Feeds

DoJ exculpa: why the MS deal doesn't stink at all, honest

And nobody will believe this one either

  • alert
  • submit to reddit

High performance access to file storage

The Department of Justice's Competive Impact Statement, intended to explain why the deal it struck with Microsoft will tame The Beast and not, as widely advertised, simply renew its licence to kill, is as one might expect a lengthy mea exculpa. The flaws in the Proposed Final Judgment, which was unveiled earlier this month, have plenty of holes in them, and the Competitive Impact Statement won't do much to convince critics that these aren't holes after all.

It does in some areas - notably in the case of the security 'get out of jail free clause' - appear to tighten things up by saying what the Judgment is supposed to mean, rather than leaving us to wonder. This particular section, it says, "must be read in conjunction with subsection III.J.1.a., which exempts from[disclosure] certain very limited and specific portions or layers of Communications Protocols which would, if disclosed, compromise the system security provided by Microsoft anti-piracy, anti-virus, software licensing, digital rights management, encryption and authentication features. The exception provided by subsection III.J.1.a. is a narrow one, limited to specific end-user implementations of security items such as actual keys, authorization tokens or enforcement criteria, the disclosure of which would compromise the security of 'a particular installation or group of installations' of the listed security features."

So here the DoJ is stressing that there's no way Microsoft could keep secret anything it liked just by howling "security!" Nevertheless the company still has the ability to argue about what is and is not covered here, and it also has the ability to require that the recipient or licensee be of good character, i.e. "having no history of software counterfeiting or piracy or willful violations of intellectual property rights." Some might argue that certain historical incidents might rule Microsoft itself out on a couple of those counts, but we won't.

Microsoft can also insist on the licensee "having its programs verified by a third party to ensure compliance with Microsoft specifications for use of the information." Which could be used as another obstacle. The explanation of the security clause itself is as follows:

"For example, this subsection permits Microsoft to withhold limited information necessary to protect particular installations of the Kerberos and Secure Audio Path features of its products (e.g., keys and tokens particular to a given installation), but does not permit it to withhold any capabilities that are inherent in the Kerberos and Secure Audio Path features as they are implemented in a Windows Operating System Product. This is a critical distinction, because it ensures that Section III.E. will make these features available to competing software and hardware developers and permit them to offer competing implementations of these features, and products that rely on them, that can do the same things as Microsoft implementations of these features, while protecting the integrity of actual, particular end-user implementations of those systems."

Exactly how "portions of APIs or Documentation or portions or layers of Communications Protocols" (which is what it says in the Proposed Final Judgment) boils down to "keys and tokens particular to a given installation" is not made clear. One trusts the judge will make it so.

Overall, the latest document doesn't do anything significant to alter the widespread perception, which is held in some remarkably odd places, that the deal was a cave-in. If like most analysts you thought Microsoft still had plenty of scope to carry on as before, and that the Judgment would do nothing to obstruct future abuses using alternative mechanisms, you're still going to think that.

The sign-off pages are good though. It explains why the DoJ didn't push for something closer to Jackson's remedies, which is because it'd take two years more wrangling. This is however odd, given that Jackson could have imposed the remedies if he wanted, the present judge still could, if she wanted, and that the appeals court agreed with the original verdict. The DoJ quite likely could get relatively speedy relief based on imposed terms if it had pressed for it. Microsoft would certainly have appealed this, and might have won stays, but it might not. You don't ask, you don't get, surely.

Next, the host of alternative remedies that were submitted by "industry participants and other interested individuals" gets due consideration. We'll quote them in full:
"A requirement that Microsoft license the Windows source code to OEMs to enable them to modify, compile and distribute modified versions of the Windows Operating System for certain limited purposes, such as automatically launching Non-Microsoft Middleware, operating systems or applications; setting such non-Microsoft Middleware as the default; and facilitating interoperability between Non-Microsoft Middleware and the Windows Operating System.
"A requirement that Microsoft disclose the entire source code for the Windows Operating System and Microsoft Middleware, possibly within a secure facility for viewing and possibly without such a facility.
"A requirement that Microsoft must carry certain Non-Microsoft Middleware, including but not limited to the Java Virtual Machine, in its distribution of the Windows Operating System.
"A requirement that Microsoft manufacture and distribute the Windows Operating System without any Microsoft Middleware or corresponding functionality included.
"A requirement that Microsoft continue to support fully industry standards if it chooses or claims to adopt them or extends or modifies their implementation.
"A requirement that Microsoft waive any rights to intellectual property in related APIs, communications interfaces and technical information if the Court finds that Microsoft exercised a claim of intellectual property rights to prevent, hinder, impair or inhibit middleware from interoperating with the operating system or other middleware."

These are in general quite mild compared to some of the ideas that have been put forward, and indeed compared to splitting the company in two. One of them, covering source disclosure, was even originally thought to be part of the deal, but seems to have been chopped at the last minute. So what did the DoJ do about them?

"The United States carefully weighed the foregoing proposals, as well as others received or conceived, considering their potential to remedy the harms proven at trial and upheld by the Court of Appeals; their potential to impact the market beneficially or adversely; and the chances that they would be imposed promptly following a remedies hearing. The United States ultimately concluded that the requirements and prohibitions set forth in the Proposed Final Judgment provided the most effective and certain relief in the most timely manner."

And that is all the document has to say about the other proposals. You'll note that "the most effective and certain relief in the most timely manner" is DoJspeak for the most we could get Microsoft to agree to without having to go back to court. ®

Related stories:
Those new-look tougher MS judgment terms in full
All you ever wanted to know about the DoJ's Windows cave in

Combat fraud and increase customer satisfaction

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Oh no, Joe: WinPhone users already griping over 8.1 mega-update
Hang on. Which bit of Developer Preview don't you understand?
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
Next Windows obsolescence panic is 450 days from … NOW!
The clock is ticking louder for Windows Server 2003 R2 users
Ditch the sync, paddle in the Streem: Upstart offers syncless sharing
Upload, delete and carry on sharing afterwards?
Microsoft TIER SMEAR changes app prices whether devs ask or not
Some go up, some go down, Redmond goes silent
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.