- Microsoft group vice president for platforms Jim Allchin took the stand at the remedy hearing in its ongoing antitrust case yesterday to testify about, among other things, the company's focus on providing users with computer security.
A lawyer for the states suing Microsoft asked Allchin whether the company's focus on security would mean it plans to use a clause in Microsoft's proposed remedies to withhold disclosing its Windows protocols and application programming interfaces (APIs) to third-party developers.
One of Microsoft's proposed remedies says the company would disclose Windows APIs and protocols, but includes an exception that lets Microsoft withhold information it believed would compromise the security of the operating system, referred to as the security carve out.
Kevin Hodges, an attorney for the states, asked if Allchin believed that clause was meant to be interpreted narrowly. Allchin said it would force Microsoft to "fulfill our obligation, we'd have to prove that (disclosing an API or protocol) would compromise security."
"The onus is on us," he added.
The lawyer asked if the proposed security exemption is broader than it needs to be in order to protect the security of Windows, to which Allchin answered no. Hodges showed the prehearing interview of a Microsoft security expert, who was deposed but will not be called as a witness. In his deposition, the executive said all Microsoft would need to withhold from disclosure are Windows' cryptographic keys and their locations in order to ensure the security of the operating system.
Hodges asked if Allchin agreed. Allchin said he did not. He gave the example of the Windows message queuing protocol that currently contains a mistake, and if left unfixed "would compromise a company using it," he said. If Microsoft were forced to disclose that protocol before a fix is distributed, Windows would be vulnerable to security breaches, Allchin said. A Microsoft spokesman in Washington DC confirmed that the protocol flaw exists and a fix hasn't yet been distributed.
The lawyer asked how many APIs and protocols -- in addition to those related to cryptographic keys, their locations, and message queuing -- Allchin felt Microsoft would have to withhold in order to protect Windows' security. Microsoft is still in the process of determining that number, Allchin said. "I do feel quite strongly that I have to look after our customers," he added.
Allchin did say that Microsoft has already decided it would not invoke the security carve out in the proposed remedies to withhold its extensions to the Kerberos security specification from disclosure.
Earlier yesterday, a lawyer with the states continued cross-examining Microsoft's Linda Averett, product unit manager for Windows Media Player. Attorney John Schmidtlein questioned Averett about Internet Explorer's media bar, which lets users play media clips from within the browser.
Averett made the distinction that the IE media bar uses Windows Media Player technology, but is not the Windows Media Player. Yet when Schmidtlein asked if IE can run clips without the media bar, Averett answered it could not.
When an IE user comes across a piece of media for the first time on the web that the media bar can play, a dialogue box appears that asks if the user wants to play the media inside the browser, "so it will be easier for you to see or hear it while still browsing the web," according to a screen shot of the box shown by the states. The dialogue box also includes a "remember my preferences" check box, which is set to be checked as the default. The "yes" option is also set as a default, so if the user simply hits enter, "yes" will be selected.
Schmidtlein asked if a user said "yes" to the dialogue box, would the IE media bar then override any other media player that had been selected by the user to be the default. Averett answered yes. "You have every expectation that users will click yes here?" asked the attorney. Averett answered that some will, but others won't, adding that making yes the default in dialogue boxes is "common behaviour."
The attorney asked if Averett felt that Microsoft was providing users with enough information in this dialogue box to realise they were changing their default media player. The witness answered that she felt the dialogue box provided users with an indication that they were making a choice. "This dialogue box informs users that IE is going to play the file," she said.
The remedy phase is occurring because nine US states and the District of Columbia have refused to sign a settlement agree reached between nine other states and the U.S. Department of Justice (DOJ), all plaintiffs in the ongoing federal lawsuit against Microsoft. The company was found by the US District Court for the District of Columbia to have a PC operating system monopoly and was further found to be using that power to illegally hamper competitors. Kollar-Kotelly is meant to determine remedies that will curb that anticompetitive behaviour.