By Jonathan Krim, Washington Post Staff Writer
venerdì 26 settembre 2003
A technology executive whose company does business with Microsoft Corp. has been forced out of his job after he helped write a cybersecurity report critical of the software giant, according to sources with knowledge of the situation.
Massachusetts-based AtStakeInc., a computer security firm, said yesterday that chief technology officer Daniel R. Geer Jr. is “no longer associated” with the firm. A company statement added that Geer's participation in preparation of the report was not sanctioned by the firm, and that “the values and opinions of the report are not in line with [AtStake's] views.” ⇒
Reached at home, Geer said he could not comment on his departure.
Geer was one of several corporate and academic security experts who wrote the report, which argues that Microsoft's dominance over personal-computer operating systems and other software programs makes it easier for malicious hackers to attack millions of machines and networks at once.
The authors made it clear when the report was released Wednesday that they were speaking for themselves, not the companies or organizations they are affiliated with. They challenged policymakers to evaluate Microsoft's monopoly, and its efforts to “lock in” users to its programs by bundling them together, as the world grapples with an alarming rise of crippling computer worms and viruses.
The report also suggests that governments and companies diversify their software and use their purchasing power to force Microsoft to makes its programs work better with competing products.
Some of the report's authors are longtime Microsoft critics, as is the Computer and Communications Industry Association (CCIA), a trade group that has been arranging publicity for the study but did not commission it.
But those efforts were somewhat thwarted yesterday when a national technology magazine rejected the group's request to distribute copies of the report to its subscribers.
The magazine, CIO (short for chief information officers), routinely “rents” its subscriber lists – for a fee – to firms wanting to distribute targeted advertising and marketing messages to its audience of executives responsible for running corporate and government computer systems.
After receiving the report so that it could be e-mailed to the subscriber list, the magazine informed CCIA representatives that the paper was “too sensitive” and turned away the business.
Karen Fogarty, a CIO spokeswoman, said the magazine always reviews material that clients want distributed, and reserves the right to reject it. She said the report “seemed to be too one-sided” for a publication that prides itself on balanced reporting.
At the same time, the editor for the magazine's Web site posted a poll asking readers what they thought of the report, which he linked to through the CCIA Web site.
Microsoft advertises extensively in CIO, although Fogarty said she could not specify how much the company spends with the magazine. She said the decision not to distribute the report had nothing to do with advertising concerns.
Microsoft spokesman Sean Sundwall said he could not comment on whether the company had discussed the issue with CIO until he received further information.
Microsoft has paid AtStake for software evaluation research, but Sundwall said that “to the best of our knowledge, no one from Microsoft contacted [AtStake] or Dan Geer regarding this report.”
Lona Therrien, an AtStake spokeswoman, declined to discuss Geer's sudden departure. She said the company had no conversations with Microsoft about Geer or the report.
But Sundwall said that on Tuesday night, when notice of the report's pending release was circulated, “Microsoft was contacted by [AtStake] officials . . . expressing their disappointment in the report and saying that Dan Geer's opinion did not reflect the position of [AtStake] and its commitment to an ongoing relationship with Microsoft.”
Another AtStake official did television interviews yesterday to express disagreement with the report.
Microsoft has said it disagrees with the substance of the report, noting that the CCIA supports antitrust actions against the company in the United States and Europe. And trade groups funded by Microsoft swung quickly into action to denounce it.
In a statement, the Computing Technology Industry Association said the report is flawed by “myopically looking to technology (i.e., 'bad' software OS) instead of addressing the underlying cause – human behavior – for cyber breaches.”
Edward J. Black, president of CCIA, responded that Microsoft's reaction “if anything, underlines the importance and credibility of the report and its authors.”
One of the report's authors, John S. Quarterman, founder of Matrix NetSystems Inc., called Geer's departure unfortunate, but said it does not alter the substance or impact of the report.
“On the Internet, worms and viruses can do more harm in a monoculture,” he said. “This is not theoretical.”
Here is the report: Cyberinsecurity: The Cost of Monopoly.