Microsoft Corp.’s new anti-piracy feature for its yet-to-be-released Windows Vista and Longhorn operating systems (OS) runs the risk of undermining ownership and privacy rights of computer users, according to two Canadian privacy advocacy groups.
Microsoft says, its new Software Protection Platform (SPP) has beefed up capabilities for detecting pirated versions of Windows.
The system will limit access to certain features of the software if it detects that the user’s machine is running an unlicensed version. If a legitimate version is not installed within 30 days, the system will limit a user’s access to the Web browser to just an hour at a time.
“This goes beyond hijacking a person’s computer. The practice undermines ownership and privacy rights,” says Russell McOrmond, policy co-ordinator of CLUE(The Canadian Association for Open Source).
Aside from detecting pirated software , the SPP was designed to provide greater protection for users, said Bruce Cowper, senior program manager for security initiatives at Microsoft Canada Co.
For instance, he said Vista’s Web-browsing features also blocked access to “bad sites” or sites used by phishers .
Another protective feature isolates downloads containing malicious code.
The new software works on a trusted platform module (TPM), which, according to the Canadian Internet Policy and Public Interest Clinic (CIPPIC), has features which are a potential threat to privacy.
“Our view on this is that Microsoft is not addressing head-on the privacy implications brought by this technology,” said David Fewer, lead counsel for CIPPIC.
A TPM is a hardware chip embedded on the motherboard of many new laptops, computers and other devices. The chip is capable of performing platform authentication and can be used to verify whether an OS is licensed or not.
The use of TRM is part of the controversial Trusted Computing (TC) concept.
Advocates of TC claim it will reduce a computer’s vulnerability to viruses and malware.
Opponents of TC believe the concept places too much power and control over technology in the hands of software makers. They say TC deprives consumers of anonymity in online transactions.
“Any kind of copyright protection (technology) has the potential of going beyond the narrow area of its stated concern,” said Fewer.
He said CIPPIC would investigate if the SPP can collect user’s IP addresses and other personal data and if Microsoft will inform consumers of this capability.
The SPP not only has the capability of identifying unlicensed software in a computer but also has the ability to control a machine’s functions from the chip level, McOrmond said. “In effect, even if your computer is your possession, other people hold the controls to its functions.”
The open-source software advocate said the information generated, or gathered by the SPP, can be used against a consumer.
For instance, McOrmond explained, banks could demand that an online customer submit their computer to a remote test. “A client whose computer is found to contain unauthenticated software might be declined service.”
Microsoft’s new product could drive consumers to seek out alternatives, said Fewer. “This can be a boon for open-source vendors such as Linux.”
Fewer said Linux’s open-source operating system has improved dramatically.
“Open Office has become in some aspects better than MS Office. The open software has excellent word processing, spreadsheet and presentation functions,” he said.
In the past, Fewer observed, consumers “merely gravitated towards the vendor carrying the lesser invasive rights management software.”
“Perhaps this time, consumers will rise up and demand respect,” he said.