Feeds

How did Microsoft end up policing Microsoft?

Because there's no justice like us

  • alert
  • submit to reddit

3 Big data security analytics techniques

Analysis I've been reading Judge Colleen Kollar-Kotelly's decision to affirm the DoJ-Microsoft Seattlement in great detail this weekend, with one thing in particular growing from a small seed of a doubt, but gradually fomenting into a terrible and inescapable conclusion.

I want to be a Judge. No, seriously - it's a Judge's life for me. Any other job now looks simply like too much hard work.

Consider the evidence. CKK was appointed in August 2001, at which point she started reading up on the intricacies of middleware and OEM agreements as background, we presume. She then presided over 30 days of court testimony, and there followed six months' of weighty deliberation arriving at her conclusion of whether the Second Revised Proposed Final Judgment (SRPFJ) was punishment fit for a company guilty of major violations of business law.

Her conclusion upholds only one substantive point of the plaintiff's case - a technicality - and dismisses the rest of the evidence in such a peremptory and high-handed manner it seems that the good Judge really dealt with the meat of the case in a single day.

You need to parse it yourself to get a flavor of the haste with which Consonant-Kollision dispatches the Plaintiff's arguments to the far corners of the ball park. It's a fast, rote dismissal of every point of the dissenting States' case, and one which will leave most readers breathless.

Even taking into account lawyers' predilection to leave the meter running - something shared with taxi drivers - this is an awful lot of time to spend arriving at a decision of "no change". Perhaps she just wanted to take the shoes off, kick back and relax for a while on a spot of AntiTrust business. But if this isn't "Look Busy! Here's the boss" down to tee, I don't know what is - and regardless of the which side you're on in this important case, as an American taxpayer you should be demanding your money back. For this Judge appears to have arrived at her conclusion long before the judgement was published on Friday.

Equally guilty

The curious part of CKK's decision is that it steers an arbitrator's classic middle ground between two equally injured parties. You have to pinch yourself to remember that one of these parties has been found - a decision largely upheld on appeal - to have committed a sequence of serious business malpractices, and that the Judge is deciding the legality of the punishment. Murderers don't usually get to choose their sentence, but in modern corporate law it seems, the felon can plea bargain their way right off the gallows.

This only happens if a judge decides to give up any notion of dispensing justice, as this one seems to have done. This is fairly shocking to those of us who regard the American constitution as a beautiful democratic instrument, but it won't be surprising to cynics who point out the ease with which such instruments can be bought by Robber Barons. They'll always have their defenders - and CNET dispatched Declan McCullagh to the warzone. McCullagh, a draw-by-crayon libertarian who's spent much of the last few years trolling Microsoft newsgroups with the notion that NO government is entitled to stand in the way of any successful business, is apparently unable to reconcile that democracy belongs to citizens and not consumers. (Human wetware pays havoc with the pie charts, at moments like this).

This is a rhetorical battle he's won, though. Statistics (and common sense) show that only a very few benefit from such periods of triumphal industrial might: the greatest periods of American prosperity have occurred when wealth was distributed to the middle classes and opportunities extended to the poor, but these were brief interludes in what has been a generally lawless land.

And so it is now.

You will report to the Committee. Except when you don't

Microsoft will be overseen by a "Technical Committee" residing on Microsoft's campus, at Microsoft's expense. Most importantly, Microsoft helps choose the membership of the committee. The company will appoint a "Compliance Officer" to liaise.

The Se[a]ttlement allows TechComm the freedom to "interview Microsoft employees and agentts and require submission of written reports", which sounds great. But the results must remain concealed, to avoid further litigation, or even embarrassment, to Microsoft:

"The work product, findings, and recommendations of the committee are not to be admitted in 'any law enforcement proceedings before the Court for any purpose,' and members of the committee are prohibited from testifying in any capacity before a court or other tribunal. [Id. § IV.D.4.d.] Similarly, any information gathered by or any report from the Technical Committee is to be treated as highly confidential pursuant to the Protective Order entered in this case."

And it's a good thing that Microsoft helps choose the people who will police it, explains the Judge:

"...the committee will likely foster an environment of cooperative resolution, rather than one of persistent conflict and litigation. Otherwise, attempts at enforcement have a greater potential to take on the tenor of adversary proceedings, resolved in most instances with great difficulty and delay."

You see? We're all friends, here.

Now it might surprise you that misdemeanors discovered by the Technical Committee can't be used to punish the guilty defendant yet again. Wasn't this the whole point of the punishment, to make sure Microsoft didn't stray again, to repeat the offences of which it's already been found guilty?

Apparently not.

The "work product, findings or recommendations" of the Committee can't be used in subsequent litigation against Microsoft.

Judge CKK thinks this is only fair. It's a "misunderstanding" to think otherwise, she says. "In short, the prohibition on the use of committee work product is most accurately described as 'a narrow recognition that the opinions or conclusions reached by the committee as a whole or by members of the committee would not be admissible, but the information that they gather certainly would be used by [the government] and introduced into evidence by [the government].'"

That's certainly a gray area - but a gift to the defendant, who can now question whether any piece of evidence of is admissible, before it's admitted.

See how the burden of proof has swung towards the defendant? Microsoft can, and you can bet, probably will use this procedure to sandbag future litigation: it adds several months to any future case as the respective lawyers set their meters running. A Sun Microsystems can probably afford the expense. A Borland, if it were inclined, probably couldn't, and a start-up is even further away from a fair hearing than it ever was. Start-ups are the lifeblood of the tech industry, and anyone straying onto the Windows patch for the first time has a stark choice of either being bought, or murdered.

So now you know why capital has deserted the PC software business. Nothing goes in, and nothing comes out. It's a monoculture every bit as sterile as America's cellphone business, which takes its cue from Qualcomm, a company with superb technology which almost from day one made sure it would be a backwater, thanks to its obnoxious licensing practices. (Phones here are years behind the rest of the world: have you tried buying a Bluetooth-enabled CDMA 1X phone? You can't. Because there isn't one.)

Both Microsoft and Qualcomm are in the unenviable position of being beneficiaries of state protection, which is, you'd think, the last place red-blooded capitalists want to be. And so American government protects two home-grown monocultures from real competition. As we've suggested, the long-term threats to America's technology industry come from co-opetive models of business, such as GSM, and from the superior education and lower labor costs offered by India and China. To offer a protectionist blanket around Microsoft doesn't really help anyone, right now, and it doesn't even help Microsoft. It's an amazing conclusion to this case.

How did we get here? It's not easy to explain, but we welcome your thoughts. ®

SANS - Survey on application security programs

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
Windows 8.1, which you probably haven't upgraded to yet, ALREADY OBSOLETE
Pre-Update versions of new Windows version will no longer support patches
Microsoft TIER SMEAR changes app prices whether devs ask or not
Some go up, some go down, Redmond goes silent
Red Hat to ship RHEL 7 release candidate with a taste of container tech
Grab 'near-final' version of next Enterprise Linux next week
Ditch the sync, paddle in the Streem: Upstart offers syncless sharing
Upload, delete and carry on sharing afterwards?
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.