Careless talk costs jobs — especially if you’re rude about Microsoft

Careless talk costs jobs — especially if you’re rude about Microsoft

Here’s the story. A group of security experts produces a paper (aimed partly at a US Congressional audience) which argues that overreliance on Microsoft Windows threatens the security of the U.S. economy and critical infrastructure. Nothing unusual in that, you may say: it’s only stating the obvious — especially given that, although the study was independently financed and researched, it was distributed by the Computer and Communications Industry Association (CCIA), a Washington-based trade association largely made up of Microsoft’s rivals.

But then something interesting (though not entirely surprising) happened. Dan Geer, one of the authors of the report and a longtime computer security researcher, was Chief technical Officer at a Cambridge, Mass. outfit called @Stake which does a lot of business with Microsoft. And guess what? Just before news of the report broke, Dan found that he was no longer employed by @Stake. Apparently he had forgotten to obtain his employers’ approval for the study’s release. Tsk, tsk.

“Participation in and release of the report was not sanctioned by @Stake,” the security and consulting company said. “The values and opinions of the report are not in line with @Stake’s views.”

You bet. A Microsoft spokesman said the software maker had not pressured @Stake to make any decision on Geer’s status. “We had nothing to do with @Stake’s internal personnel decision,” the spokesman said. Of course they didn’t — there was no need to. Just to make sure there would not be any misunderstandings in Redmond, however, @Stake did call Microsoft late Tuesday night (after news of the report’s contents first broke) to say that Geer’s findings did not reflect the company’s opinions.

It’s a bit like a story from the Old Soviet bloc, really. Everyone in the industry knows that the world’s chronic dependence on Microsoft’s buggy, insecure products is one day going to cause catastrophe, yet many people who know about security are scared to speak out because they will be fired if they do so. The most powerful censorship is when people censor themselves.

Here’s the Washington Post report, which includes an account of how CIO magazine declined to distribute the report — just to reinforce the point about self-censorship.