Negotiating the Microsoft way
 |
As Microsoft's chief legal counsel, Smith has successfully maneuvered his company into reaching amiable agreements in several antitrust claims filed against the software giant.
His negotiation skills helped Microsoft convince nine state Attorneys Generals in the United States to drop their antitrust appeal against Redmond in 2002, and ink settlements with AOL Time Warner, Sun Microsystems and Novell.
Smith leads Microsoft's global legal and corporate affairs team, and plays a key role in driving the company's messages on competition law, intellectual property and Internet safety. He champions the company's global initiatives in promoting child online safety, and battling illegal spamming, virus attacks and software counterfeiting.
In Singapore during his recent week-long visit to Asia, Smith spoke with ZDNet Asia about Microsoft's fight against spam, and the need to collaborate with government agencies worldwide in enacting cybercrime laws that are effective.
He talked about his desire to bridge the two islands of open source and commercial software, and explained why Microsoft believes "co-opetition" now plays an important role in the industry's progression. He also discussed how the company manages its position as a "monopoly" in the desktop market.
But Smith was surprisingly candid about the company's ongoing legal tussle with search rival Google, and firm on the company's policy that taking a "sabbatical" should not mean taking off to work for a competitor.
The Singapore government recently unveiled the latest draft of its spam control bill, highlighting a key proposed change which would give individuals the right to sue illegal spammers. Is that a good step forward?
I think that's probably less important than other parts of the legislation. Giving consumers the right to sue is one thing, but the reality is that that's not what most consumers want to do. Suing is time-consuming and an expensive endeavor.
Frankly, one of the challenges with spam is, first, undertaking an investigation to see who's sending it. And that takes time and it takes resources, even for a company like Microsoft. It's unlikely, in my opinion, that an individual consumer is either going to have the resources, or is going to want to spend them to pursue that type of fight.
I think it's more important that the legal means be there for the government and private companies to bring effective action. The most progress come when governments and companies have worked together, or when a group of companies have worked together. We then are able to pool the resources that it takes to be effective.
However, Harris Miller, president of the World Information Technology and Services Alliance (WITSA) highlighted that Internet governance is getting in the way of issues like digital divide, and that spam and privacy issues cannot be driven by the government but by market forces. Do you agree?
When you look at a problem like the Internet and safety, it's very clear that the government cannot solve this problem by itself. I also think that we in the private sector cannot solve this problem by ourselves either. I think it's through partnership between the government and private sector that we are best able to make progress.
We need governments to enact strong laws and devote resources to law enforcement. We in the private sector need to work on strengthening our products through better technology, we need to invest in broader education, and we need to focus on what we can do to work with law enforcements in specific cases.
For example, we had a new worm just in late August and were able in partnership with the FBI in the United States to track down that worm to its source--one individual in Morocco and one in Turkey.
Law enforcements in both countries arrested those individuals within two weeks of the worm being launched. Those kinds of cases are very important because they send a very strong message. I, in fact, believed that three to five years ago one could launch a worm and the chance of getting caught was very low. Today, the chance of getting caught is actually quite high.
Do you think it's ever possible to fully eradicate spam? I'm still getting hundreds of spam from Germany, Russia, and goodness knows where else. It seems impossible.
First of all, I would say that the biggest source of spam is still the United States. There's more that we can do. But the fact that we can take action in Morocco and Turkey so quickly shows we can take effective action on virtually a global basis.
| Our industry is still characterized too much by these two separate islands. We have an open source island, and we have a commercial or proprietary island. The future is about building bridges between those two islands. |
When we're talking about illegal spam and virus attacks, we're talking about crime. We live in a physical world where we know the elimination of all crime is impossible. There will always be a certain level of crime. But we also live in societies like here in Singapore and the United States, where crime is kept to a level that's low enough so that most of us can go out, live our lives, be successful and not have to worry about crime as an ever-present in our everyday lives.
Our goal with the Internet has to be put on a similar level. It's not realistic to suggest crime will ever disappear completely from the Internet, but crime is being reduced, and can be reduced further to a level where people will feel comfortable and safe using the Internet for everyday activity.
WITSA's Miller also said for that to happen, there needs to be similar cybercrime security laws across borders. You agree?
Yes, we all have to recognize that because the Internet is global, laws and law enforcement need to work well on an international basis. What that means, fundamentally, is two things.
First, we have to get to a similar level of legal protection in multiple countries. Second, we must have effective coordination between law enforcement agencies across borders.
With the Zotob worm, for example, one of the questions we had to ask ourselves was whether law enforcements in Turkey and Morocco were interested in collaborating with the FBI. Good news was that they were and they moved very quickly. The second question was whether they had laws in their books that would actually make it possible to prosecute these individuals successfully. The laws were better in Turkey than Morocco, but they were good enough in both places for us to be successful.
I actually believe that in most countries, the law is good enough to bring cases. But we do need the laws to be made better, and that is a worldwide initiative. Right now, it's a focus of the U.S. national legislative, but we may see it as a more global exercise in terms of international treaties as well. And for us as a company, it means we need to do a good job of being supportive of government and working effectively with governments across the borders.
When you say there are areas to be improved, what are some of the key issues?
A lot of these involve modernizing the law to focus on Internet-specific crimes that are part of our vocabulary today, but that none of us talked about a decade ago. Ten years ago, the only thing that spam was, was a particular type of ham. A virus was something you went to a doctor for because you had a cold and a fever, and a worm was a creature in the ground. It shows how much our vocabulary has changed.
This new vocabulary then needs to find its way into new laws. By doing so, we are able to really refine the law so that it can be as effective as it can be. We're seeing governments pass laws and we need more laws like that.
Even where we don't have the new laws, I have a fair degree of confidence that we can act on older laws because government agencies and courts know this is a problem that we need to address. But we can be even more effective if the law itself is modernized to address these issues.
A large part of your work also deals with intellectual property (IP). Microsoft's platform guy, Martin Taylor, when he was in Singapore, talked about how the software patent structure needs to be improved. Are there changes that you're pushing harder for than others?
I would say that, if you look at it globally, there are two broad categories of changes. The first is in countries like the United States, where we need to reform the patent law so it responds to the latest wave of technological change.
We should recognize that we have had patent laws in countries like United States and United Kingdom for over 200 years. And periodically, they do need to be updated to reflect whatever the impact has been from technological change. In the United States, we need to strengthen the quality of the system. We need to curb litigation abuses, and we need to make the system more accessible to small businesses and individual inventors.
Globally, the most important priority for countries like Singapore is really ensuring that the global patent is more easily accessible to startups and small businesses here.
Protecting a patent is much more time-consuming and expensive than protecting a copyrighted work. A copyrighted work doesn't require the filing of registration forms in lots of different countries. But if there's a new business in Singapore that does something that
really moves the state-of-the-art, the company very quickly has to file patent application in Singapore, in United States, in Europe, in China and literally down the world.It takes too long, and it's too expensive. If we can promote better harmonization and, ultimately, a much greater degree of collaboration, we should find ways to make it possible for businesses to file an application in fewer countries, and then have some system of mutual recognition or international collaboration. The patent system does need to be made more accessible for smaller businesses, especially in Asia.
Speaking of software patents, Sun Microsystems CEO Scott McNealy said the company's Community Development and Distribution License (CDDL) is the 'best of both worlds' that bridges community sharing and profitability. Do you think there could be any chance at all that Microsoft might move toward some kind of a balance in the same way, or is the Shared Source Initiative as far as you would go?
The Shared Source initiative has been important for us. It has enabled us to license technology, and now even source codes, to others in important ways. And we've learnt a lot from it.
I think this whole area will see ongoing evolution over the next five years. So one should never say the last step taken is the last step of all time. Nor should one say that the best step taken is the best step we'll ever see. We're all going to continue to learn.
I do think that it's good, for example, that Sun has developed an open-source license which avoids the viral effect of the Gnu General Public License (GPL) because ultimately, the viral effect of the GPL makes it too hard…it builds a wall that prevents collaboration between commercial software and open-source development.
It's a little too early to know exactly what kinds of steps will best serve the needs of the industry as a whole. We need more experimentation, and we need more dialog and collaboration. I think that today, our industry is still characterized too much by these two separate islands. We have an open-source island, and we have a commercial or proprietary island. The future is about building bridges between those two islands.
It requires that we each respect what the other does well and each other's needs. And we figure out not how to move everybody from one island to the other but how in our own island to connect to each other in a better way. And we'll need ongoing experimentation and dialog to get there.
So you do think that it's not impossible to build a bridge between the two islands?
I absolutely believe that bridges can be built. Who would have thought three years ago that we could build a bridge between Microsoft and Sun? We built that bridge. There are more bridges to be built in the future. And I'm sure that we will pursue them.
Let's talk about your Shared Source program, which I personally like to call the see-but-no-touch licensing model. Do you agree with that?
I would actually say that Shared Source lets people see and touch quite a bit. It does not permit them to reshape the code and ship it themselves in some different way. It is, I believe, a very good program for increasing transparency and getting more feedback for our developers. So it has served certain functions quite well. It doesn't do everything that some other licenses do and in that, there are both strengths and some things that other people might say they don't like as much.
We have to recognize that if our industry consists of these two islands, what we need are bridges, and we also need to respect the fact that we each will want to do things in a somewhat different way. People who are committed to open source may point out that open source has certain advantages. I think that commercial software development has certain advantages as well.
| You don't need a PhD to know that the purpose of a sabbatical is not to go work for a competitor. |
We are able to stand behind our products because we know what goes into our products. We have put in place the kind of IP management, systems and processes that give us a very high level of confidence, and that allows us to respect the IP rights of others.
Both open source and commercial software are here to stay. And we'll both compete with each other, and hopefully, we'll both be able to collaborate with each other in important ways at the same time.
It's interesting that you think open source has certain advantages. Can you talk about what some of these are?
I think that one of the strengths of open source has been the feedback cycle that the developers' community has created. And certainly one of the things we've done as a company is work to learn from what others do well. We've created more feedback processes ourselves. Some of that are reflected in our software development practices, and others are reflected in things like the MS Volunteers program, where we have a more community-oriented initiative for ourselves.
When we look at what Sun is doing, it will be interesting. We'll all have the opportunity to learn from their license. And if there are certain things that work, we'll see other people emulate it and if certain things don't work, then everybody will learn from that too. That's just a natural part of a healthy industry.
Is it especially tough talking about IP rights with countries like China and Malaysia, where software piracy is still a big problem? Do you try and come up with solutions for them, or do they have different sets of problems that they can't deal with?
We all have our unique challenges, whether we are a company or country. I do think increasingly, every government sees that the path to long-term success involves some significant degree of respect for IP protection. Even if one in the short run can compete globally simply by offering lower wage labor, a country quickly recognizes that long-term success requires that kind of protection that will stimulate innovation by its own people.
You find very talented people everywhere. If a country doesn't protect IP, those people tend to move to a country that does. And as the economy continues to globalize, more and more countries are realizing that they have the opportunity to compete not only by making things that are cheaper, but by making things that are better.
The key to making things that are better is in protecting innovation through IP protection. And more and more, we're seeing governments recognize that.
This talk about talent and an individual's IP rights reminds me of a certain employee of Google. As I see it, when you work for a company and learn what it has to teach, that's part of growing your IP and advancing your career. Understandably, there will be concerns about IP protection when an employee leaves to join a competitor. Can you talk about how you would balance an individual's need to be able to transfer what he's learned to another company, and his former employer's need to protect its IP?
There are a couple of things to think about. First, there's one thing that's very simple and requires no balancing at all. We all live in a world where we're supposed to work for only one employer at a time. And you don't need a PhD to know that the purpose of a sabbatical is not to go work for a competitor.
We were very clear on that, and the court was very clear in its decision in saying that that principle has been violated. And I think that is absolutely right for companies to step in to enforce their legal obligations, and the courts to ensure that we all remember that principle, regardless of what opportunities we may have for our own personal careers.
Second, I think that generally, companies work these things out when an individual moves from one company to another. We've certainly sought to do that when we hired employees from others. You put something in place so that the IP of the other company is respected, and part of that typically involves ensuring that the new employee doesn't work for a period of time, on a product or a service or a project that they worked on somewhere else. And that's what we sought in the court case, and that's what the court by and large ordered.
It ensures that there's no work on search or natural language, or even by and large, on work that goes into research and development, or compensation or strategy in China itself. And that's the right kind of balance we need.
As we think about that case, part of that is very straight forward and requires no balancing at all. And part of it was something that required more balance, but by and large, the court struck a good balance.
In the past five years or so, you've also spent a lot of time on antitrust claims. And you've been able to resolve a lot of those without having to go to court. How have you done that? Through plain old discussion?
I think one thing we've learnt is that there's no substitute for plain old discussion. If you end up disagreeing with somebody, you want to disagree because the disagreement is real and not simply the result of a lack of communication or miscommunication.
So we've devoted a lot more energy to having closer dialog with other companies. I think that has been a good thing. In some cases, we learnt that we have a lot more in common with people than those on either side thought. Certainly when we look at our relationship with Time Warner or Sun today, I think that that is very true in both cases.
Second, we've all learnt that co-opetition is an important part of our industry. If you look at where we are in the industry at this stage, we need an industry where people do a good job of competing with each other, and collaborating at the same time. It's no longer simply an 'either-or' proposition. The fact that we compete shouldn't get in the way of collaboration that's really going to serve the needs of our mutual customers. And the fact that we collaborate doesn't mean that we stop competing. We need to do both.
In that sense, I think that as a company and an industry, we've all matured over the last decade. Ultimately, it doesn't mean that you can eliminate every area of disagreement. There will be times when people and companies disagree. But hopefully, the disagreements will be real and not simply the result of miscommunication.
But you have to admit that with such a high penetration of Windows in the desktop market, Microsoft has to be seen as a monopoly. And there're bound to be situations where a service that you think you're offering your customer, may be seen by companies like IBM or a Netscape as anti-competition.
I think it's very clear that Microsoft as a company has a high level of responsibility, and in certain areas, perhaps a uniquely high level of responsibility, and we need to fulfill that.
I think it's also clear that we need to keep innovating and improving our products. We need the kind of regulatory flexibility that will enable positive innovation to move forward. And so, from a governmental standpoint, there is this ongoing need to strike the right balance between encouraging innovation and living up to a high level of responsibility.
That means we want our developers to come to work everyday being very creative, moving the state-of-the art forward. It also means we then need to have a very good dialog with government regulators and the rest of the industry about the impact of new technological innovation. And that's the kind of thing we're really trying to do well, on both sides of that equation.
So you're doing something to avoid a situation where you think putting in Windows Player would be a good service for your customers, but may not be what RealNetworks is thinking? Is that what you're doing now with Vista and Office 12?
We certainly talk to government regulators round the world about product development on an ongoing basis. That's part now of just the way we work as a company, and it's the way that not only Microsoft but probably other large companies in the industry need to work as we move forward.
People often talk about whether something is going to be in Windows. I think it's equally or even more important to focus on how it works when it is in Windows.
How can we put new innovation in Windows in a manner that also ensures it's very easy for other people to build on top of it? How do we ensure that users and OEMs (original equipment makers) have broad choice to use our innovation, and consider other competing innovation from others? How do we ensure that our products work in a highly interoperable way with the products from others?
These are all part of what is a set of questions, opportunities and challenges that we need to keep addressing day in, day out.