Yes, Microsoft, This Really IS About Free Speech
If you've been ambivalent about the U.S. Justice Department's plans to break up Microsoft, consider this: Microsoft's recent actions show that it does pose a threat to competition in the computer industry. But far more dangerous is the threat the company poses to the most fundamental freedoms that define human rights in a liberal democratic state, including the freedom of speech and the right of citizens to due process of law. An extreme statement? If you think so, read on.
You've probably heard that the premiere on-line discussion site for open-source software enthusiasts, Slashdot, received a demand from Microsoft's attorneys concerning postings that recently appeared on the site. These postings were about Microsoft's proposed extensions to the Kerberos security protocol, which Microsoft has incorporated into its Windows 2000 operating system.
What is Kerberos, and why is it important? Kerberos is a security infrastructure that was developed at the Massachusetts Institute of Technology (MIT) with funds provided by U.S. taxpayers. Since its development, Kerberos has become an international security standard and is widely implemented in computer systems. In keeping with the company's "embrace and extend" policy, Microsoft has added its own, proprietary extensions to this protocol, as it is implemented in the company's Windows 2000 servers. The effect of these extensions is to assure that, in an organization running both UNIX and Windows systems, only Windows 2000 servers will provide full functionality for both types of systems. It would not be overly cynical to suppose that the company's extensions to the Kerberos protocol are intended for no other purpose than to drive the company's competition out of the marketplace.
Because the release of Windows 2000 with the Kerberos extensions occurred in the midst of widespread public discussion regarding the merits of the proposed Microsoft breakup, it is obviously essential that an informed citizenry should be able to obtain the facts regarding Microsoft's Kerberos extensions. However, the company has chosen to treat these facts as a proprietary matter, a trade secret, and it insists that anyone who wishes to become familiar with these facts agrees to the following license:
The Specification is confidential information and a trade secret of Microsoft. Therefore, you may not disclose the Specification to anyone else (except as specifically allowed below), and you must take reasonable security precautions, at least as great as the precautions you take to protect your own confidential information, to keep the Specification confidential. If you are an entity, you may disclose the Specification to your full-time employees on a need to know basis, provided that you have executed appropriate written agreements with your employees sufficient to enable you to comply with the terms of this Agreement.
One would think that a company truly wishing to protect a trade secret would do everything it could to keep it private, but Microsoft chose to publish the Kerberos extensions at a publicly accessible web site. However, this site is not directly accessible unless the viewer assents to an "End User Agreement", in which the above-quoted license appears.
Where does Slashdot come in? On May 2, an anonymous Slashdot contributor posted the full text of the Kerberos specification. In the ensuing on-line discussion, additional contributors revealed that it is child's play to bypass the end-user license in order to extract the specification without having assented to the agreement; one merely downloads and decompresses the file.
On May 10, a Microsoft attorney wrote to Andover Advanced Technologies, the registered owner of Slashdot, demanding the removal of the following items:
Copies of the Kerberos specification that were anonymously or otherwise posted to Slashdot discussions;
Comments containing links to sites with unauthorized copies of the specification; and
Comments containing instructions on how to bypass the End User License Agreement and extract the specification.
What is Microsoft's legal rationale? None other than the Digital Millennium Copyright Act (DMCA) of 1998, a U.S. federal law that Microsoft and other large software firms strongly backed. Among the DMCA's provisions is a sea change in copyright law, one amounting, in effect, to a monstrous and constitutionally unsupportable denial of due process. In brief, the DMCA enables any person who purports to be the owner of copyrighted material to demand its removal from the Internet, without having to go to a judge to obtain an injunction. All that is necessary is a formal notification, such as the one Slashdot received, demanding that the Internet service provider (ISP) remove the offending page. The Act also states that, if the ISP fails to remove the page, the ISP then automatically becomes a co-infringer! The Act further spells out that, should the accused infringer believe the material is not subject to the claimed copyright, the infringer can put it back on the site after a 15-day hiatus - which is, of course, tantamount to an invitation to a lawsuit. For more information on this mind-boggling perversion of long-established copyright law, see Kupferschmid 2000.
What's so bad about the Microsoft-backed DMCA? For starters, it constitutes a wholesale reversal of basic, fundamental tenets of due process in U.S. law. Before the DMCA, copyright holders had to go to a judge to obtain an injunction before they could force the removal or suppression of copyrighted material. With the DMCA, that's no longer necessary. All it takes is a certified letter to an ISP, which is then faced with the following choice: either remove the material, or you become a co-infringer. Under such circumstances, ISPs will of course remove the material, even if they believe it does not infringe on anyone's copyright; who would want to take such a risk? In short, the DMCA - strongly backed by Microsoft and its growing army of well-funded lobbyists - represents a radical, subversive and unconstitutional denial of the most fundamental provision of U.S. jurisprudence, a tradition dating all the way back to the Magna Carta: that a person is presumed innocent until proven guilty.
During the Congressional debate prior to the DMCA's passage, a host of civil libertarians, legal scholars, librarians and free-speech advocates warned their money-besotted "representatives" that the proposed legislation would quickly become a weapon against the expression of views which corporations found displeasing. That is precisely what has happened. The Microsoft/Andover fracas is only the latest in a long string of cynical proceedings that were designed, first and foremost, to intimidate Internet service providers and independent critical commentators from publishing facts - facts that are needed by the public in order to reach an informed conclusion regarding matters of compelling public interest.
The very fact that Microsoft would be brazen enough to publish these alleged "trade secrets" on the Web, and then try to protect them with a "Click Here" licensing agreement, shows the appalling extent of the company's hubris and the deep, abiding threat it poses to the most basic conceptions of U.S. law. The "Click Here" concept is, of course, enshrined in Microsoft's most recent foray into the radical subversion of U.S. law, UCITA. In case you're not aware, UCITA is a model legislative act proposed for adoption by the 50 U.S. states. Despite the fact that it is opposed by 23 U.S. attorneys general, by every consumer-rights organization that has ever examined the issue, and by hosts of legal scholars, two U.S. states (Virginia and Maryland) have already adopted the measure. (In a noted U.S. pattern called "The Race to the Bottom", you can expect other states - hoping to cash in on lobbyists' bucks and the tax revenues they'll get by attracting software firms to their states - to adopt UCITA in short order.)
Among UCITA's many odious provisions is another blow against long-established legal conceptions, namely that consumers should be protected against contracts with small-print provisions which would be "surprising" to a rational, disinterested party. Under UCITA, when you click "I Agree", you're bound, baby. This will set off a round of on-line fraud cases that will undoubtedly tarnish the reputation of e-commerce, perhaps fatally. Under UCITA, for example, it's quite possible for an on-line vendor to attach a lifetime credit-card charge to a customer's account without calling this to the customer's attention, and there's no way the customer can escape the resulting financial obligation. (If you think this is an extreme analysis of UCITA, my source is none other than 23 attorneys general of the United States, who cited this potential as one of their chief objections to the proposed legislation.) If UCITA becomes law in your state, take my advice: don't shop on-line.
Microsoft's use of the "click here" end-user agreement discloses yet another devious and unconstitutional use of UCITA's would-be provisions: namely, the elevation of a legally weak (and probably unsupportable) claim to a "trade secret" to the level of copyright, which has much stronger protection (thanks to the DMCA). You see, trade secrets are protected only weakly by intellectual property law. In particular, a trade secret ceases to be a trade secret once it is revealed to the public, even if the revelation takes place by illegal means. With the DMCA, Microsoft can suppress the publication of the trade secret, or even the publication of links to material describing the trade secret, by claiming that the publication of this material violates copyright.
Let's sum this up, okay?
In a cynical bid to push its competitors out of the marketplace, Microsoft Corporation has appropriated and made extensions to an open, public protocol that was developed with the assistance of U.S. taxpayers.
It is widely suspected that the extensions Microsoft has introduced have no other conceivable purpose than to render its competitors' products incompatible with Microsoft offerings so that firms will be compelled to adopt Microsoft rather than UNIX servers.
U.S. citizens, faced with the prospect of a Microsoft breakup under the provisions of U.S. antitrust law, have a compelling need and right to know the facts and the truth concerning Microsoft's proposed extensions to the Kerberos protocol.
In U.S. law, it is a well-established tradition that the rights of copyright holders are not absolute, and that occasionally they must take a back seat to broader considerations of public welfare. This is precisely the line of thinking that holds the publishers of the Pentagon Papers, secret U.S. Defense Department papers regarding the Vietnam conflict, immune to prosecution under U.S. copyright law. Had the publication of the Pentagon Papers been suppressed, the U.S. presence in Vietnam may have been prolonged, and thousands more would have died in a war that, the Papers conceded, could not possibly be won.
Microsoft's strong backing of the DMCA, and its leadership in drafting and pushing for the adoption of UCITA, show that the company has too little regard for fundamental conceptions of free speech and due process under the law. The firm apparently aspires to become a state unto itself, and poses a genuine and very real threat to the fundamental liberties of people in all the countries where the firm operates.
What can you do?
Fight the DMCA. Get informed on what the DMCA is all about, and join organizations such as the American Civil Liberties Union and the Electronic Frontier Foundation that are fighting for free expression in cyberspace.
Fight UCITA. Visit Badsoftware.com's UCITA page, get informed, and write to your state legislators!
Urge all of the organizations to which you belong to become Microsoft-free.
Bryan Pfaffenberger, a professor in the University of Virginia's new Media Studies program, is the author of Linux Clearly Explained and the forthcoming Linux Networking Clearly Explained, both published by Morgan Kaufmann Publishers; and of Mastering GNOME, published by Sybex.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Server Hardening
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The Death of RoboVM
- BitTorrent Inc.'s Sync
- The Humble Hacker?
- The US Government and Open-Source Software
- Open-Source Project Secretly Funded by CIA
- New Container Image Standard Promises More Portable Apps
- Canonical and BQ's Aquaris M10 Ubuntu Edition Tablet
- ACI Worldwide's UP Retail Payments
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide