Just a week after Microsoft's Chairman and Chief Software Architect Bill Gates unveiled his company's plan for securing e-mail communications, leading e-mail authorities, legal experts and at least one Internet service provider (ISP) are expressing concerns about the e-mail sender authentication plan, known as Caller ID.
Some experts agreed that the technology is promising. However, Microsoft's claim that it owns patents around Caller ID and its decision to license the technology to third parties, rather than submit it to an Internet standards body, have riled e-mail experts and domain owners, some of whom said they worry about a power grab by the company and are wary of signing on to the new system.
Caller ID allows Internet domain owners to publish the IP (Internet Protocol) address of their outgoing e-mail servers in an XML (Extensible Markup Language) format e-mail "policy" in the DNS (Domain Name System) record for their domain. E-mail servers can query the DNS record and match the source IP address of incoming e-mail messages to the address of the approved sending servers, Microsoft said. The goal is to reduce spam for end users.
Speaking last week at the RSA Conference in San Francisco, Gates set out an ambitious agenda for deploying Caller ID, saying it would be "very easy for people to apply," and that Microsoft hoped to have Caller ID in place by the third quarter, provided it could reach "the right agreements" with ISPs and e-mail providers.
Gates did not elaborate on what those agreements might involve, but said that Microsoft had some patents related to "the fundamentals" of Caller ID which is "royalty free, available for everyone to use," according to a transcript of his RSA speech.
Microsoft published a technical specification for Caller ID on its Web site, along with an "implementation license" for organizations that want to develop and implement software conforming to the specification. (See: http://www.microsoft.com/mscorp/twc/privacy/spam_callerid.mspx)
At least one e-mail expert who has studied the agreement said it could be an obstacle to Caller ID's widespread adoption.
"Given the license they're offering, it's clearly a problem," said John Levine of the Internet Engineering Task Force's (IETF's) Anti Spam Research Group.
Like some others, Levine said he is concerned because Microsoft has not said what technology its patents cover. He also took issue with its assertion in the license agreement that Caller ID licenses cannot be transferred from one party to another, leaving the job of assigning licenses to Microsoft.
"The way the license is written, you can't read (Microsoft's) intentions," he said. "They could stop giving out (Caller ID) licenses at any time, or suddenly say that Caller ID is bundled with Windows."
Microsoft's agreement grants licensees a fully paid, royalty-free license to "make, use, sell, offer to sell, import, and otherwise distribute" licensed implementations of the company's Caller ID patents. The company will not seek royalty payments for use of the patents now or in the future, according to a statement by George Webb, business manager for Microsoft's Antispam Technology and Strategy Group.
Microsoft declined to answer questions about what its Caller ID patent claims cover. The technology is new and its patent applications are still pending, according to an e-mail statement from David Kaefer of Microsoft's Intellectual Property & Licensing Group.
However, the company said its Caller ID license agreement is not limited to any single patent, but covers rights to any Microsoft patent or patent application involved in implementing the Caller ID specification, Kaefer said.
"Microsoft wants to do more than merely give (Caller ID) away, they also want to make sure nobody else can profit from it," said Steve Frank, a partner in the patent and intellectual property group of the law firm Testa, Hurwitz & Thibeault LLP in Boston.
That should not be surprising, considering the time and money it has invested in designing the new architecture.
"Since they're dedicating it to the public free of charge, (Microsoft) doesn't want to be the patsy who builds a foundation just so other people can come along and erect a building on it, then sell the building," he said.
To protect its investment, Microsoft reserves the right to incorporate other groups' improvements to Caller ID back into the specification free of charge, using a so-called "reciprocal license," Frank said.
Such a process will encourage all parties involved to allow the Caller ID technology to develop and improve without being hindered by license restrictions or royalty schemes, Kaefer and Frank said.
While Microsoft's intentions may be benign, the company's reliance on individual license agreements with domain owners is unconventional, especially if the intention is to encourage broad Internet adoption of Caller ID, Frank said.
"The traditional way to do this is not through reciprocal licensing but through a standards body that has its own rules for how people can develop the initial technology and exploit improvements," he said.
Groups such as the Institute of Electrical and Electronics Engineers Inc. (IEEE), the IETF and the World Wide Web Consortium (W3C) have rules for adopting and protecting another company or group's intellectual property as part of a technical standard, and are well-situated to take over and promulgate the Caller ID specifications, he said.
"Those groups have tremendous industry support and can facilitate adoption and get things done on an efficient basis," he said.
Microsoft may be avoiding standards groups because it does not want to submit Caller ID to a lengthy approval process or negotiate with other stakeholders such as Yahoo Inc. or America Online Inc. over the final product, Frank said.
However, in shunning standards organizations, Microsoft is acting contrary to a "standard Internet ethos" that technical standards should be free of legal entanglements, said Robert Sanders, chief architect at Atlanta, Georgia, ISP Earthlink Inc.
"It's clear that standards that are unencumbered are the most successful on the Internet, and I don't think it's any different here. It's in everybody's best interest to make (Caller ID) easy to implement legally and technically," he said.
Sanders had not reviewed Microsoft's license agreement for Caller ID, but said any standard that is not unencumbered legally makes him "nervous."
Reluctance to sign license agreements is common, and Microsoft is leaving itself open to criticism that it is being "high-handed" and "dictatorial" with the Caller ID technology, Frank said.
So far, Microsoft has given no indication as to whether it will consider turning Caller ID over to a standards body, Levine said. As it stands, the company's licensing model for Caller ID does not conform to any of the IETF's policies for handling patents, he said.
Microsoft can still make good on its Caller ID technology, but it must be clearer about its intentions to make the technology permanently open and royalty-free, Levine said.
History has many models to offer, including Bell Telephone Laboratories Inc.'s 1979 patent on Setuid, a method of controlling access to files on a computer that became a core element of the Unix operating system, he said.
In the absence of involvement by standards organizations, a clearer statement from Microsoft about its plans for managing Caller ID might calm fears in the technical community, Levine and others said.
"If they want to offer free, permanent licenses for Caller ID, that's great, but could you please make your license say that?" Levine said.