decoration decoration

When you want to know more...
For layout only
Site Map
About Groklaw
Legal Research
ApplevSamsung p.2
Cast: Lawyers
Comes v. MS
Gordon v MS
IV v. Google
Legal Docs
MS Litigations
News Picks
Novell v. MS
Novell-MS Deal
OOXML Appeals
Quote Database
Red Hat v SCO
Salus Book
SCEA v Hotz
SCO Appeals
SCO Bankruptcy
SCO Financials
SCO Overview
SCO v Novell
Sean Daly
Software Patents
Switch to Linux
Unix Books


Groklaw Gear

Click here to send an email to the editor of this weblog.

You won't find me on Facebook


Donate Paypal

No Legal Advice

The information on Groklaw is not intended to constitute legal advice. While Mark is a lawyer and he has asked other lawyers and law students to contribute articles, all of these articles are offered to help educate, not to provide specific legal advice. They are not your lawyers.

Here's Groklaw's comments policy.

What's New

No new stories

COMMENTS last 48 hrs
No new comments


hosted by ibiblio

On servers donated to ibiblio by AMD.

Security Expert Dan Geer's Letter to MA Senator Pacheco Re ODF
Friday, December 09 2005 @ 03:52 AM EST

Here is a letter that security professional Dan Geer has just sent to Massachusetts Senator Marc Pacheco, and he tells me he sent similar letters to Secretary of the Commonwealth Francis Galvin and Senate President Robert Travaligni. He warns them that the Commonwealth needs to mitigate its risk by avoiding a computing monoculture. If a private company received such a letter, I assure you that their lawyers would take it very seriously, as it would put them on notice, actual notice.

Dr. Geer strongly supports OpenDocument Format, as you will see, and his reasons include concern about security issues.

Here's a paper he has written on the subject of the dangers of a software monoculture, Monoculture on the back of the envelope [PDF], in which he provides some alarming statistics on infection rates in Microsoft PCs and the odds of a cascading failure in an enterprise, and summarizes like this:

Which gets you an estimate that perhaps 15% of all desktops are to some degree owned as I write this. This feels high, but as a personal data point, some colleagues recently found 70% of the desktops inside a defense contractor handling classified data to have spyware of one or another sort, and two keyloggers on the section head’s desk....

None of this is particularly good news but then again none of it is news at all. We knew this before, we just don’t like hearing it, we shoot messengers, we try to patch things up. Everyone within the sound of my voice knows this. My 87-year-old cost accountant father knows this (his estimate is that over half of the productivity gains computers should have brought the domestic economy were lost due to standardization on the Redmond platform).

They know this in Redmond, too, where I do not envy the task they have in front of them, as it is like nothing so much as plugging shell holes below the waterline while under cannonade. In the meantime, Ballmer has one foot on the boat and one foot on the dock. The boat is labeled “Fix the security problem, but lose backward compatibility.” The dock is the converse, “Preserve backward compatibility, but never fix the problem.”

If he pulls his foot back onto the dock, he preserves backward compatibility but he never fixes the problem. This is betting that Microsoft is never tagged with liability for the security failures that only a monoculture can exhibit. Liability lawyers of the world are watching, and Steve is one nasty virus away from le deluge, not to mention the so-called progressive legislatures.

If he puts both feet in the boat and sails away from backward compatibility, then he absolutely puts into play the desktop in everysingle global corporation; those corporations are only sticking with Windows to amortize their existing investment in it. If they have to start over and write off that capitalization, they are not starting over with another round of “I won’t hit you again, Honey, I promise.”

When I read that, I couldn't help but remember that Microsoft's Ray Ozzie said that Microsoft's Office Open XML will provide backward compatibility with pre-existing Office formats . I also wondered if someone should do a security audit on the Commonwealth's government computers to determine what malware the state's employees have on their computers. That might prove educational indeed.


Hon. Marc R. Pacheco
Massachusetts Senate
State House, Room 312-B
Boston, Mass. 02133

re: OpenDocument Standards

Dear Sen. Pacheco,

My name is Dan Geer. I am one of the half dozen ranking world experts in matters of computer security. By virtue of a long career both in academia (MIT and Harvard) and the private sector (six times an entrepreneur), there is absolutely no one in the State House who is not using software that I had a hand in producing, including yourself. I am a trusted advisor to the Federal Trade Commission, the Departments of Justice and Treasury, the National Academy of Sciences, the National Science Foundation, the US Secret Service, and the Department of Homeland Security. I am a Board member for a number of promising startups and their funding sources, have forty-two refereed publications, books and book chapters, four patents, over two hundred fifty invited presentations twenty percent of which were keynotes, and have been five times before the US Congress -- twice as lead witness. I have taught ten thousand students in the aggregate.

As an Officer of the Commonwealth, you understand the monopoly power of Microsoft quite well as the Commonwealth was the last man standing in the most recent round of antitrust litigation. What perhaps you did not grasp is the degree to which a computing monoculture is a security risk of the highest sort. It is, and I and others in the security research community are on record in unassailable ways that a computing monoculture is a hazard, but that it is an avoidable hazard if you want it to be. Microsoft maintains its power through user-level lock-in, as the Commonwealth noted and which it so adequately opposed. So long as that lock-in persists, there will be no solution to the monoculture risk. That lock-in is centered on and wholly confabulated with the use of proprietary formats for all documents produced by the Office Suite. Therefore, as a matter of logic and logic alone, if you care about the security of the Commonwealth then you must care about the risk of a computing monoculture. If you care about the risk of a computing monoculture, then you must care about barriers to computing diversification. If you care about barriers to computing diversification, then you must care about user-level lock-in. If you care about user-level lock-in, then you must apply yourself to the task of breaking the proprietary format stranglehold on the Commonwealth.

Fortunately, that has already begun. The Enterprise Technical Reference Model and its call for Open Document standards is precisely what is needed and it is not a moment too soon. As a ranking security professional with a doctorate in statistics, I can provide any amount of technical, quantitative proof that Open Documents are the point of maximum leverage and that the risk of remaining as we are exceeds any non-specialist's understanding including, with respect, yours. Warning times before attacks take place have fallen to zero. There is a new Windows virus every four hours. Perhaps 15% of all desktop Windows computers are running malware of some sort and I'll bet you $100 that includes your office. There is a direct and demonstrable correlation between increasing complexity of the Windows system and the effectiveness of attacks. Jurisdictional boundaries are meaningless if not undetectable in an always-on, fully-networked world. And as you almost surely know, your opponents are no longer misanthropic isolates but are instead professionals. So long as the Commonwealth voluntarily allows itself to be locked-in by the proprietary document formats of a proven monopoly, the Commonwealth cannot diversify and therefore the Commonwealth cannot mitigate its risk in any but the most marginal and palliative ways.

I am ready to vigorously debate these points with any and all comers both privately and in any venue. This is, in other words, a matter on which I actually do stake my professional reputation, my fortune, and my sacred honor. How may I be of assistance?

Very truly yours,

Daniel E. Geer, Jr., Sc.D.

P.S. I have blind relatives and if genetics is any guide may have that in my future. My comments still stand.


Security Expert Dan Geer's Letter to MA Senator Pacheco Re ODF | 313 comments | Create New Account
Comments belong to whoever posts them. Please notify us of inappropriate comments.
Grokline link seems to be borked. EOM
Authored by: Anonymous on Friday, December 09 2005 @ 04:02 AM EST

[ Reply to This | # ]

Corrections here (if any)
Authored by: brooker on Friday, December 09 2005 @ 04:04 AM EST
This is my first time :o)

I have never made but one prayer to God, a very short one:
O Lord, make my enemies ridiculous. And God granted it.
~ Voltaire

[ Reply to This | # ]

OffTopic here:
Authored by: brooker on Friday, December 09 2005 @ 04:09 AM EST
Making links clisckable is a helpful thing to do.

I have never made but one prayer to God, a very short one:
O Lord, make my enemies ridiculous. And God granted it.
~ Voltaire

[ Reply to This | # ]

Risk Management
Authored by: PM on Friday, December 09 2005 @ 04:10 AM EST
Organisations seem to take peculiar views of risk. For example an IT employee
in a major oil company says the company does not favor open souce software as
there is no one to sue if things go wrong. They seem to forget that they are
unlikely to successfully sue anyone for the greatest risk - business disruption,
fraud and theft of confidential information through viruses and worms.

The biggest scream of the lot IMO was a draft contract drawn up by a lawyer to
cover a cable company installing cable on a power company's poles. The contract
required the cable company to indemnify the power company if the power company
was sued because cable content breached copyright. The contract was slent on
what would happen if power poles fell down under the extra weight of the cable.
Of course no one asks the engineers until it is too late.

It just shows how organisations take a lop sided view of risk management.

[ Reply to This | # ]

Dan Geer - CCIA - And Microsoft
Authored by: Anonymous on Friday, December 09 2005 @ 05:01 AM EST

Dan Geer has in the past been associated with the Computer & Communications Industry Association (CCIA) who were mentioned in a post on Wednesday urging ECMA to not support Microsoft's Document format.

In 2003 CCIA published a scathing report by Dan Greer on the perils of a Microsoft monoculture (pdf ) This report led to Dan Greer being sacked by his then employer who numbered Microsoft among their customers.

So CCIA seems firmly in the anti-Microsoft camp, yet interestingly enough CCIA lists Microsoft among its members.

I wonder if this is a case of Microsoft keeping close to its enemies?

delboy711 - Anonymous because login is not working at the moment

[ Reply to This | # ]

Actual Notice?
Authored by: Anonymous on Friday, December 09 2005 @ 05:23 AM EST
So they've received notice that a monoculture is potentially a security risk.

I don't see why it's *particularly* relevant to lawyers, even in a private
company - because it's not obvious to me that them choosing to favor a
monoculture (even if undesirable) is itself a crime, or a tort, or particularly
legally significant in any way.

Lots of public and private organizations receive all kinds of mail requesting
them to favor one or another purchasing or policy decision over another, for all
kinds of reasons. These may also contain "actual notice". So what?
In-house counsel is only going to sit up and take notice, if it's actual notice
of a crime, or a tort, or legally significant facts.

[ Reply to This | # ]

Easy money
Authored by: Anni on Friday, December 09 2005 @ 06:08 AM EST
Perhaps 15% of all desktop Windows computers are running malware of some sort and I'll bet you $100 that includes your office.
Together with the expertise detailed in the first paragraph, this should make the recipients rather nervous. But then, they are professional politicians, so who knows.

Sometimes it is better to light a flamethrower than curse the darkness.

[ Reply to This | # ]

  • Easy money - Authored by: Anonymous on Friday, December 09 2005 @ 07:16 AM EST
  • Glaring math error! - Authored by: Anonymous on Friday, December 09 2005 @ 11:53 AM EST
Authored by: grouch on Friday, December 09 2005 @ 06:29 AM EST
Absolutely stunning! Dr. Geer's letter is overwhelming.

-- grouch

[ Reply to This | # ]

Wrong Senator - Senator Hart is the one who is appointed as the "tech guy" by the democrats!
Authored by: Anonymous on Friday, December 09 2005 @ 07:16 AM EST
I remember reading where he is the chair of THE JOINT COMMITTEE ON ECONOMIC
DEVELOPMENT AND EMERGING TECHNOLOGIES, and I remember reading where he was one
of the 3 that was chosen to be advised on tech matters as the developed in the
state (might relate to ODF as well)!

State House
Room 109-C
Boston, MA 02133
Telephone: (617) 722-1150
Party Affiliation - DEMOCRAT
E-Mail Address: JHart@Senate.State.MA.US

Committees on which the legislator serves:
Economic Development & Emerging Technologies (Chair)
Tourism, Arts & Cultural Development (Chair)
Bonding, Capital Expenditures & State Assets
Mental Health & Substance Abuse
Public Service
Veterans & Federal Affairs

[ Reply to This | # ]

Nice Argument...
Authored by: DaveJakeman on Friday, December 09 2005 @ 07:19 AM EST
...except that what Microsoft is actually doing is intentionally sabotaging
backwards compatibility, whilst perpetuating the security problem.

Should one hear an accusation, first look to see how it might be levelled at the

[ Reply to This | # ]

  • Nice Argument... - Authored by: Anonymous on Friday, December 09 2005 @ 07:56 PM EST
Security Expert Dan Geer's Letter to MA Senator Pacheco Re ODF
Authored by: Anonymous on Friday, December 09 2005 @ 07:44 AM EST
I am amazed at the power that comes out of these words. I think this is one of
the most intense official documents I have ever read. Have to say: I love it!

Congratulations for such a piece!


Filippo Rusconi, PhD

[ Reply to This | # ]

Monoculture & deep yogurt
Authored by: tz on Friday, December 09 2005 @ 08:21 AM EST
The problem isn't merely monoculture. It is a monoculture of badly flawed
systems. Anyone remember what MS was saying about putting security first a
few years ago?

Apache has a large share, but fewer attacks than IIS. But Apache isn't part of

the OS.

If every linux system ran as root and had the browser and any media player as
installable kernel modules, it would be hit too.

Or Apple's Mac OS. But they isolate things. You really need to type a security

password before something really bad can happen. And generally you know
what and why you are doing it.

Instead, we get Windows with either no security or where everyone runs with
administrator privileges. I'll give them that in XPSP2 they are finally turning

some security on by default and services off by default, but it isn't perfect
was late in coming. Still, you have ActiveX instead of Java, so everything runs

as an executable on your system. IE still has bugs and is so deeply integrated

that an IE flaw is an OS flaw.

If you have a mix of flawed OSes, it is unlikely that many will get infected.
you have basically secure OSes, same thing (I find it hard to imagine a block
of ubuntu linux boxen or a Mac OS X lab getting hit - it is possible but would
require a much higher level of hacking - Sony audio CDs won't put rootkits
on either).

The problem is one of a monoculture of horrible fundamental design that
makes security nearly impossible. If Windows was as secure as Linux (not run
as root - and Linux is not designed to be truly secure, it simply isn't silly or

stupid), the monoculture would not likely be a problem.

For a simple example, the Sony CDs should not be able to automatically
install anything on any properly designed OS. Do they put rootkits on
Windows 2003 as well? Will they on Vista?

To put it in more accessible terms, it is easier to install Linux on a box with

bizarre hardware than it is to secure Windows on the most vanilla hardware.

[ Reply to This | # ]

Security Expert Dan Geer's Letter to MA Senator Pacheco Re ODF
Authored by: gbl on Friday, December 09 2005 @ 09:06 AM EST
I believe that when (if?) Longhorn/Vista ships, it will be the last operating
system from MS that is based on the MSDOS/Win design.

Stretching the Windows design to cover multi-core/multi-cpu systems with a
terribly slow thread/process creation model will be impossible.

Apple took the plunge and brought in an OS kernel that worked, will Microsoft
do the same?

If you love some code, set it free.

[ Reply to This | # ]

Security Expert Dan Geer's Letter to MA Senator Pacheco Re ODF
Authored by: jeattimo on Friday, December 09 2005 @ 09:24 AM EST

It's a small thing. But Boston metro was kind enough to publish my letter on
OpenDocument. You can see it here on 12/06/2005 letters to the editor.(My letter was
edited slightly edited by the metro editor.)

Open document format, explained

The article “Microsoft move eases format criticism” (Dec. 1) was misleading. The
whole controversy is not is about open-source vs. Microsoft, it’s about open
standards vs. proprietary formats. The state of Massachusetts will require
that by 2007, all documents produced by the state’s
executive branch must be stored in a new universal
format (OpenDocument format) so that the documents
are accessible to everybody for generations to come. There is nothing to stop
Microsoft from adopting this format except they lose control over your personal
information. Unfortunately, not all officials — elected or not — are happy about
it. Secretary of State William F. Galvin’s office, state Sen.Marc Pacheco, and
other proprietary vendors say they are opposed to the state’s plan to store
documents in an open format without providing any further
explanation about the reasons for their objections.
The OASIS Open Document Format for Office Applications is the only standard
format for editable office documents
that has been: 1) vetted by an independent recognized standards body; 2) has
been implemented by multiple vendors; and 3) can be implemented by any software
developer (including both proprietary software vendors and developers of open

[ Reply to This | # ]

Security Expert Dan Geer's Letter to MA Senator Pacheco Re ODF
Authored by: ijramirez on Friday, December 09 2005 @ 09:54 AM EST
I find this letter to be innefective. I was impressed by the author stating his
qualifications in order for the reader (Mr. Pacheco)to have a feel of the level
of the writer's expertise. But as I continued reading it my mood changed in a
negative way . Pedantic is the word that came to my mind. As a genetic expert
who has advised elected officials on a multitude of health issues, I know
letters to elected officials must be brief and to the point. I also must be
careful not to insult the reader by implying that the other person in incapable
of understanding the issue at hand because and expert and he is not. If that wa
snot enough, follow with a $100 bet?

I don't think that is the way to influence elected officials.

[ Reply to This | # ]

MSXML and Backward Compatibility
Authored by: DMF on Friday, December 09 2005 @ 11:12 AM EST
So long as we're forewarned that giving Microsoft the benefit of the doubt is
like giving a car thief the keys to your Ferrari, let me pose this possibility.

The ECMA submission talks about custom schema. There are two ways to achieve
backward compatibility in Office: write the old schemae into code, or write them
into MSXML. The latter is much cleaner to develop and maintain. As I
understand it such schemae could be obfuscated, but in any case they are
protected IP. Further, since MS' long-term strategy is to move away from the
fat client (fat clients being relatively immune to DRM and subscription fees),
fat code is not desirable. While the old formats would not be part of any
standard going forward, they could be implemented as custom schema within the
standard, and that approach could be justified technically. That it also leaves
the door open for proprietary control of the standard could be an unintended
side effect.

Microsoft *could* be serious about standardizing MSXML going forward
("standardizing" as per our understanding of it). The covenant for
IP, flawed as it is, would seem to support that. Understood that way,
Microsoft's conversion to open standards could be real for most within
Microsoft. Retaining the old formats as closed would continue lock-in for the
near future. (That old documents could be converted to new format does not
imply that any significant percentage would be.) Lock-in gives MS time to exert
its technical muscles to beat open source on quality and features. (Surely
there's no one within MS that doesn't believe they could do a better job than
the disorganized rabble of FOSS.) To MS, in an open standards world the only
real FOSS advantage is the head start.

But the implementation feels more like the compromise decision of a divided
committee. Perhaps Mr. Gates is trying to hedge his bets by planting these
escape hatches. It looks like he's making an honest effort, and if he wins on
merit he's a hero. If he doesn't, he can always play the trump card.

(Aside: I've seen what custom schema can do to a "standard" format.
If you're interested in an example, ask any traffic engineer about the NTCIP
standard and its effect on interoperability. Pray that the Custom Schema Flu
doesn't become a pandemic.)

[ Reply to This | # ]

Security Expert Dan Geer's Letter to MA Senator Pacheco Re ODF
Authored by: Anonymous on Friday, December 09 2005 @ 11:24 AM EST
I had the pleasure of working with Dr. Geer back when I was a co-op and
later an employee of OpenVision Technologies. He was an amazing person to work
with who understood the future of the internet and the security risks well ahead
of the industry as a whole. Back in 1995 he was talking about self healing
networks and routers which could detect the progression of not oly trojens and
worms, but mallicious intrusion. The products we were working on were for
security compliance, intrusion detection, kerberos single-signon (bought and
killed by MicroSoft), and hole network servaliance. The products were years
ahead of their time in their scope. Unfortunatly at the time people were more
interested in dealing with problems after the fact. This is still the status quo

Dr. Geer not only knows the problems but he proactively tries to be part of
the solution not only with is voice as in this letter, but with his own money,
funding many start-ups and one open source project that I know of. When he
speeks, he speeks as someone who has worked with these computer systems, written
the code, worked with banks and the government to help secure their networks. He
is not speeking as someone from on high. He speeks as someone who has been
fighting in the trenches for years.

I still run SecureMax on my linux machines at home (and hence my posting
Anonymously as that software is laying forgotten is some companies purchased
IP). I get sad when I think of what could have been accomplished in the past 10
years if we had the ability to continue developing those technologies.

[ Reply to This | # ]

Security Expert Dan Geer's Letter to MA Senator Pacheco Re ODF
Authored by: Slice on Friday, December 09 2005 @ 11:55 AM EST
Mr. Geer is making excellent points, but he is making them is the most
high-handed, arrogant manner possible. The TONE of his letter completely
undercuts the FACTUAL content of his arguments. The sneer on his face is almost

The congressional staffer who opens this letter would have a tough time
justifying bringing it to the Senator's attention.

[ Reply to This | # ]

Nice try.
Authored by: philc on Friday, December 09 2005 @ 12:12 PM EST
But you are writing to politicians in Massachusetts. These people are well
briefed by all sides. There are formal rules on bringing a Judge up to speed
with issues of a case. That is not needed in politics. We-the-people keep the
politicians well briefed. When they speak it is because that is what they want
to say, because they have made up their (influenced) minds.

Anyone that does not understand the monoculture threat just plain doesn't want
to face the issue. Everyone that uses Microsoft for a while becomes very aware
of the down side of their products. Further, anyone that is involved with IT
matters is well versed.

So, when people start to do things that are unexpected its time to follow the
money trail.

[ Reply to This | # ]

  • Nice try. - Authored by: Anonymous on Friday, December 09 2005 @ 04:40 PM EST
Not a particularly effective letter
Authored by: Anonymous on Friday, December 09 2005 @ 12:54 PM EST
Let me preface by saying that I am truly impressed by Geer's credentials.
However, I think that the letter skirts around issues and doesn't get to the
point. He confuses operating system security with document security. Does he
really think that if you use OpenDocument instead of MS Office on a MS Windows
computer, then your overall security is significantly improved? No, he talks
about such things as keyloggers instead, which have nothing to do with document
formats. This argument is disengenuous at best.

Further, he does not explain why MS Office formats are less secure than
OpenDocument. He seems to dwell on the dangers of a monopoly, instead. Both MS
Office and OpenDocument support macros, so both are at risk. However, he does
not explain why OpenDoc macros are less risky than MS Office macros (if indeed
they are).

It would have been a much more effective letter had he stuck to the issue at
hand - that of document formats and document security.

[ Reply to This | # ]

Security Expert Bruce Schneier - blog comment
Authored by: Totosplatz on Friday, December 09 2005 @ 02:34 PM EST

Bruce Schneier' blog has a comment on security claims and counterclaims about Office XML and ODF.

I do not know how to reference his comment directly, but on the blog page the comment is entitled "OpenDocument Format and the State of Massachusetts"; the gist of it is to counter Microsoft's argument that ODF is less secure than Office XML:

"So far, nothing here is relevant to this blog. Except that Microsoft, with its proprietary Office document format, is spreading rumors that ODF is somehow less secure."

This, from the company that allows Office documents to embed arbitrary Visual Basic programs?

Yes, there is a way to embed scripts in ODF; this seems to be what Microsoft is pointing to. But at least ODF has a clean and open XML format, which allows layered security and the ability to remove scripts as needed. This is much more difficult in the binary Microsoft formats that effectively hide embedded programs.

All the best to one and all.

[ Reply to This | # ]

North Carolina has some 'splainin to do
Authored by: SpaceLifeForm on Friday, December 09 2005 @ 04:51 PM EST
Mandamus Complaint (PDF)

Trying to ignore the law is not going to work.

[ Reply to This | # ]

Dan Geer Does it Again
Authored by: hbo on Friday, December 09 2005 @ 05:32 PM EST
Anyone who has had anything to do with the Usenix association know's Dan Geer's name. And it's not just because he's a past president. He has one of the clearest visions of anyone I know that observes technology and business. The referenced article was published in ;login, the magazine of Usenix and SAGE, this month, In it, the "15% owned" number is derived from Symantec's estimate that 30,000 systems are added to "botnets" every day. There is also this coda to the article, left out of PJ's quote, but appearing right after it. Dan is a perceptive observer, and I think this statement gives insight into Microsoft's future direction with respect to security:
"And that, my friends, explains why Ballmer bought Connectix: the only way to introduce a new platform that arguably cures the security problem without kicking in the teeth of those who count on backward compatibility is to take the old insecure stuff and encapsulate it in some sort of virtual machine. It breaks the monoculture without breaking the monopoly, one part evil and one part brilliant."
Never, ever forget that these guys are really, really smart, in addition to being whatever else they are.

"Even if you are on the right track, you'll get run over if you just sit there" - Will Rogers

[ Reply to This | # ]

Groklaw © Copyright 2003-2013 Pamela Jones.
All trademarks and copyrights on this page are owned by their respective owners.
Comments are owned by the individual posters.

PJ's articles are licensed under a Creative Commons License. ( Details )