Open Source Market Segment LS
Open Source Market Segment RS
Thursday, 28 March 2013 10:25

Lawyer hopeful of success with secure boot complaint Featured


The lawyer who has filed a complaint with the European Commission against secure boot in Windows 8 on  behalf of some 8000 Linux users in Spain says the complaint takes "an user and developer perspective, it is an unprecedented approach to the problem of monopoly in operating systems in Europe".

"I think that Hispalinux is likely to show that Microsoft is engaged in additional anticompetitive acts that were not conclusively determined in the 1998 European Commission investigation," José Maria Lancho (pictured above) told iTWire.

Hispalinux is the organisation on whose behalf Lancho has filed the complaint; according to him, it is a non-profit Spanish association with more than 8000 software users and developers as members (some of them significant engineers) in Spain. The complaint was filed at the Commission Register and the Directorate-General of the Commission is likely to receive it next week.

"Hispalinux also collaborates in many technological fields with the Spanish authorities," he said.

"Our association was founded in 1997 to promote research in the field of free and open source software, interoperability, and (to) advance the knowledge of new technologies among civil law practitioners, and encourage the public administration to promote integrity, independence, and expertise in its digital services on (a) technologically neutral basis."

Contrary to some of the uninformed speculation about the complaint, Lancho seems to be fully aware of the complexity of the task he has undertaken.

"Of course we have technical advisers on board," he said in response to a question. "But we have also based the technical aspects of the complaint firstly (on) Microsoft's own technical specifications for the Windows 8  Certification and contrasted them with the European antitrust laws. We also cite the work of (former Red Hat employee) Matthew Garrett, (Linux Foundation technical guru) James Bottomley and others.

"We have studied enough previous cases related to the abuses of Microsoft's relevant position in European and American markets, and collected first-hand accounts and testimonies from developers, retailers, distro designers and bloggers from around the internet to conclude that the problem is real.

"We have studied Microsoft's exclusionary business strategies that in effect limit its customers' ability and/or incentive to use other operating systems and, in the case of Spain, this leads to a virtually universal breach of laws for public procurement, due to the fact that there is currently not one single public tender in which a technology different from Microsoft's Windows can be offered."

Lancho said the bottom line was that UEFI Secure Boot with Microsoft keys was "designed to block non-certified, non-Microsoft software. This is not a side-effect. It is its main purpose and is spelled out as such in Microsoft's own documentation".

While he does have an English translation of the 14-page complaint, made on Tuesday, Lancho offered a summary of the same as the document cannot be released until it reaches the Commission, probably next week.

"Microsoft has recently introduced a new operating system called 'Windows 8'. The main 'innovation' of Windows 8 is that it incorporates a new obstruction mechanism (called 'UEFI Secure Boot') that controls the start-up of the computer, impeding the free execution of any software program competitive with Windows," he said.

One of the options allowed by UEFI was the digital signature of drivers and applications, permitting complete control over the start-up system.

"I will not explain (to) you the signature process but this makes it near impossible to boot any operating system on a computer that does not have Microsoft's permission," Lancho said. "Microsoft, as the sole owner of the private key, which matches up with the public key held in the memory of computers running Windows 8, is the only party that can authorise (sign) the software components in UEFI, the only party that can sign the boot of the operating system, and the only party that can sign the communications between the operating system and UEFI.

"To be able to attain this goal, Microsoft has to use all its influence and power in the market to to force computer and component manufacturers to accept its monopoly in the key generation system."

He said another interesting aspect was that the whole process could not be reproduced using the private user's certificate without Microsoft's approval, as the standard did not force the manufacturer to include an application to change or reset the PK or KEK repositories. Also, for ARM models, this security model could not be disabled by the user.

"With this set-up, the only option left to the consumer who decides to boot another operating system is to contact Microsoft and hope that the company decides to sign his/her system's components that are in charge of the boot and communication with the UEFI services," Lancho said. "This forces the user (to) enter into negotiations with a company that is famous for its monopolistic policies, with all the problems this would entail.

"The resulting situation is a de facto technological jail for computer booting systems thanks to Windows 8, making Microsoft's Windows platform less neutral than ever, rendering consumers' hardware unreachable for products from competitors."

Lancho said the public market would also be affected, since there was an evident legal incompatibility between the UEFI Secure Boot controlled by Microsoft through Windows 8, and the principles of public procurement and the impossibility to apply the principles of interoperability, established in Spain by Royal Decree 4/2010.

"It would also impede the re-use of thousands of licences of earlier versions of Windows and the development of internal technological solutions which would use a dual booting system, limiting the choice to Microsoft products, if they exist, that comply with the law 11/2007, which introduces the principle of technological neutrality when dealing with the public."

Lancho said the complaint claimed that Microsoft had implemented this secret plan for the purpose of acquiring and maintaining an illegal monopoly over the interaction of the operating systems and the x86 line of microprocessors, which it did by delaying the ability of its competitors to access the market or to otherwise develop and manufacture competitive products.

"In this case, we are not up against a kidnapped standard, but up against the kidnapping of the access to the inner workings of the hardware. The consumer has her/his hardware taken from her/him, losing control over her/his own machine. The fact is that no software or operating system that needs the boot system to install or work will be able to access the computer without Microsoft's prior permission," Lancho said.

"This requirement is completely unjustified and... implies a complete subordination to the company for anybody who wishes to distribute or sell software or content that works and could be competitive."

He said Microsoft's strategy, clearly designed to control the market and exclude competition, affected all software areas. "No measure that forces Microsoft to reach agreements with third parties can compensate (for) the degree of subordination of its competition with the activation of UEFI and Window 8 secure boot system."

Lancho said that in this way, Microsoft had avoided competition on the merits and deprived Linux of the opportunity to stake quality and economic advantages against Windows for every public contract, for every potential computer sale.

Read 8349 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


Thoughtworks presents XConf Australia, back in-person in three cities, bringing together people who care deeply about software and its impact on the world.

In its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust agenda of talks as local thought leaders and Thoughtworks technologists share first-hand experiences and exchange new ways to empower teams, deliver quality software and drive innovation for responsible tech.

Explore how at Thoughtworks, we are making tech better, together.

Tickets are now available and all proceeds will be donated to Indigitek, a not-for-profit organisation that aims to create technology employment pathways for First Nations Peoples.

Click the button below to register and get your ticket for the Melbourne, Sydney or Brisbane event



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News