Feeds

MS snags crucial authentication, DRM opt-outs in DoJ settlement

You thought it was bad, already? Here's the small print

  • alert
  • submit to reddit

Boost IT visibility and business value

The DoJ's capitulation to Microsoft, described by the San Jose Mercury's Dan Gilmor as "[awarding] the hen house to the meanest fox in the woods", was as Dan says not unexpected. Microsoft might not be the natural barbecue companion for the Texas oilmen who make up the Bush Administration: but the decision to nullify the AntiTrust laws by failing to enforce them is entirely consistent with the 43rd Presidency.

But what really should make enemies of The Beast weep tonight isn't the remedies, it's the opt-outs Microsoft has secured for itself.

The biggest omission you'll notice, when comparing the agreement against Judge Jackson's proposed behavioral remedies is the absence of technical disclosure practice. The original conduct obliged Microsoft to disclose APIs, and did so in some detail. It outlined the creation of a neutral clean room: an independent verification facility staffed by both industry opponents and Microsoft representatives, to ensure that compatibility issues were solved within a fixed time period. Or else.

In today's agreement, not only is Redmond not obliged to disclose APIs to third parties, it's secured an explicit guarantee that it doesn't have to. The small print in Section J 1 of the 'Prohibited Conduct' notes:- .

"No provision of this Final Judgment shall:
1.Require Microsoft to document, disclose or license to third parties:

(a) portions of APIs or Documentation or portions or layers of Communications Protocols the disclosure of which would compromise the security of anti-piracy, anti-virus, software licensing, digital rights management, encryption or authentication systems, including without limitation, keys, authorization tokens or enforcement criteria;

or (b) any API, interface or other information related to any Microsoft product if lawfully directed not to do so by a governmental agency of competent jurisdiction."

It's the most significant part of the entire agreement document, as it describes oversight of Microsoft's future conduct in the most critical areas of web services (authentication) and multimedia content (DRM).

It also represents an end-run around the AntiTrust Laws: Microsoft only needs to claim that its security is being compromised to get the authority of a Government policeman. In its own way, this section institutionalizes corporate malfeasance.

New balls, please

For much of the nineties, big business spent enormous energy on promoting the idea that markets and not the ballot box were the true instrument of democracy. Swashbuckling businessmen didn't just reject tiresome burdensome regulations, they stole the revolutionary couture of the Left to brand such interference as anti-democratic.

For the IT industry, with its instinctive fear of government, this became axiomatic: tech folk bought into the notion faster and deeper than anyone else, and ideology trumped common sense even amongst Microsoft's most articulate opponents. "Market failure is only solved by freer markets," chirped Eric Raymond in his 1998 essay which argued for the repeal of the AntiTrust laws. It's an argument that's welcomed, of course, by powerful monopolies.

But not even in their wildest dreams could the business elites have imagined that in 2001, the AntiTrust department itself would be offering a convicted monopolist state protection. ®

Application security programs and practises

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Captain Kirk sets phaser to SLAUGHTER after trying new Facebook app
William Shatner less-than-impressed by Zuck's celebrity-only app
Do YOU work at Microsoft? Um. Are you SURE about that?
Nokia and marketing types first to get the bullet, says report
Microsoft takes on Chromebook with low-cost Windows laptops
Redmond's chief salesman: We're taking 'hard' decisions
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
EU dons gloves, pokes Google's deals with Android mobe makers
El Reg cops a squint at investigatory letters
Chrome browser has been DRAINING PC batteries for YEARS
Google is only now fixing ancient, energy-sapping bug
prev story

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.