Letter to DOJ 04_02_04

04/02/2004 Attorney General Ashcroft US Department of Justice 950 Pennsylvania Avenue NW Washington, D.C. 20530-0001 Dear Mr. Ashcroft: A few things worth saying can be said succinctly, but even among these, the proof can be lengthy. As such, I anticipate this being a long letter. If this has made it past your administrative assistant, or whatever editorial process it will become subject to, please bear with me; I hope to say things that are worth saying. I have identified a problem, and an avenue toward the solution. This avenue may be closed, and on this day, I have decided that you might have important things to say about that. With the carrot of a solution at the end, allow me to state the problem. We may very well differ on this, but I am not going to string you along be stating my thesis at the end: Microsoft is monopolistic - this has been stipulated in a court of law. Reasonable people can disagree, and I intend to offer a persuasive "nuts-and-bolts" discussion upon request. I have not inserted it here, as a evidence that I respect your time. The thesis being that Microsoft is monopolistic, you are pretty much the only person in the US of A, who can lawfully do anything about it. If you become the judge, by refusing to present the case, I have no remedy, and if I am the public, the public has no remedy. At the moment, Microsoft is in dock in the European Union for this for the third time. In this case, it is going to be about Windows Media Player. Temporarily leaving the proof as an abstract, a dam yet to be built, it is appropriate to consider where we will send the river in the mean time. This is the problem you faced when you were first placed in office: We broke up AT&T "for the principle of the thing," and service suffered, rates went up universally, and the nascent Cellular phone industry was set back 16 to 20 years (depending on your computation.) If we do the same to Microsoft, exactly what is the fallout going to be? So we have three questions before us: 1. Is Microsoft actually monopolistic in the abstract? There is a very vocal group, that complains about some procedural problem. Is this problem actually caused by a Microsoft monopoly? Can this be lawfully addressed? If we should actually endure the assault on our character, and determine that this is a case that should be made, would the remedy available under law actually be germane to this abstractly stated problem? 2. Optimistically assuming a favorable verdict, can we devise a solution that will not destroy every benefit we enjoy from the standardization Microsoft has given us? Is Bill Gates the Goose that Laid The Golden Egg? 3. Mr. Ashcroft, here is the real reason I am writing you today. If I devise this solution, does this become an impure motive that must impugn my case? Mr. Attorney General. I am persuaded that Microsoft is monopolistic, and optimistic that I can say something about that, that might let you see my point of view. We did at one time have a verdict, but those who brought the suit offered no solution, other than (I suppose,) the total destruction of Microsoft, such that they were absolutely incapable of doing it again. I have some confidence that I can devise some less destructive, perhaps even constructive solution in less time than it would take you to bring the leverage of the law to bear once more, and put Microsoft in the position of having to comply with any solution, my hoped for analysis being but one suggested example. But, Mr Attorney General: Would I defeat my whole effort, by devising it ahead of time? If I cannot lawfully devise it, or by distributive property the public is barred from devising it, and you choose not to devise it, by whatever logic, then all other efforts bring us at best back to the day when Microsoft was last found liable. That being the case, I am hoping you will show me the lawful way to proceed. If there is no lawful way, how deeply am I to plumb the depths of despair? Mr. Ashcroft: I would like to set you an interesting discussion. It is to establish that the rest is worth it's own attention. It is to establish that I have some knowledge of the things I am trying to address. It is to establish that I am decent and upright, by bringing these things to your attention, and not the attention of other people. I intend to be harmless and constructive, but I want to have credibility, and later respect, by not being helpless. So to proceed to an anecdotal discussion. It is old hat that the Windows OS, and associated programs are open to buffer over-run errors. This has been the fruitful area by which any number of virus programs have been devised. There exists that work-around that you could build the processor with an extra bit, but that is not a very pragmatic solution - it is included for completeness. It is theoretically in Microsoft's interest to identify this trend, this universal quality that all buffers can be over-run, and correct it. This process begs for automation. I am prepared to risk my credibility on the statement that I will stipulate: "Microsoft has not automated the process of testing for buffer over-runs." This statement is the product of inference, not the exhaustive algorithm. It is almost a "paper or plastic?" discussion, with capitalism and the profit motive being on trial, unless I can show some appropriate motive for Microsoft to bother themselves with this. For the most part, viruses and worms represent a kind of electronic graffiti, with the cleanup not being Bill Gates' problem. The people whose problem it is, are the individual users of each program. However, if money, programmers and time fell like rain from the sky, and each entity were free to address his own problem, it is not lawful for them to do so, because the source code is the intellectual property of Microsoft. I think you are in a better position than I am to understand that just because a system has a flaw does not mean it will not work - it takes more to indict the system than proof by exception. However, here we have arrived at a legitimate problem, with no elegant way to address it. In fact there exists a lawful solution: Lavasoft, McAfee and Norton exist for this reason. Certainly this is not an example of monopolistic practice, so how is it at all pertinent to our discussion? Actually it has application to National Security. I am prepared to be fairly specific. I trust you will evaluate it, by making some person at the CIA (because they are more likely to be interested,) or the NSA (if your interest and application leads you there instead - it is a philosophical decision,) evaluate the following questions. Q: (Rhetorical) Is the Secure Socket Layer (SSL) of IE6.0 written without buffers? Probably not. Q: Can we say with any real confidence that none of these buffers are susceptible to over-run errors? A: Not without looking at that elusive source code. To be fair, the person actually grinding out that code might have had this detail on his mind when he wrote it. At what point does it become worth my time to buy a decompiler, and work on this problem? While the profit motive enters in, I cannot think of any lawful application to this pursuit. What is lawful to do, is to fix it, and this avenue is not open to anyone. I am incensed that the solution is to call Microsoft and tell them to check into it... for any motive other than a profit motive: I do not expect them to actually pay me for the info. Their argument "We can't pay everyone who finds an error in Windows" indicts them as having written a program with so many errors that paying for the solutions is prohibitively expensive. I expect Microsoft to profit from the solution - their profit motive is sacrosanct, but mine is venal! Q: On the day that the hypothetical buffer error is exploited is there any difference between the arbitrary numbers 128 and 1024? This is not intended as a stupid question: There are export restrictions in place for this reason. Q: Is IE6.0 the only browser? A: No - there is IE6.0, MSN Explorer (with a pop-up blocker to defeat the much abused pop-up feature in the IE6.0 browser,) Netscape, AOL's proprietary browser, Mozilla and Opera. Q: With this idea on your mind, does any one generate more confidence than any other? Q: Is complacency in order? If I found one that I was confident did not exhibit this weakness, would it become wrong or un-necessary to address IE6.0's weakness? Q: Here we tie back in the monopoly theme, albeit anecdotally: Can I make a given browser compete with IE6.0? In the two weeks it would take them to fix this hypothetical fault, can I actually boot-strap a business plan: Specifically is competition possible is this instance? This question is not itself important, but the statement that Microsoft is a Monopoly implies that competition is impossible is ALL CASES. Proof by exception is open to you here. This discussion does not really qualify me to speak about monopolies in general - in merely shows that I can identify a problem and a solution. The solution implies defeating not one virus or several, but an entire class of them. The logic is that by extension other solutions to identifiable problems are not beyond me. The specific discussion is just because all things clandestine have a certain appeal all their own. Mr Ashcroft: Is there someone who is unimportant enough to contact me, and see if I have anything worth saying, while still being important enough to approach you if my complaint has merit? I trust that you are not defined by apathy, and that you have the integrity to say so, if my missive is not appropriate. Thank you for your attention in this matter, Robert B Johnson Next Letter