Microsoft Takes Down A Bunch Of Non-Infringing YouTube Videos Over People Posting Product Keys In Comments

from the collateral-damage dept

Oh, Microsoft. The company has now admitted that it ended up sending a bunch of DMCA takedown notices on non-infringing videos, all because someone had posted product keys in comments to those videos. To its credit, Microsoft has apologized and said that it has "taken steps to reinstate legitimate video content and are working towards a better solution to targeting stolen IP while respecting legitimate content." That's all well and good, but this seems like the kind of thing that they should have done long before issuing obviously bad takedowns. This is the kind of thing that happens when you have a tool like the DMCA notice-and-takedown provision that makes it just so damn easy to censor content. Those issuing the takedowns do little to nothing to make sure the content being removed actually infringes. They just use either automated means or someone rushing through the process with little review, sending off takedowns willy nilly with no real concern about how they might kill off perfectly legal content. It still boggles the mind that a basic notice-and-notice regime couldn't suffice to handle situations like this. That and making sure that those issuing bogus DMCA notices receive some sort of real punishment to give them the incentive to stop sending bogus takedowns.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Violynne (profile), 21 Oct 2014 @ 7:26am

    It could have been worse. Microsoft could have bricked the software registered with the keys displayed in the videos.

    reply to this | link to this | view in chronology ]

    • identicon
      beech, 21 Oct 2014 @ 8:14am

      Response to: Violynne on Oct 21st, 2014 @ 7:26am

      It probably comes pre-bricked for your convenience, wait for the Service Pack 3 patch for un-bricking.

      reply to this | link to this | view in chronology ]

    • icon
      Ninja (profile), 21 Oct 2014 @ 8:17am

      Re:

      I wonder if they could. If you don't activate online but rather using cracks, would M$ be able to brick the system? And if so, how many would they actually brick and how much would it force people towards other systems?

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 21 Oct 2014 @ 8:25am

        Re: Re:

        Oh, I would LOVE them doing something like this. Just think about it, if MS can do it, so can any hacker worth anything. the chaos that would cause worldwide would be impressive.

        I would love to see MS trying to weasel its way out that mess afterwards...

        reply to this | link to this | view in chronology ]

      • identicon
        Lurker Keith, 21 Oct 2014 @ 10:29am

        Re: Re:

        The answer is both yes & no.

        Microsoft does indeed have a means of bricking pirate copies using Microsoft Genuine Advantage (now Windows Genuine Advantage).

        However, there is at least 1 way around it: it's already been cracked. Hackers have found the MGA/ WGA code & rooted around it, preventing the software from sending Microsoft the data needed to identify it as a pirated program. (I don't know if the crack still works, though. Probably, based on what it does.)

        It may also be possible to stop it if you don't let the computer online (or Firewall Windows to prevent it from contacting MS), but I'm not sure how well that works. A single Windows Update could kill an uncracked version.

        reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Oct 2014 @ 8:35am

      Re:

      That isn't a bug. That's a feature.

      reply to this | link to this | view in chronology ]

  • icon
    Ninja (profile), 21 Oct 2014 @ 8:22am

    working towards a better solution to targeting stolen IP while respecting legitimate content

    Contact Google or the uploaders to remove said comments?

    Also there's no such thing as stolen IP.

    reply to this | link to this | view in chronology ]

  • icon
    Zauber Paracelsus (profile), 21 Oct 2014 @ 8:25am

    Actually, what I had heard was radically different. I had spoken to a former Microsoft employee who I know, and he stated that what Microsoft had actually made the copyright claims against were the individual comments, and that google/youtube had screwed up by taking down the videos instead.

    reply to this | link to this | view in chronology ]

    • identicon
      Michael, 21 Oct 2014 @ 8:56am

      Re:

      That's even crazier.

      You cannot possibly tell me that there is something creative enough in an individual product key that it could qualify for copyright protection.

      reply to this | link to this | view in chronology ]

      • icon
        Zauber Paracelsus (profile), 21 Oct 2014 @ 11:31am

        Re: Re:

        There certainly isn't anything 'creative', though copyright seems to have multiple standards today. Either way, legitimate or not, Microsoft used the quickest and easiest tool they had to take down the product keys.

        They could have simply invalidated those keys, though I think they may have already been registered by a legitimate user. Simply disabling them in that case could actually land them in hot water. In some places, such as Europe, it is illegal to disable a product that someone has already paid for.

        reply to this | link to this | view in chronology ]

        • icon
          John Fenderson (profile), 21 Oct 2014 @ 1:45pm

          Re: Re: Re:

          "They could have simply invalidated those keys, though I think they may have already been registered by a legitimate user."

          If that's the case, then the user has violated the terms of use by sharing the keys so there's no legal problem with invalidating them.

          Invalidating the keys would be a rational and appropriate response.

          reply to this | link to this | view in chronology ]

          • identicon
            k-h, 22 Oct 2014 @ 2:08am

            Re: Re: Re: Re:

            If that's the case, then the user has violated the terms of use by sharing the keys so there's no legal problem with invalidating them.


            So no-one ever has had keys stolen? It's a user's job to protect the keys now?

            reply to this | link to this | view in chronology ]

            • icon
              John Fenderson (profile), 22 Oct 2014 @ 6:04am

              Re: Re: Re: Re: Re:

              "So no-one ever has had keys stolen? It's a user's job to protect the keys now?"

              It's always been the users job to protect the keys. That's a trivial expectation -- it's not like protecting the keys requires a great effort of any sort.

              In any case, a reasonable company would simply issue you a new key if yours was stolen and invalidated as a result. I know that Microsoft has done this before.

              reply to this | link to this | view in chronology ]

              • icon
                PaulT (profile), 22 Oct 2014 @ 6:44am

                Re: Re: Re: Re: Re: Re:

                "That's a trivial expectation -- it's not like protecting the keys requires a great effort of any sort."

                Unless, the key is leaked from another source (e.g., list of keys leaked from an OEM, retailer or repair shop), leaked from MS themselves (e.g. a compromise of one of their servers or databases) or a 3rd party manages to "guess" the key via brute force or by gaining access to the algorithm.

                I can safeguard the sticker that came with the EULA or is stuck to my computer, I can't protect any of those other sources. That's the problem - the key can be compromised in many ways that the legitimate owner cannot prevent. In those cases, the victim has to plead their innocence, with the default assumption being that they're a pirate or have otherwise broken the licence agreement.

                "In any case, a reasonable company would simply issue you a new key if yours was stolen and invalidated as a result. I know that Microsoft has done this before."

                Depends on how reasonable they are. Especially if the key originally came from an OEM for domestic use, I've known MS to be far less accommodating. Admittedly, they may have changed their ways since I worked domestic support, but I've seen many nightmare scenarios over the years.

                Besides, don't you see the problem here? Paying customers have to depend on a provider to be "reasonable" in order to continue using their purchased product, despite having done nothing wrong?

                That's really the issue people are getting at. Even if the customer has done everything in their power, they can still get screwed. While the pirates just go off and find another compromised key, or find a way around the authentication process, of course.

                reply to this | link to this | view in chronology ]

                • icon
                  John Fenderson (profile), 22 Oct 2014 @ 7:54am

                  Re: Re: Re: Re: Re: Re: Re:

                  "Besides, don't you see the problem here?"

                  Yes, of course I do. Don't misunderstand me, I'm not saying that this whole key business is a good thing at all. I'm just pointing out the reality you have to live with when you use Microsoft products.

                  reply to this | link to this | view in chronology ]

                  • icon
                    PaulT (profile), 22 Oct 2014 @ 11:13pm

                    Re: Re: Re: Re: Re: Re: Re: Re:

                    Indeed, but "screw them, they deserve what they get for using MS products" really doesn't address any of the actual problems. Better that this be used as a demonstration of how bad the whole system is for legitimate customers and innocent bystanders alike.

                    reply to this | link to this | view in chronology ]

                    • icon
                      John Fenderson (profile), 23 Oct 2014 @ 4:19am

                      Re: Re: Re: Re: Re: Re: Re: Re: Re:

                      "but "screw them, they deserve what they get for using MS products" really doesn't address any of the actual problems."

                      True, but that's not at all what I was trying to say. If I point out that walking through a bad part of town with money dangling out of your pockets is likely to get you mugged, I'm not saying "screw them, they deserve what they get." I'm just describing the way things are.

                      reply to this | link to this | view in chronology ]

                    • identicon
                      Anonymous Coward, 27 Oct 2014 @ 9:36am

                      Re: Re: Re: Re: Re: Re: Re: Re: Re:

                      I don't know. I do think that people who use Microsoft products deserve to be screwed, because they're on their knees begging for it. Why should anyone lift a finger to save them from the fate that they so earnestly seek?

                      One of the reasons we have massive security problems at all layers of the Internet is that ignorant luser newbies never bear the consequences of their poor decisions - from the nearly-inconsequential ones to the massive ones. We've trained them to be as stupid as they want to be, repeatedly, because nothing bad ever happens to them as a consequence.

                      It just happens to all the rest of us.

                      If we want this to stop, then we have to start letting people bear the consequences of their actions. Let them feel some minor-but-escalating pain and perhaps they will learn not to do dumb things. (Although I'm sure some won't.) But clearly, insulating them from those consequences hasn't worked and it's sure not working now.

                      reply to this | link to this | view in chronology ]

          • icon
            PaulT (profile), 22 Oct 2014 @ 2:33am

            Re: Re: Re: Re:

            "If that's the case, then the user has violated the terms of use by sharing the keys so there's no legal problem with invalidating them."

            ...unless an innocent person's key was replicated by someone using a keygen or something similar. So, instead of an innocent YouTube user being affected, it's an innocent Microsoft user.

            Still a preferable response than forcing a 3rd party to shut something down over something of which they have no direct control, but still not the ideal solution.

            "Invalidating the keys would be a rational and appropriate response."

            But, not an effective one. Pirates will just try another key, while legit users have their legally purchased products disabled. It goes back to the overall problem of DRM - the pirates will get away scot free while paying users suffer.

            In all honesty, I think the solution I suggested elsewhere in the thread is the best. Microsoft just need to work with Google to get them to filter the comments to remove product keys. All MS keys have a predictable, distinctive pattern that's unlikely to block legitimate speech if filtered out. Once in place, MS just need to monitor and advise when people find creative ways to circumvent the block, and make the filter react accordingly.

            But, that requires open, honest co-operation rather than legal threats and grandstanding...

            reply to this | link to this | view in chronology ]

            • icon
              G Thompson (profile), 22 Oct 2014 @ 2:47am

              Re: Re: Re: Re: Re:

              MS Product key [note NOT real]

              Victor Peter Robert Three Six DASH Tango Wally Four Seven Harry DASH [..] etc

              Filtering will not work.. been tried before and again the only way to stop this is to have ONE Keycode one access ability. Though it will make problems if people figure out the algorithm though that's always the prob as you stated with DRM

              reply to this | link to this | view in chronology ]

              • icon
                PaulT (profile), 22 Oct 2014 @ 3:36am

                Re: Re: Re: Re: Re: Re:

                It certainly won't be foolproof, but at the very least it gets rid of the ability for people to copy/paste.

                "Filtering will not work"

                It depends on how you define "work". Will it prevent product keys from being shared at all? Of course not. But, it's impossible to do this with 100% effectiveness, no matter the effort used. Filter the text out completely, and pirates will suddenly become adept at stenography...

                The realistic aim should be to prevent the keys from being shared in an easy-to-use manner on one of the world's most used websites. A filter would work there a hell of a lot better than shutting off keys or killing videos. That's what the aim should be, and what's most likely to "work" - the more difficult YouTube make it, the more likely people are to go elsewhere, and the lower traffic on those other sites should help them be seen by less people (in theory, at least).

                It won't stop the hardcore, but they will probably be looking in other places anyway. My experience is that the people who look for such keys on YouTube are lazy, casual or opportunist pirates, and it's amazing how many of them will lose interest once you make them think about what they're doing...

                Anyway, other suggestions are welcome, but compared to the other solutions being suggested and tried, I think that a mutually agreed filter will be more effective and have less unintended consequences.

                reply to this | link to this | view in chronology ]

    • icon
      PaulT (profile), 21 Oct 2014 @ 10:35am

      Re:

      In fact, that's one of the biggest problems with this kind of system. Faced with the possibility of massive lawsuits and liability over content they had no hand in creating, many service providers will be overzealous in reacting to demands. They will risk losing customers over their reaction rather than battle to save their business if their safe harbour status is threatened through court battles. The innocent content creator is screwed in the process, since neither side cares if the other side isn't back with multi-million war chests and corporate sponsorship.

      Trying to pass the blame from MS to Google because they reacted wrongly to huge numbers of false demands is missing the point, and the real issue, however.

      reply to this | link to this | view in chronology ]

    • icon
      Internet Zen Master (profile), 21 Oct 2014 @ 11:07am

      Re:

      Honestly, I'd be inclined to believe that's more likely what happened, and Google decided to use the hammer instead of the scalpel by taking down the vids altogether instead of removing individual comments.

      Well, I suppose now we have reason #10246 on why Youtube's current takedown system is about as useful as a pie made from steaming cow turds.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 21 Oct 2014 @ 12:14pm

        Re: Re:

        is about as useful as a pie made from steaming cow turds.

        Such a pie could be very useful for throwing at those people who abuse the DMCA.

        reply to this | link to this | view in chronology ]

      • identicon
        jackn, 21 Oct 2014 @ 1:42pm

        Re: Re:

        from personal experience, youtubes process is 1000x better than bing.

        Try to get bing to remove links to pirated software destined for android or other non-windows platforms. MS is hillarious in this regard. Well, no one uses bing anyway, so I don't bother anymore.

        reply to this | link to this | view in chronology ]

      • icon
        PaulT (profile), 21 Oct 2014 @ 11:23pm

        Re: Re:

        "Well, I suppose now we have reason #10246 on why Youtube's current takedown system is about as useful as a pie made from steaming cow turds."

        True, but to blame Google for this is to ignore the reasons why they were forced to put such a crappy system in place to begin with. Remember, content ID only really exists because YouTube were heavily attacked in lawsuits where the copyright holders couldn't even correctly identify the content, and held YouTube liable for any content that slipped through the net.

        reply to this | link to this | view in chronology ]

  • identicon
    psiu, 21 Oct 2014 @ 8:31am

    In their defense, apparently they were only targeting the comments (without seeing the takedown requests -- which I haven't seen -- it's hard to be sure) and Youtube (Google?) was like "eff it, Windows videos be gone".

    They took down MS EMPLOYEE VIDEOS :D

    http://www.windowscentral.com/microsoft-inadvertently-caused-youtube-take-down-some-windows-videos

    reply to this | link to this | view in chronology ]

  • icon
    Daniel (profile), 21 Oct 2014 @ 8:36am

    Prior Restraint

    One thing I still don't understand about the DMCA takedown system is how it doesn't violate prior restraint since unauthorized use of copyrighted material may still be non-infringing thanks to fair use.

    Also, since the codes were created by a computer algorithm, is that "content" even copyrightable under US law? I realize MS doesn't state whether it believes there is a copyright but I can imagine such an argument being made.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Oct 2014 @ 8:45am

      Re: Prior Restraint

      Even if the product keys aren't copyrighted material, MS could argue that posting them allows people to circumvent the 'unlock-software-with-key' form of DRM. I don't believe that the takedown notice provisions of the DMCA would apply under such an interpretation, but MS could still argue that the keys need to be removed since they violate other parts of the DMCA.

      reply to this | link to this | view in chronology ]

      • icon
        G Thompson (profile), 22 Oct 2014 @ 2:11am

        Re: Re: Prior Restraint

        What parts of the DMCA?

        A key is only violating once it has been used.. Otherwise knowing someone's PIN to their bank would be an offense. It isn't

        It's ONLY an offense and actionable once the PIN (or key in this instance) has actually been used fraudulently.

        Microsoft have the wherewithal to absolutely make sure that Keys can ONLY be used once. For them to show that they are concerned about a single key being used over and over again shows how screwed up their own DRM system actually is.

        reply to this | link to this | view in chronology ]

    • identicon
      Michael, 21 Oct 2014 @ 9:00am

      Re: Prior Restraint

      It's a GIANT loophole.

      A DMCA takedown is entirely voluntary. The company that is issued a takedown notice can completely ignore it if they want to. They lose protections if they do so, but it is still a private company censoring something - and censorship by a private company is completely legal (and should be).

      reply to this | link to this | view in chronology ]

    • identicon
      jackn, 21 Oct 2014 @ 1:45pm

      Re: Prior Restraint

      One thing I still don't understand about the DMCA takedown system is how it doesn't violate prior restraint since unauthorized use of copyrighted material may still be non-infringing thanks to fair use.

      it doesn't consider fair use. Thats how DMCA is used for censorship. The content has to come down for the host to maintain immunity, even if the content is fair use, or even an original (non-infringing) piece of work.

      reply to this | link to this | view in chronology ]

      • icon
        John Fenderson (profile), 21 Oct 2014 @ 1:49pm

        Re: Re: Prior Restraint

        "One thing I still don't understand about the DMCA takedown system is how it doesn't violate prior restraint since unauthorized use of copyrighted material may still be non-infringing thanks to fair use."

        This one's easy: it's because there is no law requiring sites to honor takedown notices -- that's a voluntary private action and so things like prior restraint don't enter into it.

        This is part of the insidiousness of this part of the DMCA -- to make actions which are effectively mandatory legally voluntary lets the law dodge a lot of constitutional issues.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Oct 2014 @ 9:06am

    IN this case, Microsoft was correct in demanding that the videos be taken down because there's no other method for taking down the comments they are attached to. While it was in the extreme, it was the only choice Microsoft had open to it.

    reply to this | link to this | view in chronology ]

    • icon
      John Fenderson (profile), 21 Oct 2014 @ 9:36am

      Re:

      Well, firstly, it certainly wasn't the only option that Microsoft had available. There are many others, from issuing a DMCA for the offending comments specifically all the way through including actually getting a court order.

      And, secondly, even if it was the only option, that doesn't even come close to meaning that it is a justifiable action.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Oct 2014 @ 12:29pm

      Response to: Anonymous Coward on Oct 21st, 2014 @ 9:06am

      It's not really their decision.

      reply to this | link to this | view in chronology ]

    • icon
      Chronno S. Trigger (profile), 21 Oct 2014 @ 1:13pm

      Re:

      One: apparently Microsoft did target specific comments, not the videos.

      Two: there are ways to report individual users instead of videos.

      reply to this | link to this | view in chronology ]

      • icon
        PaulT (profile), 21 Oct 2014 @ 11:30pm

        Re: Re:

        Three: they knew the codes that were posted, so could have revoked/blocked through their own authentication system.

        Four: They could also work with Google to add a filter to their commenting system to filter out the distinctive pattern of an MS activation code before it's visible to the public.

        But, such simple, friendly responses with minimal unintended consequences are somehow not acceptable when you can just launch legal attacks with maximum collateral damage.

        reply to this | link to this | view in chronology ]

    • icon
      G Thompson (profile), 22 Oct 2014 @ 2:17am

      Re:

      No it isn't.. all they have to do is make sure the Keys in question can only be used ONCE. This is easy and should be a standard security protocol in their DRM structure.

      Also classifying it as an extreme is justifying the action MS took no matter what. It's either wrong or not.. No in between. This was flat out wrong and fraudulent usage of the DCMA since they hold NO copyright whatsoever over the keys.

      The non-copyrightability of a string of letters and numbers used for this and similar purposes is long established case law.

      reply to this | link to this | view in chronology ]

  • icon
    radarmonkey (profile), 21 Oct 2014 @ 10:22am

    I sense a counter-attack

    Because of this M$ stupidity, I have a feeling that people who post activation code will start posting them to comments of M$ content.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Oct 2014 @ 10:37am

      Re: I sense a counter-attack

      I hope they don't get that Microsoft anime. I kinda like that one-- and not just from a content as ads POV.

      reply to this | link to this | view in chronology ]

    • icon
      Atkray (profile), 21 Oct 2014 @ 4:14pm

      Re: I sense a counter-attack

      I can't help but thing someone will learn from this and use it as a way to have anything they don't like taken down.

      reply to this | link to this | view in chronology ]

  • icon
    z! (profile), 21 Oct 2014 @ 10:58am

    MS may have a rough road on this. It'll be very hard to argue that a seemingly-random collection of letters and numbers has any creative content (copyright), circumvents DRM (it's a KEY, it opens locked content), is a trademark, or deserves trade-secret protection.

    reply to this | link to this | view in chronology ]

    • icon
      John Fenderson (profile), 21 Oct 2014 @ 12:50pm

      Re:

      It's rather hard to say, really. Yes, there is a creativity requirement for copyright, but the amount of creativity required is really very small. Microsoft might get mileage out of arguing that the keys are, in fact, creative based on the fact that they are the result of creative effort (the algorithm that produces the key). I'm sure actual attorneys could come up with better arguments than this, though.

      reply to this | link to this | view in chronology ]

      • icon
        G Thompson (profile), 22 Oct 2014 @ 2:23am

        Re: Re:

        the algorithm that creates the keys is copyrightable.. The keys it creates are definitely not.

        Keycodes are just a semi-random string of numbers that have no sweat of the brow with them. Postcodes/Zipcodes are the same.

        reply to this | link to this | view in chronology ]

        • icon
          John Fenderson (profile), 22 Oct 2014 @ 6:08am

          Re: Re: Re:

          There is no "sweat of the brow" requirement for copyright. And some things similar to the keys are copyrighted. The Dewey decimal system comes to mind. In any case, I'm not convinced my argument is actually correct, I'm just spitballing. I'm also not convinced that my argument should be correct, even if it is.

          reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Oct 2014 @ 11:01am

    Give them a taste of their own medicine by posting product keys in the comments of their own videos.

    reply to this | link to this | view in chronology ]

  • icon
    GEMont (profile), 22 Oct 2014 @ 4:08pm

    Good for the soul...

    "To its credit, Microsoft has apologized and said that it has "taken steps to reinstate legitimate video content and are working towards a better solution to targeting stolen IP while respecting legitimate content."

    Gads. Even a full public confession of wrong doing is not enough to trigger the law into action on fake and faulty DMCA takedowns.

    I guess we can now admit that the "punishment" parts of this law were added only as PR color/flavor, in order to make the public think that their interests were also being considered by the courts.

    Silly us eh.

    ---

    reply to this | link to this | view in chronology ]

  • identicon
    Blind2BadReasoning, 4 Jan 2015 @ 8:01am

    Pay for the things you use!

    Why not just pay for the software you uses and the movies you watch?

    The creators deserve to be paid for their work.

    reply to this | link to this | view in chronology ]

    • icon
      PaulT (profile), 9 Jan 2015 @ 1:44am

      Re: Pay for the things you use!

      "Blind2BadReasoning"

      Well, clearly you are blind to it since you've employed it here. Is there any indication that people aren't paying for movies and software, well apart from the movies made free to view by their creators in the first place?

      If not, you're an asshole and a liar.

      reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Show Now: Takedown
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.