Windows XP WGA validation 'spyware' case dismissed
On Monday, a US District Court in Seattle dismissed with prejudice a class action case originally brought by Los Angeles native Brian Johnson in the summer of 2006. Johnson's claim at the time was that, when Windows XP used Microsoft's Windows Genuine Advantage (WGA) feature to validate his rights to use a newly purchased XP, Microsoft not only employed software not covered by the end-user license agreement, but used it to transmit his personal information to Microsoft against his wishes.
His allegation was that XP violated California's and Washington state's statutes regarding spyware -- separate software that transmits personally identifiable data back to a source.
Although it took several months for the parties in the suit to simply give the judge permission to declare it over and done with, Johnson's case actually started falling apart in June 2009. At that time, Judge Richard A. Jones denied the plaintiffs' motion for summary judgment. In his denial, Judge Jones found that WGA was a part of Windows XP, not some separate software. If it had been separate, plaintiffs had argued, a strict interpretation of Microsoft's EULA should have prevented it from being downloaded. The typical definition of spyware (which may also be part of some states' legal definition) is that it keeps itself hidden from its user; and the judge maintained WGA not only announces its presence, but is part of Windows XP just like any other component.
But the clincher was the Judge's declaration that when WGA sends the computer's IP address to Microsoft's servers, that's not sending them personally identifiable information, as plaintiffs alleged. Plaintiffs relied upon a passage from Microsoft's online glossary at the time, which did count IP addresses as personally identifiable, as the company's official definition of the phrase. But the judge said that online glossary was not part of the software, citing the company's defense as trumping its Web site's glossary.
"Because the EULA does not incorporate the Web glossary by reference, and there is no evidence that any of the Plaintiffs even read the glossary, the court finds that the Web glossary is not helpful to construing the provision," Judge Jones wrote last June. "Furthermore, the court finds that Microsoft's interpretation of 'personally identifiable information,' in the absence of any definition, is the only reasonable interpretation. In order for 'personally identifiable information' to be personally identifiable, it must identify a person. But an IP address identifies a computer, and can do that only after matching the IP address to a list of a particular Internet service provider's subscribers. Thus, because an IP address is not personally identifiable, Microsoft did not breach the EULA when it collected IP addresses. Plaintiffs' contract claim on that ground must fail."
The last eight months were mostly spent haggling over legal affairs, which included the dropping out of some members of the class action, and the self-excusing of Johnson's attorney. In the end, Judge Jones' June opinion sufficed as the foundation for his dismissal with prejudice this week.