Interview with Carlo Piana

The lawyer for Samba and the Free Software Foundation Europe explains the behind-the-scenes work behind last month's antitrust decision against Microsoft.

The European Union' 899-million-euro antitrust fine is the result of a continuous effort by the European Commission dating back to 2000. Carlo Piana, a partner at the Milan law firm Studio Legale Tamos Piana & Partners, represented the Free Software Foundation Europe and the Samba project in the case.

Can you introduce your work in this case to our readers? When and why did you join?

I joined in June 2004, when Microsoft's appeal against the EC eecision was filed and the news spread. This story has actually been told many times and reported by the international press. I just offered an initial help with the filing of a simple "application for leave to intervene", which is a short document by which you ask permission to join the case as you have a direct interest in the outcome of the case. The understanding was that other lawyers would have kicked in later.

As it turned out, however, that expectation was largely unfounded, as I was sucked up in the turmoil of the first part of the case, which was about the suspension of the remedies provided by the Decision. That part is called "interim measures". It was done over the summer holidays of 2004 and ended in a two-day hearing in Luxembourg. It was so frantic that I could hardly take a breath. It involved getting up to gear with the substance of the case, with the pleading of the two main parties (Commission and Microsoft) and of a dozen of other interveners, with technical issues and a helluva lot of documentation. Needless to say that I did not take any holiday that year.

Basically my work is that of a counsel in the proceedings, that of filing briefs and pleading, preparing the evidence, appearing in court an plead. But beyond that, putting together a team of great individualities and transforming their invaluable technical and somewhat legal contribution into one solid and as legally neat as possible defence was also quite a demanding task. Moreover, it is no mystery that a lot of coordination work had to be done with the other friendly interveners and to some extent also with the Commission.

This, of course, for all the branches of the case that sprouted along the way. It was indeed a long and complex activity.

Do you have any information about how EU's initiative for investigation of Media Player started, since the whole case begun with Sun's complains on networking problems? Was it EU that noted this or someone else?

I was not involved at that stage, so I am no eyewitness of it. As far as I can tell from the documents, it was a "motu proprio" initiative of the Commission. In antitrust cases, the Commission has the right to initiate investigation also out of an informal complaint or even in case during its review of the market it finds infringements to the law.

What was Microsoft's strategy? How did the company defend itself in this case?

That is complicated. The general strategy appears to me, frankly, to be a damage control and delay one. They have hired possibly the best representation money can buy in Europe, people that have made the history of EC law. Luckily also on our side of the wall there was no shortage of brilliant and prepared minds. So the strategy was well served by a good display of tactical maneuvers to make the case as complex and costly as possible. The sheer volume of the paperwork is itself staggering: it takes almost a scaffold in my office. But I must also say that the opponent was reasonably fair in avoiding dirty tricks and ambushes.

The central point of the legal defence, at least in the interoperability case, was "intellectual property", meaning mainly trade secret and patents, but also copyright to some extent. Microsoft said that it invested a considerable amount of resources to invent new products and technology which are invaluable, and by releasing the information according to the requirements of the challenged decision would have allowed others to "clone" their products and in general to take a free ride on their inventions.

A quite spectacular defence was that about security. Basically it said that, unlike the Internet protocols, those keeping together a Microsoft work group network were so conceived that the all the servers acted as if they were a single distributed entity. In other words they were "tightly coupled", closely knitted together so that any intrusion from the outside, a drop-in replacement pretending to be a Microsoft Windows server could cause irreparable harm and all sort of nefarious problems. Besides, disclosing the specifications of their protocols would have required a hardening of the protocols, in order to make them resistant to malware attack or simply of badly designed third-party software which could have compromised the whole infrastructure.

But nothing was more shocking to me than hearing that they could not release the specifications because... they do not exist. They had to call back retired engineers or scroll through millions of lines of source code to find out what the heck they have done with the protocols.

Part of our value added in the case was to show how this all was nonsense. For the first part, our lead tune was "this stuff is not secret because valuable, but valuable because secret". Actually it is just a relatively thin proprietary layer of extensions to publicly available protocols and well understood techniques. At most, good engineering, but hardly any innovation if compared with existing implementations of the same protocols.

As the "tightly coupled" defence, the Samba guys were well positioned to rebut. Samba is quite a good piece of software, provided how it has worked out interoperability with Windows. So good that Microsoft itself used it as a reference implementation for the WSPP, the licensing scheme it has offered as a compliance to the remedies. And even without fully having understood all the idiosyncrasies of Microsoft's protocols it does not cause much disruption if used along with Windows servers. And I will not comment much further about the need to harden the protocols, as any reader could take the appropriate conclusion without me explaining how security through obfuscation is a false way of achieving security, and that malware makers surely do not need fully licensed specifications.

Was there some problematic behavior from MS that you noticed during the processes? Some non-official information says that MS spent 3.6 billion dollars on several actions related to this case. Any comment?

That was another arm of Microsoft strategy. Divide et impera.

It all started with Sun, the initial complainant. It received quite a treat to jump off the case, something in the range of two billion dollars. That was even before the court case started. The same happened later with Novell and CCIA, shortly after the "interim measure" case, during fall 2004. Notably, it was before the President issued the final order in that part of the case. And it happened again shortly before the main hearing last year, with Real Networks. That was even sleazier, because it had as a consequence that all the written documents submitted by Real as pleadings and evidence were taken off the court file. At that point the written phase was over and the evidence we were relying upon disappeared.

I don't know what is the final figure of this, but surely is over 3 billion dollars, in cash or services.

Are there any notes about 5-day hearing from April 2006? There wasn't much info about it and both sides were quite quiet about that.

The five-day hearing last year was huge. All numbers were impressive. The "grande salle", the big hearing room at the Court of Justice, was half packed with the representatives of the parties and of the interveners only. The press had to be accommodated in a separate room. Thirteen judges were sitting on the bench, which was unprecedented for the Court of First Instance.

Why did the European Court wait so long to make a decision?

Indeed, it was a long decision. However, one must consider that it was a case of an unprecedented complexity and importance, therefore a high duty of care was imposed on them. I believe that now the Commission is going to review its internal process to make it more expedite, a decision, whatever it is, must be reached in months, not years, because the market moves too fast.

The events were perhaps not so exciting as one would expect in a courtroom movie. However, for those conversant with the case, it was quite eventful. Starting with a surprise argument of Microsoft, which invented a new theory to support its case, the infamous "blue bubble".

The claim that the computer were "tightly coupled" and therefore there was no way to plug in a replacement server in the network was largely destroyed at that time, so, in order to salvage at least part of it, they said that the coupling happened not across all the network, but among those servers which run the Active Directory replication services, in other words, those servers at the top of the pyramid. Those servers need to keep a complete copy of the authentication and authorization database, which must be efficiently replicated over whatever bandwidth available.

The algorithm of that replication, including what to do if one server goes down and cannot relay the replication, are allegedly of such a peculiar nature that there is no way other than replicating the internal behaviour of them to make them work together. In other words, according to this funny theory, the messages that go through the wires are not sufficient to decide what is the correct behaviour of any servers, they must agree on a particular behaviour without speaking, according to a very secret algorithm. Therefore, there is no other way to replace a Windows server in the blue bubble if not cloning, in the strictest meaning of the word, a Windows server.

This late theory was very effectively discredited by Tridgell, who explained how one should not need to replicate (carbon copy) the very algorithm used, but only the specifications of the algorithm must be communicated, so that a compatible algorithm could be developed by the drop-in manufacturer.

In that case Tridgell was invaluable because one could tell how the judges believed him. And of course he was saying the truth, which sometimes helps in court. Finally, as this was a relatively new addition to the case, it was something utterly unprepared, that adds very much to how good our guys have been.

Can you describe your free software team cooperation with the EU?

Cooperation was the key to success on our side. I mean not only cooperation between us, to start with FSFE and Samba, but also with the interveners and with the Commission. It was half a miracle, given the various constraint we were to face. Including, for the Free Software part, a lack of proper funding, which meant a partly pro bono lawyer was all we could afford, I mean, my humble self.

Who are the people from free software community in this process and what was their role?

I have already mentioned Tridgell, whom many of the readers should know already. He is the founder and the leading developer of Samba. But also from the Samba team, two more people deserve high praises. The first is Jeremy Allison. Jeremy had a very important role first in the administrative proceedings, convincing the Commission to pass the Decision. Then in the interim case he also appeared in court ad made a big show. Unfortunately, after the interim, he was recruited by Novell which, shortly thereafter, entered into a settlement with Microsoft and pulled off the case. The settlement also prohibited any employees of Novell to cooperate with the case (and especially with us), which shows how negative to justice this sort of agreement could be. Nonetheless, as an Italian saying goes, not all bad things come to harm. We had the opportunity to bring Tridgell into the case, and I can hardly say who is more effective.

A special mention must me made for Volker Lendecke. He is a German top developer of Samba, and works for a company named Ser-Net of which he is also a major stakeholder. He had a decisive role behind the scenes and helped me very much with the technical stuff, and even appeared in the private hearing at the Commission when the fines for the incompleteness of the information were to be decided against Microsoft.

Finally, the people from the legal team of the FSFE, who have reviewed much of the written pleadings and have been supportive all along. And how to forget about the President, Georg Greve, who was always there in court and had a role also in the preparation of the hearing.

A journalist from the New York Times called us "a motley crew", and indeed if you saw how our company was formed, the impression was not of the neatest, most cleaned-cut gathering. At the hearing also Alan Cox teamed with us, summoned by Red Hat. But the appearance is misleading at times, as Alan is a very charming person, with a remarkably high education in technical as well as commercial matters (he holds an MBA too), despite his strong Welsh accent which makes him almost impossible to understand. But who knows Alan can easily understand why we were also nicked "the hairy guys".

Do you have any information about the Opera vs MSIE case and current level of activities?

1 2 Page 1
Page 1 of 2