Who is Microsoft Trying to Control?by Frank Hecker
In his article "Hail Storm: Open Web Services Controlled by Microsoft," Clay Shirky discusses how Microsoft is moving from a strategy based on control of software markets to a strategy based on control of Web-based services. Shirky views HailStorm as a system that is "open for users but closed for competitors," one intended to allow Microsoft to retain control over the HailStorm system, the "mediator of all Hail Storm users and transactions or the licensor of all members of the Hail Storm federation."
As Shirky points out, it's natural for people to be suspicious of Microsoft's motives with Hail Storm and concerned about whether Microsoft could repeat in the Web services market its domination of the PC software market. There are also people concerned about the fact that with HailStorm, Microsoft would be collecting and essentially controlling user information for millions of people; for example, in a posting to Linux Today <http://linuxtoday.com/news_story.php3?ltsn=2001-03-24-012-20-OP-MS-0001> Ben Tilly saw Microsoft's goal as the "complete control of everybody's information," and in a separate mailing list posting <http://www.crynwr.com/cgi-bin/ezmlm-cgi?mss:5782:200105:jagndfhfddcjajmgjmmn> points out how the word "control" figures prominently in Microsoft's HailStorm white paper <http://www.microsoft.com/net/hailstorm.asp>.
I wouldn't be happy either having to store all my personal data with Microsoft, but I don't believe that individuals per se are the real targets of Microsoft's attempts at control; rather I believe the real targets are businesses that "partner" with Microsoft or that may attempt to compete with it.
I believe that Microsoft has a strong business incentive to avoid doing things that would cause it to lose the trust of the "typical" individual end user of HailStorm; after all, Microsoft's strategy with HailStorm depends on getting a critical mass of individuals to use the service, and ultimately on getting the majority of end users to sign up.
When I "[read] http://www.microsoft.com/net/hailstorm.asp and search for the word 'control,' " I find the most interesting occurrence of the word "control" to be the last one in the white paper:
"Licensees" in this context are not individuals, but rather other companies offering Net-based services to individual end users under the HailStorm scheme.
Now suppose some significant fraction of end users end up going through HailStorm to access third-party services. Then it seems to me that the above-mentioned contracts potentially will give Microsoft a great amount of leverage over companies providing such services, the same way that Microsoft's contracts with PC vendors gave it leverage over those vendors. (In this regard, note that Microsoft's current Passport-related contracts are not public documents, and are individual agreements between Microsoft and each service provider. Thus, Microsoft is free to offer different terms to different service providers and keep those terms confidential.)
Just as Microsoft could threaten PC vendors with the loss of their licenses to bundle Windows, Microsoft could potentially threaten service providers with the loss of their access to Hail Storm-authenticated users and their information. Microsoft could make renewal of HailStorm contracts "unofficially" contingent on signing unrelated agreements favorable to Microsoft, "informally advise" other companies to avoid competing with Microsoft's own Net-based services and in general could repeat in the Web services market the aggressive business practices that Microsoft has traditionally been accused of in the software market.
Also, Microsoft's leverage is not limited to just renewing or not renewing HailStorm contracts. The HailStorm white paper also notes that:
HailStorm uses legal and technical mechanisms to prohibit any unauthorized use of the user's data, and that limitation on use will extend beyond the specific transaction in which the data was obtained. [italics added for emphasis]
So, in other words, if you are a Web service provider and HailStorm licensee, and your behavior attracts the unfavorable attention of Microsoft, you could potentially find yourself on the receiving end of a full-fledged privacy audit of your business -- just like the more traditional software audits, except potentially extending to every aspect of your business, including all your information systems whether they run Microsoft software or not.
Perhaps the most clever thing about all of this is that Microsoft will be able to justify its actions toward other companies on the basis that "we're doing it for the users." Of course, Microsoft made that same claim with software: "We're just innovating for the users." However, here it's a much more politically credible argument, because Microsoft can claim to be protecting people's most precious personal data, can ally itself with vocal and energetic privacy advocates, and can endorse stringent privacy laws and regulations. In fact, the more zealous Microsoft is in "protecting our users' privacy," the more potential leverage Microsoft will have over HailStorm licensees. Thus, arguably Microsoft has every incentive to be just as zealous in "protecting users' privacy" with HailStorm as it had in "protecting intellectual property" with software.