Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft's 'Palladium' Privacy/DRM Scheme

Posted by timothy on from the ambitious-like-ceasar dept.

Paradox Jack writes: "according to this article at MSNBC, Microsoft has an ambitious new plan called Palladium to rework computer and internet security. This includes changes in hardware, digital rights management (on all sides), and far more. Now, who thinks this will actually work and is for our own good?"

1 of 521 comments (clear)

  1. Re:Microsoft calling in its hardware favors by Jucius+Maximus · · Score: 5, Interesting
    "Great, let's go ahead and lay the groundwork for hardware level watermarking/rights management. There's no doubt in my mind that the MPAA/RIAA absolutely will jump on this first, quietly or blatantly. There won't even be time for 'fair use' or 'compromise' by the time this hits mainstream. I've never been much of a conspiracy theorist, but you think it's possible that the MPAA/RIAA are handing Microsoft some money to incorporate some of their desires into this security move? They'll *always* have the last move, not us."

    This is what I saw when I read this as well as well:

    "Protects information. The system uses high-level encryption to "seal" data so that snoops and thieves are thwarted. It also can protect the integrity of documents so that they can't be altered without your knowledge."

    Can you say "public key tampering?" If this 'black box' chip encrypts everything to your own public key, how do we know it's not encrypting everything to the joint NSA/MSFT/(RI|MP)AA/etc key as well? Um, we don't.

    "Stops viruses and worms. Palladium won't run unauthorized programs, so viruses can't trash protected parts of your system."

    I wonder how many windows users STILL have not installed the Root Certificates Update Patch on their machines? This patch was issued because someone faked their identity as microsoft and verisign gave them a Microsoft named digital certificate. What's to stop them from doing this to Palladium and running any code they want?

    Furthermore, they say this won't run unauthorised programs - but who authorises them? Many people think they control their hardware, but remember when TiVo boxen were forced to record a certain program? What if this black box allows the NSA or MSFT or ... to force your computer to run their code? It seems to me that if your machine has a Palladium chip, firewalls and patches mean nothing -- you are r00t3d from the very start. Nice.

    "Cans spam. Eventually, commercial pitches for recycled printer cartridges and barnyard porn can be stopped before they hit your inbox--while unsolicited mail that you might want to see can arrive if it has credentials that meet your standards."

    Really. How can a chip that is designed for encryption and authentication prevent someone from sending spam to you@yourisp.com? I think that this one is just baseless hype. Has ANYONE heard of a hardware solution for micromanaging spam? (Note: Micromanaging does not imply pulling out the RJ45.)

    "Safeguards privacy. With Palladium, it's possible not only to seal data on your own computer, but also to send it out to "agents" who can distribute just the discreet pieces you want released to the proper people. Microsofties have nicknamed these services "My Man." If you apply for a loan, you'd say to the lender, "Get my details from My Man," which, upon your authorization, would then provide your bank information, etc. Best part: Da Man can't read the information himself, and neither can a hacker who breaks into his system."

    Do you believe that MSFT wants to safeguard your privacy and r00t your box at the same time? See my point about public key tampering. I think they want to do to (gnu)PGP what they did to Netscape by including their own 'encryption' in the OS and Hardware. Of course once you start using their encryption, who knows WHO will be able to unlock your data? Remember the Scarfo Case. The FBI simply cannot break PGP with a high number of bits effectively on a large scale. They need to be able to read your encrypted files at will. That is what this will provide.

    "Controls your information after you send it . Palladium is being offered to the studios and record labels as a way to distribute music and film with "digital rights management" (DRM). This could allow users to exercise "fair use" (like making personal copies of a CD) and publishers could at least start releasing works that cut a compromise between free and locked-down. But a more interesting possibility is that Palladium could help introduce DRM to business and just plain people. "It's a funny thing," says Bill Gates. "We came at this thinking about music, but then we realized that e-mail and documents were far more interesting domains." For instance, Palladium might allow you to send out e-mail so that no one (or only certain people) can copy it or forward it to others. Or you could create Word documents that could be read only in the next week. In all cases, it would be the user, not Microsoft, who sets these policies."

    See previous point. Remember Life on the net in 2004? Remember: "Another warning appears -- "Your license for this recording has expired, unable to play." Damn -- another $49 if you want to listen to that music for another year. You wonder, if as they claim, these new measures significantly reduce piracy, why music is now so much more expensive?"

    They say the next windows release is slated for 2004. (I predict 2005.) This is exactly what the article's author predicted. But it is being touted under the guise of a product for protecting users.

    In reality, this is a product for exposing the every private doings of regular people to MSFT, American Secret Services, the (RI|MP)AA and being able to remotely control their machines and shut them down if desired.

    [Insert 'opensource-protects-users' plug here.]