Schneier Analyzes Palladium

bcrowell writes "This month's CryptoGram from Bruce Schneier has an analysis of what little information people have been able to glean (without signing an NDA) about Microsoft's Palladium initiative." We might as well throw in a direct link to Schneier's look at the MPAA License to Hack bill as well.

Well

I admire the guy and all, but it seems pretty foolhardy to do ana analysis based on rampant speculation, FUD, and vapor. Wait til you can see the real thing - this doesn't help anybody.

Re:Well

[CaptainZapp]

He makes the data-basis of his analysis exceptionally clear and cautions explicitely that things might and will change.

You would have seen that, if you'd have actually bothered to click the link.

EFF has nothing on this!

[Delrin]

"None of this is new or controversial, so why are copyright holders even talking about this? This bill would make it legal for the MPAA, the RIAA, and its ilk to break into computer systems they suspect (with no standard of evidence) are guilty of copyright infringement. It will allow them to perform denial-of-service attacks against peer-to-peer networks, release viruses that disable systems and software, and violate everyone's privacy. People they choose to target would be deemed guilty until proven otherwise. In short, this bill would set up the entertainment industry as a Gestapo-like enforcement agency with no oversight. "

Isn't this just becoming the general trend in America? I wonder how many victims of the MPAA will be arabic looking?

My favorite quote

[stefanb]

They're trying to invent a new crime: interference with a business model.

This sums it up pretty nicely, I think.

Re:My favorite quote

I suggest a slight alteration:

Interference with the "right to profit".

Re:Reminds me of Tivo

[Tall+Rob+Mc]

Problem is, my computer holds information far more important than my TiVo. They can have my TiVo space, but I'll be damned if they touch my computer.

History tells the future.

[miffo.swe]

Bruce Writes:

"It's hard to sort out the antitrust implications of Pd. Lots of people have written about it. Will Microsoft jigger Pd to prevent Linux from running? They don't dare."

I dont have the same impression of Microsoft that Bruce seems to have. If i go trough what they have done in the past there is nothing they wouldnt do to get more control. They will almost certainly have a licence tailored to make it hard for Open Source/Linux to implement it without breaking GPL.

Considering that GPL is a bigger threat to them than linux itself i assume they will take a shot at it. GPL is the one thing stopping them from stomping all over Open Source wreaking hawoc like in Simpson. They much prefer the BSD licence where they can "borrow" code since the despite their extremely big cashpile cant get people who knows how to code.

Ownership of Your Own Computer

[Greyfox]

Bruce Says: My fear is that Pd will lead us down a road where our computers are no longer our computers, but are instead owned by a variety of factions and companies all looking for a piece of our wallet.

We're already well down that road. It is very easy to see a day when the general computing device we all know and love will be illegal because it makes it way too easy to copy digital data. Nevermind that what made the general computing device popular is that it manipulates digital data so easily.

We all know what the industry wants. THe industry wants a pay per view world where every consumer pays every time he views industry owned content and the industry is protected from competition because they control the technology that allows content to be created. It isn't about fairness. It isn't about content authors getting paid. It's about greed, plain and simple.

Re:No, it's neither a problem nor idiotic

[Launch]

To say that users upgrade only because they have problems with an operating system is myopic. If that were the case then we would all be using dos still. The reason users upgrade is for features, be it word processors or operating systems. And in MS case, many users upgrade for the 'razzle dazzle of it'. To say MS's strategy is to perposely distribute an operating system that doesn't install on a significant number of it's users machines is just plain stupid.

Hey, I'm all for Linux, and if you don't like MS then fine... but when I heard bitchy stories about how MS makes products that don't work to catch users on the upgrade it's just anoying.

It happens, OSes can be buggy, and they are hard to write. Just look how many kernal patches there are floating out there for the linux distros.

Trust me, if MS had a product that installed successfully the first time for every user that installed it they would flaunt it (and rightful so) in all of their competitors faces.

Bottom line: WindowsXP is an easy to install OS that most likely has a higher success rate of installing on first attempt then any other OS out there (and much higher success rate then most linux distros I've installed)...

It's already happened.

[gillbates]

My fear is that Pd will lead us down a road where our computers are no longer our computers, but are instead owned by a variety of factions and companies all looking for a piece of our wallet.

Strange thing is, what most people don't realize is that they don't own the software that runs on their computer. Microsoft does (or at least the EULA claims they do). Our computers are not our own, and have not been our own, for a long time now. The sad fact is that while we may physically own the hardware, a part essential for the hardware functioning - namely, the OS - is owned by Microsoft.

Now, you could counter by saying that people could run Linux, however, this isn't really an option for the average computer owner. Most computers built today have hardware that isn't fully compatible with Linux (Winmodems, etc...). So, the while the user has physical possession of his computer, all of his data is effectively owned by Microsoft, because without Microsoft's blessing, the average PC is useless.

So the next time you hear of someone wanting to buy a new PC, you might want to remind them that unless they are willing to install Linux, they aren't really buying anything. It's more like a lease from Microsoft.

Re:It's already happened.

[RickHunter]

Yes, its an old, worn issue... And many people still don't know about it. Or play down its importance. Or ignore it entirely.

Also, note that you used to be buying a copy of the Little Mermaid (to use your example), but some of your property rights were restricted for the good of society and the intellectual commons. Unfortunately, recent copyright law revisions have travelled far along the road to turning copyright into ownership, so this is no longer true.

Yes, its an old issue... And we should keep reminding people of it. Because ignoring it won't make it go away.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Good insight

[seosamh]

I was going to quote the same passage, along with

Microsoft can't afford to have the media companies not make their content available on Microsoft platforms, and they will do what they can to accommodate them.

Whether MS actually needs the content companies at this point is debatable. If it came to that, Gates could buy a couple ;> in a pinch.

But if MS wants content available on their platform, why not open that platform up to let the consumers of content make sure they can access their favorites on Windows? There are a lot of people who use MS products by choice (not me, but there are such people) who would build their own open source solutions if MS would give them the slightest encouragement.

Or maybe not. What the hell do I know?

Re:Usefulness of Palladium?

[Over_and_Done]

I can't imagine that a home user would ever make a point of purchasing a system on the order described. Hardware-level tampering resistance is a good thing for Department of Defense computers, say, but does the average home user, surfing the web and storing recipes, really have to worry about someone leeching that information from residual information that could (maybe) be gleaned from the CPU itself?

I think that the point is that the consumer does not have a choice. They buy the latest and greatest that Dell sells them, and don't really pay attention to the OS, or anything else associated with the machine. People will be adopting something that they don't understand. Not a whole lot different from what goes on today.

Lots of things to think about in this piece...

[jvmatthe]

Microsoft really doesn't care about what you think; they care about what the RIAA and the MPAA think. Microsoft can't afford to have the media companies not make their content available on Microsoft platforms, and they will do what they can to accommodate them.

This brought two ideas to mind...

• Microsoft often positions themselves as a company that empowers the individual user with new software. Will this pitch ring as true when they have clearly stacked the deck to pay homage to the mighty media companies at the expense of the usual freedom that users are fast becoming used to? Or will they find a way to make less freedom seem like more, so that the individual users don't notice?
  
• My usual impression of Microsoft is that they will work around obstacles to maximizing profit. That's what C# (vs. Java) and IE (vs. Netscape) are all about. So, perhaps they'd eventually find it in their best interest to become a real media company themselves and work to lay the new foundation for replacements (or a replacement) for the MPAA and RIAA. Why not the Global Media Producers Association which encompasses all media and has a leaning towards digital distributions, effectively making the MPAA and RIAA obsolete? With such a leadership role (staying at arm's length to stave off anti-trust litigation), they could easily position themselves as the premeire distribution point for such media, without necessarily locking out other platforms (like Apple's MacOS).
  
• Wouldn't it be cool, in a way, to see Microsoft pay lip service to the RIAA and MPAA while cleverly stabbing them in the back? Microsoft is, after all, one of the most vicious hard-ball companies around, or at least has given many that impression. I say that not necessarily in a negative light, in case it comes across that way. It's kind of like enjoying watching a good bad guy in a movie. :^)
  

Ok, time for work...

Other changes in Palladium

[l33t-gu3lph1t3]

What is also interesting to note about this article is the hints it gives as to Microsoft's future plans for software security. The idea of having independant secured partitions within a computer is not new of course, but it's nice to note that MS is doing *something* about their rather poor security history. Oh GOD, please pray that they don't integrate Outlook Express with the *secure OS* portion of Palladium

Re:Usefulness of Palladium?

[imadork]

After reading the article, I can't imagine that a home user would ever make a point of purchasing a system on the order described. Hardware-level tampering resistance is a good thing for Department of Defense computers, say, but does the average home user, surfing the web and storing recipes, really have to worry about someone leeching that information from residual information that could (maybe) be gleaned from the CPU itself?

You're right -- for the average home user, a non-palladium system will be more useful than a palladiun system, all (technical) things being equal. But there will be marketing, social and political issues that will sway the average user --

• Palladium will (and already is) being marketed as a way for the average user to secure his or her own information, even if this claim is somewhat dubious. (It has been billed as a way to prevent viruses from running, because they wouldn't be signed and would not be trusted by default, for instance.) Remember that no matter what their marketing people say, Microsoft doesn't care one whit about the integrity of your data, unless they can find a way to make money from it.
• Major content distributors have, for the most part, been hesitant to distribute digital content without the ability to control it as much as possible. Once Palladium-enabled PC's ship, don't be suprised when all new CD's, DVD's, or whatever is carrying content at that time won't work on old PC's (or, old stand-alone players for that matter). This will be an incentive for the average user, who can't live without their media, to upgrade their hardware and software to Palladium-enhanced versions.
• As we have seen in the past, content distributors will buy legislation, in as many countries as possible, that will make it illegal to circumvent the "protections" in a DRM scheme, and Microsoft will be happy to offer Palladium as a way to comply with that law. (As above, this will be billed as a way to protect consumers, when in reality it is a way to protect content distributors at the expense of the average citizen.) By licensing the technology to all "established" Commercial OS (and standalone media player!!) vendors, they can dodge the Monopoly accusations while getting to Microsoft's Holy Grail -- getting money for every PC (and CD/DVD/whatever player!!!) that ships, whether or not they actually own the OS that ships on it. It has the added benefit of mandating that people upgrade their hardware in order to comply with the law!

Re:VM Could break Pd perhaps?

[Fruit]

The problem is of course in constructing the Palladium emulator (VmPd). You'd have to break a real one open to get the encryption keys out, and even if you succeed, the key of the real Palladium is licensed to you (and can be traced back to you). You won't be able to put it on a website without violating some agreement you signed when it was licensed to you.

So yes, it could work, but it's not going to be easy and it will be a significant threshold for anyone who wants to upload new materials to p2p. It'll be possible, but not casually so.

Re:Usefulness of Palladium?

[tijsvd]

After reading the article, I can't imagine that a home user would ever make a point of purchasing a system on the order described.

Unfortunately the home user won't read the article. He will read advertisement ads that promise him a computer that will make "Windows XP even more secure".

The home user bought Office 2000 because of the helpful little paperclip. He will buy this.

Re:Isnt he being a bit harsh here?

[Observer]

Certainly, Microsoft hires a lot of smart people and I'm sure that if they were given the mandate to design and implement a secure infrastructure, they could do it - something that Bruce seems to think is impossible.

Design, yes. Implement? Well, given the SSL certificate mishandling in IE that's been reported recently (and commented on in this same edition of Mr Schneier's Cryptogram), quality control still seems to be a little, um, lacking. It's a little difficult to change the whole culture of an organisation from getting the latest! greatest! new-featured! products out of the door to hit the marketing window, to one where you're concentrating on getting the thing done right, even if you need to take more time and money over it. Yes, MS will gradually improve - it has no choice as it moves into areas where errors may cost serious money - but it will be a long process.

Out side USA

[t_allardyce]

What does the bill say about foriegn piracy? will the RIAA be attacking systems that are outside of the USA? If American soldiers came over to another country and killed/kidnapped someone there would be hell to pay (ignoring Afganistan lol). Like wise, if the SAS went to America and did the same, there would also be hell to pay.

"To me, it's another example of the insane lengths the entertainment companies are willing to go to preserve their business models. They're willing to destroy your privacy, have general-purpose computers declared illegal, and exercise special vigilante police powers that no one else has...just to make sure that no one watches "The Little Mermaid" without paying for it. They're trying to invent a new crime: interference with a business model."

Thats got to be the best way i've heard it put so-far.

stuff that i cant get at?

[tx_mgm]

There's nothing in Pd that prevents someone else (MPAA, Disney, Microsoft, your boss) from setting up a partition on your computer and putting stuff there that you can't get at

now what the hell is this gonna be for? data on MY hard drive that MY computer cannot access? sounds like storage or something to me (spyware?)...
will i see any money for this (i.e. "rent") for the hard drive space that i dont get to use now?
i dont care how much or little this will take up, but i am going to want that space

Re:Are we gonna need Mod Chips for our PC's then?

[thasmudyan]

I can see it now, you will have to buy Mod chips for your PC on the grey market, to get around the hardware "security" just to install Linux..

Yes, maybe so! Obviously the first version of Palladium will be the friendliest, in order to calm critics and get user acceptance. At some point in the future you won't be able to install Linux, but before that a lot of other stuff will be gone, too. The PC will be a completely different thing, the stuff you can do with it will be outweighed by the stuff you are not allowed to do with it, by then. It will be a slow process of course, to keep the users in a spiral that is slowly spinning down (you don't want to wake them up doing harsh movements).

The main problem is, that the computer as we know it today is inherently the most dynamic tool mankind has ever built. It is based on the concept of copying and modifying data freely. Most of the computer's convenience and usefulness comes from this property. Now Palladium/DRM takes this away to the maximum extent possible without turning the whole PC into a vegetable.

This technology WILL come, and it WILL take away our most beloved toy to replace it with some ghastly Juggernaut that watches our every move. Our own PC will be treating us as the enemy!

Re:Isnt he being a bit harsh here?

[sphealey]

Sure, Microsoft has to date produced lots of software with security holes "large enough to drive a truck through". However bear in mind that the holes have usually been a consequence of the overriding principle of wanting to keep things user-friendly at all costs. Their past history doesnt imply anything about how secure they can make their stuff. Certainly, Microsoft hires a lot of smart people and I'm sure that if they were given the mandate to design and implement a secure infrastructure, they could do it - something that Bruce seems to think is impossible.

I would argue that it is in fact the very "smartness" of the people at Microsoft that makes it unlikely that MS will be able to create a secure product. Mr. Gates has explicitly stated (interview in Newsweek about 1995) that when he was hiring people to build Microsoft, he wanted very young, very smart people with no previous experience in the computer industry. And he got them in droves. So these very smart people came in and started rebuilding everything from scratch - without bothering to study the fundamentals or learn about what had been tried in the past.

So the smart people at Microsoft made every mistake that had been made in computing since 1938 all over again, without knowing they were making those mistakes or what their consequences would be. Networking is a perfect example: in their haste to bring something to market that would displace Novell (keeping in mind that Novell created the market for MS-DOS networking), the genuii at MS built a clumsy, difficult to manage, insecure contraption of a networking system that ignored every lesson Xerox, Novell, 3Com, Wang, and others had already learned.

And, thanks to the power of the installed base, we are now stuck with Microsoft Networking and its insecurities for at least the next 20 years, because everything has to be backward compatible with what is already out there.

So I would say a combination of smartness, arrogance, and lack of perspective is exactly what has brought Microsoft code to where it is today. And a corporate culture of that nature is very, very hard to change.

sPh

You're clueless.

To a 5$ an hour security person. "Sorry i forgot my pilot id".

Airline pilots don't "forget" their pilot IDs. That means an instant trip to jail.

Also do not think that an airline pilot is the equivalent to being a glorified bus driver. He is more like the captain of a ship and legally in charge of *EVERYTHING* on board the aircraft. We shouldn't just let the pilots have a gun on board, we should require that they carry and be trained thoroughly. Part of being certified to be an airliner captain should include having to pass a rigorous marksmanship test and be able to demonstrate adequate hand-to-hand physical combat skills to prevent someone from taking his gun away from him.

Refrain from jokes about pilots and alcohol. Those cases in the news lately are the extreme rare execption to the rule and are just overly hyped-up in the media because that's what the media does.... focus on anything they can hype up and blow out of rational proportion because they think their job is to first and foremost create as much sensationalism as they can... fair and balanced news reporting be damned.

Re:hardware and software keys.

[topham]

The base assumption in the XBox paper is that the key is unique to each box. But that it isn't relevent.

Once captured off the bus the key can be revealed and used to decrypt everything else as necessary.

By the way, the hardware used may have been expensive, but the hardware PRODUCED to do it was valued by the author at about $50. So a device could be created to spit out the codes easily and cheaply. It also would not have to be attached for a long period of time, just long enough to retrieve the key. As such you could, theoretically take your xbox to a shop, and be handed the key 2 minutes later. Wouldn't have to solder anything either.

Re:Why the hardware?

[Ngwenya]

Can someone please explain why the desired level of security can't be obtained by only software?

Because the control mechanism in any von Neumann machine is in the same band as the stuff being controlled (ie, the OS - which enforces the security policy - operates in the same space - the CPU's available memory - as the programs which may, or may not, behave themselves).

Ultimately, the only way to have a secure audit trail for how a computer got to its current state is to have the verifier out of band from the verified. This is why you need the trusted component (the tamper proof verifier which can sign the logs of the host system). Assuming no-one can get to the trusted component private keys (even, or especially, the computer owner), another computer can trust the signature to be an accurate representation of the state of the original machine.

By the way, it's this in-band control mechanism which means that the Internet Protocols have an incredibly hard time defending themselves against DoS attacks - because the ICMP packets travel along the same route as the TCP/UDP packets. If you can interfere with the data stream, you can interfere with the control stream as well. The phone companies found this out ages ago, which is why whistling at 2600Hz doesn't work any more.

--Ng

Re:Usefulness of Palladium?

[rseuhs]

Unfortunately the home user won't read the article. He will read advertisement ads that promise him a computer that will make "Windows XP even more secure".

The home user bought Office 2000 because of the helpful little paperclip. He will buy this.

Wrong, the home user did not buy Office 2000. If they have it at all, they pirated it.

And that's Palladium's problem. Currently, the home user is used to pirate software/music/movies and if anything tries to stop him doing it, he will refuse to use it.

There will be a market for non-Palladium systems (to be more specific, there will be no market for Palladium systems) so companies will produce for that market. If AMD and Intel are relly so stupid to refuse to make any non-Palladium chips anymore, be ready for VIA and Transmeta chips that will be bought if there is no other chance to watch "insecure" content on the PC.

Come on, this has been tried before (DivX-hardware player) it just does not work.

Re:VM Could break Pd perhaps?

[Kaa]

VmPd runs on a PC, VmPd contains all keys required to access all areas of itself. VmPd is trusted, because it is a trusted PC (which is the point of this whole mess) to do what it is expected to do.

This might work if and only if you gain access to the private keys of the Pd hardware chip.

If you have these keys, the security is broken completely and you can do whatever you want. Getting them is the hard part.

Keep in mind that you, the owner of the machine, is NOT supposed to have access to these keys. In fact they are specifically protected against YOU.

Pd is trusted in this context means that a Pd machine is trusted by Disney, etc. to display some copy-protected crap. You, the owner, is NOT the trusted party, you are the bad guy, the malicious bastard that your machine has to be protected from.

Re:Not the MPAA's bill.

[danaris]

I'm an author and a filmmaker, I've worked with the MPAA, I've seen my work pirated, I've heard studio heads freak out about the fact that their product is available on the Internet three weeks before theatrical release.

First of all, let me say that I am in no way affiliated with anyone in the industry, and, as such, am basing my comments entirely upon what I have been able to glean from other people's accounts. Thus, if anything I say is incorrect, please feel free to correct me--I am always looking for a better understanding of this subject.

I don't think any of us here will disagree that piracy happens, and, to individuals such as yourself, it might truly be a problem. However, our two main gripes are 1) they're going about fighting it in all the wrong ways, and 2) the amount of money actually lost to the RIAA through piracy is so small as to be insignificant (to them; if any of us actually got that amount of money it would probably make us very happy), and, from what I can tell, only a very tiny fraction of that would get back to the artists/movie makers/etc.

To address these points more fully:
1) Yes, the piracy happens, and digital piracy happens, but by far the biggest piracy is analog. Most of the problem isn't people ripping a DVD of a movie and distributing that (though it happens); the problem you mentioned, movies appearing early, is usually accomplished by some insider (or semi-insider) leaking it; they have access to the original source material, so none of this would stop them from copying it. The other problem is that they are assuming the consumers are all thieves, and thus punishing everyone for the sins of a few. What they could be doing instead is looking for better ways to make buying the product attractive (like dropping prices or something).
2) The RIAA/MPAA talk about numbers of pirated copies sold in a certain period (side note: how the heck do they even know? Do the pirates tell them??), and take those, with the amounts they would have been paid, had all those copies been bought from them, and come up with an amount that they call the amount of money they've lost to piracy during that period. The first problem with this is that, if they had not bought the pirated copies, most of those people would not have bought anything from the RIAA/MPAA. Then, even if those numbers were correct, I think they could afford it. How much do they spend on campaign contributions a year? I would bet that it's at least as much. And, of course, the "poor artists" who are being robbed by the "evil pirates" would get very little of the money.

Once again, if any of this information is inaccurate, please do not be offended; instead, simply tell me what I've gotten wrong.

Dan Aris

Big Corporate Brother

[DaytonCIM]

"[TCPA / Palladium] provides a computing platform on which you can't tamper with the applications, and where these applications can communicate securely with the vendor."

Does it concern anyone that Microsoft, Oracle, AOL, Disney, etc... would have control over your computer if this standard is implemented (and you use a windows platform)? Does it concern anyone that corporations and governments could delete anything they found objectionable?
Truth is: had the US government realised how big the Internet would become and how free information would flow, they never would have allowed it. With TCPA / Palladium, governments and corporations will kill the freedoms we now enjoy on the web, usenet, ftp, etc.

Re:Usefulness of Palladium?

[rseuhs]

Result: Nobody bought DAT recorders.

Well and the same will happen to Palladium-PCs.