Delta Air Lines has hired prominent attorney David Boies to pursue $350 million–$500 million in damages from CrowdStrike and Microsoft following a significant outage earlier this month.
TakeAway Points:
- Delta Air Lines hires David Boies to seek $350 million–$500 million in damages from CrowdStrike and Microsoft after a software update caused massive flight cancellations.
- Following the disclosure, Microsoft’s stock stayed steady while CrowdStrike’s dropped 5%; the event cost Fortune 500 corporations $5.4 billion in losses.
- The outage draws attention to the conflict between security and competition, raising questions about Microsoft’s kernel-level access policy and how it affects system vulnerabilities.
Delta seeks CrowdStrike to pay for damages
The incident, which stemmed from a software update by CrowdStrike, led to millions of computers crashing and resulted in thousands of flight cancellations. The outage has had a substantial financial impact on Delta, with estimated losses ranging from $350 million to $500 million. The airline is currently dealing with over 176,000 refund or reimbursement requests after nearly 7,000 flights were cancelled.
CrowdStrike shares fell as much as 5% in extended trading on Monday following the news of Delta’s legal action, while Microsoft shares remained relatively unchanged. The Department of Transportation is also investigating Delta due to the widespread flight disruptions and service failures caused by the outage. Although no lawsuit has been filed yet, Delta plans to seek compensation from both Microsoft and CrowdStrike.
David Boies, chairman of Boies Schiller Flexner, is known for his high-profile legal cases, including representing the U.S. government in its antitrust case against Microsoft and helping overturn California’s ban on gay marriage. He has also represented controversial figures such as Harvey Weinstein and Elizabeth Holmes.
Effects on CrowdStrike and Microsoft
The software update from CrowdStrike on July 19 led to a historic outage of Microsoft systems, affecting numerous industries worldwide. Airlines were particularly hard hit, with Delta experiencing significant operational disruptions. CrowdStrike’s stock has suffered considerably, losing almost a quarter of its value in two trading days following the incident. Insurance startup Parametrix estimated that the CrowdStrike incident resulted in a total loss of $5.4 billion for Fortune 500 companies, excluding Microsoft.
The incident has exposed tensions between security and competition in the tech industry. CrowdStrike failed to properly vet the channel file it pushed out to its customers, which crashed their Windows computers. Additionally, the company rolled out the update to all customers simultaneously, rather than starting with a smaller group to identify potential issues.
Microsoft’s role in the incident is also under scrutiny. The company allowed CrowdStrike and other third-party developers to have kernel-level access to its Windows operating system. This level of access, which grants control over the entire computer, exacerbated the impact of the CrowdStrike update. Without such access, the issue would likely have been easier to fix without manually rebooting all affected systems.
Security and Competition
The 2009 agreement between Microsoft and the European Commission requires Microsoft to grant outside developers the same access to Windows that its own security software has. This agreement aims to foster competition by ensuring interoperability between Microsoft’s products and third-party software. However, this provision has been criticized for compromising security by requiring Microsoft to provide kernel-level access to third-party developers.
Apple, in contrast, has taken a different approach by informing third-party developers in 2020 that it would no longer grant them kernel-level access to its MacOS operating system. This decision likely contributed to the CrowdStrike problem not affecting Apple devices. The European Commission and other regulators need to carefully consider the trade-offs between security and competition when mandating such access.
The commission recently required Apple to make it easier to access and download software provided outside its official App Store to comply with the EU’s Digital Markets Act. While this move aims to increase competition, it also raises security concerns, as users may download insecure software not vetted by Apple. To mitigate these risks, Apple introduced new security measures to its mobile operating system in January to limit potential damage from unvetted code downloaded on iPhones.
