Just a week after Microsoft chairman and chief software architect Bill Gates unveiled his company's plan for securing e-mail communications, leading e-mail authorities, legal experts, and at least one ISP, are expressing concerns about the e-mail sender authentication plan, known as Caller ID.
Some experts agree that the technology is promising. However, Microsoft's claim that it owns patents around Caller ID, and its decision to license the technology to third parties rather than submit it to an Internet standards body, have riled e-mail experts and domain owners. Some of them said they worry about a power grab by the company and are wary of signing on to the new system.
Caller ID allows Internet domain owners to publish the IP (Internet Protocol) address of their outgoing e-mail servers in an XML format e-mail "policy" in the DNS record for their domain. E-mail servers can query the DNS record and match the source IP address of incoming e-mail messages to the address of the approved sending servers, Microsoft said. The goal is to reduce spam for end users.
Speaking last week at the RSA Conference in San Francisco, Gates set out an ambitious agenda for deploying Caller ID, saying it would be "very easy for people to apply", and that Microsoft hoped to have Caller ID in place by the third quarter, provided it could reach "the right agreements" with ISPs and e-mail providers.
Gates did not elaborate on what those agreements might involve but said that Microsoft had some patents related to "the fundamentals" of Caller ID which is "royalty free, available for everyone to use".
Microsoft published a technical specification for Caller ID on its website, along with an "implementation licence" for organisations that want to develop and implement software conforming to the specification.
At least one e-mail expert who has studied the agreement said it could be an obstacle to Caller ID's widespread adoption. "Given the licence they're offering, it's clearly a problem," said John Levine of the IETF's Anti Spam Research Group.
Like some others, Levine said he is concerned because Microsoft has not said what technology its patents cover. He also took issue with its assertion, in the licence agreement, that Caller ID licences cannot be transferred from one party to another, leaving the job of assigning licenses to Microsoft.
"The way the licence is written, you can't read Microsoft's intentions," he said. "They could stop giving out Caller ID licences at any time, or suddenly say that Caller ID is bundled with Windows."
Microsoft's agreement grants licensees a fully paid, royalty-free licence to "make, use, sell, offer to sell, import, and otherwise distribute" licensed implementations of the company's Caller ID patents. The company will not seek royalty payments for use of the patents, now or in the future, according to a statement by George Webb, business manager for Microsoft's Anti-spam Technology and Strategy Group.
Microsoft declined to answer questions about what its Caller ID patent claims cover. The technology is new and its patent applications are still pending, according to an e-mail statement from David Kaefer of Microsoft's Intellectual Property & Licensing Group.
However, the company said its Caller ID licence agreement is not limited to any single patent but covers rights to any Microsoft patent or patent application involved in implementing the Caller ID specification, Kaefer said. "Microsoft wants to do more than merely give Caller ID away, they also want to make sure nobody else can profit from it," said Steve Frank, a partner in the patent and intellectual property group of the law firm Testa, Hurwitz & Thibeault in Boston.
That should not be surprising, considering the time and money it has invested in designing the new architecture. "Since they're dedicating it to the public free of charge, Microsoft doesn't want to be the patsy who builds a foundation just so other people can come along and erect a building on it, then sell the building," he said.
To protect its investment, Microsoft reserves the right to incorporate other groups' improvements to Caller ID back into the specification free of charge, using a so-called "reciprocal licence," Frank said. Such a process will encourage all parties involved to allow the Caller ID technology to develop and improve without being hindered by licence restrictions or royalty schemes, Kaefer and Frank said.
While Microsoft's intentions may be benign, the company's reliance on individual licence agreements with domain owners is unconventional, especially if the intention is to encourage broad Internet adoption of Caller ID, Frank said. "The traditional way to do this is not through reciprocal licensing but through a standards body that has its own rules for how people can develop the initial technology and exploit improvements," he said.
Groups such as the IEEE, the IETF and the World Wide Web Consortium (W3C) have rules for adopting and protecting another company or group's intellectual property as part of a technical standard, and are well-situated to take over and promulgate the Caller ID specifications, he said. "Those groups have tremendous industry support and can facilitate adoption and get things done on an efficient basis."
Microsoft may be avoiding standards groups because it does not want to submit Caller ID to a lengthy approval process or negotiate with other stakeholders, such as Yahoo or AOL, over the final product, Frank said.
However, in shunning standards organisations, Microsoft is acting contrary to a "standard Internet ethos" that technical standards should be free of legal entanglements, said Robert Sanders, chief architect at ISP Earthlink. "It's clear that standards that are unencumbered are the most successful on the Internet and I don't think it's any different here. It's in everybody's best interest to make Caller ID easy to implement legally and technically," he said.
Sanders had not reviewed Microsoft's licence agreement for Caller ID but said any standard that is not unencumbered legally makes him "nervous." Reluctance to sign licence agreements is common, and Microsoft is leaving itself open to criticism that it is being "high-handed" and "dictatorial" with the Caller ID technology, Frank said.
So far, Microsoft has given no indication as to whether it will consider turning Caller ID over to a standards body. As it stands, the company's licensing model for Caller ID does not conform to any of the IETF's policies for handling patents.
Microsoft can still make good on its Caller ID technology, but it must be clearer about its intentions to make the technology permanently open and royalty-free, Levine said.
History has many models to offer, including Bell Telephone Laboratories 1979 patent on Setuid, a method of controlling access to files on a computer that became a core element of the Unix operating system, he said. In the absence of involvement by standards organisations, a clearer statement from Microsoft about its plans for managing Caller ID might calm fears in the technical community, Levine and others said.
"If they want to offer free, permanent licences for Caller ID, that's great, but could you please make your licence say that?" Levine said.