"After 12 years, support for Windows XP will end on April 8, 2014." So proclaims a Microsoft website with a helpful clock counting down the days. "What does this mean?" the website asks. "It means you should take action." You should "migrate to a current supported operating system - such as Windows 8.1 - so you can receive regular security updates to protect [your] computer from malicious attacks."
The costs of mass migration will be immense. About 30% of all desktop PCs are running Windows XP right now. An estimated 10% of the U.S. government's computers run Windows XP, including "thousands of computers on classified military and diplomatic networks." And the costs of staying put? They will be enormous, too. It turns out that 95% of the world's ATMs are powered by Windows XP, and there is no readily available substitute in the offing. In one example of these exorbitant costs, the price of either extending support or upgrading to another version of Windows for each of Britain's major banks will be in the hundreds of millions. Costs will be similar, or perhaps even higher, worldwide.
The failure to continue to patch unpatched computers will also have serious ramifications for society. Hackers will keep scouring Windows XP for flaws, holes, and vulnerabilities for many years after Microsoft ends support for its vaunted operating system. Zero-day vulnerabilities-flaws hackers have long known about but have waited to exploit for fear that the vulnerability will be immediately patched (and could therefore only be used once or for a short time)-will now be exploitable in perpetuity. Experts "have repeatedly warned that April 8 could spark a hacker feeding frenzy." Yet, ironically, those who run Windows XP pose a greater threat to others than to themselves.
In the special case of governments, enterprise businesses, and financial institutions, failure to patch or migrate will expose the personal data of millions of individuals to theft, fraud, and abuse. When the wave of security breaches from unpatched machines arrives, the lawsuits against companies for failure to secure user data properly will become even more costly. There may also be immense blows to consumer confidence, leading to welfare-reducing market-wide substitutions away from e-commerce.
Meanwhile, the many millions of consumers who do not realize the increased vulnerability of their desktop operating systems will continue to use Microsoft Windows XP. Perhaps they will do so because they do not believe they are at risk. They will say that they do not do any of their personal banking or shopping on their home computers, and they will assert that they do not check their email or visit social networks. As a result, they will conclude that they do not see the "need" to upgrade. Yet, as long as they connect to the internet, their continued use of XP stands to cost society millions of dollars.
Computers do not use much of their powerful data-processing capability or much of their available internet bandwidth from moment to moment. Hackers love nothing more than to sneak onto computers and turn them into secret weapons whose idle bandwidth can be used to block traffic to enterprise websites through Distributed Denial of Service Attacks ("DDoS Attacks") and whose resources can be secretly co-opted to send millions of spam emails. These hackers also relentlessly use computers to break enterprise encryptions or reroute internet connections, which enables them to pretend that their attacks on sensitive infrastructure originate from any one of potentially millions of zombie computers.
For these reasons, Microsoft Windows XP's end of support, combined with a collective action problem stemming from individual users' failure to realize or internalize the costs of not migrating or upgrading their operating systems, could prove catastrophic.
All of this could be avoided if Microsoft, as well as other intellectual property owners who have monopoly power in a product market, allowed for the creation of robust aftermarkets if they themselves elect to end support. They could do this voluntarily. In Microsoft's case, it could do so by releasing Windows XP's source code-the fundamental organizing instructions that make the program operate-under a carefully circumscribed global license.
But the law could also obligate Microsoft to aid in the creation of such a market, although here things turn murky. Under the leading understanding of existing antitrust doctrine, if Windows XP were real property-a photocopier, for example-the law would obligate Microsoft to help other companies create an aftermarket for Windows XP support. Because Microsoft Windows XP is not just property but intellectual property, however, courts have been more reluctant to recognize a monopoly exception to intellectual property protections. They should not be.
The following essay briefly sketches out the argument for why software monopolists should be legally required to help other companies provide ongoing support for their products. First, the essay describes the conceptual and economic theories that would support such a requirement. Second, it describes the conflicting law governing the intersection between intellectual property and antitrust. Third, it exhorts Microsoft to extend the support clock, release its source code, or make clear to the world that should anyone else wish to take on the task of providing future security support for Windows XP, Microsoft will help them to do so.