Slashdot Mirror
Microsoft's 'Palladium' Privacy/DRM Scheme
Paradox Jack writes: "according to this article at MSNBC, Microsoft has an ambitious new plan called Palladium to rework computer and internet security. This includes changes in hardware, digital rights management (on all sides), and far more. Now, who thinks this will actually work and is for our own good?"
I'm sure a MS's execs reply would be, "Of course you dont have to pay extra for a pc... [ you dont have to use a pc at all ]
Which might be just what I do -- move to mac.
I'm *really* sick of the adversarial attitude held by alot of companies latley -- "the customers are our enemies, we will dog them to do what *we* want." If you dont like this (and I sure dont), vote with your $$ and dont buy it.
Religion is a gateway psychosis. -- Dave Foley
This is what I saw when I read this as well as well:
"Protects information. The system uses high-level encryption to "seal" data so that snoops and thieves are thwarted. It also can protect the integrity of documents so that they can't be altered without your knowledge."
Can you say "public key tampering?" If this 'black box' chip encrypts everything to your own public key, how do we know it's not encrypting everything to the joint NSA/MSFT/(RI|MP)AA/etc key as well? Um, we don't.
"Stops viruses and worms. Palladium won't run unauthorized programs, so viruses can't trash protected parts of your system."
I wonder how many windows users STILL have not installed the Root Certificates Update Patch on their machines? This patch was issued because someone faked their identity as microsoft and verisign gave them a Microsoft named digital certificate. What's to stop them from doing this to Palladium and running any code they want?
Furthermore, they say this won't run unauthorised programs - but who authorises them? Many people think they control their hardware, but remember when TiVo boxen were forced to record a certain program? What if this black box allows the NSA or MSFT or ... to force your computer to run their code? It seems to me that if your machine has a Palladium chip, firewalls and patches mean nothing -- you are r00t3d from the very start. Nice.
"Cans spam. Eventually, commercial pitches for recycled printer cartridges and barnyard porn can be stopped before they hit your inbox--while unsolicited mail that you might want to see can arrive if it has credentials that meet your standards."
Really. How can a chip that is designed for encryption and authentication prevent someone from sending spam to you@yourisp.com? I think that this one is just baseless hype. Has ANYONE heard of a hardware solution for micromanaging spam? (Note: Micromanaging does not imply pulling out the RJ45.)
"Safeguards privacy. With Palladium, it's possible not only to seal data on your own computer, but also to send it out to "agents" who can distribute just the discreet pieces you want released to the proper people. Microsofties have nicknamed these services "My Man." If you apply for a loan, you'd say to the lender, "Get my details from My Man," which, upon your authorization, would then provide your bank information, etc. Best part: Da Man can't read the information himself, and neither can a hacker who breaks into his system."
Do you believe that MSFT wants to safeguard your privacy and r00t your box at the same time? See my point about public key tampering. I think they want to do to (gnu)PGP what they did to Netscape by including their own 'encryption' in the OS and Hardware. Of course once you start using their encryption, who knows WHO will be able to unlock your data? Remember the Scarfo Case. The FBI simply cannot break PGP with a high number of bits effectively on a large scale. They need to be able to read your encrypted files at will. That is what this will provide.
"Controls your information after you send it . Palladium is being offered to the studios and record labels as a way to distribute music and film with "digital rights management" (DRM). This could allow users to exercise "fair use" (like making personal copies of a CD) and publishers could at least start releasing works that cut a compromise between free and locked-down. But a more interesting possibility is that Palladium could help introduce DRM to business and just plain people. "It's a funny thing," says Bill Gates. "We came at this thinking about music, but then we realized that e-mail and documents were far more interesting domains." For instance, Palladium might allow you to send out e-mail so that no one (or only certain people) can copy it or forward it to others. Or you could create Word documents that could be read only in the next week. In all cases, it would be the user, not Microsoft, who sets these policies."
See previous point. Remember Life on the net in 2004? Remember: "Another warning appears -- "Your license for this recording has expired, unable to play." Damn -- another $49 if you want to listen to that music for another year. You wonder, if as they claim, these new measures significantly reduce piracy, why music is now so much more expensive?"
They say the next windows release is slated for 2004. (I predict 2005.) This is exactly what the article's author predicted. But it is being touted under the guise of a product for protecting users.
In reality, this is a product for exposing the every private doings of regular people to MSFT, American Secret Services, the (RI|MP)AA and being able to remotely control their machines and shut them down if desired.
[Insert 'opensource-protects-users' plug here.]
Let's take a look at these new innovations:
So MS is going to claim it invented encryption and checksumming in 2002. Most Windows users get viruses via email scripts, which aren't programs. So this won't cut down on viruses (why would MS want to when they can claim that the virus writers are just getting savvyer and that you need to buy a more secure system to stay one step ahead). I've seen the "unsolicited mail you might want to see." Hotmail calls them newsletters and prevents you from blocking them. Bull$hit. No company is going to spend the money to store, manage and distribute your information if they aren't getting paid or reading your information. If you're already talking to the lender, why can't you give them the information yourself... or are people really too lazy to write down their name, address and phone number? Yeah, it's funny how people didn't buy into DRM the first time around, kinda like pay-per-view DVDs. But if we sugar-coat it and convince consumers that they can benefit from DRM (after all, a reader of a protected Word document can't copy its contents down while he has access to it and redistribute it later), they will accept it, the music industry will turn to us for DRM-formatted CDs and MS will control the audio CD format. Great. The future of the PC redefined by a paintball arena manager. Because terrorists and hackers keep welding antenna-laden black boxes to my keyboard and monitor. Now that's innovative... convincing consumers that someone is trying to wiretap their watches so they will pay more to hardware-encrypt data between the crystal and LCD. With the current U.S. push to chip away at privacy rights in the name of preventing terrorism, the FBI/the CIA/Ashcroft would be speaking out against this if it really protected the individual's privacy. Please note that this is a Newsweek article, not an MSNBC article. Newsweek's parent, The Washington Post Company, cut a deal with Microsoft about two years ago in which MSNBC would publish Newsweek.com in a more cost-effective way than the WashPostCo could.Whether you want to trust Newsweek's articles about Microsoft any more than you would trust a MSNBC article about Microsoft is up to you.
It's absurd to think that such a huge company that has control of such a huge share of the market with software that has such huge security concerns, can come up with something that actually *is* secure. If this takes hold, all I can say is that the OEM's will be getting my business, NOT Dell, HP, or any of the other major players that are going to incorporate this nonsense into hardware.
Just the same, I especially liked this passage:
Controls your information after you send it . Palladium is being offered to the studios and record labels as a way to distribute music and film with "digital rights management" (DRM). This could allow users to exercise "fair use" (like making personal copies of a CD) and publishers could at least start releasing works that cut a compromise between free and locked-down. But a more interesting possibility is that Palladium could help introduce DRM to business and just plain people. "It's a funny thing," says Bill Gates. "We came at this thinking about music, but then we realized that e-mail and documents were far more interesting domains." For instance, Palladium might allow you to send out e-mail so that no one (or only certain people) can copy it or forward it to others. Or you could create Word documents that could be read only in the next week. In all cases, it would be the user, not Microsoft, who sets these policies.
I started reading, and I thought..."it's obvious where this guy is heading - protect the commercial interests, screw the consumer." Then I read a little further, and noticed Bubba's comments on 'ordinary people' - but does it mention that nasty P-word (Privacy)???? No way. It talks about being able to place constraints on EMAIL! Oh happy day! And guess what...this isn't about ordinary people, because ordinary people usually don't have any reason to put such constraints on their e-mail...but corporate executives *cough*gates*cough* certainly do.
Overall, I think this whole thing is a crock, being masqueraded as something we need. Even if we do need it, I'd argue that the last person we need it from is Billy.
I don't know about you, but I'm stocking up on hardware and software NOW. As the article said, future improvements aren't going to be about speed but "security" (read: copy restriction at the cost of improved speed). This means that what we should do now is get the fast and free computers before they are no longer available. This stuff might become very expensive and rare -- available in places like the ghettos in 1984. Get two or three parts of everything. Maybe some LUGs can start "freedom hardware pools" where we will change out parts as the break.
One thing is certain: digital rights management has momentum, and is gaining more and more of it. The increased profitability of corrupt corporations and corrupt governments are at stake, and the fall of Napster is the first sign that the Internet is not government-proof.
-- Ken Kinder ken@_nospam_kenkinder.com http://kenkinder.com/
They also realized that if they wanted to foil hackers and intruders, at least part of the system had to be embedded in silicon, not software. This made their task incredibly daunting.
So there you have it. They believe that security through obscurity will be sufficient if that obscurity is in the hardware, buried under a layer of ceramic or epoxy. In other words, using hidden encryption keys in the hardware so that the key exchange won't be accessible via software tools. And the only way this can work is if everybody upgrades all their hardware at once. Fat chance! I'm all for cryptographically secure hardware--but only if I am the one setting the keys, not some secret industry / government consortium. DRM is absolutely not possible with obscurity and therefore is our enemy.
What to do about this?
1.) Don't buy or support M$ software. That means being choosy about employers too.
2.) Implement excellent free software solutions that will be inherently incompatible with any nonsense M$ pushes. The more people satisfied with Linux/BSD, the more people that will refuse this rubbish.
3.) Don't buy any hardware that supports any standards they dream up.
4.) Come up with our own open hardware/software security model. Be innovative. Find a way to make security and encryption easy for the average user.
5.) Spread the word to the non-tech folks. Use propaganda if needed--fight fire with fire.