EA Delivers Spore De-Authorization Tool, Keeps Activation Limit

— -- Three cheers for EA's three-months-late Spore de-authorization tool, but one boo-hiss for not making that tool a comprehensive DRM-zapper. Spore, as you know, uses digital rights management gate-guard SecuROM to place alligators in the castle moat and pull up the drawbridge whether you've paid for a copy of the game or pilfered one. If you want to play, you must first enter a key, then authenticate against an online activation server. Subsequent online activity entails session based re-authentication.

That's actually a step up from what might have been. The original system proposed would have required activation every 10 days, no pardons or plea-bargains. EA thankfully scrapped its lousy idea after well-deserved public scorn. Still, the shipping version of Spore retained the initial activation shtick, but also the galling "maximum number of installs" manacles. Rebuild your machine, wipe the game off your drive, or simply suffer catastrophic mechanical failure more than thrice, and you'd have to pick up the phone and plead your case before the witheringly template-tastic Q&A readings of call center front-liners.

At first that maximum number was equal to three (three chances? three strikes?) but EA saw it in their hearts to bend backwards, move the earth and the heavens, and raise it to five. To paraphrase Conrad's Kurtz: "The generosity! The generosity!"

Nudging the ball a few inches back toward "what customers reasonably expect and deserve," EA's just released a Spore de-authorization tool that, as it sounds, allows you to de-authorize a Spore install to keep your stable of five-in-all-possible from crumbling. Unfortunately it only works with installs cleared through the tool, and the limit of five activations total remains.

According to the info page:

By running the de-deauthorization tool, a machine "slot" will be freed up on the online Product Authorization server and can then be re-used by another machine.

You can de-authorize at any time, even without uninstalling Spore, and free up that machine authorization. If you re-launch Spore on the same machine, the game will attempt to re-authorize.

If you have not reached the machine limitation, the game will authorize and the machine will be re-authorized using up one of the five available machines.

So in 2008, EA's finally found its way to the place companies like Audible were five or six years ago. Vive la progress!

While EA rightly deserves plaudits for reacting favorably (if wincingly and incrementally) toward its customers, it's still appeasement by half-measures. Customer rights are easily lost but hard won. Until October 25, 2001, the notion that you'd have to activate a piece of software that shackled itself to hardware identifiers on your machine simply to use it was crazy talk. Now -- at least for some companies -- it's become depressingly (but no less vexingly) routine.

And it's been getting worse. We almost saw the release of mechanisms in Spore, as well as the PC version of Bioware's Mass Effect, that would have required continuous online authentication. Media scrutiny and customer backlash got those scuttled, but don't think we've seen the coattails of such increasingly invasive measures.

Now there is a form of DRM I wouldn't be entirely opposed to, at least in theory, and that's online authentication of simply me, myself, and I. Not by hardware, not by activation code, completely absent third party parasitical drivers. Just me, username and password, end of story, just as I authenticate to access online tools like webmail or antiviral-security suites. Identity-based validation, then, and let the companies sort whatever algorithm they like to remedy account leaks, the same way Blizzard or Turbine handle such matters with regard to World of Warcraft and Lord of the Rings Online.

The trouble with that notion, of course, is that you'd almost need something like "worldwide wireless" to make it tenable -- something in the offing, but not at all soon. Customers want to play when and where they like, and unless you're an MMO, the current lack of online-anywhere access would engender segregation.

Why not implement something like it, but use offline workarounds with time-based trigger limits? Perhaps someone smarter can see around the issues, but I'd still call that a nonstarter because you're at some point back to hackable spaghetti measures, bound to confuse, frustrate, and alienate consumers.

In the meantime, we'll have to keep the pressure on companies to treat us like lawful consumers and not barely restrained "naughty children." Piracy's a serious problem, message received and sympathies extended, but the companies that can't figure out how to solve the profitability equation without resorting to Machiavellian DRM mechanics? We're better off without them entirely.