Original URL: https://www.theregister.com/2001/11/03/ms_snags_crucial_authentication_drm/

MS snags crucial authentication, DRM opt-outs in DoJ settlement

You thought it was bad, already? Here's the small print

By Andrew Orlowski

Posted in Software, 3rd November 2001 00:42 GMT

The DoJ's capitulation to Microsoft, described by the San Jose Mercury's Dan Gilmor as "[awarding] the hen house to the meanest fox in the woods", was as Dan says not unexpected. Microsoft might not be the natural barbecue companion for the Texas oilmen who make up the Bush Administration: but the decision to nullify the AntiTrust laws by failing to enforce them is entirely consistent with the 43rd Presidency.

But what really should make enemies of The Beast weep tonight isn't the remedies, it's the opt-outs Microsoft has secured for itself.

The biggest omission you'll notice, when comparing the agreement against Judge Jackson's proposed behavioral remedies is the absence of technical disclosure practice. The original conduct obliged Microsoft to disclose APIs, and did so in some detail. It outlined the creation of a neutral clean room: an independent verification facility staffed by both industry opponents and Microsoft representatives, to ensure that compatibility issues were solved within a fixed time period. Or else.

In today's agreement, not only is Redmond not obliged to disclose APIs to third parties, it's secured an explicit guarantee that it doesn't have to. The small print in Section J 1 of the 'Prohibited Conduct' notes:- .

"No provision of this Final Judgment shall:
1.Require Microsoft to document, disclose or license to third parties:

(a) portions of APIs or Documentation or portions or layers of Communications Protocols the disclosure of which would compromise the security of anti-piracy, anti-virus, software licensing, digital rights management, encryption or authentication systems, including without limitation, keys, authorization tokens or enforcement criteria;

or (b) any API, interface or other information related to any Microsoft product if lawfully directed not to do so by a governmental agency of competent jurisdiction."

It's the most significant part of the entire agreement document, as it describes oversight of Microsoft's future conduct in the most critical areas of web services (authentication) and multimedia content (DRM).

It also represents an end-run around the AntiTrust Laws: Microsoft only needs to claim that its security is being compromised to get the authority of a Government policeman. In its own way, this section institutionalizes corporate malfeasance.

New balls, please

For much of the nineties, big business spent enormous energy on promoting the idea that markets and not the ballot box were the true instrument of democracy. Swashbuckling businessmen didn't just reject tiresome burdensome regulations, they stole the revolutionary couture of the Left to brand such interference as anti-democratic.

For the IT industry, with its instinctive fear of government, this became axiomatic: tech folk bought into the notion faster and deeper than anyone else, and ideology trumped common sense even amongst Microsoft's most articulate opponents. "Market failure is only solved by freer markets," chirped Eric Raymond in his 1998 essay which argued for the repeal of the AntiTrust laws. It's an argument that's welcomed, of course, by powerful monopolies.

But not even in their wildest dreams could the business elites have imagined that in 2001, the AntiTrust department itself would be offering a convicted monopolist state protection. ®