Dr. Geer strongly supports OpenDocument Format, as you will see, and his reasons include concern about security issues.

Here's a paper he has written on the subject of the dangers of a software monoculture, Monoculture on the back of the envelope [PDF], in which he provides some alarming statistics on infection rates in Microsoft PCs and the odds of a cascading failure in an enterprise, and summarizes like this:

Which gets you an estimate that perhaps 15% of all desktops are to some degree owned as I write this. This feels high, but as a personal data point, some colleagues recently found 70% of the desktops inside a defense contractor handling classified data to have spyware of one or another sort, and two keyloggers on the section head’s desk....

None of this is particularly good news but then again none of it is news at all. We knew this before, we just don’t like hearing it, we shoot messengers, we try to patch things up. Everyone within the sound of my voice knows this. My 87-year-old cost accountant father knows this (his estimate is that over half of the productivity gains computers should have brought the domestic economy were lost due to standardization on the Redmond platform).

They know this in Redmond, too, where I do not envy the task they have in front of them, as it is like nothing so much as plugging shell holes below the waterline while under cannonade. In the meantime, Ballmer has one foot on the boat and one foot on the dock. The boat is labeled “Fix the security problem, but lose backward compatibility.” The dock is the converse, “Preserve backward compatibility, but never fix the problem.”

If he pulls his foot back onto the dock, he preserves backward compatibility but he never fixes the problem. This is betting that Microsoft is never tagged with liability for the security failures that only a monoculture can exhibit. Liability lawyers of the world are watching, and Steve is one nasty virus away from le deluge, not to mention the so-called progressive legislatures.

If he puts both feet in the boat and sails away from backward compatibility, then he absolutely puts into play the desktop in everysingle global corporation; those corporations are only sticking with Windows to amortize their existing investment in it. If they have to start over and write off that capitalization, they are not starting over with another round of “I won’t hit you again, Honey, I promise.”

When I read that, I couldn't help but remember that Microsoft's Ray Ozzie said that Microsoft's Office Open XML will provide backward compatibility with pre-existing Office formats . I also wondered if someone should do a security audit on the Commonwealth's government computers to determine what malware the state's employees have on their computers. That might prove educational indeed.

**********************************

Hon. Marc R. Pacheco
Massachusetts Senate
State House, Room 312-B
Boston, Mass. 02133

re: OpenDocument Standards

Dear Sen. Pacheco,

My name is Dan Geer. I am one of the half dozen ranking world experts in matters of computer security. By virtue of a long career both in academia (MIT and Harvard) and the private sector (six times an entrepreneur), there is absolutely no one in the State House who is not using software that I had a hand in producing, including yourself. I am a trusted advisor to the Federal Trade Commission, the Departments of Justice and Treasury, the National Academy of Sciences, the National Science Foundation, the US Secret Service, and the Department of Homeland Security. I am a Board member for a number of promising startups and their funding sources, have forty-two refereed publications, books and book chapters, four patents, over two hundred fifty invited presentations twenty percent of which were keynotes, and have been five times before the US Congress -- twice as lead witness. I have taught ten thousand students in the aggregate.

As an Officer of the Commonwealth, you understand the monopoly power of Microsoft quite well as the Commonwealth was the last man standing in the most recent round of antitrust litigation. What perhaps you did not grasp is the degree to which a computing monoculture is a security risk of the highest sort. It is, and I and others in the security research community are on record in unassailable ways that a computing monoculture is a hazard, but that it is an avoidable hazard if you want it to be. Microsoft maintains its power through user-level lock-in, as the Commonwealth noted and which it so adequately opposed. So long as that lock-in persists, there will be no solution to the monoculture risk. That lock-in is centered on and wholly confabulated with the use of proprietary formats for all documents produced by the Office Suite. Therefore, as a matter of logic and logic alone, if you care about the security of the Commonwealth then you must care about the risk of a computing monoculture. If you care about the risk of a computing monoculture, then you must care about barriers to computing diversification. If you care about barriers to computing diversification, then you must care about user-level lock-in. If you care about user-level lock-in, then you must apply yourself to the task of breaking the proprietary format stranglehold on the Commonwealth.

Fortunately, that has already begun. The Enterprise Technical Reference Model and its call for Open Document standards is precisely what is needed and it is not a moment too soon. As a ranking security professional with a doctorate in statistics, I can provide any amount of technical, quantitative proof that Open Documents are the point of maximum leverage and that the risk of remaining as we are exceeds any non-specialist's understanding including, with respect, yours. Warning times before attacks take place have fallen to zero. There is a new Windows virus every four hours. Perhaps 15% of all desktop Windows computers are running malware of some sort and I'll bet you $100 that includes your office. There is a direct and demonstrable correlation between increasing complexity of the Windows system and the effectiveness of attacks. Jurisdictional boundaries are meaningless if not undetectable in an always-on, fully-networked world. And as you almost surely know, your opponents are no longer misanthropic isolates but are instead professionals. So long as the Commonwealth voluntarily allows itself to be locked-in by the proprietary document formats of a proven monopoly, the Commonwealth cannot diversify and therefore the Commonwealth cannot mitigate its risk in any but the most marginal and palliative ways.

I am ready to vigorously debate these points with any and all comers both privately and in any venue. This is, in other words, a matter on which I actually do stake my professional reputation, my fortune, and my sacred honor. How may I be of assistance?

Very truly yours,

Daniel E. Geer, Jr., Sc.D.

P.S. I have blind relatives and if genetics is any guide may have that in my future. My comments still stand.