Microsoft Takes Down A Bunch Of Non-Infringing YouTube Videos Over People Posting Product Keys In Comments
from the collateral-damage dept
Oh, Microsoft. The company has now admitted that it ended up sending a bunch of DMCA takedown notices on non-infringing videos, all because someone had posted product keys in comments to those videos. To its credit, Microsoft has apologized and said that it has "taken steps to reinstate legitimate video content and are working towards a better solution to targeting stolen IP while respecting legitimate content." That's all well and good, but this seems like the kind of thing that they should have done long before issuing obviously bad takedowns. This is the kind of thing that happens when you have a tool like the DMCA notice-and-takedown provision that makes it just so damn easy to censor content. Those issuing the takedowns do little to nothing to make sure the content being removed actually infringes. They just use either automated means or someone rushing through the process with little review, sending off takedowns willy nilly with no real concern about how they might kill off perfectly legal content. It still boggles the mind that a basic notice-and-notice regime couldn't suffice to handle situations like this. That and making sure that those issuing bogus DMCA notices receive some sort of real punishment to give them the incentive to stop sending bogus takedowns.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: censorship, comments, copyright, dmca, product keys, takedown, youtube
Companies: microsoft
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Response to: Violynne on Oct 21st, 2014 @ 7:26am
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
I would love to see MS trying to weasel its way out that mess afterwards...
[ link to this | view in chronology ]
Re: Re:
Microsoft does indeed have a means of bricking pirate copies using Microsoft Genuine Advantage (now Windows Genuine Advantage).
However, there is at least 1 way around it: it's already been cracked. Hackers have found the MGA/ WGA code & rooted around it, preventing the software from sending Microsoft the data needed to identify it as a pirated program. (I don't know if the crack still works, though. Probably, based on what it does.)
It may also be possible to stop it if you don't let the computer online (or Firewall Windows to prevent it from contacting MS), but I'm not sure how well that works. A single Windows Update could kill an uncracked version.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Contact Google or the uploaders to remove said comments?
Also there's no such thing as stolen IP.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
You cannot possibly tell me that there is something creative enough in an individual product key that it could qualify for copyright protection.
[ link to this | view in chronology ]
Re: Re:
They could have simply invalidated those keys, though I think they may have already been registered by a legitimate user. Simply disabling them in that case could actually land them in hot water. In some places, such as Europe, it is illegal to disable a product that someone has already paid for.
[ link to this | view in chronology ]
Re: Re: Re:
If that's the case, then the user has violated the terms of use by sharing the keys so there's no legal problem with invalidating them.
Invalidating the keys would be a rational and appropriate response.
[ link to this | view in chronology ]
Re: Re: Re: Re:
So no-one ever has had keys stolen? It's a user's job to protect the keys now?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
It's always been the users job to protect the keys. That's a trivial expectation -- it's not like protecting the keys requires a great effort of any sort.
In any case, a reasonable company would simply issue you a new key if yours was stolen and invalidated as a result. I know that Microsoft has done this before.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
Unless, the key is leaked from another source (e.g., list of keys leaked from an OEM, retailer or repair shop), leaked from MS themselves (e.g. a compromise of one of their servers or databases) or a 3rd party manages to "guess" the key via brute force or by gaining access to the algorithm.
I can safeguard the sticker that came with the EULA or is stuck to my computer, I can't protect any of those other sources. That's the problem - the key can be compromised in many ways that the legitimate owner cannot prevent. In those cases, the victim has to plead their innocence, with the default assumption being that they're a pirate or have otherwise broken the licence agreement.
"In any case, a reasonable company would simply issue you a new key if yours was stolen and invalidated as a result. I know that Microsoft has done this before."
Depends on how reasonable they are. Especially if the key originally came from an OEM for domestic use, I've known MS to be far less accommodating. Admittedly, they may have changed their ways since I worked domestic support, but I've seen many nightmare scenarios over the years.
Besides, don't you see the problem here? Paying customers have to depend on a provider to be "reasonable" in order to continue using their purchased product, despite having done nothing wrong?
That's really the issue people are getting at. Even if the customer has done everything in their power, they can still get screwed. While the pirates just go off and find another compromised key, or find a way around the authentication process, of course.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re:
Yes, of course I do. Don't misunderstand me, I'm not saying that this whole key business is a good thing at all. I'm just pointing out the reality you have to live with when you use Microsoft products.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re:
True, but that's not at all what I was trying to say. If I point out that walking through a bad part of town with money dangling out of your pockets is likely to get you mugged, I'm not saying "screw them, they deserve what they get." I'm just describing the way things are.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re:
One of the reasons we have massive security problems at all layers of the Internet is that ignorant luser newbies never bear the consequences of their poor decisions - from the nearly-inconsequential ones to the massive ones. We've trained them to be as stupid as they want to be, repeatedly, because nothing bad ever happens to them as a consequence.
It just happens to all the rest of us.
If we want this to stop, then we have to start letting people bear the consequences of their actions. Let them feel some minor-but-escalating pain and perhaps they will learn not to do dumb things. (Although I'm sure some won't.) But clearly, insulating them from those consequences hasn't worked and it's sure not working now.
[ link to this | view in chronology ]
Re: Re: Re: Re:
...unless an innocent person's key was replicated by someone using a keygen or something similar. So, instead of an innocent YouTube user being affected, it's an innocent Microsoft user.
Still a preferable response than forcing a 3rd party to shut something down over something of which they have no direct control, but still not the ideal solution.
"Invalidating the keys would be a rational and appropriate response."
But, not an effective one. Pirates will just try another key, while legit users have their legally purchased products disabled. It goes back to the overall problem of DRM - the pirates will get away scot free while paying users suffer.
In all honesty, I think the solution I suggested elsewhere in the thread is the best. Microsoft just need to work with Google to get them to filter the comments to remove product keys. All MS keys have a predictable, distinctive pattern that's unlikely to block legitimate speech if filtered out. Once in place, MS just need to monitor and advise when people find creative ways to circumvent the block, and make the filter react accordingly.
But, that requires open, honest co-operation rather than legal threats and grandstanding...
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
Victor Peter Robert Three Six DASH Tango Wally Four Seven Harry DASH [..] etc
Filtering will not work.. been tried before and again the only way to stop this is to have ONE Keycode one access ability. Though it will make problems if people figure out the algorithm though that's always the prob as you stated with DRM
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
"Filtering will not work"
It depends on how you define "work". Will it prevent product keys from being shared at all? Of course not. But, it's impossible to do this with 100% effectiveness, no matter the effort used. Filter the text out completely, and pirates will suddenly become adept at stenography...
The realistic aim should be to prevent the keys from being shared in an easy-to-use manner on one of the world's most used websites. A filter would work there a hell of a lot better than shutting off keys or killing videos. That's what the aim should be, and what's most likely to "work" - the more difficult YouTube make it, the more likely people are to go elsewhere, and the lower traffic on those other sites should help them be seen by less people (in theory, at least).
It won't stop the hardcore, but they will probably be looking in other places anyway. My experience is that the people who look for such keys on YouTube are lazy, casual or opportunist pirates, and it's amazing how many of them will lose interest once you make them think about what they're doing...
Anyway, other suggestions are welcome, but compared to the other solutions being suggested and tried, I think that a mutually agreed filter will be more effective and have less unintended consequences.
[ link to this | view in chronology ]
Re:
Trying to pass the blame from MS to Google because they reacted wrongly to huge numbers of false demands is missing the point, and the real issue, however.
[ link to this | view in chronology ]
Re:
Well, I suppose now we have reason #10246 on why Youtube's current takedown system is about as useful as a pie made from steaming cow turds.
[ link to this | view in chronology ]
Re: Re:
Such a pie could be very useful for throwing at those people who abuse the DMCA.
[ link to this | view in chronology ]
Re: Re:
Try to get bing to remove links to pirated software destined for android or other non-windows platforms. MS is hillarious in this regard. Well, no one uses bing anyway, so I don't bother anymore.
[ link to this | view in chronology ]
Re: Re:
True, but to blame Google for this is to ignore the reasons why they were forced to put such a crappy system in place to begin with. Remember, content ID only really exists because YouTube were heavily attacked in lawsuits where the copyright holders couldn't even correctly identify the content, and held YouTube liable for any content that slipped through the net.
[ link to this | view in chronology ]
They took down MS EMPLOYEE VIDEOS :D
http://www.windowscentral.com/microsoft-inadvertently-caused-youtube-take-down-some-windows-videos
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Prior Restraint
Also, since the codes were created by a computer algorithm, is that "content" even copyrightable under US law? I realize MS doesn't state whether it believes there is a copyright but I can imagine such an argument being made.
[ link to this | view in chronology ]
Re: Prior Restraint
[ link to this | view in chronology ]
Re: Re: Prior Restraint
A key is only violating once it has been used.. Otherwise knowing someone's PIN to their bank would be an offense. It isn't
It's ONLY an offense and actionable once the PIN (or key in this instance) has actually been used fraudulently.
Microsoft have the wherewithal to absolutely make sure that Keys can ONLY be used once. For them to show that they are concerned about a single key being used over and over again shows how screwed up their own DRM system actually is.
[ link to this | view in chronology ]
Re: Prior Restraint
A DMCA takedown is entirely voluntary. The company that is issued a takedown notice can completely ignore it if they want to. They lose protections if they do so, but it is still a private company censoring something - and censorship by a private company is completely legal (and should be).
[ link to this | view in chronology ]
Re: Prior Restraint
it doesn't consider fair use. Thats how DMCA is used for censorship. The content has to come down for the host to maintain immunity, even if the content is fair use, or even an original (non-infringing) piece of work.
[ link to this | view in chronology ]
Re: Re: Prior Restraint
This one's easy: it's because there is no law requiring sites to honor takedown notices -- that's a voluntary private action and so things like prior restraint don't enter into it.
This is part of the insidiousness of this part of the DMCA -- to make actions which are effectively mandatory legally voluntary lets the law dodge a lot of constitutional issues.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
And, secondly, even if it was the only option, that doesn't even come close to meaning that it is a justifiable action.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Response to: Anonymous Coward on Oct 21st, 2014 @ 9:06am
[ link to this | view in chronology ]
Re:
Two: there are ways to report individual users instead of videos.
[ link to this | view in chronology ]
Re: Re:
Four: They could also work with Google to add a filter to their commenting system to filter out the distinctive pattern of an MS activation code before it's visible to the public.
But, such simple, friendly responses with minimal unintended consequences are somehow not acceptable when you can just launch legal attacks with maximum collateral damage.
[ link to this | view in chronology ]
Re:
Also classifying it as an extreme is justifying the action MS took no matter what. It's either wrong or not.. No in between. This was flat out wrong and fraudulent usage of the DCMA since they hold NO copyright whatsoever over the keys.
The non-copyrightability of a string of letters and numbers used for this and similar purposes is long established case law.
[ link to this | view in chronology ]
I sense a counter-attack
[ link to this | view in chronology ]
Re: I sense a counter-attack
[ link to this | view in chronology ]
Re: I sense a counter-attack
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
Keycodes are just a semi-random string of numbers that have no sweat of the brow with them. Postcodes/Zipcodes are the same.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Good for the soul...
Gads. Even a full public confession of wrong doing is not enough to trigger the law into action on fake and faulty DMCA takedowns.
I guess we can now admit that the "punishment" parts of this law were added only as PR color/flavor, in order to make the public think that their interests were also being considered by the courts.
Silly us eh.
---
[ link to this | view in chronology ]
Pay for the things you use!
The creators deserve to be paid for their work.
[ link to this | view in chronology ]
Re: Pay for the things you use!
Well, clearly you are blind to it since you've employed it here. Is there any indication that people aren't paying for movies and software, well apart from the movies made free to view by their creators in the first place?
If not, you're an asshole and a liar.
[ link to this | view in chronology ]