Slashdot Mirror
Microsoft's 'Palladium' Privacy/DRM Scheme
Paradox Jack writes: "according to this article at MSNBC, Microsoft has an ambitious new plan called Palladium to rework computer and internet security. This includes changes in hardware, digital rights management (on all sides), and far more. Now, who thinks this will actually work and is for our own good?"
This sounds like what States' Attorney Steve Kunney put into closing arguments this past week:
Somehow they know better than anyone else what's best for this PC ecosystem. What's good for Microsoft is therefore good for the economy, good for consumers and good for everybody else.
The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
Kenneth Lay and Jeffrey Skilling announced an ambitious new technology that will protect investors from fraud. "Sure, everybody who wants to invest will have to buy our product first, but once they do, they'll be perfectly safe from all the, um, bad people who would otherwise take advantage of them", said Skilling.
I don't care if it's 90,000 hectares. That lake was not my doing.
"I firmly believe we will be shipping with bugs," says Paul England.
"Though Microsoft does not claim a panacea, the system is designed to dramatically improve our ability to control and protect personal and corporate information."
Maybe this should actually read:
"Though Microsoft does not claim a panacea, the system is designed to dramatically improve THEIR ability to control and protect OUR personal and corporate information."
"If you put the federal government in charge of the Sahara Desert, in 5 years there'd be a shortage of sand". -Milton F.
The article says, "people will have to trust Microsoft".
Now ignoring all the heat that Microsoft gets around these parts, it's usually a bad idea to trust one entity:
- Hollywood trusted DVD encryption
- Stock holders trusted Enron and Tyco
- Investors trusted Merrill Lynch & Author Andersen
- Pinto owners trusted Ford
Obviously, even with the billions at risk, a trust to not screw up is more of a faith. A prayer. A hope.
The difference here is that even more people will be putting their faith that Microsoft will do the right thing morally, and that microsoft will not screw up. Will not screw up even once. Like they'll never release a Microsoft Bob again.
Unlikely.
Sadly, if Microsoft wants to pursue this effort, it really has to be open, and, dare I say it, well regulated with many legal protections for the consumer.
That's apparently the basic concept. Only "authorized programs" ("Genuine Microsoft") will run. That's where we are now with the XBox. Read up on how the XBox boots, and you'll see where Microsoft is going.
This isn't security. Real security would mean you could run anything in a jail with no risk of it getting out and hurting anything. That's what a secure OS is supposed to do.
And if the Genuine Microsoft code has a hole in it, attacks may still work. Microsoft might set up memory management so that only signed code can be in executable pages, but that only protects agains one class of attacks.
What are the bets on whether the interface for this hardware will be open? How likely will it be that the licensing board allows OSS software to be written for the hardware? With DeCSS, we've already seen that OS-neutral companies are unwilling to allow their content to be viewed in Linux. Microsoft, being not so OS-neutral, is likely to take this even further.
Does no one else notice the irony in having the company responsible for 90% of the viruses, worms, back doors, and trojans - all due to poor planning on the part of MS executives and programmers - suggest that now they can fix it for all of us?
If I were a conspiracy buff I'd think that MS created the security problems so that they could point to the "insecure internet" and offer some solution that benefits only them.
That anyone, much less some "internet guru" takes this at face value illustrates that P.T. Barnum was right about suckers.
No one ever had to evacuate a city because the solar panels broke!
Good old WebElements has a little something to say about the biological reaction to palladium:
Microsoft knows what they're doing, and if this thing succeeds, you can forget about any non-Windows operating system being even remotely usable.
Microsoft holds a patent that describes a method by which hardware and software interoperate to guarantee "digital rights management" (aka fair use destruction and monopoly lock-in). The patent describes a mechanism in which there is a private/public key pair, with one half embedded in hardware (possibly the CPU). Only "authorized code" (aka Windows) can run in ring 0 (kernel space) on the CPU. Naturally, only Windows has the other half of the key.
This is probably how the Xbox prevents third-party operating systems from running, and it probably is why they originally applied for the patent. But it also has lots of uses in the monopoly business. This article describes how useful the patent could be in implementing the Hollings bill. Take it one step further and it's easy to envision a world in which this type of "protection" is not only mandated by law... but unimplementable by Linux hackers due to patent problems.
Hopefully, by the time this thing hits critical mass (if ever), Linux will be too firmly entrenched for the industry to allow it to be required. I think we're already there on the server side (1 out of 4 servers sold today ships with Linux, more if you include the ones they can't count). In another couple of years we'll be there on the desktop as well. But as they say, the price of freedom is eternal vigilance. Let's make sure we get heard.b
Tired of FB/Google censorship? Visit UNCENSORED!
This is what I saw when I read this as well as well:
"Protects information. The system uses high-level encryption to "seal" data so that snoops and thieves are thwarted. It also can protect the integrity of documents so that they can't be altered without your knowledge."
Can you say "public key tampering?" If this 'black box' chip encrypts everything to your own public key, how do we know it's not encrypting everything to the joint NSA/MSFT/(RI|MP)AA/etc key as well? Um, we don't.
"Stops viruses and worms. Palladium won't run unauthorized programs, so viruses can't trash protected parts of your system."
I wonder how many windows users STILL have not installed the Root Certificates Update Patch on their machines? This patch was issued because someone faked their identity as microsoft and verisign gave them a Microsoft named digital certificate. What's to stop them from doing this to Palladium and running any code they want?
Furthermore, they say this won't run unauthorised programs - but who authorises them? Many people think they control their hardware, but remember when TiVo boxen were forced to record a certain program? What if this black box allows the NSA or MSFT or ... to force your computer to run their code? It seems to me that if your machine has a Palladium chip, firewalls and patches mean nothing -- you are r00t3d from the very start. Nice.
"Cans spam. Eventually, commercial pitches for recycled printer cartridges and barnyard porn can be stopped before they hit your inbox--while unsolicited mail that you might want to see can arrive if it has credentials that meet your standards."
Really. How can a chip that is designed for encryption and authentication prevent someone from sending spam to you@yourisp.com? I think that this one is just baseless hype. Has ANYONE heard of a hardware solution for micromanaging spam? (Note: Micromanaging does not imply pulling out the RJ45.)
"Safeguards privacy. With Palladium, it's possible not only to seal data on your own computer, but also to send it out to "agents" who can distribute just the discreet pieces you want released to the proper people. Microsofties have nicknamed these services "My Man." If you apply for a loan, you'd say to the lender, "Get my details from My Man," which, upon your authorization, would then provide your bank information, etc. Best part: Da Man can't read the information himself, and neither can a hacker who breaks into his system."
Do you believe that MSFT wants to safeguard your privacy and r00t your box at the same time? See my point about public key tampering. I think they want to do to (gnu)PGP what they did to Netscape by including their own 'encryption' in the OS and Hardware. Of course once you start using their encryption, who knows WHO will be able to unlock your data? Remember the Scarfo Case. The FBI simply cannot break PGP with a high number of bits effectively on a large scale. They need to be able to read your encrypted files at will. That is what this will provide.
"Controls your information after you send it . Palladium is being offered to the studios and record labels as a way to distribute music and film with "digital rights management" (DRM). This could allow users to exercise "fair use" (like making personal copies of a CD) and publishers could at least start releasing works that cut a compromise between free and locked-down. But a more interesting possibility is that Palladium could help introduce DRM to business and just plain people. "It's a funny thing," says Bill Gates. "We came at this thinking about music, but then we realized that e-mail and documents were far more interesting domains." For instance, Palladium might allow you to send out e-mail so that no one (or only certain people) can copy it or forward it to others. Or you could create Word documents that could be read only in the next week. In all cases, it would be the user, not Microsoft, who sets these policies."
See previous point. Remember Life on the net in 2004? Remember: "Another warning appears -- "Your license for this recording has expired, unable to play." Damn -- another $49 if you want to listen to that music for another year. You wonder, if as they claim, these new measures significantly reduce piracy, why music is now so much more expensive?"
They say the next windows release is slated for 2004. (I predict 2005.) This is exactly what the article's author predicted. But it is being touted under the guise of a product for protecting users.
In reality, this is a product for exposing the every private doings of regular people to MSFT, American Secret Services, the (RI|MP)AA and being able to remotely control their machines and shut them down if desired.
[Insert 'opensource-protects-users' plug here.]
I thought the same for many years, but unfortunately that slowly becomes less true.
Microsoft does not suddenly make large changes to the system, rather continually makes small ones, each time adding some "goodie" benefit to associate the change with. In the minds of the public, the two become associated. At the very least, the public does not rebell.
One example of this is Microsoft's signed driver code of Windows 2000. We all know that creating such a policy is wrong, and prevents third parties from entering the hardware market for machines running Microsoft operating systems, yet the public did not see this as a problem.
Similarly, the public has not rebelled against the situation with Windows XP and required registration (as well as mandatory reporting back of what software you have), rather they have either accepted it grugingly, tried to work around it (by use of packet filters and such), or (as Microsoft would like), simply see it as the cost of doing buisness.
The public is, from what I've seen, more like the surf class of olden times, miserable, but for all the evils of the king (Microsoft), this is a reliable leader and they trust it.
Getting these people over to Free operating systems will require a fundamental shift in thinking, one that emphasizes thier freedom. This cannot be a war of features (ie that a GNU/Linux system is better than Microsoft Windows), rather it must be an issue of what freedoms the Microsoft users have lost, and how we can replace the things they "need" from thier old system with equilivant Free utilities.
That is the best way to ensure that the strength of Free Software (and other movements who want to come along) remains strong at its base while still expanding, even if the progress is slow, slow growth of staunch supporters is healthier than fast growth of people comparing application features.
- Serge Wroclawski
It's a brilliant name. They're talking about supplying a Palladium to a Troy, which will thereby prevent things like "Trojan horses" from bringing about the downfall of that Troy. The Palladium provided security. Microsoft wants to supply a Palladium. Jumping Jesus on a pogo stick, man, this isn't that hard to fathom.
If I may, I'd like to thank my grade school teachers for their emphasis on reading comprehension and critical thinking skills.