DRM Accused Of Sending Personal Info To Help With Licensing Shakedown
from the privacy-is-a-one-way-street dept
DRM. Is there nothing evil it can't do? Between installing rootkits and propping open back doors, DRM is a copyright enforcer's best friend. Miguel Pimentel, a Boston-area architect, believes he's stumbled across its latest trick: extracting $150,000 from your wallet via a quick unannounced "phone home" to the nearest copyright cop.
Ima Fish directs our attention to the class action lawsuit, filed March 30, 2011, which alleges that Transmagic's 3-D software came prepackaged with "phone home" DRM that gathered personal user information and passed it on to their copyright enforcement consultants, ITCA (IT Compliance Association). This information (including name, company name and phone number) was used by ITCA in an attempt to extract $10,000+ per year in licensing and maintenance fees.
Pimentel, aware of their seven-day trial period, had downloaded a copy of Transmagic's EXPERT software from an unspecified site. After experimenting with it a few times, he uninstalled it and deleted the software. Ninety days later, he was contacted by Anita Jonjic, a "mediator" employed by ITCA, who accused Pimental of "illegally downloading" the program and informed him that if "he did not agree to purchase the product license and service plan for $10,000 plus annually recurring maintenance fees, Transmagic and ITCA would take legal action against him for $150,000." She also made it clear that she knew where Pimentel worked and would not disclose his "piracy" to his employers as long as the fees were paid.
This lawsuit centers on Licensing Technologies Limited's DRM software (Sheriff), which Pimentel claims "secretly planted 'phone home' code in Transmagic software and used it to conduct surveillance on all Transmagic users in an attempt to detect a few supposedly unauthorized users."
Sheriff Software's site has an unusually large amount of detailed information, most of it in plain English, covering everything from error handling to its EULA. Nowhere in this extensive help section is there any indication that the Sheriff Software does anything more than prohibit use without a registered license key. Of course, DRM software is generally opaque when it comes to backdoors and other nefarious code.
Could Transmagic be supplying this information? Most likely not in Pimentel's case, as he only specifies "a website" in his lawsuit, but it could easily do so if it chose. Their registration screen, which must be filled out before you can download the trial version, requires that all of these fields be filled out: First Name, Last Name, Company Name, Phone Number, Country, and Corporate Website. That's a lot of information for a trial version. Obviously, Transmagic would like to have your contact info in order to sell you its product. Coincidentally, it's also all the information used in Anita Jonjic's phone call to Pimentel, including his place of employment.
The final defendant listed is ITCA, helmed by founder Chris Luitjen, and headquartered in Curacao. (Normally, I would link to it, but its Terms of Service clearly state "You may not create a link to this website from another website or document without ITCA's prior written consent." [It's ITCA.com, in case you don't feel like wading through a seemingly endless list of other companies and associations that use the same acronym.] )
The shadowy ITCA's web page is apparently in a constant state of upgrade and contains nothing more than a link to their online software validation program and some impressive client logos (Microsoft, Siemens and McAfee to name a few). There is a contact page but not a single email address is listed nor is any indication given as to what exactly they do while not enjoying the tropical weather.
However, Chris Luijten has made no effort to hide his real agenda, as evidenced by his partnership with V.i. Labs. V.i. Labs is an organization, which claims it's dedicated to wiping out software piracy. As such, it has taken care to rely on dubious formulas (pirated software x full retail price = amount of lost sales) and acrimonious methodology to try to "turn infringement into leads." Here's a brief explanation of the software tactics that V.i. employs:
V.i. Labs provides the code, which an ISV embeds it into its software via an update or a new version. Then, from V.i. Labs’ dashboard, the ISV can track and monitor where all the cracked and pirated copies of its software go to determine who is using them.
Victor DeMarines, vice president of products for V.i. Labs, noted no personal information is obtained through use of the code. “It only runs in a certain condition during piracy use,” he said. “No personal information is transferred, [but] we can find out, ‘Is this an organization?’”
Beyond that, DeMarines pointed out that reverse DNS lookup and the domain information of the network running the pirated software actually can be used to generate leads... If the offender is just one user behind an ISP’s IP address, then likely no action will be taken. But if the reverse DNS or domain turns up a big corporation — ISVs now have a real lead.
DeMarines states that "no personal information" is gathered by this code injection, but ITCA's "mediator" had plenty of it, certainly more than V.i. Labs says it gathers. Of course, ITCA may be running its own version which harvests considerably more information. Pimentel's lawsuit goes so far as to suggest that ITCA is seeding sites with cracked software containing their "phone home" coding.
There is also the possibility that ITCA has "broken from the pack" with this thuglike shakedown. Evidence of Luijten's work with V.i. Labs, which was live on V.i.'s site until April 2nd, has been completely removed. When Boston-area blog Universal Hub published a story on the lawsuit on March 31st, their link to a joint webinar by Luijten and DeMarines was still live. By April 3rd, you could only reach the cache. By the 5th, even that was gone, with the link redirecting to this page. (Other evidence remains online, however.) I followed up with V.i. Labs as to the reason behind this removal and received this explanation:
Our relationship with ITCA ended last year and we no longer offer this webinar.
Apparently, it takes a string of coincidences and some unflattering incoming links to remove a webinar you haven't offered in over three months. Oh, and having the webinar mentioned by name in a class action lawsuit (see page 5 of the filing) might have expedited this disappearance.
I contacted several of ITCA's clients to get some insight into how the company works, and was met with a variety of "no comments." Microsoft: "Unfortunately, after connecting with my colleagues, we are not able to provide comment on this issue." Autodesk: "Only the ITCA can make statements about its position on software piracy and license compliance. Please contact ITCA directly for information about the organization's activities and position."
Unfortunately, we may have to wait until this lawsuit shakes out before we can find out what really happened. According to their own statements, ITCA could have been seeding unlicensed versions with their own code. The possibility still remains that Sheriff Software's DRM reports back with more than just the "digital fingerprint" that binds the license to the PC. Whether Transmagic gave ITCA permission to gather this data also remains to be seen. If they did, the release of this personal information would appear to violate the terms of Transmagic's own privacy policy (emphasis mine):
Personal information provided by clients on our Web site will be used for the sole purpose of completing the specific transaction. TransMagic, Inc. will not sell, disclose or rent to third parties individually identifiable user information collected at our web site, through our servers or otherwise obtained by us, other than to provide our product, services and updates as set forth in this privacy policy.
Anita Jonjic appears to have clearly crossed the line with her demands and threats. There is no reason to believe (at this point) that ITCA condones this behavior nor is there any evidence this "method" of recovery has been used before -- though, the "class action" nature of this lawsuit means that someone's certainly going to try to find out.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Laws only apply when they can make us money!
[ link to this | view in thread ]
# You may not create a link to this website from another website or document without ITCA's prior written consent.
#This website may also include links to other websites. These links are provided for your convenience to provide further information. They do not signify that we endorse the website(s). We have no responsibility for the content of the linked website(s).
Based on that, it's a safe assumption to say you CAN link there, even though they don't want you to. If you don't want your website linked to, don't have it on the internet. What a bunch of fail.
[ link to this | view in thread ]
DRM == malware.
Hardware and software supplier would no longer have a motivation to include hidden features, files and data in their systems. Of course legacy features would keep things bad for quite a while - but we would eventually get to a better place.
Of course if DRM (formerly known as copy protection) had been illegal from the outset we would have far fewer security problems now.
[ link to this | view in thread ]
That's the part that is plainly ridiculous. Normally, the demand would be to cease use of the software and/or remove it. How can you sue someone into forceably purchasing the software? What are they going to say to the judge? Your Honour, the defendant used the software during the trial period, but then didn't purchase the full version, therefore we suffered catastrophic damages.
[ link to this | view in thread ]
[ link to this | view in thread ]
And guess what. Pirated software doesn't have drm. Pirated movies don't have DRM. Pirated songs don't have rootkits that install on your computer. It now makes literally no sense to actually purchase these products because the pirated copies are vastly superior simply because the DRM is disabled.
I mean wow. It's like they are begging people to stop trusting them and to stop buying their products. Well, it worked. I'm switching to open source.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
And yes, you're correct that no one knows what the DRM code is doing with legit copies, but the same is true of pirated material. Everyone knows that pirated software is a vector for viruses and other illicit code. There are plenty of pirated programs that are loaded with rootkits. It's not all backrubs and mutual support from the pirate boys. The pirates have to make their money somewhere. Your romanticized illusion does no one any good.
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Plaintiff just spent 5K on lawyers telling everyone he is a THIEF
But saying, I STEAL but you broke the rules also, is a last-ditch legal tactic.
[ link to this | view in thread ]
Re: Re:
Both those examples are of situations that ACTIVELY HARM another. That is nowhere near the same as someone being 'alleged' to
Do you also want to shillingly justify the 'illegal' actions of companies like Sony and their illegal 'hacking' of your computer, or these companies above who are likely 'illegally' shaking you down or collecting your info?
It's easy enough to make your core point ("There are plenty of pirated programs that are loaded with rootkits") without the silliness at the start. Why not Godwin while you are at it? :)
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Plaintiff just spent 5K on lawyers telling everyone he is a THIEF
What others are saying is simply that all this abuse of law and the system hardly encourages people to be legitimate users when legitimate users are so penalised compared to illicit ones. I'm sure most would far rather improve the laws and make sure rogue companies/organisations/government departments are smacked down properly, but how likely is that in today's political so-called democracy?
[ link to this | view in thread ]
Re: Plaintiff just spent 5K on lawyers telling everyone he is a THIEF
[ link to this | view in thread ]
Re: Plaintiff just spent 5K on lawyers telling everyone he is a THIEF
[ link to this | view in thread ]
Re:
I would think this would be more, extortion, again, fixable with the right amount of money placement.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Seeding cracked versions
"Here have some software...Just kidding! SUED!"
[ link to this | view in thread ]
First, didn't the agreement say it would not give out *CLIENT* information? He is not a client until he is paying for the services. Yeah I know cheap but it's all about the lawyer speak.
And on a different note, how many times do you give out your personal information on the internet? Sure the EULA or privacy policy says they will only use your information internally. But take a good look at it, usually their is some language about third party or associates. Whats to stop MS/Google/Amazon/ etc from 'sharing' your id with a third party or associate who thinks you've wronged them? If you think it's the law... look where that's headed. Anti privacy- pro corporate laws seem to be the future.
[ link to this | view in thread ]
Also set your firewall to block any outgoing connection attempts unless you specifically authorize them.
[ link to this | view in thread ]
Re: Re: Plaintiff just spent 5K on lawyers telling everyone he is a THIEF
It in the section call "ALLEGATIONS of facts" (known as one-side-of-the-story)
he uses tricking legal wording to say that
he was "AWARE" that a trial version was available.
He does not even have the balls to say that he "THOUGHT" he was downloading an evaluation copy.
I would guess that he became aware that a trial version was available AFTER he was in legal trouble. All this will come out if further legal action continues.
It's likely a legal bluff for a better settlement. But, some people never admit to anything.
If he did nothing wrong, he could have always said, "Bye. Don't call me again. Sue me if you think you have a case." If they have no evidence, the problem goes away.
[ link to this | view in thread ]
Re: Re: Re: Plaintiff just spent 5K on lawyers telling everyone he is a THIEF
No information means bad information most of the time. He likely downloaded it from some pirate site.
FYI: IF there is a real evaluation copy of ANY software, go to the official site for the most up-to-date version without any malware worries.
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Plaintiff just spent 5K on lawyers telling everyone he is a THIEF
...except for all the malware that the company puts on there to begin with.
Fixed.
[ link to this | view in thread ]
Re: Re:
Actually neither of those statements are true.
[ link to this | view in thread ]
Re: Re: Re: Re: Plaintiff just spent 5K on lawyers telling everyone he is a THIEF
I think that the facts are against you here.
[ link to this | view in thread ]
Re: Re: Re: Re: Plaintiff just spent 5K on lawyers telling everyone he is a THIEF
Way to open your mind to possibilities. You've apparently already judged that he's guilty. Do everyone a favor: If you're not willing to discuss anything, don't post. Posts like these only go to show your close-mindedness and ignorance.
[ link to this | view in thread ]
Re:
Better yet, use 10 Minute Mail: http://10minutemail.com/10MinuteMail/index.html
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Plaintiff just spent 5K on lawyers telling everyone he is a THIEF
1.) he did not say he downloaded it from the official site,
2.) he claims that pirate sites were infected with phone-home software, and
3.) there is NO claims of deceptive advertising or fraud if he was mislead on the official site into thinking he was downloading a free trial
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Plaintiff just spent 5K on lawyers telling everyone he is a THIEF
"Pimentel says he downloaded a free, 7-day trial copy of Transmagic software from a website, didn't like it, and uninstalled it the same day."
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Plaintiff just spent 5K on lawyers telling everyone he is a THIEF
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: Plaintiff just spent 5K on lawyers telling everyone he is a THIEF
However I note that
1) there are plenty of other legitimate websites that offer the trial version of Transmagic.
2) It isn't easy (in this case ) to even find a pirate version.
3)After 3 months you wouldn't necessarily remember where you downloaded from.
4) Transmagic requires a registration - which is a hassle.
5) Some other legit sites don't require a re- registration if you are already registered with them - presumably - they already have the info to pass on to transmagic.
6) You're assuming the worst because it suits your point.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: Re: Re: Plaintiff just spent 5K on lawyers telling everyone he is a THIEF
Your blatant disregard for privacy laws flag you as a person who would just as likely give up other personal laws to protect corporations... That's a dangerous precedent to put forth, especially in light of the fact that they are extorting him into purchasing their software and blackmailing him by eluding that they would notify his employer should he not comply.
[ link to this | view in thread ]
Re: DRM == malware.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: Plaintiff just spent 5K on lawyers telling everyone he is a THIEF
"Pimentel says he downloaded a free, 7-day trial copy of Transmagic software from a website, didn't like it, and uninstalled it the same day."
but the legal document that it looks like you later read says:
Pimetel was AWARE of a free trial, but did not say what or where he downloaded. (either because he can't recall, or recalling and saying would make him guilty)
This may clarify that it’s not only what you say but what you don’t say:
I am AWARE that I can test-ride a BMW for free.
I took BMW. ( off the street at midnight without permission)
I tell the cop who catches me, I thought it was a free trial.
It could have been a big misunderstanding, but if it was a big misunderstanding, Pimetel could have provided more information, and sued for being mislead.
Or Pimetel could be a total idiot who thinks he can test ride any car at midnight.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: Re: Plaintiff just spent 5K on lawyers telling everyone he is a THIEF
"I thought it was an authorized free-trial copy from the official or authorized site since I don't pirate software"
a claim he fails to make, either because of a bad lawyer or he is guilty of piracy.
[ link to this | view in thread ]
Re: Plaintiff just spent 5K on lawyers telling everyone he is a THIEF
The plaintiff downloaded the software with the reasonable belief that it was as presented, a seven day free trial. When he found it didn't meet his needs he promptly uninstalled and deleted it. Same day. How is that stealing?
If either Transmagic or ITCA transmitted unprotected versions styled as free trials for the purpose of installing spyware on on unsuspecting users' computers, then suing them for infringement, this is entrapment which is every bit as illegal as using pirated software.
[ link to this | view in thread ]
7 day trial
[ link to this | view in thread ]