Forgot your password?
typodupeerror
Microsoft Your Rights Online

Palladium's Power To Deny 568

Posted by timothy
from the back-in-line-you dept.
BrianWCarver writes "The Chronicle of Higher Education has the most detailed article I've yet seen on Microsoft's Palladium architecture. The article discusses the potential Palladium has to give publishers power to eliminate fair use and the potential for software manufacturers to use Palladium to enforce shrink-wrap licenses. Comments from several great sources including, Ed Felten (Freedom to Tinker), Eben Moglen (pro-bono counsel for the Free Software Foundation and recent Slashdot interviewee), and Seth Schoen (Electronic Frontier Foundation) among many others. Key quotations from article: Palladium could create 'a closed system, in which each piece of knowledge in the world is identified with a particular owner, and that owner has a right to resist its copying, modification, and redistribution. In such a scenario the very concept of fair use has been lost.' 'Palladium will "turn the clock back" to the days before online information was widely available.' and 'Microsoft could decide to lock everything up.'"
This discussion has been archived. No new comments can be posted.

Palladium's Power To Deny

Comments Filter:
  • Excuse me, but (Score:5, Informative)

    by Raul654 (453029) on Monday February 17, 2003 @01:50PM (#5320227) Homepage
    Wasn't there an article on slashdot a while back talking about how someone had defensively patented Palladium-DRM schemes in order to prevent M$ from doing exactly this? If so, then how can M$ do this now -- would it not be in violation of such patents?
    • by rgoer (521471) on Monday February 17, 2003 @01:54PM (#5320263)
      Here is the one-step process MicroSoft will surely follow in the interest of sidestepping those patents you mention:

      1. Billions upon billions of dollars
    • Re:Excuse me, but (Score:5, Insightful)

      by retards (320893) on Monday February 17, 2003 @01:56PM (#5320280) Journal
      Maybe by buying the patent or suing the owner of that patent until he/she is forced to sell it or capitulate. Sound familiar? It takes money to use a patent as leverage.
    • Re:Excuse me, but (Score:5, Interesting)

      by sh!va (312105) on Monday February 17, 2003 @03:20PM (#5320821)
      So I was meeting a very successful entrepreneur and he gave me this insight:
      Patents can be used to ward of small competitors to a business. You cannot use a patent to ward of microsoft or ibm or any other large company with a large amount of money in the bank. You can sue them for patent infringement, they would drag the case in court, fight for a year or so and pay you a million bucks at the end. But by that time, they've already done whatever damage they could, and your company is bankrupt.
      Of course this doesn't work if the patent holder is a big company such as one of the above.
      Moral of the story is: if big players want to infringe smaller players' patents, they could do so and have a good chance of getting away with it for not that much money.
      Such are the wonders of capitalism.
      • No, such are the wonders of STATE capitalism.

        In a free market, you wouldn't have IP laws - and probably you wouldn't have companies the size of Microsoft either - in fact, since corporations are state creations, you might not have that form of company at all - nor could they sue small companies for frivolous patent infringements...

        OTOH, they could copy small companies technology and use their marketing clout to beat them - except that usually small companies are much more adept at that than big ones...

    • Re:Excuse me, but (Score:5, Informative)

      by SiliconEntity (448450) on Monday February 17, 2003 @04:17PM (#5321143)
      Wasn't there an article on slashdot a while back talking about how someone had defensively patented Palladium-DRM schemes in order to prevent M$ from doing exactly this?

      That was cypherpunk "Lucky Green", who said he submitted a patent application on ways to use Palladium for software copy protection. This was after Microsoft publicly told him that not only did they have no plans to do that, they couldn't even think of a way to use the technology for that purpose. Lucky said that he could think of lots of ways, so he'd go ahead and patent them. You can read more about Lucky's plans here [mail-archive.com].

      I haven't heard anything about this lately, and a recent patent office search for applications under Lucky's real name (widely known, his initials are MB) didn't turn up any hits. So I don't know if he actually went through with it or not.
  • Not a problem (Score:3, Insightful)

    by Anonymous Coward on Monday February 17, 2003 @01:50PM (#5320228)
    Software companies will still have to sell software to survive. If people don't like the restrictions - they will shop elsewhere. I see this as nothing but a replacement for the dongle.
  • bah (Score:3, Funny)

    by MentLTheo (607841) on Monday February 17, 2003 @01:50PM (#5320229)
    This is just Microsoft's way of seperating the men from the boys. They just want to be able take guys like me who only use windows for gaming and push us away from the OS altogether so they know who their dedicated users are. Thats when they break out the 'kool-aid' and ascend to heaven in a spirtual journey.
  • =[ sad (Score:3, Interesting)

    by Vodak (119225) on Monday February 17, 2003 @01:50PM (#5320231)
    It saddens me that some US people are spending all this time and energy protesting a war that hasn't happened yet and could give a crap about things happening in their own country in regards to their freedom. And it's not just this story, it's all the freedoms that are being taken away thinks to the events of 2001.
    • Re:=[ sad (Score:5, Insightful)

      by Tim C (15259) on Monday February 17, 2003 @01:56PM (#5320284)
      Well, perhaps they are just more concerned about the potential loss of life, than some computing thing that they've never heard of?

      Palladium may well be very news worthy in the industry press, but trust me, almost no-one outside of the IT industry is going to have heard of it. *Everyone* has heard about Iraq.
      • Re:=[ sad (Score:5, Interesting)

        by Vodak (119225) on Monday February 17, 2003 @02:00PM (#5320320)
        I won't get into the war argument here on slashdot, I mean I could argue either side. My comment was in regards to the fact that the United States is being destroyed from with in and few people are seeing it.
        • Re:=[ sad (Score:5, Insightful)

          by Tim C (15259) on Monday February 17, 2003 @02:10PM (#5320385)
          Ah, but few people are seeing it because it's not happening all at once.

          Things like this, the general population won't know about until it's implemented and is being sold to them, and then, they'll only have the positive marketing spin (and perhaps a little bit of nay-saying in the general press, but nothing technical or deep).

          Things like the laws passed in the wake of the WTC attack get through, becuase

          a) it makes people feel safe, and as though people are doig soemthing about it
          b) "I have nothing to hide"

          I do agree with you, and take some solace from the fact that I'm in (and from) the UK. Of course, where the US leads, we (blindly) follow...
          • Re:=[ sad (Score:3, Insightful)

            by antirename (556799)
            Thank god it's not the other way around; think gun control. And no, this isn't offtopic. Whatever your opinion is on the matter, it is certainly a perfect example of a constitutional right being taken away a little at a time on the basis of emotional arguments and debatable statistics. Maybe fair use (not saying it's a constitutional right, but it certainly is well enshrined in U.S. law) is the next to go the way of the dodo bird. Sure looks that way to me... emotional arguments, few alternatives to "banning" presented by the RIAA and their ilk, statistics on "lost revenue" that may or may not show cause and effect, and a steady chipping away of our rights. However, there is a lot more money involved here, at least when you compare the tech industry/media industry to the amounts that the gun companies/anti-gun groups pull in. And yeah, I left out the citizens that are effected by these laws. Unless you have a group with a name, a letterhead, and some money to spend on campaign contributions your voice will only be noted, not heard. I say slashdotters need some airtime. Something like a slashdot PAC might generate enough interest (and be unusual enough) to at least get a soundbite on CNN or Fox News. Anyone up for it? Or are we all going to sit here and wait for the chiseling away at our rights turn into sound of large jackhammers?
      • Re:=[ sad (Score:3, Insightful)

        by Malcontent (40834)
        And yet your chances of being killed by iraq are nill. You have a better chance of winning the lottery then being killed by iraq. Your chances of being effected by palladium OTOH is almost 100%.

        "they" are worrying about the wrong thing. "They" are also incapable of worrying about more then one thing at a time. "They" worry about whatever the media tells them to worry about.
    • Re:=[ sad (Score:4, Insightful)

      by skillet-thief (622320) on Monday February 17, 2003 @02:12PM (#5320399) Homepage Journal
      I agree that it would be better if people were more aware of what is happening to their rights. They need to get past the idea of the computer being just a tool, and into the idea that the details of computer interoperability and the laws on intellectual property are going to determine the social fabric of tomorrow.

      But as far as your comment goes :

      It saddens me that some US people are spending all this time and energy protesting a war that hasn't happened yet
      WTF?

      A. It is hardly saddening, that the people are concerned about their gov't jumping into war.

      B. Isn't smarter to protest before a war happens, than after?

  • by bizitch (546406) on Monday February 17, 2003 @01:50PM (#5320232) Homepage
    for Microsoft that nobody has yet claimed the intellectual property rights on evil ... yet
  • Rerun... (Score:2, Interesting)

    by Infernon (460398)
    'Palladium will "turn the clock back" to the days before online information was widely available.'

    Wouldn't that be history repeating itself?

  • What's the issue? (Score:5, Insightful)

    by Anonymous Coward on Monday February 17, 2003 @01:50PM (#5320234)
    Palladium, like computers and any other bit of technology, is a technology that can be used for good or evil. The people pushing it are only pointing out the good. The people against it are only pointing out the evil. In the end, if it doesn't work people will shun it like it's the latest version of TurboTax.

    This isn't where the fight should be. Instead, we should be avoiding the products of the companies that would use such technology for purposes of controlling what we can do with what we own.

    • by gosand (234100) on Monday February 17, 2003 @02:41PM (#5320586)
      This isn't where the fight should be. Instead, we should be avoiding the products of the companies that would use such technology for purposes of controlling what we can do with what we own.

      Sorry, you don't own anything anymore, you license it.

      While I agree with you in principle, I know that it won't work. Old saying - an ounce of prevention is worth a pound of cure. The average person, which BTW outnumbers the "in-the-know" crowd by about a million to 1, will not care. If the only thing that Dell sold was Palladium computers, the public would buy them. They won't go out of their way to avoid it, they will fork over their cash because as far as they are concerned, it isn't a big deal.

      Our duties as the technically literate is to make sure that things like Palladium do not happen. The (potential) cost far outweighs the (potential) benefits.

      • by Sycraft-fu (314770) on Monday February 17, 2003 @03:07PM (#5320744)
        Is to educate the massess. Sorry but you aren't going to legsliate something like this out of existance. Even if you could, it would kind of be a strongarm tactic on par with what the RIAA does in reverse. However the public can be convinced it's a bad thing and told not to buy it. Happened with Divx. Hollywood had decided they liked the Divx pay-to-play model and it, not DVD (it was a DVD extension) would be the next big thing. Most studios were doing Divx-first releases and some were doing no DVD releases at all.

        Well people got together and educated the average joe on why Divx sucked and why they should not buy it. The acerage joe listened, Divx sold for shit, and Circut City took a bath to the tune of $100 million.

        That's the real way to beat Pallidium: Convince the public it's bad and that they don't want it. Companies go where the money is, and if people won't buy Pallidium stuff, they'll stop selling it.
      • They won't go out of their way to avoid it, they will fork over their cash because as far as they are concerned, it isn't a big deal.
        Ah, but you're wrong. Who do you think those millions of !"in-the-know" ask for computer advice and support? How susceptible are they to the advice of those who are more technologically-minded? I bet you if a good deal of people got the word out that Palladium (or whatever the hell it's called now) is bad deal, then DELL might find itself selling fewer system running Palladium.

        I know I wouldn't advise anyone to buy such a system, much less buy one myself. Would you?
    • Re:What's the issue? (Score:5, Interesting)

      by Nursie (632944) on Monday February 17, 2003 @02:42PM (#5320600)
      >> In the end, if it doesn't work people will shun it

      Whilst it is true that if it doesn't work at all then it will be shunned, it is not so true if it doesn't work in the interest of the consumer.

      If Microsoft start making 'agreements' with vendors like Dell and HP to sell only (or mainly) Palladium'd boxes then people will buy them. Especially if there's some sort of discount price incentive put in place.

      It's a sad fact that we often have to face here, that the average person just wants 'a computer', and they don't care about how it works, who's really in control, and why that might be bad. As long as Mom and dad can do their tax, and the kids can play the latest incarnation of Tomb raider or Quake then all is just dandy.

      Once again our fate rests with the teenagers. If they can complain just loudly enough to mom and dad that they heard that computers from .* supplier don't work properly (i.e. allow music/video/whatever to be exchanged freely) then maybe nobody will buy them and disaster could be averted.

      Sad state of affairs really isn't it?

    • by Anonymous Coward on Monday February 17, 2003 @02:54PM (#5320664)
      You're absolutely right. I don't see how Microsoft will control your data. Palladium is 100% user controlled - if I as a user want to generate data that self destructs, that's my perogative. Microsoft won't have control of the system or the keys.

      The Palladium spec also allows for it to be enabled/disabled. If you don't want it on your computer, don't enable it. Don't buy stuff that requires Palladium.

      If you want MP3s, you can still go to the record store and rip all the music you want. When the record companies find that nobody is buying their DRMed music from the web, they'll be stuck.
    • by supabeast! (84658) on Monday February 17, 2003 @02:55PM (#5320673)
      I agree. Capitalism should have no problem eliminating overzealous, opressive DRM. There will be other companies producing hardware without Palladium. There will be software that does not use Palladium's DRM. There will be audio and video that is not tied down by Palladium.

      All we have to do is accept that, and stop giving money to the rest. Unfortunately, the leaders in the movement against DRM are hypocrites like the Slashdot editors, men who attack companies like AOL/TW, Microsoft, Blizzard, Disney, etc, and then purchase and promote these companie's products with their next breath. These men have plenty of talk but no moxie. Until these idiots can stop buying a copy of Windows XP to play Warcraft III on while watching a "Fellowship of the Rings" DVD, they are just supporting the technologies they complain about, and doing NOTHING to stop the problem.
  • Correction (Score:5, Interesting)

    by manyoso (260664) on Monday February 17, 2003 @01:52PM (#5320252) Homepage
    You mean 'The Technology Formerly Known As Palladium' ;)

    What is particularly maddening about Palladium is the repeated claims that this offers a security benefit for end users. Microsoft is trying very hard to trojan in this DRM technology as a part of the Trusted Computing initiative. If this is the form of 'trust' they are speaking of then I want nothing to do with it.

    Buy your processors now before they are infected with all of this Palladium/TCPA nonsense.
    • Re:Correction (Score:5, Insightful)

      by kfg (145172) on Monday February 17, 2003 @02:03PM (#5320343)
      Lies are truth and the truth are lies.

      The oldest trick in the book is to identify that aspect of your product that is going to be most harmful to your customers and spin it as a plus.

      Nobody advertises 40 room mansions on 1000 acres as "spacious." That epithet is reserved for studio apartments in a "bee hive."

      KFG
    • by haeger (85819) on Monday February 17, 2003 @03:23PM (#5320841)
      Yeah, they changed the name from Palladium to Trusted Computing Platform didn't they? And since we all agree that its main purpose is to keep peoples right to their interllectual property perhaps we should call it:

      Trusted Computing Platform / Interlectual Property, or just TCP/IP for short.

      I see an embrace and extend coming our way...

      .haeger

  • by Anonvmous Coward (589068) on Monday February 17, 2003 @01:53PM (#5320257)
    'Microsoft could decide to lock everything up'

    Isn't the reality that the content creators would be the ones locking everything up? Who says MS is going to for them?

    Another stupid poke at MS I assume? Damn that's getting old.
    • its the associative property (or is that transitive)?

      - most providers use M$.

      - M$ software will be blocking-friendly

      - therefore most providers will also be blocking-friendly

      that's the cause/effect he was referring to, I believe. not that M$ directly will block; but its the popularization and embracement of their crap that will seep its way into the rest of the net and fsck us all up in the process.
      • by Anonvmous Coward (589068) on Monday February 17, 2003 @02:18PM (#5320443)
        "that's the cause/effect he was referring to, I believe. not that M$ directly will block; but its the popularization and embracement of their crap that will seep its way into the rest of the net and fsck us all up in the process."

        Hmmm possibly. I'm not completely convinced of that, but I'm not ignoring it either.

        Here's what gets me though, why is MS the bad guy here? Obviously there's some demand for MS to fill here. The chances are Hollywood is telling MS "we'll start making movies ready for PC when we have the protection we need". MS knows that content will provide a new interest in PCs. They're probably bending over backwards to get Hollywood's support.

        I don't think MS is interested in locking up your data (their install CD's have trivial copy protection, btw...), I think they're interested in getting content creators on board. If you want to point a finger, point it at the MPAA. They (plus the RIAA) are the ones that think this type of thing is important. (SSSCA) MS wouldn't introduce these restrictions and piss off their customers (like an office setting wants to deal with more pain from their computers) unless they thought there was a huge benefit to it.
        • by IamTheRealMike (537420) <mike@plan99.net> on Monday February 17, 2003 @04:45PM (#5321314) Homepage
          Here's what gets me though, why is MS the bad guy here? Obviously there's some demand for MS to fill here.

          Yeah. Actually I've been told (by an MS exec) that the demand is mostly coming from normal business. They like the idea of keeping control of internal documents, keeping it secure, all the benefits of DRM etc. I've seen a roundtable discussion at a conference that was discussing the benefits a new age of DRM will bring, these guys were really enthusiastic but they weren't from the MPAA or RIAA. They were just business people (except the blonde in the short skirt, I think she was just there to distract the attendees).

    • Both (Score:5, Interesting)

      by Kwil (53679) on Monday February 17, 2003 @02:06PM (#5320358)
      Obviously you can see how, being the folks developing the software, Microsoft can (hell, probably *will* as a software protection feature) program in the ability to encrypt the data into a form that only Microsoft can read, and put a remote based command as the trigger.

      So you sign in for your latest Windows Update (which you'll have to because if you don't, your encryption will soon be out of synch and nobody will be able to read squat that you make), Windows Update detects that "Hey! This copy of Palladium has been registered in a different computer", not knowing that you've just moved the hard drive over to a newer chassis with more expansion room, and sends the code to lock it all up, so that all you get on bootup is a message to "Call Microsoft at ... for payment and product activation info"

    • by Qzukk (229616) on Monday February 17, 2003 @02:22PM (#5320463) Journal
      Isn't the reality that the content creators would be the ones locking everything up? Who says MS is going to for them?

      Content creators? HA!

      You mean publishers right?

      If this DRM stuff goes through the way everyone wants it, your "content creators" will have two choices: DRM-enabled-digital, or cassette tapes.

      Like hell the RIAA will let mp3s (or ogg) exist anymore, and if they do, I'll bet the default setting for any mp3 you record will be "don't copy this". How much do you think the RIAA will want to be paid for the right to change that bit? Changing it yourself is a violation of the DMCA, even though you're the copyright holder because the DMCA protects that bit not your copyright.
      • Changing it yourself is a violation of the DMCA, even though you're the copyright holder because the DMCA protects that bit not your copyright.

        Bullshit. It is illegal to circumvent a technological method for protecting access to a copyrighted work. Since you own the work in question, and the bit is not copyrighted, you may abuse the encryption any way you like.

      • What you and nearly everyone else here seem to be missing is that "DRM Technology" also contains the ability to define NO restrictions! Just like on DVDs where there is a "Regeon Free" bit that can (and is) set by the publishers of the material.

        So Indie musicians (Like myself) have NOTHING to fear about this. In fact, maybe for the first time if an Indie musician decides that they WANT to control their music (About 1 in 20 do) they now have the power to do so, while the others will have the power to grant unlimited lisence so you know you are copying legally.
    • by SirSlud (67381) on Monday February 17, 2003 @02:35PM (#5320547) Homepage
      The US resembles the late UK 19th century 'free market out of control' situation so badly (replete with your modern day Gilbert and Sullivans attempting to enforce unreasonable copyright laws on multinational soil) that people really have forgotten that 'content creators' dont have a say. Content buyers, content distributors, content publishers, have ALL the power.

      Funny how every drastic social backlash seems to be preceded with a golden-age of middle-men. Just ask yourself when the last time you actually hearn an honest to god content creator speak his or her mind .. and no, any "content creator" that owns a record label (the P. Diddys or Missy Elliot) don't count since their interests are planeted firmly in the middle-man mindset. I garauntee you most artists and musicians would wanna slap ya upside the head for calling the Hollywood juggernaut content creators. They are publishers.

      Read up on some copyright history and you'll see we played this game about 100 years ago when piano roll technology hit the market and the UK saw rampant 'piracy' in the US. Find out why publishers are consistantly mistaken for content creators over and over in the latter stages of each cycle in the history of copyright law.
    • by DickBreath (207180) on Monday February 17, 2003 @02:37PM (#5320561) Homepage
      >>'Microsoft could decide to lock everything up'

      Isn't the reality that the content creators would be the ones locking everything up? Who says MS is going to for them?
      Another stupid poke at MS I assume? Damn that's getting old.


      Thanks for clearing that up. I guess I was mistaken to think that Microsoft would act evil based upon their past behavior. (BTW, we should stop judging Saddam by his past behavior also. He would never hide WMD, use WMD, etc. Not to suggest that the scale of these "evils" are comparable.)

      Isn't the reality that Microsoft, making the software, and security system, will have absolute control. I think this will work as described in a Letter from 2020 [osopinion.com].
      Anything I write on my computer or any music I create gets stored by Word.NET and Music.NET in encrypted formats to protect my privacy. No one but me, Microsoft.NET and the National Corporation can read or hear my stuff.....
      Silly me, if we end up with a world as described by this vision, I shouldn't blame Microsoft, they have no culpability in this.
  • Same ol' story (Score:5, Insightful)

    by vDave420 (649776) on Monday February 17, 2003 @01:53PM (#5320261)
    Palladium does nothing for me as a consumer. I will (as many others will) simply upgrade to the N-1th system, where N is the first Palladium system available. I use computers because of the turing-complete properties of them. A computer can mimick almost anything! A neutered computer at an increased cost (R&D costs, people! It costs *Us*, not Bill!) does nothing to entice me. What is the benefit to Me? Nothing real... Period. -dave-
    • Re:Same ol' story (Score:4, Insightful)

      by binaryDigit (557647) on Monday February 17, 2003 @02:46PM (#5320619)
      I will (as many others will) simply upgrade to the N-1th system, where N is the first Palladium system available.

      Right, but one of the points of the article is that if content providers buy in to palladium, then their content will not work on your N-1 system. Obviously if you're not using anything from these providers then it's not a big deal, but if you love playing Blah online and they suddenly require the system you're on to be running Palladium, then you either pony up or you decide to no longer play. That's the biggest concern. This applies to people saying "I'll just switch/use Linux/Mac/Whatever".
    • The benefit of Palladium-enabled architectures will be (for one example) the ability to download MPAA-approved Hollywood blockbusters. Without the Palladium hardware "enhancements" you'll simply be locked out.

      What happens when all digital TVs, cellphones, and laptops must be Palladium-capable in order to even use email? I know this is scenario is not guaranteed, but it might become reality unless some hacks to route around Palladium come into being, presuming your early 21st-century processor can produce passable certificates (Beowulf clusters aside).

      Some theoreticians compute the value of a network as the square of the number of nodes it contains. If consumers are jazzed to buy Palladium-enabled devices because it's the only way to let the HDTV babysit the kids with Disney's Steamboat Willy, you can bet all of your legacy hardware that the nodes of the Palladium network will multiply out of control.

      Your n-1th system will be as useful and desirable as a late 80's IBM 386, minus collector's value.

  • by vivek7006 (585218) on Monday February 17, 2003 @01:54PM (#5320264) Homepage
    Print: The Chronicle: 2/21/2003: Control Issues
    From the issue dated February 21, 2003


    http://chronicle.com/free/v49/i24/24a02701.htm

    Control Issues Microsoft's plan to improve computer security could set off fight over use of online materials

    By FLORENCE OLSEN

    Computing experts in academe often blame Microsoft for producing software that is vulnerable to viruses and hackers. But, of late, the experts have been criticizing the company's sweeping plan to correct those very deficiencies.

    Under the plan, announced seven months ago under the name Palladium, new computers would be equipped with security hardware and a new version of the Windows operating system.

    The goal, Microsoft officials say, is to make servers and desktop PC's that people can trust. But critics say the technology, which Microsoft recently renamed "the next-generation secure computing base," could stifle the free flow of information that has come to characterize the Internet, and could give Microsoft too much control over colleges' own computerized information.

    With the new technology, information-systems officials could use cryptographic hardware "keys" rather than software controls, like user names and passwords, to lock up student records and prevent illegal copying of materials. Registrars would have tamper-proof controls over who could see, copy, or alter the records. The advances could be used to prevent identity thieves from invading campus computer networks to steal Social Security numbers, grades, and other personal data.

    Money and Access

    Palladium would require colleges to make expenditures on new computers and software. Existing computers could not be retrofitted.

    Colleges would decide whether to buy Palladium-capable software and hardware, and then whether to activate Palladium's security functions. But practically speaking, they would face enormous pressures to do so, especially if publishers of books, journals, software, and other electronic "content" were to adopt Microsoft's standard to deliver their materials online. The publishers could dictate that colleges had to use Palladium or else be denied access to the material. That worries many in academe, who believe that publishers would use Palladium to bar some uses of digital materials to which scholars argue that they are entitled under copyright law. That loss may outweigh the advantages of tighter security over student records, the critics say.

    "If Palladium is adopted, and if other technology vendors exploit it fully to restrict access to copyrighted works, education and research will suffer," says Edward W. Felten, an associate professor of computer science at Princeton University, who was the U.S. Justice Department's chief computer-science expert in its antitrust case against Microsoft.

    Microsoft officials respond that their new technology will simply give all users --whether colleges or publishers --more control over the information they own. Colleges have been demanding more computer security, says Brian LaMacchia, a software architect in Microsoft's trusted-platform-technologies group, which is responsible for Palladium. "It's a two-edged sword," he says, acknowledging that commercial publishers have demanded greater protection for their copyrighted works.

    Palladium's software components will be part of the next major version of Windows, which Microsoft has said it may release toward the end of 2004. Some hardware components that Palladium needs, including a security chip, are available already in a notebook computer, the IBM ThinkPad T30. Chip manufacturers and the major computer companies --Dell, Gateway, Hew-lett-Packard, and IBM, among others --have begun work to redesign PC's so that they will work with Palladium software.

    A key component of Microsoft's new technology is the "nexus," a minisystem that runs in a sealed-off area in the computer's memory, where private transactions can be conducted, and where designated security and copyright policies would be enforced. In theory, the nexus is immune to many of the problems that plague Windows machines, like viruses.

    Moving away from password-protected security and toward security that is built into the hardware would make campus networks less vulnerable to hacker attacks, Microsoft officials and academic experts agree. "Once you move to hardware security, then you're talking about deterring 98 to 99 percent of all hackers," says David C. Rice, a security consultant who is an adjunct faculty member in the graduate program in information security at James Madison University.

    Here's how Palladium works: If a program --with its nexus --were running on a server in, say, a college registrar's office, the server would ask any computer that tried to gain access to student records on the server to certify what program it was running. The server would block access to the records if the computer were running an insecure program. Such questioning of another computer is not part of most security mechanisms in use today. As a result, college computer systems are repeatedly victimized by hacker attacks.

    Mr. LaMacchia says that Palladium also would permit personal data and other files to be kept secret on the computer's hard drive in an area where the data would be unreadable by any program other than the one on the computer that created them.

    "It's definitely going to solve a lot of security problems, but it's like any kind of new technology," says William A. Arbaugh, an assistant professor of computer science at the University of Maryland at College Park. "It can do good or evil."

    Fair Use

    Whether it is used for "good" or "evil," he says, will depend on who gets to control the technology --colleges or the publishers whose "content" the colleges use.

    Most of the early controversy surrounding Palladium in academe has concerned its impact on "fair use," a gray area in copyright law that gives professors and researchers limited but free use of copyrighted materials. In the past, faculty members could decide on their own that "fair use" permitted them to distribute a journal article to, say, 10 students. But publishers could use Palladium's controls to unilaterally limit use of their materials, such as by restricting professors to a read-only view of the article, from which they could not "cut and paste" the text.

    With Palladium, owners of content would gain at the expense of consumers of content, including professors and students, says Eben Moglen, a professor of law and legal history at Columbia University. In fact, if Palladium were to become a widely accepted way of protecting copyrighted material, Mr. Moglen says, it would create "a closed system, in which each piece of knowledge in the world is identified with a particular owner, and that owner has a right to resist its copying, modification, and redistribution."

    In such a scenario, he says, "the very concept of fair use has been lost."

    Ross Anderson, who holds a faculty post as a reader in security engineering at the University of Cambridge's Computer Laboratory, says Palladium will "turn the clock back" to the days before online information was widely available.

    The biggest losers, he says, will be "small colleges, poor schools, universities in Africa, hospitals in India --the people who have benefited hugely from the availability of vast amounts of information that was simply unavailable to them before."

    Publishers generally support the type of copyright-enforcement mechanisms that would be in Palladium systems, although "there would be some concerns about bugs in those systems," says Ed McCoyd, director of digital policy for the Association of American Publishers. For example, he says, even now, while publishers complain about the inflexibility of technical controls in electronic-book readers, they do not want to share those controls with users.

    "They certainly want to have sufficient flexibility in the publisher settings --one publisher might choose to enable printing, one might not," Mr. McCoyd says. But with the new technology, he predicts, publishers will insist on controlling the software settings for what they "consider to be fair use."

    Some experts argue that computer and network security are so weak today that the benefits of Palladium outweigh any risks that Microsoft, or content providers, would abuse the new controls.

    "Microsoft could decide to lock everything up," says David J. Farber, a professor of telecommunications systems and of business and public policy at the University of Pennsylvania. "But there is nothing a priori that says they'll be all bad boys."

    Indeed, Microsoft says it is listening to its critics. It has been talking with academic researchers about the new technology far earlier than usual in Microsoft's product-development process. "Part of the reason has been to hear the feedback --positive and negative --from the academic community, analysts, influentials, and others," says Amy Carroll, group manager of Microsoft's trusted-platform-technologies group.

    Palladium's software architects have given several guest lectures at universities in the United States and Britain, in part, Ms. Carroll says, to listen to academic concerns "and, hopefully, assuage them."

    Many of the concerns are a result of misunderstanding what the new technology will do and how it will work, Ms. Carroll says. Microsoft plans to publish the source code for its nexus, she says, so that "people can view the code and see that it will do what we say it will do," and see that it will not give the company control over colleges' computerized information.

    Even Palladium's critics see good uses for the technology, like maintaining the privacy of student records. Colleges may want to have Palladium activated on some servers to keep them from running "pirated software, MP3's, or anything that is illegal," says Mr. Rice, the security consultant.

    More Worries

    But Palladium is worrisome to college officials for reasons other than an erosion in the fair use of copyrighted materials. Jeffrey I. Schiller, a network manager at the Massachusetts Institute of Technology, says software companies most likely would use the program to enforce license agreements that many in academe believe are legally unenforceable. For example, more and more software licenses forbid users from running tests known as benchmarks to measure the performance of one company's software against that of its competitors.

    Some critics, like Mr. Schiller, say Palladium might achieve the results intended by the Uniform Computer Information Transactions Act, a model law devised by the National Conference of Commissioners on Uniform State Laws, which has been enacted only in Maryland and Virginia. Ucita is "an attempt to give these software licenses the force of a signed contract, even though you didn't sign a contract," Mr. Schiller says. With Palladium, technology would "enforce" the licenses de facto, he says.

    Microsoft insists that its new technology is a neutral platform. "It is certainly possible that an application vendor could choose to use [Palladium] to evaluate and enforce some software licensing terms," acknowledges Ms. Carroll. But "at the end of the day," she says, "the terms of the license for an application are strictly an issue between the vendor and the university."

    Others think Palladium would be an anti-competitive tool in the hands of software publishers, especially Microsoft, which, in 1999, was found guilty by a federal-district court of monopolistic practices. With Palladium, software publishers could decide to create programs that refuse to work with rival programs, a tactic that is difficult for them to get away with now, says Seth Schoen, a staff technologist at the Electronic Frontier Foundation, a group that promotes civil liberties in cyberspace.

    Critics of Palladium frequently cite a hypothetical situation in which a company makes a word-processing program that requires Palladium to run and that encrypts all of the documents that it creates. "Any other Palladium user who is also using that same word processor will be able to decrypt and view the documents," Mr. Schoen says, "but nobody without access to Palladium or who uses a different word processor would be able to derive the necessary decryption keys."

    Microsoft faces an uphill battle to win acceptance for Palladium in academe. College students, many of whom are used to playing illegal copies of music and videos on their personal computers, may be resistant.

    "They're not going to consciously go out and buy a product that necessarily limits their ability to do what they want to do," says Mr. Rice, the security consultant. "They'll definitely buy a product if it means security for them. I don't know if they're going to buy a product if it means security for somebody else."

    The Business Software Alliance, a trade group representing software companies, declined to comment on Palladium, citing a policy of not talking about its members' products. But Robert M. Kruger, vice president for enforcement, says the group is beginning to tilt more toward technology to enforce copyrights.

    In dealing with software and other copyright piracy on campuses, colleges "aren't sending the message as aggressively as we would like," he says.

    Will MIT, whose researchers have studied Palladium, want to run it? Maybe not, says Mr. Schiller, the university's network manager. "Personally, I would never use this technology," he says. As for MIT, though, it's an open question, he says. "Palladium has to become more real for us to really decide if we can use it."

    "If I had my druthers, I'd love the technology to be available and used for all the good things we could use it for," Mr. Schiller says. "But I'm enough of a realist to know that's not how it's going to play out."

    WHAT PALLADIUM WILL AND WON'T DO

    Microsoft's Palladium project is designed to make Windows computers more secure. But computer experts are concerned that the technologies being used to make computers more secure will block the free flow of information needed for teaching and research.

    Palladium will:

    • Run programs that could prevent illegal copying of or unauthorized access to information stored in PC's.

    • Permit owners of digital information, whether copyright holders or registrars responsible for student records, to set tamper-proof controls on who can see, copy, and alter digital files.

    • Prevent unauthorized access, via a computer network or the Internet, to Social Security numbers, credit-card information, and other personal data stored in PC's.
    Palladium will not:
    • Replace the Windows operating system.

    • Search the Internet to detect and delete pirated software, music, and movies.

    • Eliminate spam and software viruses.

    • Prevent a digital thief from gaining access to a computer in person and disabling its hardware security features.
    SOURCE: Chronicle reporting
    Front page [slashdot.org] | Career Network [slashdot.org] | Search [slashdot.org] | Site map [slashdot.org] | Help [slashdot.org]
    Copyright [slashdot.org] 2003 by The Chronicle of Higher Education

    • by DickBreath (207180) on Monday February 17, 2003 @03:09PM (#5320760) Homepage
      Microsoft plans to publish the source code for its nexus, she says, so that "people can view the code and see that it will do what we say it will do," and see that it will not give the company control over colleges' computerized information.

      How reassuring.

      Look, here are the complete mechanical drawings for my handcuffs and leg shackles. Anyone is free to study them and see that they will really do what we say when they put them on your hands and feet.

      In order to actually be secure, they have to be able to trust the software running. This means that nobody can compromise, for instance, Windows Media Player. But then this means that anyone could make an EXE that cannot be compromised.

      Just imagine....
      • E-mail clients and Browsers that won't let you copy the content.
      • E-mail clients that will automatically delete the message after a certian time, or will ensure that you read the message.
      • Programs that can send your private information somewhere, encrypted. You can't do a darned thing about it. The program can just refuse to run. You can't compromise the integrity of the program.
      • In a nutshell... In the most general sense... A program can do any manner of evil thing, and you can't compromise it.
      Sure I buy the "secure" aspect of it. A virus can't compromise an executable either before or during its execution. Great. But this means that the user can't compromise it either. This means that a program can do any manner of evil thing and we are powerless.

      Surely programs would never do evil things such as...
      • Violate your privacy
      • Gather information on your consumer habits
      • Pop up advertisements
      • Cause unwanted crap to appear at the top of your search results
      • Overwrite your boot sector
      • Disable your Free software
  • by banana fiend (611664) on Monday February 17, 2003 @01:54PM (#5320265)
    This (and other) articles and flames posting about the world ending with Palladium have ignored the fact that it is about safety for computer programs, running trusted code and keeping virii to a minimum. It's not such a bad idea.

    It will only be harmful if some large monopolistic company decides to abuse it for their own purpose and to restrict the access to "passports" to viable code, and block off homegrown software ("openly developed software" - if you will) from gaining pre-eminence over their own solutions

    I sure hope there are no big companies out there like that.

    • Re:Not Necessarily (Score:3, Insightful)

      by bmwm3nut (556681)
      i agree that not running "trusted" code would be a good thing. but you can get around it quite easily (i think). look at the most common type of virus/worm/whatever you call it today...the outlook email problem. remember that outlook or windows is the actual program that is running, the emails that cause these problems are basically scripts. the scripts are neither trusted nor untrusted, they're just commands you could have typed into your copy of outlook, (like a batch file or a shell script). so if i have a "trusted" version of outlook and some kiddie sends me a script, that will be executed with my permissions in my "trusted" copy of outlook and will still cause all the damage.

      palladium or whatever they're calling it now is a bad idea, the benefits are small, but the fact that someone other than me may be able to say what run or what doesn't run on my computer is a bad thing. i'd rather put up with the few viruses that would be stopped by palladium than deal with the restrictions.

      really, i don't care about palladium that much, i haven't touched a windows box in years. my only concern is that i'll need to have a windows/palladium box to be able to communicate effectively on the internet. that would be a bad thing.
  • Why the problem? (Score:3, Interesting)

    by thoolie (442789) on Monday February 17, 2003 @01:55PM (#5320271) Homepage
    I have been wondering what the issue is. If this is such a bad product, don't buy it. This product (being implemented in the nex windows), is not forcing me to upgrade my stuff. I can still buy the newest althon CPU and MB along with RAM, put linux, win2k, bsd, whatever on it, without worring about palladum.

    palladum will effect the people who use the hardware/software the uses palladum, end of story. There will still be the vast majority who DO NOT UPGRADE and use THE OLD STANDARD. This will keep alive the funtions that you and i use today.

    I really can't see how this will effect people who don't use it (now tell me how it will take over the world when people do start to use it and how it will effect the data on the internet and bla bla bal....)

    The fact is, is that the US and the tech that we have isn't what the rest of the planet has. Not everybody is going to use this stuff. That is a fact. As long as there is internet and people who don't use palladum, there will be freedom to choose!
    • by banana fiend (611664) on Monday February 17, 2003 @01:57PM (#5320295)
      do not upgrade?

      A lot of people use windows out there, A LOT. Open-source software et al. need to get their software to these users.

      Go to the register and read many stories about just how hard it is to stay out of the upgrade-cycle-of-death that is windows software licensing
    • by mcrbids (148650) on Monday February 17, 2003 @02:14PM (#5320413) Journal
      "I have been wondering what the issue is. If this is such a bad product, don't buy it. "

      What's the problem, you say?

      Microsoft==Monopoly.

      Don't like the price you pay for electic power? If this is such a bad product, don't buy it.

      Are you dis-satisfied with your telephone service? If this is such a bad product, don't buy it.

      Are you unhappy with the performance of the latest Ford auto? If this is such a bad product, don't buy it.

      Notice that this last one is much more feasible than the previous two!

      Microsoft is in that position. Because of the proven anti-competitive practices of a convicted monopolist, I don't really have that choice. As a software developer, I have to account for Windows as a platform or stop making money.

      And, if Microsoft decides that they EOL any non-Palladium O/S, millions will be forced to buy it, simply because they have no effective choice.

      Linux (Hooray!) is becoming an option, and I'll do everything I can to get it in use, but it's not there yet. I can't yet readily make a living producing software unless I at least allow accessability to Windows users.

      And Microsoft still has the power to potentially stonewall Linux adoption for a long time, and it's my feeling that Palladium is how they'll try do it.

      Only time will tell...
    • Re:Why the problem? (Score:5, Interesting)

      by travail_jgd (80602) on Monday February 17, 2003 @03:16PM (#5320799)
      "There will still be the vast majority who DO NOT UPGRADE and use THE OLD STANDARD. "

      This is true -- according to Google's Zeitgeist [google.com], the number of people using "obsolete" versions of Windows (95, 98, NT) is almost the same as those using the latest versions (2000 and XP).

      "I really can't see how this will effect people who don't use it (now tell me how it will take over the world when people do start to use it and how it will effect the data on the internet and bla bla bal....)"

      Easy. If broadband ISPs only allow Palladium-equipped devices (PCs, routers, etc) online, then the Internet will be denied to everyone else. Should Microsoft make their own version of IPv6 that's "secure", it's going to be supported by all the major players. (If the MS-IPv6 protocol can't be altered through software, then any company that doesn't support the corrupted protocol is going to be locked out from all new PCs once IPv6 goes live.)

      Even easier: sites that currently "require" Internet Explorer -- but work fine with other browsers -- will require IE plus Palladium. Or your ISP says that only PCs with Palladium are supported.

      If Microsoft plays their hand correctly, they'll be in complete control of the x86 platform, and nothing other than a successful anti-trust case will break that hold. If Microsoft fails, they'll alienate enough people that Linux and other OS's will make significant gains.
    • The problem... (Score:3, Informative)

      by TopShelf (92521)
      They can always start releasing new content using only DRM-enabled technologies. I have an older Jornada Pocket PC, for which I can't find hardly any eBooks, because it came out prior to the advent of DRM on those devices - I can't even upgrade to a more modern OS because it's a hardware issue. Add in the fact that most consumers don't have a clue about this issue, and they could definitely (not neceassarily easily) make this a standard technology, and a gateway to moving forward with digital content.
    • Re:Why the problem? (Score:5, Interesting)

      by mebon (634191) on Monday February 17, 2003 @03:29PM (#5320866)
      As the article points out, what happens if Word requires Palladium to run and encrypt any documents it creates? Then people who don't have Palladium and Word can't read those documents. At least now people can reverse-engineer Word documents and read them via Abiword, OpenOffice, etc. If Palladium is used, you would have to break the Palladium encryption before you could even reverse-engineer the document. And you would probably be charged under the DMCA for breaking the encryption.

      Imagine what would happen to Wine if all the new Windows games and applications required Palladium to run. If Wine can't break Palladium encryption, then Wine can't run any new Windows software. This could prevent any sort of Windows emulation or reverse-engineering that is allowable by fair-use. They could effectively prevent people from using any OS other than Windows to run their applications or view documents. As new applications come out and old ones become outdated, Palladium could become the new standard just because all the new software requires it.
    • by Duds (100634)

      I can still buy the newest althon CPU and MB along with RAM, put linux, win2k, bsd, whatever on it, without worring about palladum.

      Nope, buy a palladiam motherboard it won't let you load a non-Palladiam OS.
    • problem because... (Score:3, Insightful)

      by sacrilicious (316896)
      If this is such a bad product, don't buy it. This product is not forcing me to upgrade my stuff. I can still buy the newest althon CPU... There will still be the vast majority who DO NOT UPGRADE and use THE OLD STANDARD

      Sooner or later everyone will have to upgrade, because parts malfunction. Whether one will be able to purchase an Athlon without DRM at that point is an open question. I don't feel confident that the majority won't upgrade, because "the majority" is comprised of non-technical people who respond well to marketing buzzwords. If there is a good time for those aware of the issue to try to educate that majority by loud, vocal, repeated means, now is certainly it.

  • Didn't they change the name Palladium to a new one [slashdot.org]?

  • A question

    Is then MS pushing this as a way to seal up markets like China? whre this desire to lock up information is prevalent?
  • is to see this implemented on a small scale and see if all the FUD out there is true. I'll stand in line with the next guy if the fears are true, but I have to see it to believe it.
  • http://www.stoppalladium.org
  • So, with as buggy as MS security usually is, how long after the first Palladium crap-o-la is released until we can either a) emulate it's functionality or b) completely bypass it? That is not to say that I'm unworried about it, but seriously people, they can't stop me, you, or especially ALL of us forever. It just doesn't work.

    -theGreater View.
  • by Jack William Bell (84469) on Monday February 17, 2003 @02:03PM (#5320345) Homepage Journal
    Yeesh. The way people respond to this stuff is so predictable. "OMG, Microsoft is trying to control every bit on earth!"

    Let's step back a minute and actually think about Palladium as it currently stands, shall we? Can we?

    To start with; I know lots of people on /. don't want to believe this, but Microsoft is a market-driven company -- at least to some exent. If the market doesn't embrace something they drop it (Microsoft Bob). If they aren't sure how the market will respond they will float trial balloons for months or even years before shipping it; and then drop it before it even launches if appropriate (Hailstorm).

    Right now Palladium is just a flag flying. They know that the entertainment industry and the politicians in the entertainment industry's pocket will salute. But they aren't sure about everyone else. I will admit that breathless scare mongering is one reaction they will pay attention to, but a more rational approach is to simply point out clearly (and without running in circles decrying the evil-that-is-Microsoft) that there are alternatives (Linux).

    Personally I think the latter is a tactic Microsoft will pay more attention to. That, and supporting the EFF [eff.org] as they fight against technology like Palladium being required.
    • know lots of people on /. don't want to believe this, but Microsoft is a market-driven company -- at least to some exent. If the market doesn't embrace something they drop it (Microsoft Bob).

      Like the XBox? Sales are not going so well, but they press ahead...

      The truth is that Microsoft will press some things even against market acceptance, if it is seen (by Microsoft) to put them in an advantageous position at some point in the future. If the "Big Pal" thing succeeds, they essentially gain the high ground in the battle to decide what will run where... possibly a strategic position against software they dislike.

      You make a good point that all we can really do is support the EFF. I've already donated to them, everyone else should as well...
    • by DickBreath (207180) on Monday February 17, 2003 @02:49PM (#5320629) Homepage
      Microsoft is a market-driven company -- at least to some exent. If the market doesn't embrace something they drop it

      The sheeple will happily buy their latest Dell/Gateway/whatever PC hardware with TCPA and an MS Palladium OS. They will never know what they are doing.

      Saying that the market will do something about it is like saying the market will reject...
      • Macrovision
      • Encrypted DVD's
      • A tax on blank media
      • DMCA
      • UCITA
      • COPA
      • CALEA
      The problem is that the market must have a choice. A word not in Microsoft's vocabulary. Oh, wait... Choice...
      • Windows Palladium Home Edition
      • Windows Palladium Pro Edition
      • Windows Palladium Server Edition
      • Windows Palladium Datacenter
      • Windows Palladium Embedded
  • by 4of12 (97621) on Monday February 17, 2003 @02:04PM (#5320346) Homepage Journal

    Palladium could create 'a closed system, in which each piece of knowledge in the world is identified with a particular owner, and that owner has a right to resist its copying, modification, and redistribution.

    I know, I know. You were worried. Don't be.

    Be assured that information about you, such as your medical history, and any transaction history you have in the databases of direct marketers will be copyrighted by someone other than you, relieving you of this onerous burden.

  • Fair use? (Score:3, Interesting)

    by Richard_at_work (517087) <richardprice@noSPAM.gmail.com> on Monday February 17, 2003 @02:08PM (#5320369)
    I remember reading somewhere once that fairuse is actually only available to you if you are able to carry it out, the manufacturers/publishers dont have to provide you with the ability to copy something freely or run/play that copy freely. This generally means that although cd protection schemes, DRM etc destroys what many on here think is fair use, it actually doesnt do anything of the sort. Now cd protection schemes that dont actually work, ie play in a audio player but not a pc are a totally differnet matter. As usual, i expect someone on here to clarify my position, wether its right or wrong etc.
  • two thoughts.. (Score:5, Insightful)

    by robbo (4388) <slashdot@si[ ].net ['mra' in gap]> on Monday February 17, 2003 @02:08PM (#5320372)
    Two thought come to mind on this one:

    First: "If you hack it, they will crack it." Go right ahead and give us DRM, because one way or another someone will find a way to circumvent it.

    Second: These kinds of moves are exactly what undermine the power of the content holders. The more tightly the MPAA and RIAA squeeze content up their asses, the more energy, resources and popular attention that will go to the small-time independents who are actually doing something creative, and the more fragmented the audience will become. Fair use is what makes the world go round..
  • by Anonymous Coward on Monday February 17, 2003 @02:14PM (#5320412)
    Like the article mentions, if the content provider, i.e. Word. Decides that only Word can read the article you just wrote. It means that OpenOffice can't open it (or any other competitor).

    If I want to add a plugin to a program. The program, might just say: no! you need to be a plugin approved by my company, not some random plugin. You thief!

    In other words, my beef with Paladium is that the security control is set at the level of the creator and not of the user. That in itself is not a problem until you realise that the control given to the creator is a lot more then simply "the right to copy and distribute" it affects the righ to interoperate between programs (in the name of being virus free).

    The software industry does not have a history of being open minded, I'd suspsect that by default interoperability would be set to off.

    Sad.
  • by Arcturax (454188) on Monday February 17, 2003 @02:21PM (#5320457)
    I guess all this will do is make it so the most widespread works out there are the ones people publish free to copy and distribute. I mean, who is going to pay the kinds of prices that they are going to want to charge you once they know you can't get it elsewhere.

    As an aspiring author (as a hobby, not for a living) of a fantasy novel, I have been looking at publishing recently and have decided to self publish my work and allow people to freely distribute it. Why? Well, I have a day job, and while extra money is nice, I don't really need to make money off of my novel and I don't really expect to make a living off of it either. Instead it is a hobby for me, my art if you will and I am more interested in getting it wide exposure than on some best seller list somewhere.

    If my work is good, word of mouth will push it around and people will load it off my website to read. If not, it flops but I'm not really out a cent, just whatever time I put into it, which is no big loss because that time would like as not been spent playing computer games anyway.

    But the advantages are, I can get widespread coverage to a large and diverse audience. I retain full rights so that if the story is considered movie material, I get to keep all of what the studio doesn't take. I can publish it anywhere at any time, for money or for free. So in a way, I don't need to worry about Palladium. If someone releases a work, no matter how good, which is locked up and expensive and pay by the bloody minute spent watching, I won't waste my time or money on it and I'm willing to bet a lot of you won't either.

    As an aside to this, I wonder if a "free publishing" community will start up where people donate time and experience to writing material which goes straight into the public domain instead of locked up in copyright for life + forever. Schools, libraries and teachers would likely be happy to have such work available royalty free and aspiring writers can practice on free stuff the way coders do on open source software. After all, look what Open Source is doing to Microsoft. If the publishers get nasty, then we should be able to take them on in a similar way and have similar success. It would be great to have a library of the people, of free and public domain works which can be freely read, copied and sited without having to hunt someone down to ask permission. This isn't the same as current libraries, most works in current libraries are illegal to copy (though most people do it anyway) and sometimes you can't even site without permission. So we could use a nice library of *only* free and public domain works which can be used for whatever you wish. Better yet, it could be online and fully unlocked so Palladium be damned you could still read, copy and use such works in your own endeavors. In the end, I think everyone might benefit from such a movement.
  • by LISNews (150412) on Monday February 17, 2003 @02:22PM (#5320459) Homepage
    If you've read Code [stanford.edu] you probably already know why this kind of regulation by code is bad, but Lessig also wrote on this over At The Atlantic Monthly [theatlantic.com].
    He says the picture of a world where one needs a license to read is discomforting.

    Current laws represents a choice made by our democratic processes, and with copyright as code it's not clear how the same balance can be struck. The problem with regulation (And Law) through code is that there is no place for such a collective choice. If one kind of "trusted systems" software protects rights of fair use, a competing version will promise more control to the owner. This makes fair use a bug, not a feature.
  • Palladium != TCPA (Score:5, Informative)

    by mtnharo (523610) <greengeek@nospaM.earthlink.net> on Monday February 17, 2003 @02:23PM (#5320467) Homepage
    I'm positive that this has been talked about in previous stories about both Palladium and TCPA, but I feel that it is important to highlight the distinction once more. TCPA is a hardware product. Palladium is the next level of system-wide DRM that Microsoft is planning on including in Windows Longhorn or Greenhorn or whatever they feel like calling it tomorrow. The TCPA spec calls for code signing for the system BIOS, and for a special chip to handle encryption duties, taking that load off the processor. This is a good thing, as it could make PGP encryption and signing for email transparent, as well as allow for code-signing and verification in the background. It can be turned off if you don't want it, but it can only be a Good Thing. It doesn't mean you can't run anything other than Windows on your hardware. It means that proper security is implemented at the hardware level, making it more difficult to install a trojaned program (ie, the download is automatically checked for the proper checksum etc) With the load taken off the CPU, better crypto for online transactions and things like remote desktop access would no longer cause performance problems.

    Palladium would likely make use of this hardware to take care of the crypto aspects of DRM, but it is a part of Windows. If you don't buy Windows, you have nothing to worry about. Microsoft would have to manage to replace every DVD player, computer and MP3 capable device in the world to make DRM mandatory. Palladium may not be great for consumer's rights, but it is also not forced upon anyone. We still have a choice. Run some form of *nix on your current hardware, or buy a Mac. This shall pass.

    My 0.10 shekels
    • Re:Palladium != TCPA (Score:3, Informative)

      by Alsee (515537)
      The TCPA spec calls for

      I've read a good chunk of the TCPA spec. I understand what it is and how it works. The central TCPA design specification is that the owner of the machine MUST be denied access to his own encryption keys. The ONLY purpose of this requirement is to take control away from the owner of the machine. It is designed to enforce DRM and enforce Microsoft's monopoly.

      There isn't a single claimed benefit of TCPA or Palladium that you couldn't get with an identical system that lets the owner read his encryption keys based on a physical switch to control access to the keys. Unless of course you think losing ownership of your computer is a "benefit".

      a special chip to handle encryption duties

      Yeah, a side effect is that you can use the chip as a crypography coprocessor. If that's what it was for you could have a BETTER, CHEAPER, FASTER, and HARMLESS crypography coprocessor instead.

      Code signing and crypto coprocessors have NOTHING to do with denying an owner of the machine access to his own keys. TCPA and Palladium are a Bad Thing. Period. Drop the requirement to deny the owner access to his own keys and it would be a Good Thing, but then it wouldn't be TCPA/Palladium anymore.

      -
  • by Badgerman (19207) on Monday February 17, 2003 @02:25PM (#5320483)
    Interesting thought on Palladium - bear with me.

    Palladium as a whole, to me, sounds impossible to implement, maintain, and get buy-in on. The potential for backfire, for cracking, for failure, seems large.

    So, how much does Microsoft really plan to implement?

    Maybe this is a significant percent of publicity-playing. See what people think, get out the word you're "doing something" to deter the competition, then put in something far less in function (and effort, and cost) than you started and say its what people "want." Meanwhile you can hopefully discourage others innovating.

    Just a thought.

  • by EinarH (583836) on Monday February 17, 2003 @02:31PM (#5320521) Journal
    OK, let's say that a big university like MIT implemnts Microsoft Windows Shiny and Secure Palladium Edition 2005. Not only on a workstation, but on _all_ computers; libray computers, dorms, workstations, servers etc.
    Then all documents produced inside MIT will become Microsoft DRM enabled. All the papers, tests, research and publications. Right?

    Year 2050. MIT want out. Whatever reason they have; they need to get out: The cost of the system is to high or the system don't work according to the promised specification.
    Actually the reason they have, don't matter. Maybe Penguin OS v69 has become The OS.It's irrellevant. They want out; and they want it now!

    Now what?
    Well, for starters just about everything people have done the last 45 years is _potentially_ lost forever unless they manage to get a deal with Microsoft.
    All the fileformats are MS Propretary DRM Palladium Edition and can't be read on their new and shiny OS and they would have to deal with the relatives of former employes who "own" information produced on MIT.

    What a mess. Such a waste.
  • by kahei (466208) on Monday February 17, 2003 @02:35PM (#5320552) Homepage

    Palladium is a technology. It's designed to restrict what can be done with information, in useful ways. Maybe it's really clever, maybe it's clunky and unworkable, I don't know, but either way, it's a bit of technology that someone developed and therefore I'm inclined to like it.

    Now, if people *had* to use it, that'd be a bad thing. If people were *punished* for certain actions, using Palladium as a tool, and those actions weren't really evil, that'd be a bad thing. Those are legal issues, and I'd be inclined to resist them.

    IMHO it is never a good thing to try and suppress, a technology just because you are afraid of what someone might decide to use it for. This is exactly the kind of thinking behind the DMCA, which tries to suppress a vast class of technologies because they could theoretically be used to break other laws.

    You can hate the control freak attitude of many IP holders, you can hate the ubiquity of MS, you can hate the increasingly wacky commercial laws of our nations. Heck, I know I do. But I don't start trying to suppress particular innovations just because they can be used for purposes I don't agree with. I'm generally against nuclear war but I'm sure glad they developed the internet.

    This has been kind of a long, structureless post, but I'm going to post it anyway cause I really believe I have a message buried in there :)
  • Paladium hardware (Score:3, Insightful)

    by Traa (158207) on Monday February 17, 2003 @02:35PM (#5320553) Homepage Journal
    This is what I understood of Paladium, and why it IS scary:
    In a Paladium box, the DRM starts with the hardware. Thus, uninstalling MS-WinPaladium and trying to install Linux/Win2K/other is not possible because the hardware will not allow you to run the 'unsigned' installer. Once Paladium, always Paladium.

    Even if someone finds a hack/crack around this, installing an alternative OS on a Paladium box will probably not become widely excepted because this is illegal according to the DMCA.

    So, let's fight the battle now. Why is or isn't Paladium good for 'the people'.
  • by mattr (78516) <.mattr. .at. .telebody.com.> on Monday February 17, 2003 @02:36PM (#5320556) Homepage Journal
    Palladium will not: (and I quote into the cauldron..)

    - Replace the Windows operating system.
    - Search the Internet to detect and delete pirated software, music, and movies.
    - Eliminate spam and software viruses.
    - Prevent a digital thief from gaining access to a computer in person and disabling its hardware security features.

    "The goal, Microsoft officials say, is to make servers and desktop PC's that people can trust." (ha-ha)

    Maybe a system that did ALL of these things would be competitive?

    --

    I think it's only fair these [hopefully nonexistent] publishers are forced to purchase Palladium PCs and use only Palladium-liscensed reference material for which they will pay per byte forever.

    "Colleges .. would face enormous pressures to do so"

    Why not instead force publishers to provide text-searchable CDs for free to legitimate book owners because of fair use laws? Safari seems pretty useful.

    If every student is networked these days, I think there may be an opportunity for universities to promote a solution to a real (as opposed to hypothetical) problem which happens to appear antithetical to Gates' wet dreams.

    - Students spend an awful lot of money on textbooks, and sometimes have difficulty finding them in bookstores and libraries. A significant number might jump at the chance to purchase a digital copy instead of the paper textbook.

    - Searching for words in textbooks should be promoted at universities as one of the few clear merits of owning a computer in school. It would be interesting to see legally if universities, or individual students, can promote this to the point of forcing publishers to provide a free fair-use cd of searchable text with every textbook. The bookstore could hand them out when books or purchased.

    - Students who have purchased second-hand books also should be able to enjoy the benefits of digital searching.

    - Annotation is a second obvious merit of using a computer in school, and it's why the web was born. Students used to surfing the web will readily jump into information organized in am easy to use, interactive format. Researchers should also be able to freely access stores of annotations and digital texts.

    - Also annotation as well as the ability to index and navigate by scene or timecode is very useful with film and video. This could be useful in university film, music, television, language, and science courses among others, and universities ought to be able to negotiate with publishers to create free-use zones for scholarship purposes without all this annoying crypto. If enough did it, there would be a smaller potential Palladium market.

    - Schools with less funding should be able to invest in personnel and students, and (if there is a suitable alternative) ought to be able to use information technology to reduce the financial barriers. MIT has embarked on an open curriculum and more should be promoted. We need to enable people to apt-get an education and get used to it so they won't let it get taken away.

    - It would be interesting to see if projects funded by national governments would be exempt from Palladium

    - While MP3 sharing may very well be within the law, it is not as obvious a poster child for fair use as any of the above uses of everything from ascii text to hdtv. I think it would be very interesting to see if the open source and educational communities can relatively quickly develop something demonstrably more useful and open that Palladium, and possibly preempt it.
    • Some really great points above on college texts. One thing that is missing is what happens when people keep their books as reference materials for life? As much as the publishers would love to destroy the used-book market, how can they just give away the content of the book in some form that can be easily mutilated, and used by someone else?

      It's also an interesting issue for code books (building, electrical, etc.). It would be great to have a single CD (or network appliance) that lets the user track the changes in a section over the past 50 years.

      Basically, we need a way for authors and publishers to be compensated for their efforts in a manner that does not reduce the usefullness of the product. With college texts, there is a set number of copies that can be sold each semester. Anything that eats into that number forces the cost to rise.

      I still have most of my engineering books. As much as they weigh, and despite the effort involved in moving them several times, I am happy to have them. Would a CD retain that same useful life?

      Should organize the thoughts better, but... what the hell, this is /.
  • by pubjames (468013) on Monday February 17, 2003 @02:40PM (#5320578)
    If Microsoft have these powers, they will abuse them. Microsoft will use it to further force you to do what they want you to do, not what you want to do. Even with the very recent legal difficulties, they are still acting exactly as before. And this has just cost me a couple of hours of my time. Let me explain - bear with me, the gall of MS will amaze you...

    I use Windows XP with Mozilla. The software my bank uses is only compatible with the Microsoft JVM (stupid bankers...). I have previously installed the Sun JVM, so in an effort to get the Microsoft JVM working I used the new "Set program access and defaults" option which Microsoft added to Windows XP as part of the settlement. It is supposed to make it easier for you to set the default email, JVM and browser clients. I intended to change my defaults to IE and the MS virtual machine, use my bank's site, and then change them back again to Mozilla(1). To cut a long story short, once I had changed my default browser from Mozilla to IE, it was impossible to change it back again. The new configurator that Microsoft had added as part of the legal settlement had renamed all of the mozilla files so they wouldn't work anymore, replacing their old extention with "new", i.e. so mozilla.exe became mozilla.new. Not only that, it also removed the mozilla icon from the desktop, the "power bar" and the menu. So the only way I could get it working again was to completely reinstall it. And they did this as part of the legal settlement!

    F*uck them. I'm going to move to Linux for my desktop. It might have installation hassels too, but at least I'll know that they haven't been designed to be difficult on purpose.

    (1) This may seem an odd thing to do, but you can't download the Microsoft JVM from the MS site any more, so I thought this might be a way to reactive it.
  • by cgenman (325138) on Monday February 17, 2003 @02:54PM (#5320663) Homepage
    I hate to be the one to site pornography and other questionable material as the driving factor in most of humanity's entertainment expression mediums (with the exception of Videogames, oddly), but with a real lockdown of media and information on the Windows platform, won't that encourage more people to transition to alternatives such as Linux and Macintosh? Considering the BSA's estimates that 2/3rds of all software is pirated, and if this turns out to be a truly effective way to stop the piracy of not just programs but also video and audio data, it seems like TCO arguments by otherwise law abiding citizens will sway towards mediums that are easier to pirate on. The Playstation, for example, was notoriously easy to pirate, and that helped drive sales as a platform. Pirating Playstations doesn't help Sony persay (although late in the life of the platform hardware sales were profitable for Sony), but a preponderance of available software does help Microsoft retain their leveraging points (and I don't mean the quality of their software).

    Now, perhaps some sort of middle ground will finally be reached, between overbroad click-through agreements and overly cheap end consumers. Or perhaps many people will make a move to a system where, for example, Kazaa will still work. Or perhaps Microsoft will take the intelligent (from their business standpoint) road and setup a system which allows piracy to flourish but can protect studio-released content from seeping into that region.

    Either way, this looks great for that other OS, OpenBEOS. I mean, Linux.
  • by Mitreya (579078) <mitreya@gmailCHICAGO.com minus city> on Monday February 17, 2003 @03:02PM (#5320717)
    Seems like a smart and good article but...

    Computing experts in academe often blame Microsoft for producing software that is vulnerable to viruses and hackers.
    But, of late, the experts have been criticizing the company's sweeping plan to correct those very deficiencies.

    How is Palladium a plan to thwart viruses and hackers? Right in the bottom of the very same article they say that Palladium will not eliminate software viruses. And I suspect that it will eliminate few hackers too, since the weakest link is the people, not computers.

    Can someone explain to me any real, additional potential benefits of Palladium? We have encryption and security for protecting sensitive data already... I bet most of student records leak from the paper copy accessed by some unscrupulous employee rather than through smart hackers.

  • by Convergence (64135) on Monday February 17, 2003 @03:19PM (#5320812) Homepage Journal
    Palladium lets me control how my software will run on your computer. I should consider that a good thing.

    However, what isn't stated is that Palladium lets you control how I use my computer. That I do not like.

    Thus, Palladium is equal and symmetric, except for one thing. Given the power relationship between me and (say) a typical software company, Palladium will only be used to maintain and strengthen their power over me through abuse and control.

    Thus, although it nominally gives me the ability to control others, that control will be useless to me in practice. This is much like how copyright supposedly gives band's the control over the music industry. *laugh*

    • by SiliconEntity (448450) on Monday February 17, 2003 @05:02PM (#5321391)
      Palladium lets me control how my software will run on your computer. I should consider that a good thing.

      However, what isn't stated is that Palladium lets you control how I use my computer. That I do not like.


      It doesn't do either one of these things. What it does is to let you prove to me what software you are running, and vice versa. Therefore we can mutually agree on some data exchange only if we know what software is running on the other end to handle the data. Maybe I'll only download my music to you if I know you're running a music client that does DRM. Maybe you'll only let me join your online game if you know I'm running a non-cheating game client.

      This is not control. This is informed, mutual agreement of a kind which is impossible in the online world (but routine in the physical world) today.
      • Actually it doesn't even prove what software I am running. It allows anyone who knows the master keys, (or keys signed by the master keys) to claim that I am running something. The implication, but not the requirement, is that the this only occurs if I am running software of your choosing. (For example, he who controls or knows the master keys can fake being an interoperable computer and suck down medical records 'protected' by this technology. One wonders if people will be tricked into believing that this is 'perfect security' and not have any backup security perimiter for this situation.)

        In any case, assuming that hypothesis correct, then this is control. You can coerce interoperable software to behave however you fashion, and control interoperability. While it is true that I could coerce you just as much as you coerce me, (I won't let you send me music unless you run a particular music server that serves OGG files.) most business-to-consumer relationships are not equitable power relationships. Thus, the control, while theoretically both ways, will in practice be one-way. (You run XYZ, or else we won't send you a copy of this electronic-only textbook you need for a class you need to graduate.)

        Palladium is a mechanism that is perfectly suitable in situations where it really is a voluntary consentual relationship. I would have no problems with Palladium if this was its scope. However and again, many person-to-business relationships are not exactly consentual. (Look at people trying to get refunds for the windows tax on laptops. Or, look at the copy-control cartel.) In the real world of not-entirely-consentual relationships, Palladium will be used for coercion and extortion of citizens.

        As-is, and barring the fact that it cannot actually prove to a different machine what software I am running, Palladium is not per-se a completely bad idea. I like it in ways. The problem is that it is one of those things that is guarenteed to be abused, and it will be abused in really nasty ways.

        In this real world, Palladium allows digital extortion. Just because I used your software to write my book does not mean that you have any right to control how, when, and where I use my book. That is why I'm against it.
  • by weave (48069) on Monday February 17, 2003 @04:03PM (#5321046) Journal
    ActiveX: Designed to be secure, can only run trusted/signed controls. Due to a few holes, bad implementation, and a microsoft-cert accidently released, it's been possible to get around this in the past. ActiveX didn't really work as designed

    Java: Protected by a sandbox. At numberous points in past, some implentation flaw has allowed java apps to get around the sandbox.

    DVD: Trotted out to content providers as secure since content could be encrypted and secured on the disk. Then one vendor makes a mistake and includes an unencrypted key in their DVD player, some kid in Europe finds it, and the entire house of cards falls down. If that one vendor didn't screw up, DVD's probably would still be unrippable.

    In all technologies, the apologists have pointed to the fact that they are secure by design, but flaws in implementation or procedures caused the faults.

    So even if I wanted TCPA/Palladium to be a smashing success, I wouldn't bet my fortune on it. Someone will screw it up...

    • If that one vendor didn't screw up, DVD's probably would still be unrippable.

      This is misleading.

      • The CSS cipher key is 40-bits.
      • Whoever designed the CSS cipher wanted it to be cheap in hardware and didn't put much effort at all into its design. There is a simple guess-and-check algorithm that breaks it with a work factor of 2 ** 16.
      Based on some simulations I ran with RC6, my PII 266 would break RC6 with a 40-bit key in just under a year on average (unoptimized C). The CSS cipher is much faster and is based on LFSRs, which can be bitsliced very efficiently using MMX instructions (I can try 128 keys simultaneously). Even without the weak cipher design, my lowly dinosaur of a machine could probably recover all of the player keys in under 2 months. (Very pessemistic estimate.)

      A work factor of 2 ** 16 means that even my slow machine can figure out the disk key in under a minute.

      26! is more than 2 ** 88, but that doesn't make your secret decoder ring strong crypto. More or less they used the equivelent of a secret decoder ring to encrypt the data. Ross Andersen's attack on the A4 cellphone cipher should have been known to the designers of CSS, yet they went ahead with a cipher that is more easily vulnerable to the same sort of guess-and-check attack. (None of the advanced Russian sparse matrix inversion techniques are required to make it practical.)

  • OSX on x86 (Score:3, Interesting)

    by Nexum (516661) on Monday February 17, 2003 @04:12PM (#5321107)
    I'd be interested to know what the people here think will be the fate of OSX on x86 - a lot of peopl ehave said that Apple is gearing up to release the OS, in some form (probably not to run on any and every x86 box) for x86 as a hit back at Microsoft when they release Palladium.

    If this is true then Apple obviously thinks there are going to be a lot of users that are going to be so p****ed off at MS that they'll switch platforms at this time. And they have a lot more marketing dollars than any of us here to predict these things, so what do you guys think?

    -Nex

If Machiavelli were a hacker, he'd have worked for the CSSG. -- Phil Lapsley

Working...