Feeds

MS snags crucial authentication, DRM opt-outs in DoJ settlement

You thought it was bad, already? Here's the small print

  • alert
  • submit to reddit

The next step in data security

The DoJ's capitulation to Microsoft, described by the San Jose Mercury's Dan Gilmor as "[awarding] the hen house to the meanest fox in the woods", was as Dan says not unexpected. Microsoft might not be the natural barbecue companion for the Texas oilmen who make up the Bush Administration: but the decision to nullify the AntiTrust laws by failing to enforce them is entirely consistent with the 43rd Presidency.

But what really should make enemies of The Beast weep tonight isn't the remedies, it's the opt-outs Microsoft has secured for itself.

The biggest omission you'll notice, when comparing the agreement against Judge Jackson's proposed behavioral remedies is the absence of technical disclosure practice. The original conduct obliged Microsoft to disclose APIs, and did so in some detail. It outlined the creation of a neutral clean room: an independent verification facility staffed by both industry opponents and Microsoft representatives, to ensure that compatibility issues were solved within a fixed time period. Or else.

In today's agreement, not only is Redmond not obliged to disclose APIs to third parties, it's secured an explicit guarantee that it doesn't have to. The small print in Section J 1 of the 'Prohibited Conduct' notes:- .

"No provision of this Final Judgment shall:
1.Require Microsoft to document, disclose or license to third parties:

(a) portions of APIs or Documentation or portions or layers of Communications Protocols the disclosure of which would compromise the security of anti-piracy, anti-virus, software licensing, digital rights management, encryption or authentication systems, including without limitation, keys, authorization tokens or enforcement criteria;

or (b) any API, interface or other information related to any Microsoft product if lawfully directed not to do so by a governmental agency of competent jurisdiction."

It's the most significant part of the entire agreement document, as it describes oversight of Microsoft's future conduct in the most critical areas of web services (authentication) and multimedia content (DRM).

It also represents an end-run around the AntiTrust Laws: Microsoft only needs to claim that its security is being compromised to get the authority of a Government policeman. In its own way, this section institutionalizes corporate malfeasance.

New balls, please

For much of the nineties, big business spent enormous energy on promoting the idea that markets and not the ballot box were the true instrument of democracy. Swashbuckling businessmen didn't just reject tiresome burdensome regulations, they stole the revolutionary couture of the Left to brand such interference as anti-democratic.

For the IT industry, with its instinctive fear of government, this became axiomatic: tech folk bought into the notion faster and deeper than anyone else, and ideology trumped common sense even amongst Microsoft's most articulate opponents. "Market failure is only solved by freer markets," chirped Eric Raymond in his 1998 essay which argued for the repeal of the AntiTrust laws. It's an argument that's welcomed, of course, by powerful monopolies.

But not even in their wildest dreams could the business elites have imagined that in 2001, the AntiTrust department itself would be offering a convicted monopolist state protection. ®

Security for virtualized datacentres

More from The Register

next story
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
'Windows 9' LEAK: Microsoft's playing catchup with Linux
Multiple desktops and live tiles in restored Start button star in new vids
iOS 8 release: WebGL now runs everywhere. Hurrah for 3D graphics!
HTML 5's pretty neat ... when your browser supports it
Mathematica hits the Web
Wolfram embraces the cloud, promies private cloud cut of its number-cruncher
Mozilla shutters Labs, tells nobody it's been dead for five months
Staffer's blog reveals all as projects languish on GitHub
SUSE Linux owner Attachmate gobbled by Micro Focus for $2.3bn
Merger will lead to mainframe and COBOL powerhouse
iOS 8 Healthkit gets a bug SO Apple KILLS it. That's real healthcare!
Not fit for purpose on day of launch, says Cupertino
Not appy with your Chromebook? Well now it can run Android apps
Google offers beta of tricky OS-inside-OS tech
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.