Feeds

MS snags crucial authentication, DRM opt-outs in DoJ settlement

You thought it was bad, already? Here's the small print

  • alert
  • submit to reddit

The smart choice: opportunity from uncertainty

The DoJ's capitulation to Microsoft, described by the San Jose Mercury's Dan Gilmor as "[awarding] the hen house to the meanest fox in the woods", was as Dan says not unexpected. Microsoft might not be the natural barbecue companion for the Texas oilmen who make up the Bush Administration: but the decision to nullify the AntiTrust laws by failing to enforce them is entirely consistent with the 43rd Presidency.

But what really should make enemies of The Beast weep tonight isn't the remedies, it's the opt-outs Microsoft has secured for itself.

The biggest omission you'll notice, when comparing the agreement against Judge Jackson's proposed behavioral remedies is the absence of technical disclosure practice. The original conduct obliged Microsoft to disclose APIs, and did so in some detail. It outlined the creation of a neutral clean room: an independent verification facility staffed by both industry opponents and Microsoft representatives, to ensure that compatibility issues were solved within a fixed time period. Or else.

In today's agreement, not only is Redmond not obliged to disclose APIs to third parties, it's secured an explicit guarantee that it doesn't have to. The small print in Section J 1 of the 'Prohibited Conduct' notes:- .

"No provision of this Final Judgment shall:
1.Require Microsoft to document, disclose or license to third parties:

(a) portions of APIs or Documentation or portions or layers of Communications Protocols the disclosure of which would compromise the security of anti-piracy, anti-virus, software licensing, digital rights management, encryption or authentication systems, including without limitation, keys, authorization tokens or enforcement criteria;

or (b) any API, interface or other information related to any Microsoft product if lawfully directed not to do so by a governmental agency of competent jurisdiction."

It's the most significant part of the entire agreement document, as it describes oversight of Microsoft's future conduct in the most critical areas of web services (authentication) and multimedia content (DRM).

It also represents an end-run around the AntiTrust Laws: Microsoft only needs to claim that its security is being compromised to get the authority of a Government policeman. In its own way, this section institutionalizes corporate malfeasance.

New balls, please

For much of the nineties, big business spent enormous energy on promoting the idea that markets and not the ballot box were the true instrument of democracy. Swashbuckling businessmen didn't just reject tiresome burdensome regulations, they stole the revolutionary couture of the Left to brand such interference as anti-democratic.

For the IT industry, with its instinctive fear of government, this became axiomatic: tech folk bought into the notion faster and deeper than anyone else, and ideology trumped common sense even amongst Microsoft's most articulate opponents. "Market failure is only solved by freer markets," chirped Eric Raymond in his 1998 essay which argued for the repeal of the AntiTrust laws. It's an argument that's welcomed, of course, by powerful monopolies.

But not even in their wildest dreams could the business elites have imagined that in 2001, the AntiTrust department itself would be offering a convicted monopolist state protection. ®

Securing Web Applications Made Simple and Scalable

More from The Register

next story
KDE releases ice-cream coloured Plasma 5 just in time for summer
Melty but refreshing - popular rival to Mint's Cinnamon's still a work in progress
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
Put down that Oracle database patch: It could cost $23,000 per CPU
On-by-default INMEMORY tech a boon for developers ... as long as they can afford it
Another day, another Firefox: Version 31 is upon us ALREADY
Web devs, Mozilla really wants you to like this one
Google shows off new Chrome OS look
Athena springs full-grown from Chromium project's head
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.