[ISN] Vista's legal fine print raises red flags

From: InfoSec News (alerts@private)
Date: Mon Jan 29 2007 - 23:38:24 PST


By Michael Geist 
January 29, 2007

Vista, the latest version of Microsoft's Windows operating system, makes 
its long awaited consumer debut tomorrow. The first major upgrade in 
five years, Vista incorporates a new, sleek look and features a wide 
array of new functionality, such as better search tools and stronger 

The early reviews have tended to damn the upgrade with faint praise, 
however, characterizing it as the best, most secure version of Windows, 
yet one that contains few, if any, revolutionary features.

While those reviews have focused chiefly on Vista's new functionality, 
for the past few months the legal and technical communities have dug 
into Vista's "fine print." Those communities have raised red flags about 
Vista's legal terms and conditions as well as the technical limitations 
that have been incorporated into the software at the insistence of the 
motion picture industry.

The net effect of these concerns may constitute the real Vista 
revolution as they point to an unprecedented loss of consumer control 
over their own personal computers. In the name of shielding consumers 
from computer viruses and protecting copyright owners from potential 
infringement, Vista seemingly wrestles control of the "user experience" 
from the user.

Vista's legal fine print includes extensive provisions granting 
Microsoft the right to regularly check the legitimacy of the software 
and holds the prospect of deleting certain programs without the user's 
knowledge. During the installation process, users "activate" Vista by 
associating it with a particular computer or device and transmitting 
certain hardware information directly to Microsoft.

Even after installation, the legal agreement grants Microsoft the right 
to revalidate the software or to require users to reactivate it should 
they make changes to their computer components. In addition, it sets 
significant limits on the ability to copy or transfer the software, 
prohibiting anything more than a single backup copy and setting strict 
limits on transferring the software to different devices or users.

Vista also incorporates Windows Defender, an anti-virus program that 
actively scans computers for "spyware, adware, and other potentially 
unwanted software." The agreement does not define any of these terms, 
leaving it to Microsoft to determine what constitutes unwanted software.

Once operational, the agreement warns that Windows Defender will, by 
default, automatically remove software rated "high" or "severe," even 
though that may result in other software ceasing to work or mistakenly 
result in the removal of software that is not unwanted.

For greater certainty, the terms and conditions remove any doubt about 
who is in control by providing that "this agreement only gives you some 
rights to use the software. Microsoft reserves all other rights." For 
those users frustrated by the software's limitations, Microsoft cautions 
that "you may not work around any technical limitations in the 

Those technical limitations have proven to be even more controversial 
than the legal ones.

Last December, Peter Guttman, a computer scientist at the University of 
Auckland in New Zealand released a paper called "A Cost Analysis of 
Windows Vista Content Protection." The paper pieced together the 
technical fine print behind Vista, unraveling numerous limitations in 
the new software seemingly installed at the direct request of Hollywood 

Guttman focused primarily on the restrictions associated with the 
ability to play back high-definition content from the next-generation 
DVDs such as Blu-Ray and HD-DVD (referred to as "premium content").

He noted that Vista intentionally degrades the picture quality of 
premium content when played on most computer monitors.

Guttman's research suggests that consumers will pay more for less with 
poorer picture quality yet higher costs since Microsoft needed to obtain 
licences from third parties in order to access the technology that 
protects premium content (those licence fees were presumably 
incorporated into Vista's price).

Moreover, he calculated that the technological controls would require 
considerable consumption of computing power with the system conducting 
30 checks each second to ensure that there are no attacks on the 
security of the premium content.

Microsoft responded to Guttman's paper earlier this month, maintaining 
that content owners demanded the premium content restrictions. According 
to Microsoft, "if the policies [associated with the premium content] 
required protections that Windows Vista couldn't support, then the 
content would not be able to play at all on Windows Vista PCs." While 
that may be true, left unsaid is Microsoft's ability to demand a better 
deal on behalf of its enormous user base or the prospect that users 
could opt-out of the technical controls.

When Microsoft introduced Windows 95 more than a decade ago, it adopted 
the Rolling Stones "Start Me Up" as its theme song. As millions of 
consumers contemplate the company's latest upgrade, the legal and 
technological restrictions may leave them singing "You Can't Always Get 
What You Want."

Michael Geist holds the Canada Research Chair in Internet and E-commerce 
Law at the University of Ottawa, Faculty of Law. He can reached at 
mgeist (at) uottawa.ca or online at www.michaelgeist.ca.

Subscribe to InfoSec News

This archive was generated by hypermail 2.1.3 : Mon Jan 29 2007 - 23:55:12 PST