[LINK] Why the government should watch out for the card up Microsoft's sleeve

Bernard Robertson-Dunn brd@austarmetro.com.au
Wed, 05 Feb 2003 09:08:24 +1100

Why the government should watch out for the card up Microsoft's sleeve
Where's Paul Daniels when you need him?
Mon 3 February 2003 04:49PM GMT

The UK government has been offered a peak at the Windows source code - the
latest country to be offered the privilege under Microsoft's Government
Security Program (GSP).

As the name suggests, this initiative is supposed to be all about security.
Microsoft twigged a while ago that its reputation in this regard is more
than slightly tarnished - and national governments tend to be a bit twitchy
about such things.

So last year Bill Gates issued a fatwa on iffy code: over 8,000 developers
were given a virtual tooth comb in a bid to eradicate any security holes in
Microsoft's software. That move was made to reassure businesses and
consumers as much as governments.

Then came the GSP, which was launched two weeks ago and pitched squarely at
the latter. Microsoft said it will provide "governments with access to
source code and information that [they] need to be confident in the
security of the Microsoft platform".

Today, E-envoy Andrew Pinder said: "Partnership agreements such as the one
I have signed... with Microsoft are key to the risk management of the
national information infrastructure."

Risk management, security... sounds good. But is this really what it's
about? Let's return to the commercial world. In 2001, Microsoft launched
its Shared Source Initiative, which bares an uncanny resemblance to the
GSP. Big businesses and various other third parties were offered smart card
access to a secure website containing millions of lines of Windows 2000, XP
and .Net server code.

Microsoft didnít really say too much about security then. The main purpose
of this exercise - acknowledged by Microsoft - was to fight off the threat
of Linux, which was gaining traction in organisations throughout the world.

Since then, the same thing has happened in target-rich but cash-poor
government departments. Open source software has been adopted officially in
Brazil. It's encroached on Microsoft in Germany, Norway and Peru, among
other countries. Many more are looking at it unofficially. So Microsoft had
to hit back. Hence the GSP.

The clever trick was to pitch it as an answer to governments' security
fears - but make no mistake, that's a sleight of hand. Microsoft is
genuinely concerned about the open source movement, but has decided to stop
slagging it off. Instead it is taking aim at what was becoming a stronghold
for open source by playing the security card.

Very few businesses actually bothered to look at the source code they were
offered under the Shared Source Initiative. It'll probably be the same with
the GSP. But by offering it, Microsoft appears to be open source friendly
and security conscious - and therefore OK for use within governments.

Which of course it is. But lurking up Bill Gates' sleeve are a couple of
Black Mariahs: licence fees and long-term lock-in. Can governments trump
that? Probably not.

All you need in this life is ignorance and confidence, and then success is
-- unknown


Bernard Robertson-Dunn
Canberra Australia