oreilly.comSafari Books Online.Conferences.
Articles Radar Books  

Who is Microsoft Trying to Control?

by Frank Hecker

In his article "Hail Storm: Open Web Services Controlled by Microsoft," Clay Shirky discusses how Microsoft is moving from a strategy based on control of software markets to a strategy based on control of Web-based services. Shirky views HailStorm as a system that is "open for users but closed for competitors," one intended to allow Microsoft to retain control over the HailStorm system, the "mediator of all Hail Storm users and transactions or the licensor of all members of the Hail Storm federation."

As Shirky points out, it's natural for people to be suspicious of Microsoft's motives with Hail Storm and concerned about whether Microsoft could repeat in the Web services market its domination of the PC software market. There are also people concerned about the fact that with HailStorm, Microsoft would be collecting and essentially controlling user information for millions of people; for example, in a posting to Linux Today <http://linuxtoday.com/news_story.php3?ltsn=2001-03-24-012-20-OP-MS-0001> Ben Tilly saw Microsoft's goal as the "complete control of everybody's information," and in a separate mailing list posting <http://www.crynwr.com/cgi-bin/ezmlm-cgi?mss:5782:200105:jagndfhfddcjajmgjmmn> points out how the word "control" figures prominently in Microsoft's HailStorm white paper <http://www.microsoft.com/net/hailstorm.asp>.

I wouldn't be happy either having to store all my personal data with Microsoft, but I don't believe that individuals per se are the real targets of Microsoft's attempts at control; rather I believe the real targets are businesses that "partner" with Microsoft or that may attempt to compete with it.

I believe that Microsoft has a strong business incentive to avoid doing things that would cause it to lose the trust of the "typical" individual end user of HailStorm; after all, Microsoft's strategy with HailStorm depends on getting a critical mass of individuals to use the service, and ultimately on getting the majority of end users to sign up.

Related Articles:

Passport Is Evil

HailStorm: Open Web Services Controlled by Microsoft

Brewing a HailStorm

Open Standards/Closed Mind

When I "[read] http://www.microsoft.com/net/hailstorm.asp and search for the word 'control,' " I find the most interesting occurrence of the word "control" to be the last one in the white paper:

... Microsoft intends to contractually bind licensees to specific terms of use that control what can and cannot be done with user data originating from a HailStorm source.

"Licensees" in this context are not individuals, but rather other companies offering Net-based services to individual end users under the HailStorm scheme.

Now suppose some significant fraction of end users end up going through HailStorm to access third-party services. Then it seems to me that the above-mentioned contracts potentially will give Microsoft a great amount of leverage over companies providing such services, the same way that Microsoft's contracts with PC vendors gave it leverage over those vendors. (In this regard, note that Microsoft's current Passport-related contracts are not public documents, and are individual agreements between Microsoft and each service provider. Thus, Microsoft is free to offer different terms to different service providers and keep those terms confidential.)

Just as Microsoft could threaten PC vendors with the loss of their licenses to bundle Windows, Microsoft could potentially threaten service providers with the loss of their access to Hail Storm-authenticated users and their information. Microsoft could make renewal of HailStorm contracts "unofficially" contingent on signing unrelated agreements favorable to Microsoft, "informally advise" other companies to avoid competing with Microsoft's own Net-based services and in general could repeat in the Web services market the aggressive business practices that Microsoft has traditionally been accused of in the software market.

Also, Microsoft's leverage is not limited to just renewing or not renewing HailStorm contracts. The HailStorm white paper also notes that:

HailStorm uses legal and technical mechanisms to prohibit any unauthorized use of the user's data, and that limitation on use will extend beyond the specific transaction in which the data was obtained. [italics added for emphasis]

So, in other words, if you are a Web service provider and HailStorm licensee, and your behavior attracts the unfavorable attention of Microsoft, you could potentially find yourself on the receiving end of a full-fledged privacy audit of your business -- just like the more traditional software audits, except potentially extending to every aspect of your business, including all your information systems whether they run Microsoft software or not.

Perhaps the most clever thing about all of this is that Microsoft will be able to justify its actions toward other companies on the basis that "we're doing it for the users." Of course, Microsoft made that same claim with software: "We're just innovating for the users." However, here it's a much more politically credible argument, because Microsoft can claim to be protecting people's most precious personal data, can ally itself with vocal and energetic privacy advocates, and can endorse stringent privacy laws and regulations. In fact, the more zealous Microsoft is in "protecting our users' privacy," the more potential leverage Microsoft will have over HailStorm licensees. Thus, arguably Microsoft has every incentive to be just as zealous in "protecting users' privacy" with HailStorm as it had in "protecting intellectual property" with software.

Frank Hecker

P2P Weblogs

Richard Koman Richard Koman's Weblog
Supreme Court Decides Unanimously Against Grokster
Updating as we go. Supremes have ruled 9-0 in favor of the studios in MGM v Grokster. But does the decision have wider import? Is it a death knell for tech? It's starting to look like the answer is no. (Jun 27, 2005)

> More from O'Reilly Developer Weblogs

More Weblogs
FolderShare remote computer search: better privacy than Google Desktop? [Sid Steward]

Data Condoms: Solutions for Private, Remote Search Indexes [Sid Steward]

Behold! Google the darknet/p2p search engine! [Sid Steward]

Open Source & The Fallacy Of Composition [Spencer Critchley]