The following text is copyright 2002 by Network World, permission is hearby given for reproduction, as long as attribution is given and this notice is included.


Purina Paranoid Chow?


By Scott Bradner


To all intents and purposes it looks like we have seen the final shoe drop on the current phase of the Microsoft anti-trust case.  The result may not be exactly what Microsoft wanted when the whole process started but it sure is not what many others wanted.  U.S. District Judge Colleen Kollar-Kotelly basically endorsed the settlement negotiated between the U.S. Department of Justice and Microsoft earlier this year.  The judge did tweak a few things but left most of the earlier settlement in place including a provision that should speed the adoption of Linux in many parts of the world.


For the paranoid one provision in the 300 page decision stands out:

"No provision of this Final Judgment shall:

1. Require Microsoft to document, disclose or license to third parties: (a) portions of APIs or Documentation or portions or layers of Communications Protocols the disclosure of which would compromise the security of a particular installation or group of installations of anti-piracy, anti-virus, software licensing, digital rights management, encryption or authentication systems, including without limitation, keys, authorization tokens or enforcement criteria; or (b) any API, interface or other information related to any Microsoft product if lawfully directed not to do so by a governmental agency of competent jurisdiction."


The (a) section of this seems to say that Microsoft can withhold information about their APIs if they claim that releasing the information would endanger the security of the system.  It does not take a paranoid to expect Microsoft to do this since they already have when talking about their own special tweak on the IETF's Kerberos standard.


The (b) section is pure paranoid fodder.  This provision says that a U.S. government agency, it does not take a court, can tell Microsoft to not release the API specs.  Some of you may remember the stories circulating early in 1999 about a "NSAkey" discovered in all recent Microsoft operating systems.  The speculation at the time was that the U.S. National Security Agency (NSA) had a magic key that would let them break into any computer running Microsoft operating systems anytime they wanted to.  (Search for "NSAkey" on Google to see some of the thousand references still around.)


A number of foreign governments became absolutely convinced that the U.S. government does have at least one backdoor into Microsoft operating systems and have been actively pushing alternatives for a while.    Now along comes this provision in the anti-trust settlement to help reinforce their suspicions.  


One puzzling thing about this whole episode is that clause (b) probably did not need to be written to make it so.  As pointed out in comments sent to the Justice Department after the proposed settlement was first posted noted, the clause "is a tautology and is thus superfluous to this proposed Final Judgment.  ... [the clause] simply restates the law."  Maybe the Judge is a secret supporter of open software and wanted to prod people, like the Chinese government, to be distrustful of Microsoft operating systems so they would switch to Linux where you can see what is going on.


disclaimer:   I do not know if the Chinese government is distrustful of Harvard, normally the further away, the better Harvard looks, but the above is my own paranoia.