Microsoft’s “Get Out of Jail Free” card

For anyone who’s been watching the on-going saga of the Microsoft anti-trust case, the recent proposed settlement with the US Department of Justice (DOJ) was shocking. Whether you are for or against MS, the terms agreed to by the DOJ seemed remarkably lax, basically allowing MS to continue with business as usual.

A quick review: MS lost the first round, heard in front of Judge Jackson. Found guilty of illegally using their monopoly in the operating system market to excluding competition in that market, and to leverage their hold to expand into other markets.

Unfortunately, Jackson broke fundamental ethical precepts by granting interviews to reporters during the trail, in which he used rather unflattering language to describe MS and its executive, including comparing the company to gangland killers and drug dealers, and describing Bill Gates as “having a Napoleonic concept of himself and his company”.

The reporters were forbidden to disclose the interviews until after the trial was completed, but the damage was done. MS used this fact during the appeal to try to argue that Jackson was prejudiced, and that his entire findings of fact (that MS was a monopoly, and used this illegally) and his final judgment, including the break-up order, should be thrown out.

Although the appellate court agreed Jackson acted improperly, and canceled his break-up order, they still up-held his findings. MS, they said, was guilty of everything Jackson said it was, and sent the case back to the district court, under a different judge, for a new set of remedies. Things weren’t looking very good for MS for a while there.

But then two significant things happened. First, Bush beat Gore. While this didn’t guarantee MS would get away for free, many thought it would walk away with much less of a penalty. The second thing was September 11th — and suddenly everything changed.

The US government, and more importantly, its people, realized it’s a very dangerous world out there. There was talk about how the terrorists likely used the Internet to communicate, leveraging on encryption technologies to keep their messages secret, and how encryption should be made illegal.

Then word starting coming out that civil liberties were going to be lessoned, with the FBI and CIA able to investigate individuals on little more than suspicion of illegal activities. Their Carnivore system, which can track Internet users’ actions on-line, would be expanded to include the ability to record everything a user does, not just who they communicate with.

To deal with the encryption “problem”, the FBI are developing something called Magic Lantern. This is a computer virus which can infect a suspect’s computer (using the usual Windows security holes), and perform key-stroke logging. Thus, the FBI can learn the pass-phrases someone uses for their encryption systems, and even record e-mails and documents as they’re created. McAfee and Symantec, two companies people rely on to find out if their machine has been compromised, have stated as company policy that they won’t report Magic Lantern.

And, slowly, the MS settlement started to make sense: the government now wants MS software running everywhere, because it’s an easy target to comprise. Why go to the trouble of sending agents into a suspects premises to install keystroke logging hardware or software, if it can be done remotely?

An option being expressed a lot lately is even more ominous — what if Magic Lantern came pre-installed, or could be included in a “system update” the next time Windows XP checked in? Rather than leverage on remote exploits, it could become as simple as the FBI making a request to a certain monopoly.

As Dave Winer, author of the “web-log” site, put it: “Bewildered, Web developers are left out of the discussion entirely and wonder if the government decision-makers are incredibly naive; or if there are deals being made under the table. In astrophysics we know that black holes exist even if we can’t see them. One-sided deals against the public interest are a lot like black holes. No, I don’t think they’re stupid, but they must think we are.”

If this is in fact part of the settlement, it is obviously a secret component. It has ramifications which has the potential to go well past the (likely short-term) terrorist risks, and to impact individuals inside and outside the US borders.

Anyone who wants their paranoia level jacked up a few levels should spend some time at the Echelon Watch site, at Echelon is a world-wide electronic surveillance system which doesn’t exist officially, although a European investigation concluded it certainly is real. It has little or no over-site, and has apparently been used by the US to gain advantage for US companies by passing on private communications of non-US competitors.

Now, imagine the US government having access to just about any computer in the world. Does anyone think they’ll limit themselves to only using this ability to fight terrorism and crime? That’s just not their style.

Think about this the next time Windows pops up a little bubble telling you there’s an “important update” which should be applied to your computer immediately. First off, how does it know this? It went off and talked to a server somewhere, telling it who knows what? Second, exactly what does this update contain? Since it’s binary, you have no way of knowing.

It takes a lot of trust to continue with such an arrangement. A level of trust many people no longer have.

Published in the Victoria Business Examiner.