Slashdot Mirror
Using Palladium to Secure P2P Networks
user555 writes "The RIAA and MPAA have seen Palladium as a way to prevent piracy. But this article argues that ironically Palladium may actually make P2P piracy more widespread (PDF). They argue that the security features of Palladium could be used to create P2P networks that are more resistant to attacks from content owners."
Looks to me like a cleverly planted story to attempt to stem the tide of ill-will toward the "Next Generation Secure Computing Base," a.k.a. "the lockdown technology formerly known as Palladium."
Palladium score:
Good: 1
Evil:50
"Palladium may actually make... piracy more widespread."
Yeah, piracy of Windows XP when no one wants to buy Windows Palladium Edition. It astounds me that the population in general is so ignorant and apathetic toward the loss of their rights.
barzelay.net
That, and the authors give away their toadyism to the "content industries" by referring to P2P networks as "peer to peer pirate networks," as if they have no possible legitimate use save to board ships on the high seas, murder the crew, and plunder the vessels.
Another proud carrier of the $rtbl flag
Use Palladium for secure P2P? This is probably the only time you'll hear Microsoft say "That's not a feature, that's a BUG!"
[You have a stable society when some nut guns down a schoolyard and the law doesn't change.]
the implementation of the evil bit! MUHAHAHAHA
You would like this article describing how the RIAA is attempting to battle the laws of economics.
"I can not bring myself to believe that if knowledge presents danger, the solution is ignorance" - Isaac Asimov
As the article in many more words states, It is not simple for DRM enabled sytems like Palladium to differentiate between whats actually illegal or not.
They require that the software that will interact with the DRM features actually be 'trusted'. Unless they want all software written for Palladium to be 'MPAA/RIAA' approved, anyone can write 'untrustful' code. Only one link in the chain has to be broken for it to fail completely.
So, write 'trusted' p2p file sharing.
I am afraid that someone like MS will require you to pay in the future to have the right to write 'trusted' code, or any code won't run at all.
Teamwork is a bunch of people doing what I tell them.
Schechter, Greenstadt and Smith write that "to thward piracy the entertainment industry must keep distribution costs high, reduce the size of distribution networks and raise the cost of extracting content". While that may be a true statement, it is as useful as Saddam Hussein's military advisors recommending that Iraqui aviation enginners be sent to major American defense contractors to increase fuel consumption of US bombers and reduce the accuracy of their communication systems.
Since the entertainment industry does not own fiber, switches, PCs, or consumer CD burners they must take Schechter's advice and invert it to suit the networks that they do own.
I'll restate their conclusion as follows:
To thward piracy the entertainment industry must keep distribution costs low> , reducing the total cost for consumers to acquire legitimate content. When it takes less total effort (purchase price + effort) to acquire legitimate media the users will abandon piracy. This approach has been clearly demonstrated with Apple's iTunes product.
In a previous article (with quotes from ron rivest?), it was pointed out that the question is whether or not people will be able to control the signed code that runs on their machines.
If you need an official MS signature on the code, things like p2p networks probably aren't going to fly.
Unfortunately, the knee-jerk "MS is the devil" reaction hurts everyone. Technology that allows other people to trust information coming out of your machine is useful. This paper describes a good example of an application for that technology.
The problem is going to be in the details -- specifically, as rivest (I think) pointed out, whether or not you need an MS signature to load the code on your machine.
Instead of saying "palladium is evil", we should be pushing for comparatively open implementations. Any system that runs trusted code on my machine ought to be under my control and transparent. I ought to be able to decide what I want to run, and how that code will communicate with the rest of the world.
Unfortunately, that's not going to happen, because everyone is taking a simplistic view of the issue. No one is engaging MS seriously on this, and because of that they're going to deploy a system that's not under user control, and that's not transparent.
Unauthorized copying (sometimes called piracy) is not the real threat against the __AA, but it is the easiest to defend. What they really fear is the ability of independents from creating and distributing their own content without their aid. They want to eventually force all technologies to only play content that was blessed by one of their sacred keys. Think about the CSS keys in DVDs...I am unable to produce a DVD containing my own content which is protected by CSS because I don't have access to one of the magic keys. But is my content which I own a copyright on any less deserving of full copyright protection under the law? Well, certainly the DMCA doesn't protect my content because I've been locked out of even using the popular circumvention technologies.
Well, Palladium and the like are the step towards eroding my rights as an independent creator even further. At least with DVDs, I could given enough capitalistic force create my own alternative to CSS with which I could protect my own content. But with an enforced technology, I don't even have that option open to me. Content creators will be forced to publish only through the evil media oligopoly.
BTW, on an unrelated crypto subject. What about an idea of taking advantage of what is traditionally viewed as fair rights. Say it's okay to just extract 3 seconds of media. I can then publish on a P2P network an article which includes an except of seconds 7.2 through 9.8 of a song. If enough different (and independenly-acting) people publish fair-use derived content with different 3-second extracts, one could in theory reproduce the entire original. There are also crypto techniques such as secret splitting, but the simple 3-second method may be more defendable in the interests of expression of fair rights as long as there is no collusion among individuals. Just a thought, not that I condone unauthorized copying.
Last time I checked, the RIAA was not a Law Enforcement Agency.
"Oh, Mommy, look, it's Shiny Video Game. Can we buy it?"
"No, darling, it says it only runs on Palladium, and we still run XP."
"But MOMMY, I WANT SHINY VIDEO GAME!"
Total cost of that trip to Best Buy?
People will buy whatever is being sold to them. They deserve it all, especially since they'll be trampling us on the way.John
Question though... what's to keep MS from trusting a piece of software that I don't? ex. Bonzi Buddy, Xupiter, Save Now...
It just so happens that I don't trust those apps. I don't really care for anyone to tell my computer that I trust these programs. Because I really don't.
But legally, can Microsoft only trust who they want? Wouldn't they have to trust almost everyone? Can they legally say "We're not going to sign your programs as trusted" to anyone? Wouldn't that be anticompetitive, almost?
It isn't okay to run spyware/adware/malware on my system.
Is is okay to run programs that I have written myself.
So why has MS done the exact reverse of this!?
Stop the Slashdot effect! Don't read the articles!
It's a research paper. For school. It's not journalism, not a "cleverly planted story," it's a bloody academic essay. It is sitting in a student's directory on a Harvard server. The only "planting" I see is the link Slashdot provided to it in the first place.
The coolest voice ever.