Here is a letter that security professional Dan Geer has just sent to Massachusetts Senator Marc Pacheco, and he tells me he sent similar letters to Secretary of the Commonwealth Francis Galvin
and Senate President Robert Travaligni. He warns them that the Commonwealth needs to mitigate its risk by avoiding a computing monoculture. If a private company received such a letter, I assure you that their lawyers would take it very seriously, as it would put them on notice, actual notice.
Dr. Geer strongly
supports OpenDocument Format, as you will see, and his reasons include concern about security issues.
Here's a paper he has written on the subject of the dangers of a software monoculture, Monoculture on the back of the envelope [PDF], in which he provides some alarming statistics on infection rates in Microsoft PCs and the odds of a cascading failure in an enterprise, and summarizes like this:
Which gets you an estimate that perhaps 15% of all desktops are to some degree owned as I write this. This feels high, but as a personal data point, some colleagues recently found 70% of the desktops inside a defense contractor handling classified data to have spyware of one or another sort, and two keyloggers on the section head’s desk....
None of this is particularly good news but then again none of it is news at all. We knew this before, we just don’t like hearing it, we shoot messengers, we try to patch things up. Everyone within the sound of my voice knows this. My 87-year-old cost accountant father knows this (his estimate is that over half of the productivity gains computers should have brought the domestic economy were lost due to standardization on the Redmond platform).
They know this in Redmond, too, where I do not envy the task they have in front of them, as it is like nothing so much as plugging shell holes below the waterline while under cannonade. In the meantime, Ballmer has one foot on the boat and one foot on the dock. The boat is labeled “Fix the security problem, but lose backward compatibility.” The dock is the converse, “Preserve backward compatibility, but never fix the problem.”
If he pulls his foot back onto the dock, he preserves backward compatibility but he never fixes the problem. This is betting that Microsoft is never tagged with liability for the security failures that only a monoculture can exhibit. Liability lawyers of the world are watching, and Steve is one nasty virus away from le deluge, not to mention the so-called progressive legislatures.
If he puts both feet in the boat and sails away from backward compatibility, then he absolutely puts into play the desktop in everysingle global corporation; those corporations are only sticking with Windows to amortize their existing investment in it. If they have to start over and write off that capitalization, they are not starting over with another round of “I won’t hit you again, Honey, I promise.”
When I read that, I couldn't help but remember that Microsoft's Ray Ozzie said that Microsoft's Office Open XML will provide backward compatibility with pre-existing Office formats . I also wondered if someone should do a security audit on the Commonwealth's government computers to determine what malware the state's employees have on their computers. That might prove educational indeed.
Hon. Marc R. Pacheco
State House, Room 312-B
Boston, Mass. 02133
re: OpenDocument Standards
Dear Sen. Pacheco,
My name is Dan Geer. I am one of the half dozen ranking world experts in matters of computer security. By
virtue of a long career both in academia (MIT and Harvard)
and the private sector (six times an entrepreneur), there is
absolutely no one in the State House who is not using software that I had a hand in producing, including yourself. I
am a trusted advisor to the Federal Trade Commission, the
Departments of Justice and Treasury, the National Academy of
Sciences, the National Science Foundation, the US Secret
Service, and the Department of Homeland Security. I am a
Board member for a number of promising startups and their
funding sources, have forty-two refereed publications, books
and book chapters, four patents, over two hundred fifty
invited presentations twenty percent of which were keynotes,
and have been five times before the US Congress -- twice as
lead witness. I have taught ten thousand students in the
As an Officer of the Commonwealth, you understand the
monopoly power of Microsoft quite well as the Commonwealth
was the last man standing in the most recent round of antitrust litigation. What perhaps you did not grasp is the
degree to which a computing monoculture is a security risk
of the highest sort. It is, and I and others in the security research community are on record in unassailable ways
that a computing monoculture is a hazard, but that it is an
avoidable hazard if you want it to be. Microsoft maintains
its power through user-level lock-in, as the Commonwealth
noted and which it so adequately opposed. So long as that
lock-in persists, there will be no solution to the monoculture risk. That lock-in is centered on and wholly confabulated with the use of proprietary formats for all documents
produced by the Office Suite. Therefore, as a matter of
logic and logic alone, if you care about the security of the
Commonwealth then you must care about the risk of a computing monoculture. If you care about the risk of a computing
monoculture, then you must care about barriers to computing
diversification. If you care about barriers to computing
diversification, then you must care about user-level lock-in. If you care about user-level lock-in, then you must
apply yourself to the task of breaking the proprietary format stranglehold on the Commonwealth.
Fortunately, that has already begun. The Enterprise
Technical Reference Model and its call for Open Document
standards is precisely what is needed and it is not a moment
too soon. As a ranking security professional with a doctorate in statistics, I can provide any amount of technical,
quantitative proof that Open Documents are the point of maximum leverage and that the risk of remaining as we are
exceeds any non-specialist's understanding including, with
respect, yours. Warning times before attacks take place
have fallen to zero. There is a new Windows virus every
four hours. Perhaps 15% of all desktop Windows computers
are running malware of some sort and I'll bet you $100 that
includes your office. There is a direct and demonstrable
correlation between increasing complexity of the Windows
system and the effectiveness of attacks. Jurisdictional
boundaries are meaningless if not undetectable in an always-on, fully-networked world. And as you almost surely know,
your opponents are no longer misanthropic isolates but are
instead professionals. So long as the Commonwealth voluntarily allows itself to be locked-in by the proprietary document formats of a proven monopoly, the Commonwealth cannot
diversify and therefore the Commonwealth cannot mitigate its
risk in any but the most marginal and palliative ways.
I am ready to vigorously debate these points with any
and all comers both privately and in any venue. This is, in
other words, a matter on which I actually do stake my professional reputation, my fortune, and my sacred honor. How
may I be of assistance?
Very truly yours,
Daniel E. Geer, Jr., Sc.D.
P.S. I have blind relatives and if genetics is any guide
may have that in my future. My comments still stand.