Microsoft Software Protection Platform
13/11/2008 until 30/11/2010
One Microsoft Way
Redmond, WA 98052-6399
Data minimization and encryption
i) The computer’s “machine name” proposed during the installation can contain the user name and might allow an identification of the user when the machine name is transmitted during activation. Users are advised to change the machine name to a non-personal name. Currently, a filter mechanism at Microsoft prevents the storage of transmitted machine names. By January 19th, 2009, an update will be available stopping the transfer of machine names from clients ultimately.
Addendum: The machine name is not transmitted to Microsoft any more.
ii) The so-called Breach Response Tool is deployed as an important update (KB940510). This mechanism runs once and checks whether client components used for activation are tampered and reports the results to Microsoft. The reporting can only be disabled in Volume Activation scenarios; in OEM and other license scenarios directed to end users telemetry data are sent even if the system is untampered. Only machine related, non-personal data are transmitted (concerning Microsoft). The transmission can be avoided only by suppressing this update and further versions of the Breach Response Tool.
Currently, no link from the delivered BRT update to the according privacy statement is provided. Microsoft will add such a link by December 1st, 2008.
Addendum: Microsoft added a link to the according privacy statement.
“Microsoft Software Protection Platform” is the name for the summary of the services Activation, Volume License Management and Security Breach Response used for Microsoft’s license management binding hardware components to a license.
“Activation” means the binding of a software installation to a dedicated hardware using hardware and software identifiers stored at Microsoft or in local management tools. The main scenarios are various license types (Single License Activation, Activation by Original Equipment Manufacturer (OEM), Volume License Activation with local management server or management tools), interfaces to Windows Genuine Advantage (WGA) and Breach Response Tool (BRT). These unique identifiers (e.g., hardware checksums, product keys) do not contain neither personal data nor allow Microsoft to identify users. Only major hardware changes require a re-activation. WGA is used to check the activation state and provides a temporary download license when Microsoft is asked to provide specific downloads. BRT is used to check whether system components important for activation are tampered.
The genuine test in general as well as the update mechanism is NOT part of the evaluation (ToE). Only data transmissions between the Software Protection Platform and WGA are part of the target of evaluation.
Stephan Di Nunzio
TÜV Informationstechnik GmbH
Marcus Belke, Attorney at Law
Oliver Gönner, Attorney at Law
2B Advice GmbH