Greetings,
Microsoft Chairman and Chief Software Architect Bill Gates recently issued a new strategic direction to the company's 40,000-plus full-time employees: The company will now choose security and privacy over new features in an effort to better protect its customers. The memo is the third such wake-up call Gates has issued in the past decade; the other two dealt with the importance of the Internet and the move to .NET. Interestingly, the latest memo ties the earlier themes together into something called "Trustworthy Computing," and Gates was very clear that Microsoft needs to fulfill the strategy within the confines of .NET. And the memo is a fascinating look inside the work Microsoft is doing now to make .NET a reality.

"Over the last year it has become clear that ensuring .NET is a platform for Trustworthy Computing is more important than any other part of our work," Gates wrote. "If we don't do this, people simply won't be willing—or able—to take advantage of all the other great work we do. Trustworthy Computing is the highest priority for all the work we are doing. We must lead the industry to a whole new level of trustworthiness in computing."

"When we started work on Microsoft .NET more than two years ago, we set a new direction for the company—and articulated a new way to think about our software. Rather than developing standalone applications and Web sites, today we're moving toward smart clients with rich user interfaces interacting with Web Services. We're driving the XML Web Services standards so that systems from all vendors can share information, while working to make Windows the best client and server for this new era."

This vision for .NET isn't new; Microsoft has been very open about its .NET plans. But the security and privacy aspects of .NET have always been rather suspect. Criticism of Passport, Windows Messenger, and other .NET-related technologies made headlines throughout 2001, and the company's public announcements about .NET security features have been rather vague. But with this memo, Gates has laid down a new set of rules for .NET development. And user security and privacy are at the forefront.

"However, even more important than any of these new capabilities is the fact that it \[.NET\] is designed from the ground up to deliver Trustworthy Computing," Gates continued. "What I mean by this is that customers will always be able to rely on these systems to be available and to secure their information. Trustworthy Computing is computing that is as available, reliable, and secure as electricity, water services, and telephony."

"No Trustworthy Computing platform exists today. It is only in the context of the basic redesign we have done around .NET that we can achieve this. The key design decisions we made around .NET include the advances we need to deliver on this vision. Visual Studio .NET is the first multi-language tool that is optimized for the creation of secure code, so it is a key foundation element," Gates wrote. Coincidentally, the Visual Studio .NET software development tool was recently finalized and will be sold publicly beginning in mid-February.

One big change in Microsoft's new strategy involves the creation of new security models to protect customer data that the company's products and services store and access. Gates was vague on how this part of the strategy will work, but noted that the company will need to create extensible security models that developers can easily incorporate into their applications and services.

An even bigger change concerns privacy, and the following pronouncement likely will affect Microsoft's plans for Passport. "Users should be in control of how their data is used," Gates wrote. "Policies for information use should be clear to the user. Users should be in control of when and if they receive information to make best use of their time. It should be easy for users to specify appropriate use of their information, including controlling the use of email they send."

I'll be interested to see how the privacy groups that complained about Passport react to this emphasis on privacy, given that Gates's statement seems to address their primary complaints that Microsoft, not the users, control user data. However, Gates's description of privacy changes is more plan than substance, so a more concrete set of announcements is likely forthcoming.

Whatever happens, one thing is clear: A dramatic and long-overdue emphasis shift is occurring within Microsoft. If the company is successful, it will deliver a new generation of more secure software and services, even as internal code reviews secure existing products. In the end, Microsoft definitely needs the trust of the computing public to make the leap to .NET, and this strategy, along with an inevitable set of more concrete plans that build on this strategy, will play a large part in determining .NET's success. I think the new strategy is a step in the right direction.

For the complete text of the Bill Gates "Trustworthy Computing" memo, visit the WinInfo News Web site.

http://www.wininformant.com/articles/index.cfm?articleid=23801