March 18, 1997 6:15 PM ET
Microsoft files first lawsuit against security code cracker
By Renee Deger

  A 22-year-old Minnesota man became the first security code cracker to draw the ire of mighty Microsoft Corp. in the form of a lawsuit.

Microsoft alleges that Christopher Fazendin posted on his Web page a patch that disables the 90-day time limit on a trial version of Office 97, distributed for $4.99 by Kinko's Inc. Microsoft said word of the patch and Fazendin's Web site was distributed over newsgroups on the Web.

Trial versions of software often are loaded with timers that lock users out once the initial test period expires. People who want to continue using the software must buy the program or call the company and buy a key that disarms the security feature. This patch circumvents that.

The alleged patch had become so celebrated that Microsoft lawyers skipped such initial steps as contacting Fazendin to demand that he pull the patch from his site and just socked him with a lawsuit on Monday in the U.S. District Court of Minnesota.

"This particular crack was so widely distributed and so serious an infringement on Microsoft's copyright on Office 97 that we thought it was appropriate for litigation," said Jim Lowe, chief lawyer in the case for Microsoft, in Redmond, Wash.

Microsoft does not know exactly how many copies of the patch have been distributed, but Lowe said Kinko's had distributed thousands of the trial copies of Office 97. Microsoft plans to study how many hits Fazendin's Web page had gotten and how much traffic there was on the newsgroups.

Lowe said Microsoft also had asked Winternet, Fazendin's Internet service provider, to block access to the site. But Carl Mathison, the business manager at Winternet, in Minneapolis, said the company had no word of such a request.

Fazendin said he had found a few cracks, or code that cracks security codes, on Usenet and posted them on his Web site two weeks ago. He took them down early Tuesday, after he was served by Microsoft's lawyers. He did not think Microsoft would sue him and believed that if they came after him at all, it would be with a cease-and-desist letter, which he would have complied with.

"I get the impression I'm sort of being made an example of," he said. "It's so easy to find this [material]. All you have to do is run a search. I'm really surprised they went after me."

Microsoft's suit may mark the first ripple of a major industry show of muscle. The Software Publishers Association is prepping a major assault.

"It's a very visible problem." said Sandra Sellers, the SPA's vice president of intellectual property education and enforcement in Washington. She said some of the more visible hacker sites contain reams of information with cracker codes listed by product serial number. That kind of information is intended for just one purpose. "There is no conceivable reason why a person with a legitimate copy of a software program would need this," Sellers said.

Security breaches against Microsoft have occurred in the past, but this case marks the first time Microsoft has filed a lawsuit against an alleged code cracker. The 22-year-old man has forced Microsoft to rethink its strategy of distributing trial copies with time clocks, but the company has not made any major changes to its distribution policies or plans.

A Microsoft spokeswoman said it is unknown at this time whether other Microsoft programs include the same security feature, which was designed in-house, that the patch claims to disarm.

Revenue losses to piracy in the United States totaled $2.9 billion for 1994 and 1995, according to a joint study by the Software Publishers Association and the Business Software Alliance.

Copyright(c) 1997 Ziff-Davis Publishing Company. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Ziff-Davis Publishing Company is prohibited. PC Week and the PC Week logo are trademarks of Ziff-Davis Publishing Company. PC Week Online and the PC Week Online logo are trademarks of Ziff-Davis Publishing Company.

Send mail to PC Week