[Editor's note: I'm not making this up. I'm not even engaging in hyperbole.
-- jdcc]

<http://www.eweek.com/article/0,3658,s%253D701%2526a%253D26875,00.asp>

    
May 13, 2002 
Allchin: Disclosure May Endanger U.S.
By Caron Carlson 

A senior Microsoft Corp. executive told a federal court last week that
sharing information with competitors could damage national security and even
threaten the U.S. war effort in Afghanistan. He later acknowledged that some
Microsoft code was so flawed it could not be safely disclosed.

ADVERTISEMENT

The bold statements and candid admissions were part of Jim Allchin's
testimony during two days in court here before Judge Colleen Kollar-Kotelly,
who is hearing the case of nine states and the District of Columbia seeking
stricter penalties for Microsoft's antitrust behavior.

Allchin, group vice president for platforms at Microsoft, was the final
executive lined up to defend the Redmond, Wash., software developer. Like
company Chairman and Chief Software Architect Bill Gates before him, Allchin
highlighted the security problems he foresaw that could result from
technical information disclosure requirements sought by the nonsettling
states.

"It is no exaggeration to say that the national security is also implicated
by the efforts of hackers to break into computing networks," Allchin
testified. "Computers, including many running Windows operating systems, are
used throughout the United States Department of Defense and by the armed
forces of the United States in Afghanistan and elsewhere."

Unlike the states' proposed remedy, the federal settlement proposal that
Microsoft and the Department of Justice agreed to in November contains a
carve-out that permits Microsoft to withhold API and protocol disclosures if
such disclosures would compromise security. The provision is designed to
address hackers, viruses and piracy, according to Allchin.

In his testimony, Allchin also addressed .Net and countered charges made by
rivals ‹ particularly Jonathan Schwartz, senior vice president of corporate
strategy and planning at Sun Microsystems Inc.‹about its interoperability.
Charging that Schwartz's testimony oversimplified the interoperability of
.Net and Java technology, Allchin claimed the two systems are not perfect
equivalents.

"Microsoft has invested substantial time and resources in providing great
interoperability between .Net and older technologies," Allchin said. "Sun's
strategy of promoting '100 percent pure' Java applications discourages
interoperability."

During his second day on the stand, Allchin conceded that Microsoft has
already identified at least one protocol and two APIs that it plans to
withhold from public disclosure under the security carve-out.

The protocol, which is part of Message Queuing, contains a coding mistake
that would threaten the security of enterprise systems using it if it were
disclosed, Allchin said.

When Kevin Hodges, attorney for the dissenting states, asked him how many
APIs would be exempt, Allchin said he did not know the exact number, but it
would include APIs that deal with anti-piracy and digital rights management.
Microsoft has already identified APIs involved with Windows File Protection
that would be withheld, he said.

When pressed for further details, Allchin said he did not want to offer
specifics because Microsoft is trying to work on its reputation regarding
security. "The fact that I even mentioned the Message Queuing thing bothers
me," he said.


Reply via email to