Microsoft Takes Down A Bunch Of Non-Infringing YouTube Videos Over People Posting Product Keys In Comments
from the collateral-damage dept
Oh, Microsoft. The company has now admitted that it ended up sending a bunch of DMCA takedown notices on non-infringing videos, all because someone had posted product keys in comments to those videos. To its credit, Microsoft has apologized and said that it has “taken steps to reinstate legitimate video content and are working towards a better solution to targeting stolen IP while respecting legitimate content.” That’s all well and good, but this seems like the kind of thing that they should have done long before issuing obviously bad takedowns. This is the kind of thing that happens when you have a tool like the DMCA notice-and-takedown provision that makes it just so damn easy to censor content. Those issuing the takedowns do little to nothing to make sure the content being removed actually infringes. They just use either automated means or someone rushing through the process with little review, sending off takedowns willy nilly with no real concern about how they might kill off perfectly legal content. It still boggles the mind that a basic notice-and-notice regime couldn’t suffice to handle situations like this. That and making sure that those issuing bogus DMCA notices receive some sort of real punishment to give them the incentive to stop sending bogus takedowns.
Filed Under: censorship, comments, copyright, dmca, product keys, takedown, youtube
Companies: microsoft
Comments on “Microsoft Takes Down A Bunch Of Non-Infringing YouTube Videos Over People Posting Product Keys In Comments”
It could have been worse. Microsoft could have bricked the software registered with the keys displayed in the videos.
Re: Response to: Violynne on Oct 21st, 2014 @ 7:26am
It probably comes pre-bricked for your convenience, wait for the Service Pack 3 patch for un-bricking.
Re: Re:
I wonder if they could. If you don’t activate online but rather using cracks, would M$ be able to brick the system? And if so, how many would they actually brick and how much would it force people towards other systems?
Re: Re: Re:
Oh, I would LOVE them doing something like this. Just think about it, if MS can do it, so can any hacker worth anything. the chaos that would cause worldwide would be impressive.
I would love to see MS trying to weasel its way out that mess afterwards…
Re: Re: Re:
The answer is both yes & no.
Microsoft does indeed have a means of bricking pirate copies using Microsoft Genuine Advantage (now Windows Genuine Advantage).
However, there is at least 1 way around it: it’s already been cracked. Hackers have found the MGA/ WGA code & rooted around it, preventing the software from sending Microsoft the data needed to identify it as a pirated program. (I don’t know if the crack still works, though. Probably, based on what it does.)
It may also be possible to stop it if you don’t let the computer online (or Firewall Windows to prevent it from contacting MS), but I’m not sure how well that works. A single Windows Update could kill an uncracked version.
Re: Re:
That isn’t a bug. That’s a feature.
working towards a better solution to targeting stolen IP while respecting legitimate content
Contact Google or the uploaders to remove said comments?
Also there’s no such thing as stolen IP.
Actually, what I had heard was radically different. I had spoken to a former Microsoft employee who I know, and he stated that what Microsoft had actually made the copyright claims against were the individual comments, and that google/youtube had screwed up by taking down the videos instead.
Re: Re:
That’s even crazier.
You cannot possibly tell me that there is something creative enough in an individual product key that it could qualify for copyright protection.
Re: Re: Re:
There certainly isn’t anything ‘creative’, though copyright seems to have multiple standards today. Either way, legitimate or not, Microsoft used the quickest and easiest tool they had to take down the product keys.
They could have simply invalidated those keys, though I think they may have already been registered by a legitimate user. Simply disabling them in that case could actually land them in hot water. In some places, such as Europe, it is illegal to disable a product that someone has already paid for.
Re: Re: Re: Re:
“They could have simply invalidated those keys, though I think they may have already been registered by a legitimate user.”
If that’s the case, then the user has violated the terms of use by sharing the keys so there’s no legal problem with invalidating them.
Invalidating the keys would be a rational and appropriate response.
Re: Re: Re:2 Re:
So no-one ever has had keys stolen? It’s a user’s job to protect the keys now?
Re: Re: Re:3 Re:
“So no-one ever has had keys stolen? It’s a user’s job to protect the keys now?”
It’s always been the users job to protect the keys. That’s a trivial expectation — it’s not like protecting the keys requires a great effort of any sort.
In any case, a reasonable company would simply issue you a new key if yours was stolen and invalidated as a result. I know that Microsoft has done this before.
Re: Re: Re:4 Re:
“That’s a trivial expectation — it’s not like protecting the keys requires a great effort of any sort.”
Unless, the key is leaked from another source (e.g., list of keys leaked from an OEM, retailer or repair shop), leaked from MS themselves (e.g. a compromise of one of their servers or databases) or a 3rd party manages to “guess” the key via brute force or by gaining access to the algorithm.
I can safeguard the sticker that came with the EULA or is stuck to my computer, I can’t protect any of those other sources. That’s the problem – the key can be compromised in many ways that the legitimate owner cannot prevent. In those cases, the victim has to plead their innocence, with the default assumption being that they’re a pirate or have otherwise broken the licence agreement.
“In any case, a reasonable company would simply issue you a new key if yours was stolen and invalidated as a result. I know that Microsoft has done this before.”
Depends on how reasonable they are. Especially if the key originally came from an OEM for domestic use, I’ve known MS to be far less accommodating. Admittedly, they may have changed their ways since I worked domestic support, but I’ve seen many nightmare scenarios over the years.
Besides, don’t you see the problem here? Paying customers have to depend on a provider to be “reasonable” in order to continue using their purchased product, despite having done nothing wrong?
That’s really the issue people are getting at. Even if the customer has done everything in their power, they can still get screwed. While the pirates just go off and find another compromised key, or find a way around the authentication process, of course.
Re: Re: Re:5 Re:
“Besides, don’t you see the problem here?”
Yes, of course I do. Don’t misunderstand me, I’m not saying that this whole key business is a good thing at all. I’m just pointing out the reality you have to live with when you use Microsoft products.
Re: Re: Re:6 Re:
Indeed, but “screw them, they deserve what they get for using MS products” really doesn’t address any of the actual problems. Better that this be used as a demonstration of how bad the whole system is for legitimate customers and innocent bystanders alike.
Re: Re: Re:7 Re:
“but “screw them, they deserve what they get for using MS products” really doesn’t address any of the actual problems.”
True, but that’s not at all what I was trying to say. If I point out that walking through a bad part of town with money dangling out of your pockets is likely to get you mugged, I’m not saying “screw them, they deserve what they get.” I’m just describing the way things are.
Re: Re: Re:7 Re:
I don’t know. I do think that people who use Microsoft products deserve to be screwed, because they’re on their knees begging for it. Why should anyone lift a finger to save them from the fate that they so earnestly seek?
One of the reasons we have massive security problems at all layers of the Internet is that ignorant luser newbies never bear the consequences of their poor decisions – from the nearly-inconsequential ones to the massive ones. We’ve trained them to be as stupid as they want to be, repeatedly, because nothing bad ever happens to them as a consequence.
It just happens to all the rest of us.
If we want this to stop, then we have to start letting people bear the consequences of their actions. Let them feel some minor-but-escalating pain and perhaps they will learn not to do dumb things. (Although I’m sure some won’t.) But clearly, insulating them from those consequences hasn’t worked and it’s sure not working now.
Re: Re: Re:2 Re:
“If that’s the case, then the user has violated the terms of use by sharing the keys so there’s no legal problem with invalidating them.”
…unless an innocent person’s key was replicated by someone using a keygen or something similar. So, instead of an innocent YouTube user being affected, it’s an innocent Microsoft user.
Still a preferable response than forcing a 3rd party to shut something down over something of which they have no direct control, but still not the ideal solution.
“Invalidating the keys would be a rational and appropriate response.”
But, not an effective one. Pirates will just try another key, while legit users have their legally purchased products disabled. It goes back to the overall problem of DRM – the pirates will get away scot free while paying users suffer.
In all honesty, I think the solution I suggested elsewhere in the thread is the best. Microsoft just need to work with Google to get them to filter the comments to remove product keys. All MS keys have a predictable, distinctive pattern that’s unlikely to block legitimate speech if filtered out. Once in place, MS just need to monitor and advise when people find creative ways to circumvent the block, and make the filter react accordingly.
But, that requires open, honest co-operation rather than legal threats and grandstanding…
Re: Re: Re:3 Re:
MS Product key [note NOT real]
Victor Peter Robert Three Six DASH Tango Wally Four Seven Harry DASH [..] etc
Filtering will not work.. been tried before and again the only way to stop this is to have ONE Keycode one access ability. Though it will make problems if people figure out the algorithm though that’s always the prob as you stated with DRM
Re: Re: Re:4 Re:
It certainly won’t be foolproof, but at the very least it gets rid of the ability for people to copy/paste.
“Filtering will not work”
It depends on how you define “work”. Will it prevent product keys from being shared at all? Of course not. But, it’s impossible to do this with 100% effectiveness, no matter the effort used. Filter the text out completely, and pirates will suddenly become adept at stenography…
The realistic aim should be to prevent the keys from being shared in an easy-to-use manner on one of the world’s most used websites. A filter would work there a hell of a lot better than shutting off keys or killing videos. That’s what the aim should be, and what’s most likely to “work” – the more difficult YouTube make it, the more likely people are to go elsewhere, and the lower traffic on those other sites should help them be seen by less people (in theory, at least).
It won’t stop the hardcore, but they will probably be looking in other places anyway. My experience is that the people who look for such keys on YouTube are lazy, casual or opportunist pirates, and it’s amazing how many of them will lose interest once you make them think about what they’re doing…
Anyway, other suggestions are welcome, but compared to the other solutions being suggested and tried, I think that a mutually agreed filter will be more effective and have less unintended consequences.
Re: Re:
In fact, that’s one of the biggest problems with this kind of system. Faced with the possibility of massive lawsuits and liability over content they had no hand in creating, many service providers will be overzealous in reacting to demands. They will risk losing customers over their reaction rather than battle to save their business if their safe harbour status is threatened through court battles. The innocent content creator is screwed in the process, since neither side cares if the other side isn’t back with multi-million war chests and corporate sponsorship.
Trying to pass the blame from MS to Google because they reacted wrongly to huge numbers of false demands is missing the point, and the real issue, however.
Re: Re:
Honestly, I’d be inclined to believe that’s more likely what happened, and Google decided to use the hammer instead of the scalpel by taking down the vids altogether instead of removing individual comments.
Well, I suppose now we have reason #10246 on why Youtube’s current takedown system is about as useful as a pie made from steaming cow turds.
Re: Re: Re:
Such a pie could be very useful for throwing at those people who abuse the DMCA.
Re: Re: Re:
from personal experience, youtubes process is 1000x better than bing.
Try to get bing to remove links to pirated software destined for android or other non-windows platforms. MS is hillarious in this regard. Well, no one uses bing anyway, so I don’t bother anymore.
Re: Re: Re:
“Well, I suppose now we have reason #10246 on why Youtube’s current takedown system is about as useful as a pie made from steaming cow turds.”
True, but to blame Google for this is to ignore the reasons why they were forced to put such a crappy system in place to begin with. Remember, content ID only really exists because YouTube were heavily attacked in lawsuits where the copyright holders couldn’t even correctly identify the content, and held YouTube liable for any content that slipped through the net.
In their defense, apparently they were only targeting the comments (without seeing the takedown requests — which I haven’t seen — it’s hard to be sure) and Youtube (Google?) was like “eff it, Windows videos be gone”.
They took down MS EMPLOYEE VIDEOS 😀
http://www.windowscentral.com/microsoft-inadvertently-caused-youtube-take-down-some-windows-videos
Re: Re:
yay!
Re: Re:
boy, thats a different breed at that website (windowscentral)(by the comments). Talk about misinformed.
Prior Restraint
One thing I still don’t understand about the DMCA takedown system is how it doesn’t violate prior restraint since unauthorized use of copyrighted material may still be non-infringing thanks to fair use.
Also, since the codes were created by a computer algorithm, is that “content” even copyrightable under US law? I realize MS doesn’t state whether it believes there is a copyright but I can imagine such an argument being made.
Re: Prior Restraint
Even if the product keys aren’t copyrighted material, MS could argue that posting them allows people to circumvent the ‘unlock-software-with-key’ form of DRM. I don’t believe that the takedown notice provisions of the DMCA would apply under such an interpretation, but MS could still argue that the keys need to be removed since they violate other parts of the DMCA.
Re: Re: Prior Restraint
What parts of the DMCA?
A key is only violating once it has been used.. Otherwise knowing someone’s PIN to their bank would be an offense. It isn’t
It’s ONLY an offense and actionable once the PIN (or key in this instance) has actually been used fraudulently.
Microsoft have the wherewithal to absolutely make sure that Keys can ONLY be used once. For them to show that they are concerned about a single key being used over and over again shows how screwed up their own DRM system actually is.
Re: Prior Restraint
It’s a GIANT loophole.
A DMCA takedown is entirely voluntary. The company that is issued a takedown notice can completely ignore it if they want to. They lose protections if they do so, but it is still a private company censoring something – and censorship by a private company is completely legal (and should be).
Re: Prior Restraint
One thing I still don’t understand about the DMCA takedown system is how it doesn’t violate prior restraint since unauthorized use of copyrighted material may still be non-infringing thanks to fair use.
it doesn’t consider fair use. Thats how DMCA is used for censorship. The content has to come down for the host to maintain immunity, even if the content is fair use, or even an original (non-infringing) piece of work.
Re: Re: Prior Restraint
“One thing I still don’t understand about the DMCA takedown system is how it doesn’t violate prior restraint since unauthorized use of copyrighted material may still be non-infringing thanks to fair use.”
This one’s easy: it’s because there is no law requiring sites to honor takedown notices — that’s a voluntary private action and so things like prior restraint don’t enter into it.
This is part of the insidiousness of this part of the DMCA — to make actions which are effectively mandatory legally voluntary lets the law dodge a lot of constitutional issues.
IN this case, Microsoft was correct in demanding that the videos be taken down because there’s no other method for taking down the comments they are attached to. While it was in the extreme, it was the only choice Microsoft had open to it.
Re: Re:
Well, firstly, it certainly wasn’t the only option that Microsoft had available. There are many others, from issuing a DMCA for the offending comments specifically all the way through including actually getting a court order.
And, secondly, even if it was the only option, that doesn’t even come close to meaning that it is a justifiable action.
Re: Re: Re:
True, true; and I like the fact that the videos were probably pro-micrsoft, and now they are completly gone.
Re: Response to: Anonymous Coward on Oct 21st, 2014 @ 9:06am
It’s not really their decision.
Re: Re:
One: apparently Microsoft did target specific comments, not the videos.
Two: there are ways to report individual users instead of videos.
Re: Re: Re:
Three: they knew the codes that were posted, so could have revoked/blocked through their own authentication system.
Four: They could also work with Google to add a filter to their commenting system to filter out the distinctive pattern of an MS activation code before it’s visible to the public.
But, such simple, friendly responses with minimal unintended consequences are somehow not acceptable when you can just launch legal attacks with maximum collateral damage.
Re: Re:
No it isn’t.. all they have to do is make sure the Keys in question can only be used ONCE. This is easy and should be a standard security protocol in their DRM structure.
Also classifying it as an extreme is justifying the action MS took no matter what. It’s either wrong or not.. No in between. This was flat out wrong and fraudulent usage of the DCMA since they hold NO copyright whatsoever over the keys.
The non-copyrightability of a string of letters and numbers used for this and similar purposes is long established case law.
I sense a counter-attack
Because of this M$ stupidity, I have a feeling that people who post activation code will start posting them to comments of M$ content.
Re: I sense a counter-attack
I hope they don’t get that Microsoft anime. I kinda like that one– and not just from a content as ads POV.
Re: I sense a counter-attack
I can’t help but thing someone will learn from this and use it as a way to have anything they don’t like taken down.
MS may have a rough road on this. It’ll be very hard to argue that a seemingly-random collection of letters and numbers has any creative content (copyright), circumvents DRM (it’s a KEY, it opens locked content), is a trademark, or deserves trade-secret protection.
Re: Re:
It’s rather hard to say, really. Yes, there is a creativity requirement for copyright, but the amount of creativity required is really very small. Microsoft might get mileage out of arguing that the keys are, in fact, creative based on the fact that they are the result of creative effort (the algorithm that produces the key). I’m sure actual attorneys could come up with better arguments than this, though.
Re: Re: Re:
the algorithm that creates the keys is copyrightable.. The keys it creates are definitely not.
Keycodes are just a semi-random string of numbers that have no sweat of the brow with them. Postcodes/Zipcodes are the same.
Re: Re: Re: Re:
There is no “sweat of the brow” requirement for copyright. And some things similar to the keys are copyrighted. The Dewey decimal system comes to mind. In any case, I’m not convinced my argument is actually correct, I’m just spitballing. I’m also not convinced that my argument should be correct, even if it is.
Give them a taste of their own medicine by posting product keys in the comments of their own videos.
Re: Re:
Why post product keys in the first place if not for some nefarious purpose.
Good for the soul...
“To its credit, Microsoft has apologized and said that it has “taken steps to reinstate legitimate video content and are working towards a better solution to targeting stolen IP while respecting legitimate content.“
Gads. Even a full public confession of wrong doing is not enough to trigger the law into action on fake and faulty DMCA takedowns.
I guess we can now admit that the “punishment” parts of this law were added only as PR color/flavor, in order to make the public think that their interests were also being considered by the courts.
Silly us eh.
—
Pay for the things you use!
Why not just pay for the software you uses and the movies you watch?
The creators deserve to be paid for their work.
Re: Pay for the things you use!
“Blind2BadReasoning”
Well, clearly you are blind to it since you’ve employed it here. Is there any indication that people aren’t paying for movies and software, well apart from the movies made free to view by their creators in the first place?
If not, you’re an asshole and a liar.