The iron is hot. Microsoft has been caught.
This time I think it’s going to cost them dearly. Several years back they might have been able to wiggle out, but now their reputation is already tarnished. Soon we’ll see governments and the enterprise move away from Windows, Office and other Microsoft products, especially outside the U.S.
It wasn’t news to most of us in the FOSS world that Microsoft was one of the companies shoveling information over to the NSA’s project PRISM. As much as we’d like, we can’t fault them any more than anyone else in that sordid affair. Only Yahoo comes out with any degree of redemption, since they at least bothered to go to court to try to stop the No-Such-Agency guys.
Nor were many of us surprised to discover Microsoft was making it easy for U.S. spooks to monitor traffic on Skype. That news probably damaged the folks in Redmond a little more than the plain vanilla NSA/PRISM story, but there was still some wiggle room for Ballmer. It started before Microsoft’s ownership. My people hardly knew what was going on. We’ll fix it. Yadda. Yadda. Yadda.
The latest news though, which so far seems to have little to do with the NSA scandal but plenty to do with espionage, might be a Windows breaker. Ballmer & Friends might not be able to squirm their way out of this, especially if the commercial GNU/Linux players get in gear and get moving.
I’m referring to a story we first reported in Friday’s Week in Review after we saw it in Bloomberg. It appears that Microsoft has been giving information about unpatched security vulnerabilities in Windows and other MS software to U.S. intelligence agencies and the military. The information has then been used to patch government computers and to attack computers under the control of suspected terrorists and military foes. While there’s certainly nothing wrong with the former use, the later will undoubtedly be problematic for Microsoft now that the information is public knowledge.
For one thing, this is sure to awaken some old fears.
A decade or so ago, some governments, especially China, were wary of putting all of their computing eggs in the Microsoft basket. Many countries, especially those with somewhat adversarial relationships with the U.S., worried that Microsoft might have installed secret back doors in their software that could be used by the U.S. government to surreptitiously collect data. The closed source nature of Microsoft products would make it very difficult to discover any back doors that existed.
The problem grew so great that Microsoft eventually allowed some of their source code to be inspected by foreign governments, which was a radical departure from their normal policies. Oddly, even though they evidently only opened bits and pieces of code, the ploy was successful. Foreign government IT specialists looked over source material offered-up by Microsoft, deemed it to be safe enough for government work, and the issue went away.
I suspect the issue will be returning to the table, now that they realize what they really needed to see wasn’t source code but security vulnerabilities and Microsoft’s policy for dealing with them. Many government clients are obviously going to see this as a betrayal of trust. Here they’ve been trusting Microsoft with their most sensitive data only to discover that their trusted friend Steve Ballmer has been handing over the keys to their computers to the U.S. spook community.
But not only might these old fears rise anew. There are other clients who might now take a second look at their dealings with Redmond as well.
Indeed, Microsoft might see more losses coming from losing foreign business clients than from the loss of foreign governments. As we noted in our “Week in Review,” part of the job of the U.S. government is to protect and to aid the economy, so it would not be entirely unreasonable to suspect our officials to unofficially do a little snooping for the benefit of Boeing or GE. I have no doubt that big foreign based corporations who compete directly with key U.S. companies, Airbus for instance, have already placed a phone call or two to Redmond demanding answers and reassurances. No matter what Ballmer told them, I doubt they’re very reassured.
GNU/Linux stands to gain from the situation, if the big Linux players don’t sit on their hands and let this opportunity pass. Even if we had nothing else going for us, we could gain just from the fact that we’re “not Microsoft,” meaning we have no previous betrayal of trust issues to overcome.
Of course, we bring much more to the table than the fact we have no history of being untrustworthy. Most pertinent, in this case, is the openness that’s built into our very licensing model. Our source code is there, in human readable form, in its entirety, for everyone to see. Governments, corporations, OEMs, even lowly folk like you and me, can inspect every line of code and see there are no back doors or hidden intelligence gathering applications.
If I were Jim Whitehurst, I’d have every saleseperson I could muster wearing-out shoe leather and burning-up the phone lines making sales calls today on every Windows based company or organization who’s business I’d ever tried, and failed, to get. I’d have them explaining every Windows migration plan in the Red Hat arsenal, with reassurances that right now, at this moment, my developers in Raleigh are working on even better migration tools which will be rolled-out shortly.
Ditto for Canonical, which can take advantage of being a UK based corporation, with direct ties to South Africa, and no overly direct links to the United States. SUSE can also push their German location as an asset, in spite of their U.S. ownership.
It’s not just companies that develop and maintain Linux distros that can benefit from Microsoft’s faux pas. IBM, especially, is a major Linux player, even though by choice they don’t manage their own distribution. They can easily leverage their vast knowledge of Linux and open source enterprise software and combine that with their hardware offerings to offer the enterprise and governments alike attractive solutions that don’t include Redmond.
It’s also likely that players such as HP and Dell will also jump aboard the bandwagon to also play the we-can-move-you-away-from-Windows card.
At the same time, it wouldn’t surprise me if none of this happens. Why? Because our window of opportunity is narrow and companies, such as Red Hat, which stand to gain must begin working to widen it fast. If the hot iron isn’t struck, it will grow cold and the situation will blow over.
History is filled with examples of missed opportunities.