I'm actually not familiar with the legality of downloading this torrent. Is this considered legal, or is it like stolen goods, where the mere possession is a crime, even lacking evidence of the actual theft?
Also, what would be the legality a group of people "maintaining" this code? (developing security patches, etc)
The first answer probably depends on where you live. In the US, I would not bet on it. In Germany, I could at least argue that you legally cannot steal source code.
For the second part: that's probably legally impossible world wide due to trade secret protection agreements.
I can't see why Microsoft would bother pursuing people for downloading or seeding this. The cat is out of the bag. And people will use this in ways MS don't want regardless of what they do. It is not like a movie where there is a loss of hypothetical revenue. Source code is not exactly an easy was to install a pirated OS!
A simple rule of thumb from someone who is not a lawyer. Is the thing you wish to download the property of someone else, and have they granted you the right to view/use it. I think the answer is pretty clear here.
> the upload which you are also doing when using torrents.
Unless you set your seeding limits to 0kb. You take a hit in speed/availability (as more peers will likely not do business with you), but you also don't distribute anything.
Depends on the jurisdiction and the legal system where you reside. Copyright is a complex matter.
Long story short, there are two major ways in how copyright violations are approached. Either the other party starts a civil suit in court and tries to claim damages (much like if you would damage someone else's property); or state law considers this a prosecutable felony or crime, in which case you look at punishments such as fines or prison time. Moreover, you may run the risk of being liable to both scenario's.
In the United States, criminal copyright law is a thing:
> Criminal copyright infringement requires that the infringer acted "for the purpose of commercial advantage or private financial gain." 17 U.S.C. § 506(a).[9] To establish criminal liability, the prosecutor must first show the basic elements of copyright infringement: ownership of a valid copyright, and the violation of one or more of the copyright holder's exclusive rights. The government must then establish that defendant willfully infringed or, in other words, possessed the necessary mens rea. Misdemeanor infringement has a very low threshold in terms of number of copies and the value of the infringed works.
> An individual may be liable if the infringement was committed: (B) by the reproduction or distribution, including by electronic means, during any 180-day period, of 1 or more copies or phonorecords of 1 or more copyrighted works, which have a total retail value of more than $1,000; or (C) by the distribution of a work being prepared for commercial distribution, by making it available on a computer network accessible to members of the public, if such person knew or should have known that the work was intended for commercial distribution. 17 U.S.C. § 506(a)(1).
> Without establishing the threshold value, legitimate infringement, or the requisite state of mind, there can be no criminal liability. If the defendant can show they had a legitimate copy or use – such as through the first-sale doctrine – then the burden of proof falls on the government.[9]
Directly using the code would imply liability to copyright infringement. When you want to compete with the product of a competitor, that's something you want to avoid. A classic tactic to avoid this is "clean room design":
> Typically, a clean-room design is done by having someone examine the system to be reimplemented and having this person write a specification. This specification is then reviewed by a lawyer to ensure that no copyrighted material is included. The specification is then implemented by a team with no connection to the original examiners.
ReactOS is a contested example of "clean room design" for copying elements from Windows:
> "I think it's a ripoff of the Windows Research Kernel that Microsoft licensed to universities under an agreement that was obviously violated by some, as the code has been uploaded to numerous places, some of it on GitHub," Rietschin wrote. "I glanced at the ReactOS code tree, and in my opinion, there is absolutely no way on Earth this was written from a clean sheet only from the available public documentation." He says that "internal data structures and internal functions, not exported anywhere and not part of the public symbols, have the exact same names as they appear in the Research Kernel."
The issue with this code leak is that any engineer looking at this risks being considered "burned" if they are ever asked to implement similar features in a comparable product and rely on their knowledge. I wouldn't touch it with a 30 feet pole.
Also, what would be the legality a group of people "maintaining" this code? (developing security patches, etc)