|<<>>|194 of 265 Show listMobile Mode

First Look at Palladium

Published by marco on

The August 15, 2002 Cryptogram by Bruce Schneier at Counterpane Internet Security explains what is known about “Palladium”, the code-name for Microsoft’s trusted computing intiative. It’s abbreviated as Pd, like an element. Isn’t that cute. This is a natural outgrowth of Hollywood’s (in the form of the MPAA and the RIAA) jihad against its customer base and our acceptance of the blame. It aims to use hardware to prevent people from doing anything that Hollywood doesn’t want them to with technology they buy.

“The idea is that different users on the system have limitations on their abilities, and are walled off from each other. This is impossible to achieve using only software; and Pd is a combination hardware/software system. In fact, Pd affects the CPU, the chip set on the motherboard, the input devices (keyboard, mouse, etc.), and the video output devices (graphics processor, etc.). Additionally, a new chip is required: a tamper-resistant secure processor.”

The machine itself won’t be foolproof, in fact, “Microsoft readily acknowledges that Pd will not be secure against hardware attacks”. However, they do try to make it secure and promise that “[i]t is their intention to design the system so that hardware attacks do not result in class breaks: that breaking one machine doesn’t help you break any others”. That goal will prevent pirates from simply issuing keys that can compromise an entire set of systems; there will be no money in breaking these systems. At least that’s the plan.

The more probable reason for Microsoft’s laser-like focus on trusted computing is not that they want people to crash less or get fewer viruses or get less junk mail. This doesn’t really affect their bottom line really (as increasing sales over the years have shown). What affect their bottom line is pesky end users that think they own Microsoft products when they plunk down their $249.99 for them.

“Like books and furniture and clothing, the person who currently buys new software can resell it when he’s done with it. People have a right to do this — it’s called the “First Sale Doctrine” in the United States — but the software industry has long claimed that software is not sold, but licensed, and cannot be transferred.”

These machines will use several partitions of data with different DRM rights attached to manage your content for you. Even though it’s your machine, if you want to view certain content, then “MPAA, Disney, Microsoft, your boss” can “put… stuff there that you can’t get at”. If this kind of security can be delivered, the way we access art content will change significantly. You can’t borrow that CD from your friend anymore. No more trying out a program before you buy unless they want you to. No watching that DVD or snipping a piece out of it. How about those handhelds, on which you’ll listen to tunes and watch movies and read the news?

“Will you need a Pd-enabled device — the system is meant for both general-purpose computers and specialized media devices — in order to view copyrighted content? More likely. Will Microsoft enforce its Pd patents as strongly as it can? Almost certainly.”

He ends his Palladium introduction with a few strong points. One of them is “When you think about a secure computer, the first question you should ask is: “Secure for whom?”” Once again, it’s those with the money or power who will have the full use of their computers. Everyday users will have to give up some of their trust if they want to watch movies or listen to music or maybe even browse some sites (maybe that NY Times login won’t stay free forever).

In short, “Microsoft really doesn’t care about what you think; they care about what the RIAA and the MPAA think.” They want those companies to start to deliver their high-bandwidth content on Microsoft systems and those organizations will never approve delivery in a world occupied by too open an Internet like we have today.

Take heart though; first of all, there will always be a black market (or gray market) for goods and services that people really want, but have gotten too inconvenient to get legally. If done in enough volume, these markets become impossible to close and/or prosecute and become the norm. That will happen again. Hopefully the public gets more educated and balks when told to buy devices that hem them in. Second of all, “[l]ike everything else Microsoft produces, Pd will have security holes large enough to drive a truck through.”

Finally, he warns that you should be very aware of who is interested in getting Pd made into a reality. The MPAA. The RIAA. Microsoft. “Pay attention to the antitrust angle. I guarantee you that Microsoft believes Pd is a way to extend its market share, not to increase competition.” If this comes to pass, Microsoft will only become more ubiquitous unless people get more careful. Your use of technology will only get more controlled and that’s a bad thing. The content and news you have access to now is already filtered and adjusted and molded to create the reality you need in order to be a good little patriotic consumer. What will it be like when your tools are hardwired to curtail rebellion? Schneider concludes:

“My fear is that Pd will lead us down a road where our computers are no longer our computers, but are instead owned by a variety of factions and companies all looking for a piece of our wallet. To the extent that Pd facilitates that reality, it’s bad for society. I don’t mind companies selling, renting, or licensing things to me, but the loss of the power, reach, and flexibility of the computer is too great a price to pay.”

Bob Cringely, of the eponymous I, Cringely adds in the article, I Told You So:

“Under Palladium as I understand it, the Internet goes from being ours to being theirs. The very data on your hard drive ceases to be yours because it could self-destruct at any time. We’ll end up paying rent to use our own data!”

That’s a very real possibility. “How long until only code signed by Microsoft will be allowed to run on the platform?” Another good question. Software developers will have to pay Microsoft a license in order to run on Pd-systems. More secure, trusted-transaction computing is a necessity. It’s a job that has to be done before more mundane tasks can be automated and used as appliances rather than as “guru” tasks. “I just don’t think we have the right people on the job.”

The Schneier newsletter has a lot of links to more information on Palladium if you’re interested.

Copyright (c) 1999-2024 earthli.com. All Rights Reserved.
Powered by