Microsoft: Ethics & Economics of Customer Service

Check out this current item from Wired, by Bruce Schneier, “Quickest Patch Ever.” The story is mirrored on Schneier’s own blog under the title, Microsoft and FairUse4WM.
It’s a story about Microsoft’s sometimes-slothful and sometimes-speedy response to security gaps in its software.

Microsoft has suffered plenty of criticism in this regard. Why is that? According to Schneier:

…no software vendor likes to issue patches. Every patch is a public admission that the company made a mistake. Moreover, the process diverts engineering resources from new development. Patches annoy users by making them update their software, and piss them off even more if the update doesn’t work properly.
For the vendor, there’s an economic balancing act: how much more will your users be annoyed by unpatched software than they will be by the patch, and is that reduction in annoyance worth the cost of patching?

Microsoft’s usual practice is to gather up & analyse reports of problems, and then to issue one “mega-patch” on the second Tuesday of each month.

Why? Because it makes near-term financial sense to Microsoft. The company is not a public charity, and if the internet suffers, or if computers are compromised en masse, the economic impact on Microsoft is still minimal.
Microsoft is in the business of making money, and keeping users secure by patching its software is only incidental to that goal.

The story gets its title, and its point, from the fact that when Microsoft recently discovered a security gap in its own digital rights management (i.e., anti-piracy) software, PlaysForSure, it was able to issue a patch three days later. So, a slothful response represents a choice on the part of Microsoft, not an inevitability. This is just one example of a larger phenomenon, namely the huge variability in corporate customer service. Companies often can get away with customer service that is, from a customer’s point of view, pretty shabby. This presents companies with an ethical choice.

A few points:
1) This example serves as a pretty decent reply to skeptics who deny the need for, or relevance of, ethics in business. The decision whether, and how soon, to respond to security gaps clearly effects the wellbeing of consumers. Security gaps represent risks of data loss, data corruption, identity theft, etc.
2) This case also serves as a good response to anyone who thinks that normative issues in business can be exhaustively dealt with through regulation, or through the courts. Does anyone actually think that the best way to resolve cases of unsatisfactory customer service is to wait until enough customers are angry enough to launch a lawsuit?
3) Finally, this example puts pressure on the idea that corporate managers’ only obligation is to maximize profit (and to avoid breaking the law). It might be profit maximizing for Microsoft to issue security patches, say, every 2nd month. But it would expose customers to (lemme do the math, here) roughly twice as much risk as their current practice does. Exposing people to additional risk (which for some will translate into additional harm) is a bad thing, right?

Related posting:
See also my previous posting on customer service at Dell.
[Thanks to Bryn for the heads-up.]

No comments yet

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: