Exec fired over report critical of Microsoft
Mass. firm has ties to company; software giant's reach questioned
By Ted Bridis
The Associated Press, Friday, September 26, 2003
Originally from the Seattle Post-Intelligencer

WASHINGTON -- The chief technology officer for a technology firm that works closely with Microsoft Corp. lost his job after he helped write a study critical of the insecurity of Microsoft software.

Daniel Geer Jr., an expert with nearly three decades studying technology and computer security, learned yesterday he was no longer employed by AtStake Inc. of Cambridge, Mass.

AtStake declined to say whether Geer resigned or was fired. Spokeswoman Lona Therrien said Microsoft did not call for Geer's dismissal, which AtStake said was effective two days ago. Microsoft also said it was not involved in the decision.

But critics said Geer's firing was reflective of Microsoft's far-reaching ability in Washington and across the technology industry to silence experts who complain about weaknesses in its software or its aggressive business practices. The Justice Department struggled years ago to find technology executives willing to testify against Microsoft in its antitrust trial.

Geer could not be reached immediately for comment, but one person familiar with Geer's situation said he was fired in a call yesterday morning from AtStake executives.

AtStake has worked closely with Microsoft in the past, examining some of its software blueprints for security problems and providing consulting services.

AtStake's announcement came one day after Geer and six other experts published a report complaining that the U.S. government relies too heavily on software from Microsoft.

It argued that the widespread dominance of Windows has created an unhealthy "monoculture" inadequately resistant to viruses and attacks by hackers.

Geer was identified Wednesday in a conference call with journalists as AtStake's technology officer and the lead author of the report, which was funded by the Washington-based Computer and Communications Industry Association, a trade group whose members include some of Microsoft's biggest corporate rivals.

"The values and opinions of the report are not in line with AtStake's views," the company said in a statement. It said Geer's participation working on the report was "not sanctioned."

"Security is much more complicated than focusing on this one issue," said Chris Wysopal, AtStake's director of research and development. "We think the way the (CCIA) paper is positioned ... is just not the answer."

Wysopal said experts within AtStake debate about security issues internally but that Geer represented his views as the company's consensus. "We value diversity of opinions here," Wysopal said.

Bruce Schneier, the chief technology officer for Counterpane Systems Inc., worked with Geer on the report. He said security experts contacted to help work on the report critical of Microsoft indicated their support but couldn't participate publicly.

"There is a huge chilling effect based on Microsoft's monopoly position," Schneier said. "It's unfortunate that AtStake put its private agenda ahead of intellectual integrity."

The CCIA trade group also ran into trouble yesterday when it sought to send a paid announcement about its critical Microsoft report to 140,000 subscribers of popular trade magazines for chief security officers and chief information officers.

The publisher for CIO and CSO magazines, CXO Media Inc., offers such announcements "to target a specific market segment of our audience by designing a list of prospects for direct mail and e-mail purposes."

But in this case, the subject was too touchy.

"We find it is too sensitive of material to send out. I'm sorry to be the bearer of bad news, but I have to deny your request," according to an e-mail from the publisher obtained by The Associated Press.

"We need to try to provide some balance on these issues, and this seemed a little one-sided," CXO spokeswoman Karen Fogerty said.

THE CRITICAL REPORT

The 24-page report at the heart of Daniel Greer Jr.'s alleged dismissal from Cambridge, Mass.-based AtStake Inc. called Microsoft Windows a threat to national security because of its complex design and monopoly reach. "CyberInsecurity: The Cost of Monopoly" also:

Back to The Demise of @Stake