Microsoft headquarters. (Photo: Justin Hutchings/iStockphoto.com)
Microsoft Corp. recently reached a settlement with a Chinese electronics company accused of using stolen product activation keys to gain unauthorized access to Microsoft servers and software.
Microsoft sued Sichuan Changhong Electric Co. Ltd. in December in federal district court in Seattle under the Computer Fraud and Abuse Act. Microsoft said it was the first complaint of its kind under the federal computer fraud law involving stolen activation keys.
Lawyers for Microsoft and Changhong notified the court on May 21 that they had reached a settlement, and the case was dismissed a week later. The court filings didn’t include details about the deal. Changhong did not admit wrongdoing.
This week, Microsoft confirmed that Changhong agreed to pay an undisclosed amount of money to settle the case. The company also announced that as part of the deal, Changhong was working with Microsoft to use “genuine software” and “initiate protections against the practice of using stolen product keys as a means to activate unlicensed software.” A Microsoft spokesman declined to discuss the details of the arrangement.
Cybersecurity is a fast-growing area of law as corporations—and the federal government—ramp up efforts to combat data breaches, hacking and other cyber-based crimes. Leslie Caldwell, the recently confirmed head of the U.S. Department of Justice’s Criminal Division, highlighted cybercrime as a priority during her February confirmation hearing.
Microsoft said it built the case against Changhong through forensic analysis by its Cybercrime Center, which opened in November.
“When we first sat down with Changhong, it was clear the company understood the risks of employees using unlicensed software—including security breaches and lost data—and together we worked on a solution to better secure their business and protect their customers,” David Finn, executive director and associate general counsel of the Cybercrime Center, said in a statement.
David Bateman, a partner at K&L Gates who focuses on cybersecurity and intellectual property, served as lead counsel for Microsoft. He referred a request for comment to the company. Covington & Burling also represented Microsoft.
Changhong’s lead attorney, Philip McCune of Summit Law Group, did not return requests for comment. In a statement, Wang Xiaopeng, director of Changhong’s legal department, said the company was working with Microsoft on “implementing technology and oversight that will keep our customers and partners even more secure and set us apart from our competition.”
Microsoft, in its lawsuit, said investigators at the Cybercrime Center traced the alleged unauthorized product activation attempts to computers controlled by Changhong. The product activation keys were stolen from Microsoft customers in the United States, including a university, engineering company and public school district.
Through forensic analysis, Microsoft said it learned the activation attempts were taking place during business hours, and the software at issue involved business-related products. Microsoft accused Changhong of encouraging its employees or contractors to attempt to access Microsoft products using the stolen activation keys.
Court records show that the settlement talks began shortly after Microsoft filed its lawsuit. In late February, lawyers for both sides asked the court to extend Changhong’s deadline to respond to Microsoft’s complaint because they were already discussing a deal.
Those negotiations continued over the next three months; lawyers continued to seek extensions for Changhong’s deadline to answer the complaint.
Microsoft and Changhong have business interest ties. In 2007, according to news reports, Microsoft reached an agreement with Changhong to buy discounted shares of the company valued at $12.9 million. The China Securities Regulatory Commission ultimately blocked the deal.