crypto and public policy

AtStake Fires Dan Geer, Loses All Claim to Objectivity

Filed under: General September 27, 2003 @ 9:28 pm

AtStake, a Cambridge-based security company, fired its CTO, Dan Geer, for co-authoring a report that criticized Microsoft security. Dan Geer is a world-renowned security expert. He was a systems manager on MIT Project Athena, including the ground-breaking Kerberos authentication system. He is the newest president of USENIX. Let’s face it: criticizing Microsoft security is not exactly a lonely, controversial point of view. Even Microsoft publicly admits their need to improve security. AtStake made a general claim that the Geer-authored report did not fit “company standards.”

AtStake claims Microsoft – one of their clients – did not have any active role in this decision. Okay, let’s assume that’s true. That means AtStake made this decision of their own free will. What does that tell us about their business philosophy? If AtStake is willing to take such drastic action (firing Dan Geer) because of a single report, it must mean that they are not willing to criticize any company if that company becomes a customer. After all, mistakes happen. If the CTO – and not just *any* CTO either – gets fired for one report, what AtStake employee is going to have the balls to criticize a client in a future report?

One can only assume that security reports from AtStake will become weak and, if not politically motivated, at least politically stunted. It begs the question: if firing Dan Geer is worth it on the basis of how much Microsoft pays AtStake, is it still worth it once every client knows AtStake reports are motivated less by security and more by politics? Time will tell, I guess.

UPDATE: In my second paragraph above, I imply that Dan Geer’s report was a “mistake.” I don’t think it was. My argument is that, even if we give AtStake the benefit of the doubt and assume the report was indeed a mistake, their action speaks volumes about their philosophy on security reports: politics first.

1 Comment

  1. Dave Winer:

    Just a quick note to say I’m really enjoying your weblog, and hope to get a chance to meet you sometime sooon!

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.