Why the government should watch out for the card up Microsoft's sleeve

The UK government has been offered a peek at the Windows source code - the latest country to be offered the privilege under Microsoft's Government Security Program (GSP).

As the name suggests, this initiative is supposed to be all about security. Microsoft twigged a while ago that its reputation in this regard is more than slightly tarnished - and national governments tend to be a bit twitchy about such things.

So last year Bill Gates issued a fatwa on iffy code: over 8,000 developers were given a virtual tooth comb in a bid to eradicate any security holes in Microsoft's software. That move was made to reassure businesses and consumers as much as governments.

Then came the GSP, which was launched two weeks ago and pitched squarely at the latter. Microsoft said it will provide "governments with access to source code and information that [they] need to be confident in the security of the Microsoft platform".

Today, E-envoy Andrew Pinder said: "Partnership agreements such as the one I have signed... with Microsoft are key to the risk management of the national information infrastructure."

Risk management, security... sounds good. But is this really what it's about? Let's return to the commercial world. In 2001, Microsoft launched its Shared Source Initiative, which bares an uncanny resemblance to the GSP. Big businesses and various other third parties were offered smart card access to a secure website containing millions of lines of Windows 2000, XP and .Net server code.

Microsoft didn't really say too much about security then. The main purpose of this exercise - acknowledged by Microsoft - was to fight off the threat of Linux, which was gaining traction in organisations throughout the world.

Since then, the same thing has happened in target-rich but cash-poor government departments. Open source software has been adopted officially in Brazil. It's encroached on Microsoft in Germany, Norway and Peru, among other countries. Many more are looking at it unofficially. So Microsoft had to hit back. Hence the GSP.

The clever trick was to pitch it as an answer to governments' security fears - but make no mistake, that's a sleight of hand. Microsoft is genuinely concerned about the open source movement, but has decided to stop slagging it off. Instead it is taking aim at what was becoming a stronghold for open source by playing the security card.

Very few businesses actually bothered to look at the source code they were offered under the Shared Source Initiative. It'll probably be the same with the GSP. But by offering it, Microsoft appears to be open source friendly and security conscious - and therefore OK for use within governments.

Which of course it is. But lurking up Bill Gates' sleeve are a couple of Black Mariahs: licence fees and long-term lock-in. Can governments trump that? Probably not.