A case started in a Washington district court suing Microsoft over its Windows XP Genuine Advantage program.
The class action alleges that the WGA was dramatically expanded in April 2006 and altered the means which the program delivered, “violating the law”.
Instead of identifying the WGA as an anti-piracy download option, Microsoft is alleged to have described the program as a high priority update, without giving users an explanation of what the program was or would do on computers.
WGA, the filing continued contains two components – a Notification program that identified if a copy of the OS was legit, and a validation component that collected information from computers and sent it back to Microsoft. An additional component, it’s alleged, has a phone home function, which relays information about PCs on a daily basis.
“Microsoft hid, misrepresented and/or failed to disclose the true nature, features, and functionality of the WGA software to consumers. Contrary to the express statements Microsoft made in the inadequate disclosures that were provided, the software collected and communicated private identifying information from consumer’s computers and sent that information back to Microsoft on a daily basis,” the filing said.
That, it’s alleged breaches consumer protection and anti-spyware statues. “This lawsuit is brought to provide a remedy to consumers for Microsoft’s misleading and unlawful conduct in installing uninstallable licensing enforcement software under the guise and misrepresentation of a security update, hiding the true nature, operation, and functionality of the software that was downloaded, and collecting personal and identifying information from every computer on which this software is installed without informed consent,” it continued.
Damages, if the plaintiffs’ case is proved, will amount to over $5,000,000, the filing said.
The filing quotes David Lazar, the Microsoft director of Genuine Windows as saying: “The system works by identifying unique characteristics of a system and implanting a software key that can be read by Microsoft when updates are requested. The only way to remove the key is to reformat the hard drive..The key won’t be used to identify individual users, only individual systems. I would go back to our privacy policy, which says we have no knowledge of the identity of the users, so a user shouldn’t be concerned about the use of that key.”
That, the plaintiffs allege, isn’t true. “WGA Verification collects and transmits an enormous amount of sensitive information to Microsoft. WGA Verification validates its Windows XP installation on a daily basis. In addition to the information collected above, WGA Verification also collects users’ Internet Protocol address and their domain name server’s IP address.”