Out of the Commission and into Microsoft

Detlef Eckert has taken three years' leave from the European Commission to lead Bill Gates's Trustworthy Computing Initiative…

Detlef Eckert has taken three years' leave from the European Commission to lead Bill Gates's Trustworthy Computing Initiative team in Europe, writes Jamie Smyth.

It's easy to tell that Detlef Eckert hasn't adapted yet to life at the world's biggest software company, Microsoft Corporation. Sipping coffee in the lobby of the Gresham Hotel, Dublin, Microsoft's new senior director of its Trustworthy Computer Initiative for the European region, is wearing a black suit and tie.

This may be regulation attire for bankers and bureaucrats but not for the 50,000 knowledge workers at the world's biggest software firm. After all, hasn't Microsoft always prided itself on its casual dress code and a young culture that inspires innovation?

Mr Eckert quickly acknowledges his formal attire doesn't fit the Microsoft mould. He is on route to speak at the National IT and e-Security Summit held this week at Croke Park and, in the current climate, firms are once again putting their trust in fundamentals.

READ MORE

But he insists Microsoft is not a very bureaucratic organisation.

"Microsoft is certainly not the monolithic company with some bad or bright guy sitting at the top as I'd expected before joining," says Mr Eckert.

"Rather, I've been surprised by the entrepreneurship which drives the firm forward.

"I get the feeling that if I had an idea to set up a 500-staff operation somewhere in Europe, and it was based on good reasoning, it would be done very quickly. In my last job this would take a few years."

Mr Eckert's former job was head of the European Commission's division responsible for analysis and planning in the Information Society Directorate, which probably explains the black suit. Back in December, he took three years leave from the Commission to become Microsoft's "Trustworthy Computing" tzar for Europe.

The move has not been easy with Mr Eckert being thrust into the media spotlight because of his former role in the Commission's continuing antitrust investigation into Microsoft. As head of the Information Society Directorate, he had discussions on the case with members of the Competition Directorate pursuing the case against Microsoft.

The inquiry is similar to that pursued by the US Department of Justice, in that it alleges abuse of a monopoly position, although in different technical areas. An initial decision is expected later this year, and many observers believe it could result in a major fine.

Microsoft's competitors and the media alleged a potential conflict of interest when Mr Eckert accepted the job, and the story made headlines in the world press.

"I was not embarrassed by this \; rather I was surprised that I was viewed as being so important," says Mr Eckert, who denies it is a conflict of interest issue.

"The only time in particular when I had a role in the Microsoft case was when I met a guy called Ed Black in 2001 [(from the Competition Directorate] ... since then I have chosen not to involve myself in any communication.

"Even if I knew something about the case, I am under strict non-disclosure rules and confidentiality. No one has ever questioned my own integrity," he says.

"I have no regrets about moving," says Mr Eckert, who has the option of returning to the Commission in three years.

Mr Eckert's role at Microsoft is to develop the firm's Trustworthy Computing Initiative in Europe, Middle East and Africa. The initiative, outlined by Bill Gates in an email to staff last year, will seek to overturn the commonly held perception that the firm's software is often flawed.

"It [the initiative] is a number one priority," says Mr Eckert. "But this initiative is not only about security and fixing bugs in software. It is also about privacy, reliability and, importantly, business integrity."

Microsoft's goal is to make computing as reliable as any other utility such as electricity. The firm considers security and privacy a business enabler, says Mr Eckert.

"Forrester is predicting there will be 14 billion computing devices connected to the internet by 2010... so security will become an essential part of the computing environment," he says.

But one year on from the initiative's launch, it is clear everything is not going Microsoft's way. Just last month, the Slammer worm wrought havoc on computer systems costing firms at least $1 billion (€928 million) .

The worm took advantage of a weakness in Microsoft's Windows 2000 SQL server database, and even managed to shut down some of Microsoft's own computer systems. It also followed just days after founder Mr Bill Gates sent a memo to staff on the initiative outlining that it had "accomplished a lot in the past year".

"Just because of the Trustworthy Computing Initiative, nobody is saying all Microsoft products are safe and secure, because even after a few years of work there will probably be some attacks," says Mr Eckert. "Slammer was typical in that it exploited a vulnerability that was already known. There was a patch out there but it was difficult to install and many people hadn't done that."

As part of its initiative, Microsoft is reviewing its patch management programme. And the firm is conducting "serious work" on the idea of automating the patch process, says Mr Eckert. A central theme of the new initiative is getting the software code right in the first place, and Microsoft is redesigning the way it develops code, says Mr Eckert.

Microsoft's development teams are undertaking a process called "code review" where a rival team explores the potential vulnerabilities of a piece of code written by another development team.

This produces a traceable method of analysing why and where bugs appear in software, he says. Microsoft, often criticised for rushing its software releases to boost sales, also decided to delay its recent server product to work on security. It is estimated this cost the firm about $200 million, says Mr Eckert. "The software development process is being remodelled and we are about half way through this process. But the initiative is affecting every bit of the company," he says.

Microsoft is also tackling the concept of privacy in computing as part of its initiative, which is often much harder to pursue than security due to cultural and legal differences between states, says Mr Eckert.

"For example the European concept of privacy has traditionally been directed at protection from the state," he says. This is often different in other countries such as Japan, China or the US, says Mr Eckert, who worked in the area while at the Commission.

Adopting new technology often creates a trade off curve between productivity and privacy. As computers store more customer information on individuals, people can do more with computing devices. But it will also has a knock on effect on privacy, he says.

Microsoft is looking at ways to give clients the choice of opting into or out of these new services, says Mr Eckert.He will have to make his own choice between continuing with Microsoft or returning to the Commission in 2006.