Slashdot Mirror
Microsoft's 'Palladium' Privacy/DRM Scheme
Paradox Jack writes: "according to this article at MSNBC, Microsoft has an ambitious new plan called Palladium to rework computer and internet security. This includes changes in hardware, digital rights management (on all sides), and far more. Now, who thinks this will actually work and is for our own good?"
So, this involves a new piece of hardware.
How long does it take mod chips to become available for consoles? Not very long. How long do we think it'll take for mod chips to sidestep the hardware portion of palladium, and enable you to copy protected information, to come along?
Not very long.
Chipmakers Intel and Advanced Micro Devices have signed on to produce special security chips that are integral to the system.
*snip*
Palladium is being offered to the studios and record labels as a way to distribute music and film with "digital rights management" (DRM). This could allow users to exercise "fair use" (like making personal copies of a CD) and publishers could at least start releasing works that cut a compromise between free and locked-down.
Great, let's go ahead and lay the groundwork for hardware level watermarking/rights management. There's no doubt in my mind that the MPAA/RIAA absolutely will jump on this first, quietly or blatantly. There won't even be time for 'fair use' or 'compromise' by the time this hits mainstream. I've never been much of a conspiracy theorist, but you think it's possible that the MPAA/RIAA are handing Microsoft some money to incorporate some of their desires into this security move? They'll *always* have the last move, not us.
Perhaps it would raise the "barrier to entry" for breaking into systems, but once in I think the potential to cause havoc is even worse. Even if they do have some of it implemented in hardware, there will always be a piece of software code somewhere that sends/receives info from that hardware. So now instead of klez spamming you and everyone 6 levels removed from you, your computer starts telling everyone you're an untrusted entity and you cease to be able to interact with anyone (at least anyone with the same system, but assuming this would become pervasive) over the internet. It's not exactly identity theft, more like you now have a big neon sign floating above your head saying "I'm a crook" and whenever you look up to see what's there it disappears...they only way you can tell is asking someone else if its there or not.
Having read the article, I thought - finally, they came up with a justification that can be sold to consumers for DRM - privacy protection.
Having the same systems implementing the filtering of spam (unapproved senders), restricting forwarding (unapproved redistribution), and also cover DRM (again, unapproved redistribution) allows the whole scheme to be marketed as an anti-spam system.
The marketing on "fair use" really is about certain fair uses such as backups. No software is going to be able to figure out whether a transformative use of digital content will be fair or not -- what is the difference between creating a digital commentary on a video (fair) and a remarketing of it? (say in the Spanish language). Nothing that can be discerned by a computer program, I assure you.
Still, it is encouraging to see MS taking security seriously, even if for the reasons of extending the reach of corporate profiteering. Actually, I can't think of any other reason that would motivate MS to do it, but so it goes.
People on /. rejoice when bugs are found in Microsoft's code. Then they complain that MS should do something about this, and fix it. Then MS takes steps to do something about it, and address security. Then people on /. complain that MS is trying to do something about security...
Oh, the irony indeed!
It's nice to see Microsoft is improving its behaviour so much after all this time battling in court. Let's see..am I going to trust a company that's broken the law on numerous occasions, probably put money into the hands of politicians and accepted such from the entertainment industry, all to further their own financial gain, to put a chip in my computer that allows them to decide what I can and can't run? No. It's likely that this will still succeed, however, because these machines will be marketed to those that have little or no knowledge about their own systems. They'll pull into their local computer store one day to buy their first system, and right at the front of the store will be the shiny-new "Palladium-protected!" Microsoft system and accompanying OS (oh, but you don't own the OS by the way. You're just renting it). And that's the machine they'll pick up -- why not? The other systems don't offer any "protection," so this one's obviously top of the line. Our only saving grace is that the children of the bewildered parents will probably have the computers sent back when they find out they can't play their MP3's any more.
I'm sure a MS's execs reply would be, "Of course you dont have to pay extra for a pc... [ you dont have to use a pc at all ]
Which might be just what I do -- move to mac.
I'm *really* sick of the adversarial attitude held by alot of companies latley -- "the customers are our enemies, we will dog them to do what *we* want." If you dont like this (and I sure dont), vote with your $$ and dont buy it.
Religion is a gateway psychosis. -- Dave Foley
This is so laughably stupid it's amazing. Do they not know about screen capture? Or - if that's disabled - digital cameras? I can just imagine the whistleblower at a future Merrill Lynch taking a picture of a future Henruy Blodget's "it's a piece of shit" email and sending it to the press - while the IT manager is shocked and dismayed that Microsoft's "secure email" failed so spectacularly.
sulli
RTFJ.
I was aghast at the article and I shouldn't've been. It's on MSNBC and is intrinsically unable to cast Microsoft into anything but godlike form.
... oh, wait, the common man is not a production house. Suddenly that "our" becomes "their".
... the fiasco that occurred such that we don't have encrypted phones everywhere today. The gov wanted free, backdoor access and the industry (and consumers) knew that it would be selling unsecure products therefore. The consumers didn't want pervasive phone encryption that wasn't secure from the gov; and the consumers simply don't want pervasive Internet security that doesn't allow Libertine file sharing.
... what, is AOL, Hotmail and other such services going to deny members outgoing mailing privileges? Obviously not.
Obviously, MS is trying to link concepts of "your security and privacy" with "intellectual property rights" in the consumer's mind, and there's simply no functional reason to do so other than bowing to the big IP producers in Hollywood. (The article says "[Microsoft researchers] quickly understood that the problems of intellectual property were linked to problems of security and privacy"; I'm sure that the consumer's security and privacy were obstacles to controlling the IP that flowed through their computer.) I don't know if this bowing thing is due to fear of litigation ("our clients allege that Microsoft willfully constructed and distributed an operating system that allowed easy violations of copyrights") or simply from being paid off in some manner like partnerships; perhaps both.
But, statements like "cries for a safeguard" and "easier to vandalize a Web site than to program a remote control" places the article firmly in the ranks of propaganda.
"[T]he system is designed to dramatically improve our ability to control and protect personal and corporate information"? Who's "our"? I'm sure the system will make give you incredible control over that movie, song or book you made
The IP industrials have their own controls, and when they've implemented them (various forms of copy protection) the consumer mass has either raised an uproar or produced a crack. That alone shows the lifecycle of control (plan, implement, ruckus/crack, retreat/pointlessness) and thus that controls are a pointless exercise. The point is further made even if an end-run is made around the consumer by embedding controls into the OS. Despite MS's near monopoly position, MacOS and Linux are viable alternatives to MS Windows, and I've seen people make the switch when sufficiently motivated. Does MS expect the people on college campuses (who are doing a large fraction of the file sharing) -- with all their computer-saavy and access to IT skills -- to just sit in their dorm rooms and offices and let some ACCESS DENIED message blink in front of their faces when they try to fetch or open the latest sn0g, pr0n, m0vie or w4r3z?
The privacy solutions raised in the article aren't anything that can't be made with software right now. We could encrypt all our outgoing packets right now; every email could be encrypted, and every file put up on FTP and Web sites. Why isn't that kind of security pervasive? I think that answer is more along the lines of "we [the people] don't want it" rather than "encryption software isn't pervasive". I am reminded of the Clipper chip
There's more outrageous propaganda: the system "[c]ans spam". Oh, puh-leeez. The age-old problem of mailbox access will still be there; we can stop spam now with restricted mailbox access, but we just don't do that since a restricted mailbox is a big problem against receiving mail in general. So perhaps this Palladium plan will address outgoing verification, so
This further piece is even funnier: the system "[s]afeguards privacy", so "it's possible not only to seal data on your own computer, but also to send it out to "agents" who can distribute just the discreet pieces you want released to the proper people." Ah, built-in file sharing, and until somebody logs on, downloads and then blabs, Hollywood isn't going to know.
Finally, the last laugh: "[c]ontrols your information after you send it". This must mean the end of cut-n-paste from a window; either that, or you will need Microsoft Visual Implants {tm} so that encrypted data will be emitted from a screen pattern and then safely reconstructed into an image upon your retina.
Sorry to degrade into sarcasm, but the article -- and the Palladium system -- really deserves my scorn. You can keep reading past the article's last laugh but it is just more smoke and mirrors.
[also misbehaves on Kuro5hin as Peahippo]
Let's take a look at these new innovations:
So MS is going to claim it invented encryption and checksumming in 2002. Most Windows users get viruses via email scripts, which aren't programs. So this won't cut down on viruses (why would MS want to when they can claim that the virus writers are just getting savvyer and that you need to buy a more secure system to stay one step ahead). I've seen the "unsolicited mail you might want to see." Hotmail calls them newsletters and prevents you from blocking them. Bull$hit. No company is going to spend the money to store, manage and distribute your information if they aren't getting paid or reading your information. If you're already talking to the lender, why can't you give them the information yourself... or are people really too lazy to write down their name, address and phone number? Yeah, it's funny how people didn't buy into DRM the first time around, kinda like pay-per-view DVDs. But if we sugar-coat it and convince consumers that they can benefit from DRM (after all, a reader of a protected Word document can't copy its contents down while he has access to it and redistribute it later), they will accept it, the music industry will turn to us for DRM-formatted CDs and MS will control the audio CD format. Great. The future of the PC redefined by a paintball arena manager. Because terrorists and hackers keep welding antenna-laden black boxes to my keyboard and monitor. Now that's innovative... convincing consumers that someone is trying to wiretap their watches so they will pay more to hardware-encrypt data between the crystal and LCD. With the current U.S. push to chip away at privacy rights in the name of preventing terrorism, the FBI/the CIA/Ashcroft would be speaking out against this if it really protected the individual's privacy. Please note that this is a Newsweek article, not an MSNBC article. Newsweek's parent, The Washington Post Company, cut a deal with Microsoft about two years ago in which MSNBC would publish Newsweek.com in a more cost-effective way than the WashPostCo could.Whether you want to trust Newsweek's articles about Microsoft any more than you would trust a MSNBC article about Microsoft is up to you.
It's absurd to think that such a huge company that has control of such a huge share of the market with software that has such huge security concerns, can come up with something that actually *is* secure. If this takes hold, all I can say is that the OEM's will be getting my business, NOT Dell, HP, or any of the other major players that are going to incorporate this nonsense into hardware.
Just the same, I especially liked this passage:
Controls your information after you send it . Palladium is being offered to the studios and record labels as a way to distribute music and film with "digital rights management" (DRM). This could allow users to exercise "fair use" (like making personal copies of a CD) and publishers could at least start releasing works that cut a compromise between free and locked-down. But a more interesting possibility is that Palladium could help introduce DRM to business and just plain people. "It's a funny thing," says Bill Gates. "We came at this thinking about music, but then we realized that e-mail and documents were far more interesting domains." For instance, Palladium might allow you to send out e-mail so that no one (or only certain people) can copy it or forward it to others. Or you could create Word documents that could be read only in the next week. In all cases, it would be the user, not Microsoft, who sets these policies.
I started reading, and I thought..."it's obvious where this guy is heading - protect the commercial interests, screw the consumer." Then I read a little further, and noticed Bubba's comments on 'ordinary people' - but does it mention that nasty P-word (Privacy)???? No way. It talks about being able to place constraints on EMAIL! Oh happy day! And guess what...this isn't about ordinary people, because ordinary people usually don't have any reason to put such constraints on their e-mail...but corporate executives *cough*gates*cough* certainly do.
Overall, I think this whole thing is a crock, being masqueraded as something we need. Even if we do need it, I'd argue that the last person we need it from is Billy.
I don't know about you, but I'm stocking up on hardware and software NOW. As the article said, future improvements aren't going to be about speed but "security" (read: copy restriction at the cost of improved speed). This means that what we should do now is get the fast and free computers before they are no longer available. This stuff might become very expensive and rare -- available in places like the ghettos in 1984. Get two or three parts of everything. Maybe some LUGs can start "freedom hardware pools" where we will change out parts as the break.
One thing is certain: digital rights management has momentum, and is gaining more and more of it. The increased profitability of corrupt corporations and corrupt governments are at stake, and the fall of Napster is the first sign that the Internet is not government-proof.
-- Ken Kinder ken@_nospam_kenkinder.com http://kenkinder.com/
They also realized that if they wanted to foil hackers and intruders, at least part of the system had to be embedded in silicon, not software. This made their task incredibly daunting.
So there you have it. They believe that security through obscurity will be sufficient if that obscurity is in the hardware, buried under a layer of ceramic or epoxy. In other words, using hidden encryption keys in the hardware so that the key exchange won't be accessible via software tools. And the only way this can work is if everybody upgrades all their hardware at once. Fat chance! I'm all for cryptographically secure hardware--but only if I am the one setting the keys, not some secret industry / government consortium. DRM is absolutely not possible with obscurity and therefore is our enemy.
What to do about this?
1.) Don't buy or support M$ software. That means being choosy about employers too.
2.) Implement excellent free software solutions that will be inherently incompatible with any nonsense M$ pushes. The more people satisfied with Linux/BSD, the more people that will refuse this rubbish.
3.) Don't buy any hardware that supports any standards they dream up.
4.) Come up with our own open hardware/software security model. Be innovative. Find a way to make security and encryption easy for the average user.
5.) Spread the word to the non-tech folks. Use propaganda if needed--fight fire with fire.
MS Bob - No explanation requred.
USS Yorktown - 'nuff said.
IIS - A webserver so holy it could put the Pope out of commission.
Hotmail acquisition - Couln't get it to work for a while without existing open-source software.
MSN.com - For a while didn't allow any non-MS browsers to access the site.
Windows ME - short lived.
Permissions of Win2k and XP - Was it supposed to work?
.NET - cracked before it was released.
Palladium *new*
Does anyone else find it strange MSNBC is always bashing MS? Perhaps something's going on we don't know about.
This is the Internet. You can say "fuck" here. - AC
I make no claim that this is intentional on Microsoft's part, but this is what just happened on my computer (dual-boot Debian Linux/WinXP), but I found it interesting.
I just installed WinXP to replace Win 98 (too many crashes when I boot to Winblows to play games). Afterwards, I was trying to install OpenOffice. I tried to download OpenOffice several times from several of the different mirrors, and was unable to. It would download 99% of the way and then stop. Finally, I decided to download Mozilla (which would have been my next step anyway), and after I installed it, I used it to download OpenOffice, without any problems.
While I have no indication that this is intentional on Microsoft's part, I find it spooky that I was unable to use IE to download OpenOffice, a potential major competitor to one of MS's most profitable programs. Though I doubt this was intentional now, I can easily envision a future where MS will refuse to certify or allow any competing or especially !Open Source! programs to run on their DRM computers.
I also am afraid that we will be forced into DRM. Microsoft will continue in its tradition of embrace and extend, by making DRM enabled computers able to receive files from both DRM and non-DRM computers, but unable to send files to DRM computers.
The EU doesn't allow software patents, as a rule. There are some exceptions, but in general...
Female Prison Rape in NY
The community complains loudly about companies that want to forcefully restrict liberty for users and developers alike. But has the community come forth with its own proposal?
How do we implement rights management for the independent author? How do we support code signing for the independent programmer? I should have an Open system that allows me to produce my documents, write my code, distribute what I want, and have everything appropriately signed by me.
Are we up to this? Are we able to propose alternates? Instead of just saying "no", shouldn't we be constructive and say "this is how to do it"?
I'm willing and able to work towards this, altough it's not something I can/want to do alone. Any takers? Let me know.
free the mallocs!