Making the right call?

A short time after Microsoft’s chairman and chief software architect, Bill Gates, unveiled his company’s plan for securing email communications, leading email authorities, legal experts and at least one Internet service provider (ISP) began expressing concerns about the email sender authentication plan, known as Caller ID.

Some experts agreed that the technology is promising. However, Microsoft’s claim that it owns patents around Caller ID and its decision to license the technology to third parties, rather than submit it to an Internet standards body, have riled email experts and domain owners, some of whom said they worry about a power grab by the company and are wary of signing on to the new system.

Caller ID allows Internet domain owners to publish the Internet Protocol (IP) address of their outgoing email servers in an Extensible Markup Language (XML) format email “policy” in the Domain Name System (DNS) record for their domain. Email servers can query the DNS record and match the source IP address of incoming email messages to the address of the approved sending servers, Microsoft said. The goal is to reduce spam for end users.

Speaking at the recent RSA Conference in San Francisco, Gates set out an ambitious agenda for deploying Caller ID, saying it would be “very easy for people to apply” and that Microsoft hoped to have Caller ID in place by the third quarter, provided it could reach the right agreements with ISPs and email providers.

Gates did not elaborate on what those agreements might involve, but said that Microsoft had some patents related to the fundamentals of Caller ID which was “royalty-free, available for everyone to use,” according to a transcript of his RSA speech.

Microsoft published a technical specification for Caller ID on its website, along with an “implementation license” for organisations that wanted to develop and implement software conforming to the specification.

An email expert said the agreement could be an obstacle to Caller ID’s widespread adoption.

“Given the license they’re offering, it’s clearly a problem,” said John Levine of the Internet Engineering Task Force’s (IETF’s) Anti-Spam Research Group.

Like some others, Levine said he was concerned because Microsoft had not said what technology its patents covered. He also took issue with its assertion in the license agreement that Caller ID licenses could not be transferred from one party to another, leaving the job of assigning licenses to Microsoft.

“The way the license is written, you can’t read [Microsoft’s] intentions,” he said. “They could stop giving out [Caller ID] licenses at any time, or suddenly say that Caller ID is bundled with Windows.”

Microsoft’s agreement grants licensees a fully paid, royalty-free license to “make, use, sell, offer to sell, import, and otherwise distribute” licensed implementations of the company’s Caller ID patents. The company will not seek royalty payments for use of the patents now or in the future, according to a statement by business manager for Microsoft’s Antispam Technology and Strategy Group, George Webb.

The technology is new and its patent applications were still pending, Microsoft’s Intellectual Property and Licensing Group spokesperson David Kaefer, said.

However, the company said its Caller ID license agreement was not limited to any single patent, but covered rights to any Microsoft patent or patent application involved in implementing the Caller ID specification, Kaefer said.

“Microsoft wants to do more than merely give [Caller ID] away, they also want to make sure nobody else can profit from it,” said Steve Frank, a partner in the law firm, Testa, Hurwitz & Thibeault.

That should not be surprising, considering the time and money it has invested in designing the new architecture.

To protect its investment, Microsoft reserved the right to incorporate other groups’ improvements to Caller ID back into the specification free of charge, using a so-called “reciprocal license”, Frank said.

The company’s reliance on individual license agreements with domain owners was unconventional, he said.

“The traditional way to do this is through a standards body that has its own rules for how people can develop the initial technology and exploit improvements,” Frank said.

Groups such as the Institute of Electrical and Electronics Engineers (IEEE), the IETF and the World Wide Web Consortium (W3C) had rules for adopting and protecting another company or group’s intellectual property as part of a technical standard, and were well-situated to take over and promulgate the Caller ID specifications, Frank said.

In shunning standards organisations, Microsoft was acting contrary to a standard Internet ethos that technical standards should be free of legal entanglements, chief architect at ISP Earthlink, Robert Sanders, said.

“It’s clear that standards that are unencumbered are the most successful on the Internet, and I don’t think it’s any different here,” he said.

As it stood, the company’s licensing model for Caller ID did not conform to any IETF policies for handling patents, he said.

“If they want to offer free, permanent licenses for Caller ID, that’s great, but could you please make your license say that?” Levine said.