Microsoft's evolving relationship with the open-source community is an object of fascination for many, including some surprised Microsoft employees. ZDNet.co.uk was told at a recent Microsoft event that "strange winds of change are blowing through Redmond" when it comes to the software giant's attitudes to open source and interoperability./>
Many in the open-source community remain sceptical about Microsoft's overtures, believing them to be filled with inherent contradictions, such as Microsoft making patent-infringement allegations but also striking a deal with a vendor such as Novell.
Microsoft's UK national technology officer, Jerry Fishenden, talked to ZDNet.co.uk about the necessity of Microsoft specifying exactly which patents Linux has allegedly broken, as well as clarifying its attitude to open-source standards.
Fishenden, the software giant's lead UK technology advisor, also talked to ZDNet.co.uk about the need for a UK security breach disclosure law, and the need for a professional body that could strike off incompetent IT professionals.
Q: With the Microsoft allegations of 235 patent violations by open-source vendors, some in the open-source community are saying this is Microsoft trying to get open-source vendors to use Microsoft licences.
A: It depends where you come from on intellectual property really. As someone who is also a writer, I'm always quite intrigued by the idea that, if I write something, I shouldn't have some sort of rights over what I've produced, and that other people can go off and make money off the back of my creative work. I'm not entirely sure what people are asking — that Microsoft shouldn't protect its intellectual property?
I think it's the way that Microsoft has stated that 235 patents have been broken, then refused to specify which patents have been broken, and then said that it isn't going to litigate for now. It's not simply a question of protecting intellectual property.
Yes, well we need to be specific about intellectual property and where the [Linux] violations are, I guess.
What's your reaction to the observation that Microsoft, on the one hand, has to appear to be enforcing its intellectual property for the stakeholders but, on the other hand, is making overtures to the open-source community? Are those two positions irreconcilable?
I don't think so. If you look at all the big companies supporting open source and proprietary — IBM, for example, whose software business grew quite a lot last year based on its proprietary product portfolio — IBM doesn't seem to have a problem with doing both, Sun doesn't have a problem with doing both. I think most companies have that spectrum of open source being pooled and developed in the community, then there's other stuff that's proprietary, and ownership is retained. Microsoft pays well over $1bn [£503m] a year to license other people's intellectual property. The general preference in the industry is to license. That seems to me to be the way most people respect intellectual property.
Some in the open-source community have concerns about Microsoft and interoperability, specifically Microsoft's position on open standards. Microsoft talks about choice between Open XML and other open standards like ODF, but surely you build products on top of a standard and compete at product level, rather than competing at a standards level?
If standards meant that the first standard approved was the only one that you could use, then how would that differ from patents? You're effectively saying this has now got a monopoly on how you will do things.
Well no, not really, because surely the standard is just a specification document that says how a product can be interoperable?
But what if that standard doesn't do what you need it to do? If you take Open XML for example...
...it's backwardly compatible with Office binary file formats. [Using ODF], you're then saying to all of our users: "Well, tough — if you want to move to XML, you're going to lose some of what you had in the binary file format."
For years people have been asking us to open up the Microsoft Office file formats and submit them to a standards body; [it's] strange that, now we've done it, there seem to be some people jumping up and down, saying: "How dare you do that!" You think: "What do you want us to do? Not standardise them?"
But there are some people, for example the ODF Alliance, who are saying that Microsoft is again attempting to lock people into a standard — that Open XML has not been developed in the interests of interoperability, that it's a means for Microsoft to lock people into one particular standard that is Microsoft compatible.
Well Novell's version of OpenOffice is compatible with Open XML, and Corel.
Yes, but Microsoft has signed a licensing deal with Novell.
I could see the argument if we hadn't submitted [Open XML] to a standards body, because then you could say Microsoft could be trying to dominate the XML document file format market just by the sheer ubiquity of Office as a product. Actually, we've done the opposite. Now anyone can go away and build an office product that implements Open XML. We no longer have control over it; it's no longer ours.
I do find it an interesting comment, because it seems slightly contradictory to me. There are some people saying: "Only ODF should be allowed as a standard", which effectively precludes any other open document file formats, including Open XML.
By "some people" do you mean IBM?
IBM seems to be pushing hard [on standards bodies], which seems to be a pure commercial play, because their products have been built to support ODF not Open XML.
But, by the same token, you could say Microsoft's is a pure commercial play, because its products have been built to support Open XML and not ODF.
Except you can plug in an ODF converter [in Microsoft Office] in the same way you can plug in a PDF converter, and what will be a URF converter for what will be the Chinese government XML standard. When we tried to put PDF as a core into the product, you may remember Adobe were a little uneasy, so we made it a plug-in.
In response to parliamentary pressure, the government recently admitted that, over the past five years, it has overspent on IT projects by £1bn. What is your thinking about government IT overspend — is it inevitable?
In the context of £14.2bn annual government spend on IT, which is approximately £70bn over the past five years, £1bn is one and a bit percent. The global overspend figure is often caused by changing requirements as a project is in progress. It may actually be incremental cost due to evolving requirements.
It's more sensible to change your mind and modify the requirement as you go along, if you realise the original ones are wrong, than to wilfully carry on and build the wrong thing just because that's what the original procurement set out to do.
However, potentially, if you deliver a duff IT project, there's no-one who can say: "You should not work on any more projects."
This is linked to the professionalism in IT agenda. If you look at what you regard as the traditional professions — doctors, teachers, lawyers — their professional bodies can fire people, can investigate complaints, can impose penalties, and the ultimate sanction is to remove them from the profession, so [they] can't practice any more.
When you look at the IT industry, talking about professionalism, you have to say that we're not at that stage yet. If we're serious about being a profession and we mean to get to that level that doctors, lawyers and others have got to, then, as an industry, we need to find a better way.
There are so many different professional bodies it would obviously be good, if we want to be respected as a profession, for there to be some method of ensuring the industry as a whole maintains those professional standards, because otherwise...
...it seems just hollow words. There's a lot of [professional bodies], when you start looking, and that's the issue.
One of the characteristics of a profession is that there is some professional body that has some sanction over the practitioners. I don't see anything yet equivalent in the IT space. Perhaps it's something we do need to help improve the reputation of the IT industry.
So, how about an existing body, like the British Computer Society (BCS), taking on more powers? Or would it need to be a completely new body?
I guess there are bodies like the BCS, Chartered IT Professional and other standards that are around. It would be sensible to build on things that are already there, rather than start again, otherwise it would take even longer to get something into place. It's quite a hard challenge for what's a pretty junior industry really. We're still learning as we go.
What's your perspective? Should [one professional IT body] be something that companies like Microsoft and others be more active in lobbying for?
ZDNet.co.uk can ask the readers. Is lack of accountability a particular problem for the public sector or is it an issue for the private sector as well?
I think it's right across the board to be honest. I think the public-sector [failures] tend to get a lot of visibility because they tend to be very ambitious projects, the bigger ones. When something goes wrong, it's a more dramatic problem than some of the smaller projects that go on in the private sector.
You're familiar with all the problems the private sector has — all those leaks in the States — over 40 million credit-card details being compromised and all that sort of stuff.
Are you talking about TJX, the parent company of TK Maxx?
Yes. There have been quite a lot of reports on the internet recently, partly because there is now disclosure in the States and there wasn't in the past.
Do you think disclosure here in the UK would be beneficial?
Strictly speaking, legally it should happen anyway because, if someone is in breach of the Data Protection Act, they're meant to report it and be accountable for it.
Yes, but it is a complex and tangled area of law, isn't it? The Information Commissioner enforces the Data Protection Act and reports to government, so the information of a breach could get out like that; there's the Freedom of Information Act for public-sector bodies but, with a data-breach law, it actually plainly states that, if you have a data breach, you have to disclose it.
It can only be a good thing overall because it would encourage people to treat IT more seriously than some people seem to. I'm just amazed [at] the number of people that seem to have what I would call fairly basic problems — data that's up on the site that isn't even given any basic form of protection, which is rather bizarre. Not mentioning any particular recent episodes, of course.
Well, the head of the British Medical Association (BMA) resigned over the junior doctors database problems.
Yes. I suppose the question is: if that's a professional thing to do, where's the IT industry in this discussion? Yes, the head of the BMA resigned, but was it or was it not also an IT problem? Something seems to have been put up on the web that was completely unprotected. How can anyone be naive enough to think, in this age of incredibly sophisticated search engines crawling over sites, that anything up on a website is not in the public domain? You do wonder what level of naivety goes on, and who takes responsibility for sign-off for some of what happens in IT.
I'm not sure if anybody in the IT profession is being held accountable after these public events.
It's that communication problem again — technology people and business people not always communicating that well. You don't know at what level some of those decisions get taken.