attempt to rise above it.

The bottom line might be

[Spiked_Three]

that by forcing someone into the courtroom and accusing him of stealing the source code, his probable defense as everyone has pointed out is "I didn't steal the code, I reversed engineered it."

Guess what else is against the law? His/her best defense is an admission of guilt to breaking the system/scheme of protection. It is probably a win win for Microsoft.

And regardless if you are for or against the law(s), it seems as if some law has been broken.

I wouldn't say Microsoft is adopting RIAA tactics because that would be crediting RIAA for inventing the use of the courts to stop something they don't like. Companies have doing that for a long time.

The real reason for this lawsuit

[Overly Critical Guy]

Microsoft wants to convince its music partners that its DRM is unbeatable. Now that it's been cracked, they're trying to argue that the only way their "unbeatable" DRM could have been cracked would be due to access to the source code.In other words, along with being a fishing expedition, this lawsuit is a PR play to Microsoft's music partners to try to save face over their no-longer-unsinkable DRM scheme.

Re:Why is it so hard?

[Overly Critical Guy]

For those who might think the parent is a troll, MS developers really do have trouble understanding Windows [msdn.com].

You dont need to know

[AviLazar]

How someone did something to know they did something wrong. A lawsuit has to be started so they can do things like subpeona the hard drive. Once they can get the hard drive, they can figure out the "how". This is common legal tactics, and frankly is required. WIthout things like a subpeona there is no legal mechanism to force someone to hand over their material (with some exception like the patriot act).

Re:This is not really about Microsoft

[AusIV]

Hold on a second. I don't like DRM any more than the next guy, but in some cases it makes sense.

When I buy a song that uses DRM that ultimately ties me to a platform I'd rather not be using, I feel that the DRM is restricting my fair use rights. In this case, I agree that DRM punihes the honest and does nothing about people who are going to steal.

However, Microsoft's PlaysForSure is in some cases used by rental services. Personally I don't want to rent music, but some people might, and it needs to be enforceable. If someone is paying $15 a month to rent all the music they can hold on their hard drive, some kind of DRM is needed to disable the music if they aren't paying for it. Do you expect Napster to just say "We'll trust you to delete all your music from your hard drive when you decide you don't want our service anymore?" And this DRM hack has enabled people to pay $15 for a month's subscription, download everything they want, decrypt it, and keep as much music as they want, only paying $15 once.

DRM's fatal flaw

[tfinniga]

DRM can be easier or harder to crack, but it will always be crackable.

You give them the lock, you give them the key, and you hope that they can never figure out how to use them together.

Why the content industries keep believing that this is a good idea is a true mystery.

Re:Why is it so hard?

[rvw]

Shouldn't DRM be uncrackable even with access to source code? Just like open source encryption methods?

Two Wrongs...

[Tipa]

Destroying evidence of a crime is also a crime. The best thing to do is to encrypt your data as a matter of course. They can't ask you to decrypt it for them because that would potentially ask you to incriminate yourself. And if they're so wonderful at DRM, let them figure out how to get at it.

Re:Dismissal?

[plasmacutter]

If Microsoft has a good faith belief that what they alledge happened actually happened, then they are entitled to discovery to prove their point

in other words.. this is a legal support framework for wealthy interests or outright trolls to go on fishing expeditions..

I think it's time to change this, because it's fundamentally opposed to the founding premises of the american system, the most pertinent in this case being protection of privacy and property unless concrete probable cause can be provided otherwise, and no "I think he did it but have no evidence" doesn't count.

Re:Mozart's Memory

[Kanasta]

If that happened today, the RIAA would accuse him of having stolen the score, then memorized it in its entirety for the purpose of piracy and aiding terrorist agendas, and poor Mozart would have been spirited off to some torture camp in a middle eastern country and never heard of again.

Re:How is that contradictory?

[GeffDE]

If it's part of an SDK, then how the hell can a developer NOT include it in his application. When you link against a library (and what do you think an SDK is?) you are included the (necessary) functions in that library in your application. Holy Shit Batman. Don't use SDKs or you'll get sued by the company that wrote (and then copyrighted) the SDK. So even if Microsoft finds copyrighted code, how can they be sure that this code was manually taken out by the "hacker" (I prefer the term "liberator")?

Re:You'd think they were building killer cyborgs..

[killjoe]

"Most software just has one version, and that runs on basically any remotely modern version of Windows. "

Nonsense. At best software requires win98 or better. Most software I have seen requires XPSP2 or better. Like I said even MS software has different versions for different windows.

"Based on history, I would expect the vast majority of common-use software to work transparently out of the box,"

In that case we are living in a different universe. Where I work every version of windows disrupts our software some way or another. SP2 was especially painful. Migration from .NET 1.1 to 2.0 took over a month for one project alone.

Re:You'd think they were building killer cyborgs..

[killjoe]

"Uh, yeah, my point exactly. See that "remotely modern" part ? >8 year old PCs don't really fall into that category."

Were you the one that claimed that windows vista had to keep compatiblity for everything between dos 2.0 and windows xp? If so then you were lying.

"For example ?"

IE for one.

"In-house or third party software ?"

Both.

"The list of software SP2 broke wasn't particularly big, relatively speaking."

Even if it broke one application that proves that it's not 100% bug for bug compatible. So once again you have been proven wrong.

"The list of software it broke that wasn't already broken by virtue of being badly written, vanishingly small."

Even if just one application broke that proves that it wasn't 100% bug for bug compatible and you have been proven wrong.

So you admit that SP2 was not bug for bug compatible. That's a service pack update to the same version of the operating system.