Microsoft domination 'threatens US security'

The report, issued by the Computer and Communications Industry Association, argues that the reliance on a single technology, such as the Windows operating system, for such an overwhelming majority of computer systems threatens the security of the US economy and critical infrastructure, according to a draft seen by CNET News.com. The paper, written by three security experts, also warns that many security improvements planned by Microsoft are probably designed to raise the barrier that deters customers from switching to another operating system.

"Under the guise of security, they (Microsoft) are achieving lock-in," said Bruce Schneier, chief technology officer for network-monitoring service Counterpane Internet Security and one of the paper's three authors. "It's using security technologies to extend the monopolies."

The report will be presented to several key lawmakers and administration officials at the CCIA's 2003 Washington Caucus on Wednesday, according to the event's agenda. Another of the paper's authors, Dan Geer, chief technology officer for security firm @Stake, is scheduled to lead a discussion of the issues. Several members of Congress are expected to attend the event, including Zoe Lofgren, Rick Boucher, and Senator Ron Wyden.

The paper is the latest salvo fired by the CCIA at Microsoft and, though the argument has been made in security circles before, it may be the first time that the position has been outlined to legislators.

The group, whose members include America Online, Oracle and Sun Microsystems, has been critical of Microsoft in the past. Last month, after the Department of Homeland Security announced that Microsoft would supply the software for the agency's 140,000 desktops, the organisation sent an open letter asking the DHS to reconsider. The group also founded the Open Source and Industry Alliance to promote open-source software such as Linux and oppose restrictive laws such as the Digital Millennium Copyright Act.

Microsoft did not immediately comment on the content of the report, but defended its track record in security.

"We are absolutely committed to increasing the security of technology for our customers," a Microsoft representative said in a statement issued to CNET News.com. "We recognise that CCIA represents many Microsoft competitors, but we are 100 percent committed to addressing the security concerns of customers, so we will review their white paper and address any concerns that they raise."

The draft white paper argues that Microsoft's problems in securing its products and the ubiquity of those technologies result in a hazard for the US economy and industry, which increasingly relies on the Internet and computers for critical functions.

"The focus on Microsoft is simply that the clear and present danger can be ignored no longer," the paper states.

The paper recommends that the US government force Microsoft to publish interface specifications to major functional components of its code, better support interoperable components to allow others to compete with more secure technology, and set specifications through industry standards bodies and consortia.

The report also takes the software giant to task for using security to lock in consumers to Microsoft's technology and recommends that, if the company continues to do so, it be held liable for any damage done by security threats in the future.

The authors call on the US government to make sure that future Microsoft technologies, such as the controversial next-generation secure computing base formerly known as "Palladium," don't further lock in consumers.

"The impact on security of this lock-in is real and endangers society," the paper states, adding that "there can be no more critical duty of... governments than to ensure that a spread of trusted computers does not blithely create yet more opportunities for lock-in."