Why I'm not worried about HailStorm

Microsoft's announcement of its forthcoming HailStorm platform for distributed Internet applications has engendered quite a bit of controversy. The issues it raises about privacy, security and control of the Internet are serious, so it's not surprising that it has been met with a hailstorm of worried responses.

But I'm not worried, partly because I don't view Microsoft as "The Embodiment of All Evil in the World." I'm also convinced that these concerns will work themselves out. Here are the most common criticisms I've heard about HailStorm, along with an explanation of why I'm not worried about each one.

HailStorm requires that Microsoft-run servers contain calendars, contact lists, location information, credit card numbers and other personal data about its customers. Microsoft can't be trusted with this data. Microsoft's response to this is to promise never to sell, mine or even look at this data. Only applications explicitly granted access by each user will be able to examine the information maintained by HailStorm. But why should we trust Microsoft to do this? The temptation to make money from this data might prove irresistible. Yet, if Microsoft breaks its promise, customers will stop using HailStorm, and it will fail. Corporate customers are likely to force Microsoft to sign contracts guaranteeing the privacy of their data, so selling this information would also probably expose Microsoft to large financial liabilities. It's in Microsoft's interest to keep its word.

Even if Microsoft doesn't sell my personal data, allowing the company to know my schedule, who my friends are and where I am is a violation of my privacy. AOL knows when its instant messaging customers are logged on, Yahoo knows the calendars of people who use its service and so on. Is Microsoft any worse? Ultimately, users will decide. If they believe that the benefits of HailStorm-based applications outweigh the perceived privacy issues, then HailStorm will succeed. If they don't, it will fail.

The server machines that support HailStorm will make perfect targets for hackers. Given Microsoft's record for security, they won't be able to protect users' data even if they want to. I don't believe Microsoft can guarantee that its HailStorm servers will be hacker-proof; no vendor can make that claim. But if hackers are able to compromise the data HailStorm contains, customers will desert in droves and HailStorm will die. Guaranteeing security is impossible, but Microsoft has a strong incentive to protect its HailStorm servers—it's life and death for this business.

HailStorm has a single authentication service, based on Microsoft's existing Passport service. If HailStorm is successful, Microsoft could effectively become the Internet's gatekeeper, creating yet another Microsoft monopoly. Microsoft would surely like a monopoly, yet if HailStorm really is a good idea, it will attract competition. The question isn't whether the HailStorm services will become a monopoly, but whether they will succeed at all. Authentication is the key service in the type of platform HailStorm provides and, like the other HailStorm services, it will cost money to build and operate. Only a for-profit organization will take this on, so expecting someone other than a vendor to provide this service is a pipe dream.

Any ISV that builds an application that depends on HailStorm is at Microsoft's mercy. The company might raise the price at any time. Competition will keep Microsoft from raising prices once app developers become dependent on HailStorm. If no competitors emerge, then it's likely HailStorm won't be a success, since good ideas always attract others to a market.

How can Microsoft guarantee the availability of the HailStorm services in the face of network problems, server failures and other outages? Redundancy. Microsoft will need to deploy HailStorm servers at locations around the world. If the services aren't available enough, HailStorm will fail.

I don't know if HailStorm will succeed, but it's the most innovative idea I've heard in quite a while—one that holds the potential for a new class of applications. The bottom line, though, is that HailStorm is a business. If Microsoft's opponents' worst fears come true, HailStorm won't be able to keep its customers. If Microsoft can address these concerns successfully, HailStorm may well succeed. It's too soon to know what will happen, but either way, this is an interesting technology. And it's one that I'm not worried about.

About the Author

David Chappell is principal at Chappell & Associates, an education and consulting firm focused on enterprise software technologies. He can be reached via E-mail at [email protected].