A senior Microsoft Corp. executive told a federal court last week that sharing information with competitors could damage national security and even threaten the U.S. war effort in Afghanistan. He later acknowledged that some Microsoft code was so flawed it could not be safely disclosed.
The bold statements and candid admissions were part of Jim Allchin's testimony during two days in court here before Judge Colleen Kollar-Kotelly, who is hearing the case of nine states and the District of Columbia seeking stricter penalties for Microsoft's antitrust behavior.
Allchin, group vice president for platforms at Microsoft, was the final executive lined up to defend the Redmond, Wash., software developer. Like company Chairman and Chief Software Architect Bill Gates before him, Allchin highlighted the security problems he foresaw that could result from technical information disclosure requirements sought by the nonsettling states.
"It is no exaggeration to say that the national security is also implicated by the efforts of hackers to break into computing networks," Allchin testified. "Computers, including many running Windows operating systems, are used throughout the United States Department of Defense and by the armed forces of the United States in Afghanistan and elsewhere."
Unlike the states' proposed remedy, the federal settlement proposal that Microsoft and the Department of Justice agreed to in November contains a carve-out that permits Microsoft to withhold API and protocol disclosures if such disclosures would compromise security. The provision is designed to address hackers, viruses and piracy, according to Allchin.
In his testimony, Allchin also addressed .Net and countered charges made by rivals—particularly Jonathan Schwartz, senior vice president of corporate strategy and planning at Sun Microsystems Inc.—about its interoperability. Charging that Schwartz's testimony oversimplified the interoperability of .Net and Java technology, Allchin claimed the two systems are not perfect equivalents.
"Microsoft has invested substantial time and resources in providing great interoperability between .Net and older technologies," Allchin said. "Sun's strategy of promoting '100 percent pure' Java applications discourages interoperability."
During his second day on the stand, Allchin conceded that Microsoft has already identified at least one protocol and two APIs that it plans to withhold from public disclosure under the security carve-out.
The protocol, which is part of Message Queuing, contains a coding mistake that would threaten the security of enterprise systems using it if it were disclosed, Allchin said.
When Kevin Hodges, attorney for the dissenting states, asked him how many APIs would be exempt, Allchin said he did not know the exact number, but it would include APIs that deal with anti-piracy and digital rights management. Microsoft has already identified APIs involved with Windows File Protection that would be withheld, he said.
When pressed for further details, Allchin said he did not want to
offer specifics because Microsoft is trying to work on its reputation
regarding security. "The fact that I even mentioned the Message Queuing
thing bothers me," he said.