DRM Accused Of Sending Personal Info To Help With Licensing Shakedown

from the privacy-is-a-one-way-street dept

DRM. Is there nothing evil it can’t do? Between installing rootkits and propping open back doors, DRM is a copyright enforcer’s best friend. Miguel Pimentel, a Boston-area architect, believes he’s stumbled across its latest trick: extracting $150,000 from your wallet via a quick unannounced "phone home" to the nearest copyright cop.

Ima Fish directs our attention to the class action lawsuit, filed March 30, 2011, which alleges that Transmagic’s 3-D software came prepackaged with "phone home" DRM that gathered personal user information and passed it on to their copyright enforcement consultants,  ITCA (IT Compliance Association). This information (including name, company name and phone number) was used by ITCA in an attempt to extract $10,000+ per year in licensing and maintenance fees.

Pimentel, aware of their seven-day trial period, had downloaded a copy of Transmagic’s EXPERT software from an unspecified site. After experimenting with it a few times, he uninstalled it and deleted the software. Ninety days later, he was contacted by Anita Jonjic, a "mediator" employed by ITCA, who accused Pimental of "illegally downloading" the program and informed him that if "he did not agree to purchase the product license and service plan for $10,000 plus annually recurring maintenance fees, Transmagic and ITCA would take legal action against him for $150,000." She also made it clear that she knew where Pimentel worked and would not disclose his "piracy" to his employers as long as the fees were paid.

This lawsuit centers on Licensing Technologies Limited’s DRM software (Sheriff), which Pimentel claims "secretly planted ‘phone home’ code in Transmagic software and used it to conduct surveillance on all Transmagic users in an attempt to detect a few supposedly unauthorized users."

Sheriff Software’s site has an unusually large amount of detailed information, most of it in plain English, covering everything from error handling to its EULA. Nowhere in this extensive help section is there any indication that the Sheriff Software does anything more than prohibit use without a registered license key. Of course, DRM software is generally opaque when it comes to backdoors and other nefarious code.

Could Transmagic be supplying this information? Most likely not in Pimentel’s case, as he only specifies "a website" in his lawsuit, but it could easily do so if it chose. Their registration screen, which must be filled out before you can download the trial version, requires that all of these fields be filled out: First Name, Last Name, Company Name, Phone Number, Country, and Corporate Website. That’s a lot of information for a trial version. Obviously, Transmagic would like to have your contact info in order to sell you its product. Coincidentally, it’s also all the information used in Anita Jonjic’s phone call to Pimentel, including his place of employment.

The final defendant listed is ITCA, helmed by founder Chris Luitjen, and headquartered in Curacao. (Normally, I would link to it, but its Terms of Service clearly state "You may not create a link to this website from another website or document without ITCA’s prior written consent." [It’s ITCA.com, in case you don’t feel like wading through a seemingly endless list of other companies and associations that use the same acronym.] )

The shadowy ITCA’s web page is apparently in a constant state of upgrade and contains nothing more than a link to their online software validation program and some impressive client logos (Microsoft, Siemens and McAfee to name a few). There is a contact page but not a single email address is listed nor is any indication given as to what exactly they do while not enjoying the tropical weather. 

However, Chris Luijten has made no effort to hide his real agenda, as evidenced by his partnership with V.i. Labs. V.i. Labs is an organization, which claims it’s dedicated to wiping out software piracy. As such, it has taken care to rely on dubious formulas (pirated software x full retail price = amount of lost sales) and acrimonious methodology to try to "turn infringement into leads." Here’s a brief explanation of the software tactics that V.i. employs:

V.i. Labs provides the code, which an ISV embeds it into its software via an update or a new version. Then, from V.i. Labs’ dashboard, the ISV can track and monitor where all the cracked and pirated copies of its software go to determine who is using them.

Victor DeMarines, vice president of products for V.i. Labs, noted no personal information is obtained through use of the code. “It only runs in a certain condition during piracy use,” he said. “No personal information is transferred, [but] we can find out, ‘Is this an organization?’”

Beyond that, DeMarines pointed out that reverse DNS lookup and the domain information of the network running the pirated software actually can be used to generate leads… If the offender is just one user behind an ISP’s IP address, then likely no action will be taken. But if the reverse DNS or domain turns up a big corporation — ISVs now have a real lead.

DeMarines states that "no personal information" is gathered by this code injection, but ITCA’s "mediator" had plenty of it, certainly more than V.i. Labs says it gathers. Of course, ITCA may be running its own version which harvests considerably more information. Pimentel’s lawsuit  goes so far as to suggest that ITCA is seeding sites with cracked software containing their "phone home" coding.

There is also the possibility that ITCA has "broken from the pack" with this thuglike shakedown. Evidence of Luijten’s work with V.i. Labs, which was live on V.i.’s site until April 2nd, has been completely removed. When Boston-area blog Universal Hub published a story on the lawsuit on March 31st, their link to a joint webinar by Luijten and DeMarines was still live. By April 3rd, you could only reach the cache. By the 5th, even that was gone, with the link redirecting to this page. (Other evidence remains online, however.) I followed up with V.i. Labs as to the reason behind this removal and received this explanation:

Our relationship with ITCA ended last year and we no longer offer this webinar. 

Apparently, it takes a string of coincidences and some unflattering incoming links to remove a webinar you haven’t offered in over three months. Oh, and having the webinar mentioned by name in a class action lawsuit (see page 5 of the filing) might have expedited this disappearance.

I contacted several of ITCA’s clients to get some insight into how the company works, and was met with a variety of "no comments." Microsoft: "Unfortunately, after connecting with my colleagues, we are not able to provide comment on this issue." Autodesk: "Only the ITCA can make statements about its position on software piracy and license compliance. Please contact ITCA directly for information about the organization’s activities and position."

Unfortunately, we may have to wait until this lawsuit shakes out before we can find out what really happened. According to their own statements, ITCA could have been seeding unlicensed versions with their own code. The possibility still remains that Sheriff Software’s DRM reports back with more than just the "digital fingerprint" that binds the license to the PC. Whether Transmagic gave ITCA permission to gather this data also remains to be seen. If they did, the release of this personal information would appear to violate the terms of Transmagic’s own privacy policy (emphasis mine):

Personal information provided by clients on our Web site will be used for the sole purpose of completing the specific transaction. TransMagic, Inc. will not sell, disclose or rent to third parties individually identifiable user information collected at our web site, through our servers or otherwise obtained by us, other than to provide our product, services and updates as set forth in this privacy policy.

Anita Jonjic appears to have clearly crossed the line with her demands and threats. There is no reason to believe (at this point) that ITCA condones this behavior nor is there any evidence this "method" of recovery has been used before — though, the "class action" nature of this lawsuit means that someone’s certainly going to try to find out.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “DRM Accused Of Sending Personal Info To Help With Licensing Shakedown”

Subscribe: RSS Leave a comment
Anonymous Coward says:

From the ITCI website…

# You may not create a link to this website from another website or document without ITCA’s prior written consent.

#This website may also include links to other websites. These links are provided for your convenience to provide further information. They do not signify that we endorse the website(s). We have no responsibility for the content of the linked website(s).

Based on that, it’s a safe assumption to say you CAN link there, even though they don’t want you to. If you don’t want your website linked to, don’t have it on the internet. What a bunch of fail.

Richard (profile) says:

DRM == malware.

If DRM was banned then it would go a long way towards improving security.

Hardware and software supplier would no longer have a motivation to include hidden features, files and data in their systems. Of course legacy features would keep things bad for quite a while – but we would eventually get to a better place.

Of course if DRM (formerly known as copy protection) had been illegal from the outset we would have far fewer security problems now.

Rikuo (profile) says:

“he did not agree to purchase the product license and service plan for $10,000 plus annually recurring maintenance fees, Transmagic and ITCA would take legal action against him for $150,000.”

That’s the part that is plainly ridiculous. Normally, the demand would be to cease use of the software and/or remove it. How can you sue someone into forceably purchasing the software? What are they going to say to the judge? Your Honour, the defendant used the software during the trial period, but then didn’t purchase the full version, therefore we suffered catastrophic damages.

mike allen (profile) says:

Re: Re:

I think Rikuo has hit the nail on the head with this “the defendant used the software during the trial period, but then didn’t purchase the full version, therefore we suffered catastrophic damages” that is exactly the shakedown here it is a class action lawsuit so how many others have not taken up the software after the trial period.

thelonelybit says:

Ok, this has convinced me to never ever pay for any software ever again. Who can say that the code only executes when the software is pirated? What keeps them from running malicious code on your pc as DRM all the time? So many have tried it, including Sony.

And guess what. Pirated software doesn’t have drm. Pirated movies don’t have DRM. Pirated songs don’t have rootkits that install on your computer. It now makes literally no sense to actually purchase these products because the pirated copies are vastly superior simply because the DRM is disabled.

I mean wow. It’s like they are begging people to stop trusting them and to stop buying their products. Well, it worked. I’m switching to open source.

bob (profile) says:

Re: Re:

Yeah, and looting stores is easier than waiting in those long lines at the registers. And raping girls is easier than buying dinner. Sheesh.

And yes, you’re correct that no one knows what the DRM code is doing with legit copies, but the same is true of pirated material. Everyone knows that pirated software is a vector for viruses and other illicit code. There are plenty of pirated programs that are loaded with rootkits. It’s not all backrubs and mutual support from the pirate boys. The pirates have to make their money somewhere. Your romanticized illusion does no one any good.

Niall (profile) says:

Re: Re: Re:

Way to go with false FUD-stawmen!

Both those examples are of situations that ACTIVELY HARM another. That is nowhere near the same as someone being ‘alleged’ to

Do you also want to shillingly justify the ‘illegal’ actions of companies like Sony and their illegal ‘hacking’ of your computer, or these companies above who are likely ‘illegally’ shaking you down or collecting your info?

It’s easy enough to make your core point (“There are plenty of pirated programs that are loaded with rootkits”) without the silliness at the start. Why not Godwin while you are at it? 🙂

Me says:

Re: Re: Re:

I believe the best path lies somewhere in the middle. No Torrents and pirated versions are not all safe, yes they can have nasty nasty things in them. But if software which you legally pay for is going to have similar nasty things in it, which do you want? The nasty thing that can sue you hundreds of thousands of dollars, (and lets not forget the legal fees, even if you “win”) or the nasty thing that can be fought with a good antivirus, good antispyware, a working knowledge of how to firewall your computer, and by simply NOT RUNNING AS ADMIN (This means YOU windows users…)Ultimately a simple regimen of backups, stored securely will let you recover from almost anything. I’ll take the nasty thing I can actually do something to prevent and fix thank you very much!

Niall (profile) says:

Re: Plaintiff just spent 5K on lawyers telling everyone he is a THIEF

Not when the person used the product only during a legitimate trial period, and then ceased using it. How is that stealing?

What others are saying is simply that all this abuse of law and the system hardly encourages people to be legitimate users when legitimate users are so penalised compared to illicit ones. I’m sure most would far rather improve the laws and make sure rogue companies/organisations/government departments are smacked down properly, but how likely is that in today’s political so-called democracy?

John Doe says:

Re: Re: Plaintiff just spent 5K on lawyers telling everyone he is a THIEF

It does NOT say he download an evaluation version.

It in the section call “ALLEGATIONS of facts” (known as one-side-of-the-story)
he uses tricking legal wording to say that
he was “AWARE” that a trial version was available.

He does not even have the balls to say that he “THOUGHT” he was downloading an evaluation copy.

I would guess that he became aware that a trial version was available AFTER he was in legal trouble. All this will come out if further legal action continues.

It’s likely a legal bluff for a better settlement. But, some people never admit to anything.

If he did nothing wrong, he could have always said, “Bye. Don’t call me again. Sue me if you think you have a case.” If they have no evidence, the problem goes away.

John Doe says:

Re: Re: Re: Plaintiff just spent 5K on lawyers telling everyone he is a THIEF

He also does NOT list the website he downloaded the “evaluation” (in his mind) copy.

No information means bad information most of the time. He likely downloaded it from some pirate site.

FYI: IF there is a real evaluation copy of ANY software, go to the official site for the most up-to-date version without any malware worries.

John Doe says:

Re: Re: Re:3 Plaintiff just spent 5K on lawyers telling everyone he is a THIEF

He did NOT say the following. He just gave the likely false impression that the said that. If he does not settle fast, he is going to be counter-sued for falsely implying it.

“Pimentel says he downloaded a free, 7-day trial copy of Transmagic software from a website, didn’t like it, and uninstalled it the same day.”

Richard (profile) says:

Re: Re: Re:5 Plaintiff just spent 5K on lawyers telling everyone he is a THIEF

OK – managed to find it in the doc – couldn’t see that before because I had to turn the script off (Mike please rid of that annoying script that slows everything down)

However I note that

1) there are plenty of other legitimate websites that offer the trial version of Transmagic.

2) It isn’t easy (in this case ) to even find a pirate version.

3)After 3 months you wouldn’t necessarily remember where you downloaded from.

4) Transmagic requires a registration – which is a hassle.

5) Some other legit sites don’t require a re- registration if you are already registered with them – presumably – they already have the info to pass on to transmagic.

6) You’re assuming the worst because it suits your point.

John Doe says:

Re: Re: Re:6 Plaintiff just spent 5K on lawyers telling everyone he is a THIEF

While one could forget the name of a website after three months, unless an idiot, one can remember

“I thought it was an authorized free-trial copy from the official or authorized site since I don’t pirate software”

a claim he fails to make, either because of a bad lawyer or he is guilty of piracy.

John Doe says:

Re: Re: Re:5 Plaintiff just spent 5K on lawyers telling everyone he is a THIEF

the link from some other article says:

“Pimentel says he downloaded a free, 7-day trial copy of Transmagic software from a website, didn’t like it, and uninstalled it the same day.”

but the legal document that it looks like you later read says:

Pimetel was AWARE of a free trial, but did not say what or where he downloaded. (either because he can’t recall, or recalling and saying would make him guilty)

This may clarify that it?s not only what you say but what you don?t say:

I am AWARE that I can test-ride a BMW for free.
I took BMW. ( off the street at midnight without permission)
I tell the cop who catches me, I thought it was a free trial.

It could have been a big misunderstanding, but if it was a big misunderstanding, Pimetel could have provided more information, and sued for being mislead.
Or Pimetel could be a total idiot who thinks he can test ride any car at midnight.

Anonymous Coward says:

Re: Re: Re:2 Plaintiff just spent 5K on lawyers telling everyone he is a THIEF

“He likely downloaded it from some pirate site.”

Way to open your mind to possibilities. You’ve apparently already judged that he’s guilty. Do everyone a favor: If you’re not willing to discuss anything, don’t post. Posts like these only go to show your close-mindedness and ignorance.

John Doe says:

Re: Re: Re:3 Plaintiff just spent 5K on lawyers telling everyone he is a THIEF

He likely downloaded it from some pirate site because:

1.) he did not say he downloaded it from the official site,

2.) he claims that pirate sites were infected with phone-home software, and

3.) there is NO claims of deceptive advertising or fraud if he was mislead on the official site into thinking he was downloading a free trial

blindwit (profile) says:

Re: Re: Re:2 Plaintiff just spent 5K on lawyers telling everyone he is a THIEF

You realize that they had all of the information that they would otherwise have obtained by the required information fields when downloading the trial… Do you think this is by accident?

Your blatant disregard for privacy laws flag you as a person who would just as likely give up other personal laws to protect corporations… That’s a dangerous precedent to put forth, especially in light of the fact that they are extorting him into purchasing their software and blackmailing him by eluding that they would notify his employer should he not comply.

wvhillbilly (profile) says:

Re: Plaintiff just spent 5K on lawyers telling everyone he is a THIEF

If you’ll read the PDF, you’ll see one of the questions to be determined is if the company itself put out an unprotected version as a honeypot, styling it to be a seven-day trial, just so it could install its spyware on computers of whoever would bite so they could sue and shake them down for $$$$$.

The plaintiff downloaded the software with the reasonable belief that it was as presented, a seven day free trial. When he found it didn’t meet his needs he promptly uninstalled and deleted it. Same day. How is that stealing?

If either Transmagic or ITCA transmitted unprotected versions styled as free trials for the purpose of installing spyware on on unsuspecting users’ computers, then suing them for infringement, this is entrapment which is every bit as illegal as using pirated software.

Anonymous Coward says:

Hear’s something to think about.

First, didn’t the agreement say it would not give out *CLIENT* information? He is not a client until he is paying for the services. Yeah I know cheap but it’s all about the lawyer speak.

And on a different note, how many times do you give out your personal information on the internet? Sure the EULA or privacy policy says they will only use your information internally. But take a good look at it, usually their is some language about third party or associates. Whats to stop MS/Google/Amazon/ etc from ‘sharing’ your id with a third party or associate who thinks you’ve wronged them? If you think it’s the law… look where that’s headed. Anti privacy- pro corporate laws seem to be the future.

Rekrul says:

Anytime a web site makes you put in personal information to access a download, ALWAYS fill it out with bogus info. If it requires a real email address to send a link to, use a web-based one. If you later decide you want to become a customer of that company, you can always go back and fill it in again with your real information.

Also set your firewall to block any outgoing connection attempts unless you specifically authorize them.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...