The proposed class-action suit, filed this week in Los Angeles Superior Court, comes as the company is admitting that its reliance on software patches for fixing security problems hasn't worked. The suit contends that by failing to secure its software, Microsoft subjected its customers to having their private data made public. The lawsuit was filed on behalf of Marcy Hamilton, a Los Angeles resident, who claims a flaw allowed a digital thief to steal her personal information.
Microsoft said on Friday that it plans to fight the action on several legal grounds, noting that it has invested considerable resources in responding to problems and trying to prevent future vulnerabilities.
"It is pretty clear that Microsoft has made security a priority," said company spokesman Sean Sundwall.
However, those efforts have failed to stop a rash of recent attacks, with the company itself set to announce next week a revised strategy that moves beyond the notion that customers will take responsibility for patching their own systems.
On the legal front, Microsoft's first step will be to fight the effort to have the case certified as a class-action suit. The company is expected to point out that not everyone hit by hackers has been affected in the same way -- a pretty good argument, according to one legal expert, who wished to remain anonymous.
"Each person is going to be vastly differently affected by the theft of personal information," said the lawyer, who regularly fights such class-action suits.
Microsoft is also taking issue with the notion that it is liable for the actions of hackers, saying the company has taken reasonable steps to secure its software. In January 2001, Microsoft kicked off its Trustworthy Computing Initiative, a companywide move to increase the security of its products, better handle customer privacy, and repair the giant's tarnished image in those areas. Next week, Microsoft also intends to announce new plans for helping users of its products more easily secure their systems.
From a legal standpoint, the lawsuit raises a number of key issues, including whether Microsoft faces special obligations because of its monopoly position in the operating systems market.
Historically, courts have upheld software makers' right to subject customers to licence agreements that waive the right to sue over defects. One law professor recently said that unless someone is killed or injured, it is basically impossible to win a case against a software publisher.
No choice and no rights?
But those bringing the suit argue that Microsoft may not enjoy the same right to make such a restrictive contract, since consumers have limited choices when it comes to choosing the operating system for their PC.
"If you had 20 vendors of a product, and there was broad consumer and business choice, and people could evaluate them on their merit, that would be one factual setting," said Dana Taschner, the attorney who filed the case against Microsoft. "Instead, you have one company that is dominating the marketplace to such an extent that you really have no choice."
Taschner argues that customers should not be forced to give up their rights by a monopolist.
"The majority of consumers use this product (Windows), but the contract provides that there are no warranties or promises; essentially it's 'buyer beware,'" Taschner said.
Microsoft dismissed the issues, saying that its licence agreement is typical of software makers, and furthermore, that it is those that write viruses, not legitimate software makers, who are liable for any damage.
"We do have a responsibility to make software as secure as possible," Sundwall said. But "the problems caused by viruses... are the result of criminal attacks," he said
Still, Microsoft can't completely dodge the responsibility for the insecurity of the omnipresent Windows PC, said Bruce Schneier, chief technical officer of Counterpane Internet Security.
"To me it is clear that Microsoft doesn't bear 100 percent of the responsibility for worms and viruses," Schneier said, "but they aren't 0 percent" responsible either. Schneier is one of seven well-known security professionals who authored a report arguing that Microsoft's dominance endangers national security. Several arguments in the suit against the software giant mirror those in the security report.
Sundwall declined to say whether the report was responsible for the suit.
"I can't comment to the motives of the people who wrote the report," Sundwall said. The suit "certainly appears to mirror that paper," he said.
The suit also represents an important test for a new California law that requires e-commerce companies to warn consumers when their personal information may have been stolen.
"It's a fairly new law," Sundwall said. "Ultimately these things have to be court tested."
Taschner said that his suit stemmed from a person who came to his office saying her identity had been stolen as a result of a recent virus.
"Garden-variety consumers are not aware of the catastrophic consequences of being attacked," Taschner said. "We thought this was the appropriate time to present this type of issue, because there is a noted escalation of these types of problems."
Talkback
One can do no less than wonder how a company that has been deemed not to be an "incidental monopolist" but a "contrived monopolist" -(one that was able to become so due to the inability of GOVERNMENTS' to effectively and efficiently define and police market boundaries in the face of an absence of self-constraint)- can expect now to be goverened by the same rules that apply to a competitive market. One is even in awe of how such an organisation is permitted to seek santuary behind rules/laws designed to protect interests that adhere to the standards of a fully competitive market.
Even more suprising, is the presently feeble/lackluster stance, with respect to redress, taken by governments who in fact should be doing a lot more to protect the freedoms -(as given by the development of environments of increased choices)- of their citizens.
Last week, I tried to purchase a Widescreen Toshiba Satellite P25 notebook without Windows -(Without any OS for that matter)- for someone, and was told by all vendors I approached that my only choice would be to buy the Windows and then do what I want with it -i.e, wipe it off and install BSD, Linux, or any other system. I asked what the procedure would be with regards to returning the Windows OS and getting a refund - not one of them could tell me.
This of course punitively increases the cost and complexity, (administrative, etc), of owning suitable products outside of the Microsoft sphere of influence, thereby hindering the productivity of individual citizens and the future diversity of the market in general . Citing productivity so vehemently, may seem strage in the case of a widescreen notebook, till, that is, you are faced with having to open multiple widgets on a smaller screen.
One wonders how governments in Europe, and the States, can allow such products, that begin the production cycle with freedom, to be so restrictively and punitively controlled at the point of sale -(Would you buy a car if you were told that the only petrol you would be allowed to use would be from Shell or from BP, and that you did not have a choice in the matter because all the cars sold in the region had to adhere to the same policy).
One says the above with the full knowledge that most system builders are assemblers using ubiquitous market components. Microsoft, as an organisation, does not own the full production chain - it does not produce the screens, the boards, the processors, etc, it however deeply, through its monopoly position, controls what goes in to such systems.
A citizen of the EU, for example, should be able to walk in to any shop in the EU, knowing that they are not being hearded in particular directions by unfair general market conditions, i.e., fully and openly denied choices, in a manner that will do no less than establish a tradition for the future enhanced erradication of the concept of choice itself.
In any case, one would still not be adverse to buying a Microsoft pre-loaded system -(I know very well that to "?speed up productivity?", etc, OS', in many cases, are loaded by diskmakers and not System Builders)- if one knows that there is a predefined regulation that enables both transparency -(with regards to a declared non-punitive price/"fair value" of Microsoft on each system)-, and the facility present to return the Operating System to its rightful owner without being hindered at any point in such a transaction.
I.e, we need to be told that Microsoft, on "off-the-shelf" systems, costs X, and we can return it non-punitively at Y and collect our money/"legal tender" and not gift certificates of any kind, from Y within Z days -taking interest made on capital detention in to consideration. It would even be better if vendors could wipe off such systems at the point of sale and make direct deductions to retail prices.
The same sentiment, I would say, would apply to my being forced to use RedHat Linux as opposed to SuSE or BSD as opposed to BeOS. It is about a rejec