Just a week after Microsoft's Chairman and Chief Software Architect Bill Gates unveiled a plan for securing e-mail communications, leading e-mail authorities, legal experts, and at least one Internet service provider are expressing concerns about the e-mail sender authentication plan, known as Caller ID.
Some experts agree that the technology is promising. However, Microsoft's claim that it owns patents around Caller ID and its decision to license the technology to third parties, rather than submit it to an Internet standards body, have riled e-mail experts and domain owners, some of whom say they worry about a power grab by the Redmond, Washington, company and are wary of signing on to the new system.
Caller ID allows Internet domain owners to publish the IP (Internet Protocol) address of their outgoing e-mail servers in an XML format e-mail "policy" in the DNS (Domain Name System) record for their domain. E-mail servers can query the DNS record and match the source IP address of incoming e-mail messages to the address of the approved sending servers, Microsoft says. The goal is to reduce spam for end users.
Speaking at the RSA Conference last month in San Francisco, Gates set out an ambitious agenda for deploying Caller ID, saying it would be "very easy for people to apply," and that Microsoft hoped to have Caller ID in place by the third quarter, provided it could reach "the right agreements" with ISPs and e-mail providers.
Gates did not elaborate on what those agreements might involve, but said that Microsoft had some patents related to "the fundamentals" of Caller ID which is "royalty free, available for everyone to use," according to a transcript of his RSA speech.
Microsoft published a technical specification for Caller ID on its Web site, along with an "implementation license" for organizations that want to develop and implement software conforming to the specification.
At least one e-mail expert who has studied the agreement says it could be an obstacle to Caller ID's widespread adoption.
"Given the license they're offering, it's clearly a problem," says John Levine of the Internet Engineering Task Force's (IETF's) Anti Spam Research Group.
Like some others, Levine says he is concerned because Microsoft has not said what technology its patents cover. He also took issue with its assertion in the license agreement that Caller ID licenses cannot be transferred from one party to another, leaving the job of assigning licenses to Microsoft.
"The way the license is written, you can't read [Microsoft's] intentions," he says. "They could stop giving out [Caller ID] licenses at any time, or suddenly say that Caller ID is bundled with Windows."
Microsoft's agreement grants licensees a fully paid, royalty-free license to "make, use, sell, offer to sell, import, and otherwise distribute" licensed implementations of the company's Caller ID patents. The company will not seek royalty payments for use of the patents now or in the future, according to a statement by George Webb, business manager for Microsoft's Antispam Technology and Strategy Group.
Microsoft declined to answer questions about what its Caller ID patent claims cover. The technology is new and its patent applications are still pending, according to an e-mail statement from David Kaefer of Microsoft's Intellectual Property & Licensing Group.
However, the company says its Caller ID license agreement is not limited to any single patent, but covers rights to any Microsoft patent or patent application involved in implementing the Caller ID specification, Kaefer says.
"Microsoft wants to do more than merely give [Caller ID] away, they also want to make sure nobody else can profit from it," says Steve Frank, a partner in the patent and intellectual property group of the law firm Testa, Hurwitz & Thibeault in Boston.
That should not be surprising, considering the time and money it has invested in designing the new architecture.
"Since they're dedicating it to the public free of charge, [Microsoft] doesn't want to be the patsy who builds a foundation just so other people can come along and erect a building on it, then sell the building," he says.
To protect its investment, Microsoft reserves the right to incorporate other groups' improvements to Caller ID back into the specification free of charge, using a so-called "reciprocal license," Frank says.
Such a process will encourage all parties involved to allow the Caller ID technology to develop and improve without being hindered by license restrictions or royalty schemes, Kaefer and Frank says.
While Microsoft's intentions may be benign, the company's reliance on individual license agreements with domain owners is unconventional, especially if the intention is to encourage broad Internet adoption of Caller ID, Frank says.
"The traditional way to do this is not through reciprocal licensing but through a standards body that has its own rules for how people can develop the initial technology and exploit improvements," he says.
Groups such as the Institute of Electrical and Electronics Engineers (IEEE), the IETF, and the World Wide Web Consortium (W3C) have rules for adopting and protecting another company or group's intellectual property as part of a technical standard, and are well-situated to take over and promulgate the Caller ID specifications, he says.
"Those groups have tremendous industry support and can facilitate adoption and get things done on an efficient basis," he says.
Microsoft may be avoiding standards groups because it does not want to submit Caller ID to a lengthy approval process or negotiate with other stakeholders such as Yahoo or America Online over the final product, Frank says.
Helping or Hurting?
However, in shunning standards organizations, Microsoft is acting contrary to a "standard Internet ethos" that technical standards should be free of legal entanglements, says Robert Sanders, chief architect at Atlanta, Georgia, ISP Earthlink.
"It's clear that standards that are unencumbered are the most successful on the Internet, and I don't think it's any different here. It's in everybody's best interest to make [Caller ID] easy to implement legally and technically," he says.
Sanders has not reviewed Microsoft's license agreement for Caller ID, but says any standard that is not unencumbered legally makes him "nervous."
Reluctance to sign license agreements is common, and Microsoft is leaving itself open to criticism that it is being "high-handed" and "dictatorial" with the Caller ID technology, Frank says.
So far, Microsoft has given no indication as to whether it will consider turning Caller ID over to a standards body, Levine says. As it stands, the company's licensing model for Caller ID does not conform to any of the IETF's policies for handling patents, he says.
Microsoft can still make good on its Caller ID technology, but it must be clearer about its intentions to make the technology permanently open and royalty-free, Levine says.
History has many models to offer, including Bell Telephone Laboratories' 1979 patent on Setuid, a method of controlling access to files on a computer that became a core element of the Unix operating system, he says.
In the absence of involvement by standards organizations, a clearer statement from Microsoft about its plans for managing Caller ID might calm fears in the technical community, Levine and others says.
"If they want to offer free, permanent licenses for Caller ID, that's great, but could you please make your license say that?" Levine says.