Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Microsoft Your Rights Online

Microsoft's 'Palladium' Privacy/DRM Scheme 525

Paradox Jack writes: "according to this article at MSNBC, Microsoft has an ambitious new plan called Palladium to rework computer and internet security. This includes changes in hardware, digital rights management (on all sides), and far more. Now, who thinks this will actually work and is for our own good?"
This discussion has been archived. No new comments can be posted.

Microsoft's 'Palladium' Privacy/DRM Scheme

Comments Filter:
  • good and bad (Score:4, Insightful)

    by Apreche ( 239272 ) on Sunday June 23, 2002 @12:01PM (#3752680) Homepage Journal
    from the way it looks to me, this system will actually protect your priacy and provide a decent amount of security. However, it is uknown as to whether or not microsoft will be able to invade your privacy, since they make the system. Have to double check that EULA! As for digital rights management, I am just generally opposed to it, as are most of you ;-). And anyone who gives up their freedom for an illusion of security deserves neither (one of those founding father guys).
    Remove the DRM and this looks ok to me.
    • from the way it looks to me, this system will actually protect your priacy and provide a decent amount of security

      What gives you this impression? Why would you trust Microsoft to get security right after getting it wrong so many times?

    • Re:What a riot... (Score:4, Interesting)

      by symbolic ( 11752 ) on Sunday June 23, 2002 @02:29PM (#3753177)

      It's absurd to think that such a huge company that has control of such a huge share of the market with software that has such huge security concerns, can come up with something that actually *is* secure. If this takes hold, all I can say is that the OEM's will be getting my business, NOT Dell, HP, or any of the other major players that are going to incorporate this nonsense into hardware.

      Just the same, I especially liked this passage:

      Controls your information after you send it . Palladium is being offered to the studios and record labels as a way to distribute music and film with "digital rights management" (DRM). This could allow users to exercise "fair use" (like making personal copies of a CD) and publishers could at least start releasing works that cut a compromise between free and locked-down. But a more interesting possibility is that Palladium could help introduce DRM to business and just plain people. "It's a funny thing," says Bill Gates. "We came at this thinking about music, but then we realized that e-mail and documents were far more interesting domains." For instance, Palladium might allow you to send out e-mail so that no one (or only certain people) can copy it or forward it to others. Or you could create Word documents that could be read only in the next week. In all cases, it would be the user, not Microsoft, who sets these policies.

      I started reading, and I thought..."it's obvious where this guy is heading - protect the commercial interests, screw the consumer." Then I read a little further, and noticed Bubba's comments on 'ordinary people' - but does it mention that nasty P-word (Privacy)???? No way. It talks about being able to place constraints on EMAIL! Oh happy day! And guess what...this isn't about ordinary people, because ordinary people usually don't have any reason to put such constraints on their e-mail...but corporate executives *cough*gates*cough* certainly do.

      Overall, I think this whole thing is a crock, being masqueraded as something we need. Even if we do need it, I'd argue that the last person we need it from is Billy.
    • no privacy at all (Score:3, Insightful)

      by Erris ( 531066 )
      However, it is uknown as to whether or not microsoft will be able to invade your privacy, since they make the system.

      How quickly we forget that they gave themselves that ability by EULA [slashdot.org] The XP EULA states 'You acknowledge and agree that Microsoft may automatically check the version of the Product and/or its components that you are utilizing and may provide upgrades or fixes to the Product that will be automatically downloaded to your Workstation Computer.' To do this they must be able to read your files at will. What kind of privacy is that? That's M$'s stated policy and that's what you can expect.

      Encrypting data between the keyboard and the monitor is good only for tin foil hat types and making sure that Other OS are deprived of hardware. Hollings might like this crap but the rest of us just won't buy it. How much more bloated and useless can M$ get? All of this junk to replace user accounts, file permissions and there means of actually insuring security and privacy.

      It's reassuring to read that 45% of computers are built by small shops that have no incentive to follow M$ down. To paraphrase Bones, "It's dead, Jim."

      • Do not be deceived.

        This is not about giving the consumer freedom. It is about controlling all facets of a consumer's computing life.

        In order to achieve the power and control (which leads to money) that Microsoft relentlessly pursues, they need the cooperation of hardware manufacturers. Otherwise, if features we did not desire were implemented, we would simply go to Linux. We would have a choice. Choice is good for the consumer, but that takes away their power. Your ability to go somewhere else takes away from their ability to control you and the world. But if the hardware itself is designed to run their software and conform to their plan, it would be extremely difficult for the consumer to have any choice. There aren't too many hardware manufacturers. Software is easy and cheap to design and share. Hardware fabrication plants are extremely complex and expensive to design and run.

        After they have gotten the hardware manufacturers to go along with their plan, the next step would be to get the politicians to support their cause and draft laws that would require "trustworthy" computing. In a post-September 11 world, with the political and media hype about terrorism and security, that would be very easy to accomplish.

        We cannot afford to be ignorant. This really is about choice, freedom, and ultimately, livelihood. These are the things at risk. What they want is the ability to control our lives for their ulterior motives.

        I'm sorry to say this but many of the strategies employed by Microsoft remind me of the Nazi's.

        "One World, One Web, One Program"
        - Microsoft Promo Ad
        "Ein Volk, Ein Reich, Ein Fuhrer"
        - Adolf Hitler

        A word is enough for the wise.
    • Re:good and bad (Score:3, Insightful)

      by Alsee ( 515537 )
      Remove the DRM and this looks ok to me.

      Everything is built upon a monsterously overgrown DRM system. If you remove DRM there's nothing left.

      it looks to me, this system will actually protect your priacy

      lol.

      The whole scheme is built around a unique serial number in the hardware. Remember how the Pentium III briefly came with a serial number? Same thing, but much much uglier.

      This is the patented DigitalRightsManagementOperatingSystem. It's based on two things - a CPU that cripples itself, and secret keys in the hardware.

      Self-cripling hardware is easily defeated. Any software can be run on emulated computer. The self-crippling can be defeated by the virtual system.

      The other part is the secret keys. There are two kinds of secret key - a unique key for every user, and/or a global key to the entire system. On a virtual system you can change the unique key at will, and have as many identities as you like. The global key to the system will be tough to get, but a copy of it will exist in each CPU. Someone in a college lab WILL scan a chip and recover the global key and publish it. Once that happens the entire system has been broken. At that point the billion or so dollars invested in Palladium becomes worthless.

      Microsoft is going to have to support some sort of SSSCA/CBDTPA type law in an attempt to protect the system. Not that that will stop someone from anonymously publishing the keys anyway.

      The main thing is that Palladium is pure evil. Why? It is not an enabling technology. It is entirely a disabling technology. Try reading Microsoft's DRM-OS patent. [uspto.gov] Note that "untrusted program" means anything not approved(signed) by Microsoft. Note that renouncing or revoking "the trusted identity" means that the hardware cripples itself. PURE EVIL

      -
  • Kuney quote.... (Score:5, Insightful)

    by jeffy124 ( 453342 ) on Sunday June 23, 2002 @12:02PM (#3752683) Homepage Journal
    This sounds like what States' Attorney Steve Kunney put into closing arguments this past week:

    Somehow they know better than anyone else what's best for this PC ecosystem. What's good for Microsoft is therefore good for the economy, good for consumers and good for everybody else.
  • Features! (Score:2, Funny)

    by kevinvee ( 581676 )
    From the article: So far, the United States doesn't seem to have a problem, but less tolerant nations might insist on a "back door" that would allow it to wiretap and search people's data. There would be problems in implementing this, um, feature.

    Microsoft has been releasing packages with these exact same features in them for years. With all the practice, I hardly believe that there would be problems in the implementation.
  • by Jeremi ( 14640 ) on Sunday June 23, 2002 @12:09PM (#3752704) Homepage
    Kenneth Lay and Jeffrey Skilling announced an ambitious new technology that will protect investors from fraud. "Sure, everybody who wants to invest will have to buy our product first, but once they do, they'll be perfectly safe from all the, um, bad people who would otherwise take advantage of them", said Skilling.
  • by JimDabell ( 42870 ) on Sunday June 23, 2002 @12:10PM (#3752706) Homepage
    "I firmly believe we will be shipping with bugs," says Paul England.
  • Whoa (Score:4, Insightful)

    by JohnA ( 131062 ) <johnanderson.gmail@com> on Sunday June 23, 2002 @12:10PM (#3752708) Homepage
    How long until only code signed by Microsoft will be allowed to run on the platform? It seeems that Microsoft is trying to implement a system that will enable them, once and for all, to charge console-like royalties to software developers.

    Even if that is not the goal, I guarantee that only Microsoft signed drivers will be able to be installed, finally closing that pesky "sound card and CD-ROM emulation" fair use hole that is robbing the MPAA/RIAA of additional royalties.

    This is NOT about making things better for the user. This is about removing the ability for the end user to make decisions about how her computer operates.

  • by jdiggans ( 61449 ) on Sunday June 23, 2002 @12:12PM (#3752714)
    Palladium won't run unauthorized programs, so viruses can't trash protected parts of your system.

    By this they mean one of two things. Either it simply WONT run anything 'unauthorized' which brings up:
    • will an independant developer have to jump through hoops to 'certify' every exe you compile to run on your own machine?
    • will we have to go through another damn 'trusted' certifying agency a la SSL certs? Perhaps MS will be the last word?
    Alternatively the OS might run things as long as the user tells the OS a particular binary is authorized. In this case I give it a good five minutes until some newbie tells the OS the latest email worm is an 'authorized' exe because they're looking to see that promised video of Brittany Spears some stranger w/ poor english apparently sent them out of the goodness of his heart.
    -j
  • Whaaaaa??? (Score:3, Insightful)

    by quantaman ( 517394 ) on Sunday June 23, 2002 @12:12PM (#3752715)
    Microsoft is also publishing the system's source code. "We are trying to be transparent in all this," says Allchin.

    Uhhhh, did everybody else read that the same way I read it? I mean I know they arn't hostile to BSD style licences (heck they use BSD programs) but given the way they push security through obscurity using an open source model for this is like a glaring admission that closed source has some serious flaws.
    • Re:Whaaaaa??? (Score:2, Insightful)

      That was the quote that caught my eye too. Microsoft just got through funding ADTM to say OSS is inherently insecure due to publishing the code, and they said the same thing recently in the news, now all of the sudden, we can publish the source to our new secure system and it will be even MORE secure than what we're doing now. Hmmmm... sounds to me like OSS is not inherently insecure after all. This is the scariest piece of news I've seen in a while. This is a way to turn the general-purpose computer into an X-box that will only run Genuine Microsoft(TM) software and simultaneously appease the RIAA/MPAA crowd. These controls don't empower the user, they limit him. Only freedom truly empowers the user. Buy yourself a general-purpose computer while you still can folks...
    • Re:Whaaaaa??? (Score:4, Insightful)

      by John Hasler ( 414242 ) on Sunday June 23, 2002 @01:06PM (#3752900) Homepage
      They said they are publishing the source, not that they intend to allow anyone to do anything with it.
      "Publishing" probably means allowing a few "experts" who are willing to jump through hoops and sign ferocious NDAs to "look but not touch".
      Most likely what they "publish" won't be what they compile from anyway.
  • I have a hunch.... (Score:5, Insightful)

    by torgosan ( 141603 ) on Sunday June 23, 2002 @12:13PM (#3752716) Homepage
    From the article:

    "Though Microsoft does not claim a panacea, the system is designed to dramatically improve our ability to control and protect personal and corporate information."

    Maybe this should actually read:

    "Though Microsoft does not claim a panacea, the system is designed to dramatically improve THEIR ability to control and protect OUR personal and corporate information."

  • by Froze ( 398171 )
    Finnish Uber Hackers have released a workaround that requires only 10cm of scotch tape and a paper clip to bypass the incomming authentication protocol, thus allowing you to recieve any data.
  • by standards ( 461431 ) on Sunday June 23, 2002 @12:18PM (#3752735)
    The article says, "people will have to trust Microsoft".

    Now ignoring all the heat that Microsoft gets around these parts, it's usually a bad idea to trust one entity:

    - Hollywood trusted DVD encryption
    - Stock holders trusted Enron and Tyco
    - Investors trusted Merrill Lynch & Author Andersen
    - Pinto owners trusted Ford

    Obviously, even with the billions at risk, a trust to not screw up is more of a faith. A prayer. A hope.

    The difference here is that even more people will be putting their faith that Microsoft will do the right thing morally, and that microsoft will not screw up. Will not screw up even once. Like they'll never release a Microsoft Bob again.

    Unlikely.

    Sadly, if Microsoft wants to pursue this effort, it really has to be open, and, dare I say it, well regulated with many legal protections for the consumer.
    • The article says, "people will have to trust Microsoft". ... it's usually a bad idea to trust one entity

      Most users already do trust Microsoft, since they allow their computers to be controlled by Microsoft's operating systems. Many of them run the windows update automatically, or at least regularily, thereby trusting Microsoft not only initially, but in an ongoing basis.

      When it comes to your computer, you can't really end up trusting a company more than that. They handle every bit of input and output, login and passwords, network connectivity, and for most 'doze users the major apps too.

      Lotta trust in Microsoft. Seems strance, when you consider their very untrustworthy track record... virus/worm problems, bugs and crashes, nasty business practices, criminal convition, doctored videotape in court, and the list goes on and on. Yet 80-some percent of computer users _still_ trust them with complete control over the computer!

  • by Animats ( 122034 ) on Sunday June 23, 2002 @12:19PM (#3752742) Homepage
    Palladium won't run unauthorized programs, so viruses can't trash protected parts of your system.

    That's apparently the basic concept. Only "authorized programs" ("Genuine Microsoft") will run. That's where we are now with the XBox. Read up on how the XBox boots, and you'll see where Microsoft is going.

    This isn't security. Real security would mean you could run anything in a jail [freebsd.org] with no risk of it getting out and hurting anything. That's what a secure OS is supposed to do.

    And if the Genuine Microsoft code has a hole in it, attacks may still work. Microsoft might set up memory management so that only signed code can be in executable pages, but that only protects agains one class of attacks.

    • by discogravy ( 455376 ) on Sunday June 23, 2002 @12:35PM (#3752787) Homepage
      And if the Genuine Microsoft code has a hole in it, attacks may still work

      "if"..."may" ? where [slashdot.org] have [slashdot.org] you [slashdot.org] been? [slashdot.org]

    • by magic ( 19621 ) on Sunday June 23, 2002 @12:43PM (#3752822) Homepage
      Exactly!


      We're already approaching the point for web apps where you can't run something that Microsoft or VeriSign doesn't like-- IE puts up a dialog telling your user that your program is nasty and evil if it isn't signed by a certificate that can be traced back to one of these two sources. It's easy to get these companies to "like" you-- pay them a lot of money (a few thousand a year) and don't make a competing product. I'm not being sarcastic. These are the terms of the agreement for getting them to sign your certificates (i.e. public keys). At least IE still gives you the choice of running the program, even though a naive user might be scared off.



      Public key architectures don't really rest on who the user trusts; users are uneducated about the system. They really rest on who the OS maker trusts because the OS is set up to say "the user trusts anything signed by these default root certificates".



      A Palladium based system will just be another step in this direction. It will prevent developers and artists from distributing their work unless they pay the Microsoft tax and it will allow Microsoft to decide what applications, music, etc. get distributed.


      What if MS gets sued and is forced to revoke the certificate for a movie because it isn't appropriate for minors? Or the certificate for a website because it contains secret Scientologist information?


      As a software developer, it has gotten consistently harder to develop and distribute small, independent apps for PC's. Under this system, how will small developers or ones that Microsoft doesn't like because they directly compete (e.g. Netscape, Napster, Borland) make products?


      -m

    • This won't stop any viruses. A virus will simply contain a fake security certificate (or whatever other verification system they use -- the only way to truly certify something is to compare it byte to byte with the master copy; even that's vulnerable to man in the middle attacks).

      What this will stop is any content that Microsoft doesn't like. Or anyone who refuses to pay the Microsoft tax.
  • by interiot ( 50685 ) on Sunday June 23, 2002 @12:19PM (#3752743) Homepage
    There will also be components that encrypt information as it moves from keyboard to computer (to prevent someone from wiretapping or altering what you type) and from computer to screen (to prevent someone from generating a phony output to your monitor that can trick you into OKing something you hadn't intended to).

    What are the bets on whether the interface for this hardware will be open? How likely will it be that the licensing board allows OSS software to be written for the hardware? With DeCSS, we've already seen that OS-neutral companies are unwilling to allow their content to be viewed in Linux. Microsoft, being not so OS-neutral, is likely to take this even further.

  • Mod Chips (Score:3, Interesting)

    by danfairs ( 43527 ) on Sunday June 23, 2002 @12:20PM (#3752746) Homepage
    So, this involves a new piece of hardware.

    How long does it take mod chips to become available for consoles? Not very long. How long do we think it'll take for mod chips to sidestep the hardware portion of palladium, and enable you to copy protected information, to come along?

    Not very long.
    • Re:Mod Chips (Score:2, Insightful)

      by GigsVT ( 208848 )
      How many DRM chipped boards are going to sell to non-OEMs? Zero. Someone would have to be a total idiot to buy crippled hardware like that.

      "Non-DRM" will be a marketing buzzword with the component resellers that sell to non-OEM system builders.

      The market will kill this technology. Once people who buy pre-packaged systems realize that their systems are crippled in relation to systems that were built from scratch, Dell and such will start feeling the pressure as people start to get their geek friends or their local computer shop to build systems for them.
    • Would the mod chip violate the DMCA? Do turing complete systems violate the DMCA? (I'm not kidding...)
    • Re:Mod Chips (Score:2, Insightful)

      by Saxerman ( 253676 )
      How long do we think it'll take for mod chips to sidestep the hardware portion of palladium, and enable you to copy protected information, to come along?

      This project involves more than just Microsoft. They're just making the software. They're outsourcing the chip making to Intel and company. And they're outsourcing the legislation to Congress. When S.2048, the "Consumer Broadband and Digital Television Promotion Act" gets passed, it will be illegal to mod your PC. Then they can just round up those pesky Linux hackers at their leisure.

  • Keep in mind that one of the problems right now with releasing music/movies/docs on the net is that it's all or nothing: either you release it and it essentially goes out free, or you do everything you can (including attacking the little guy) to keep it from going out at all.

    DRM would mean media companies could actually enter the market with and then let consumers choose whether or not to support them. They'd learn pretty quick what people are willing to pay for.

    Moreover, people would still be able to release things freely. It's like open sourcing software: those who choose this route are free to do so, and those who choose to close their sources are also free to try it. This wouldn't be the end of the transport mechanism that the internet provides -- the real revolution.
  • by handsomepete ( 561396 ) on Sunday June 23, 2002 @12:24PM (#3752758) Journal
    Chipmakers Intel and Advanced Micro Devices have signed on to produce special security chips that are integral to the system.
    *snip*
    Palladium is being offered to the studios and record labels as a way to distribute music and film with "digital rights management" (DRM). This could allow users to exercise "fair use" (like making personal copies of a CD) and publishers could at least start releasing works that cut a compromise between free and locked-down.


    Great, let's go ahead and lay the groundwork for hardware level watermarking/rights management. There's no doubt in my mind that the MPAA/RIAA absolutely will jump on this first, quietly or blatantly. There won't even be time for 'fair use' or 'compromise' by the time this hits mainstream. I've never been much of a conspiracy theorist, but you think it's possible that the MPAA/RIAA are handing Microsoft some money to incorporate some of their desires into this security move? They'll *always* have the last move, not us.
    • by Jucius Maximus ( 229128 ) on Sunday June 23, 2002 @01:15PM (#3752928) Journal
      "Great, let's go ahead and lay the groundwork for hardware level watermarking/rights management. There's no doubt in my mind that the MPAA/RIAA absolutely will jump on this first, quietly or blatantly. There won't even be time for 'fair use' or 'compromise' by the time this hits mainstream. I've never been much of a conspiracy theorist, but you think it's possible that the MPAA/RIAA are handing Microsoft some money to incorporate some of their desires into this security move? They'll *always* have the last move, not us."

      This is what I saw when I read this as well as well:

      "Protects information. The system uses high-level encryption to "seal" data so that snoops and thieves are thwarted. It also can protect the integrity of documents so that they can't be altered without your knowledge."

      Can you say "public key tampering?" If this 'black box' chip encrypts everything to your own public key, how do we know it's not encrypting everything to the joint NSA/MSFT/(RI|MP)AA/etc key as well? Um, we don't.

      "Stops viruses and worms. Palladium won't run unauthorized programs, so viruses can't trash protected parts of your system."

      I wonder how many windows users STILL have not installed the Root Certificates Update Patch [microsoft.com] on their machines? This patch was issued because someone faked their identity as microsoft and verisign gave them a Microsoft named digital certificate. What's to stop them from doing this to Palladium and running any code they want?

      Furthermore, they say this won't run unauthorised programs - but who authorises them? Many people think they control their hardware, but remember when TiVo boxen were forced to record a certain program [slashdot.org]? What if this black box allows the NSA or MSFT or ... to force your computer to run their code? It seems to me that if your machine has a Palladium chip, firewalls and patches mean nothing -- you are r00t3d from the very start. Nice.

      "Cans spam. Eventually, commercial pitches for recycled printer cartridges and barnyard porn can be stopped before they hit your inbox--while unsolicited mail that you might want to see can arrive if it has credentials that meet your standards."

      Really. How can a chip that is designed for encryption and authentication prevent someone from sending spam to you@yourisp.com? I think that this one is just baseless hype. Has ANYONE heard of a hardware solution for micromanaging spam? (Note: Micromanaging does not imply pulling out the RJ45.)

      "Safeguards privacy. With Palladium, it's possible not only to seal data on your own computer, but also to send it out to "agents" who can distribute just the discreet pieces you want released to the proper people. Microsofties have nicknamed these services "My Man." If you apply for a loan, you'd say to the lender, "Get my details from My Man," which, upon your authorization, would then provide your bank information, etc. Best part: Da Man can't read the information himself, and neither can a hacker who breaks into his system."

      Do you believe that MSFT wants to safeguard your privacy and r00t your box at the same time? See my point about public key tampering. I think they want to do to (gnu)PGP what they did to Netscape by including their own 'encryption' in the OS and Hardware. Of course once you start using their encryption, who knows WHO will be able to unlock your data? Remember the Scarfo Case [slashdot.org]. The FBI simply cannot break PGP with a high number of bits effectively on a large scale. They need to be able to read your encrypted files at will. That is what this will provide.

      "Controls your information after you send it . Palladium is being offered to the studios and record labels as a way to distribute music and film with "digital rights management" (DRM). This could allow users to exercise "fair use" (like making personal copies of a CD) and publishers could at least start releasing works that cut a compromise between free and locked-down. But a more interesting possibility is that Palladium could help introduce DRM to business and just plain people. "It's a funny thing," says Bill Gates. "We came at this thinking about music, but then we realized that e-mail and documents were far more interesting domains." For instance, Palladium might allow you to send out e-mail so that no one (or only certain people) can copy it or forward it to others. Or you could create Word documents that could be read only in the next week. In all cases, it would be the user, not Microsoft, who sets these policies."

      See previous point. Remember Life on the net in 2004 [aardvark.co.nz]? Remember: "Another warning appears -- "Your license for this recording has expired, unable to play." Damn -- another $49 if you want to listen to that music for another year. You wonder, if as they claim, these new measures significantly reduce piracy, why music is now so much more expensive?"

      They say the next windows release is slated for 2004. (I predict 2005.) This is exactly what the article's [aardvark.co.nz] author predicted. But it is being touted under the guise of a product for protecting users.

      In reality, this is a product for exposing the every private doings of regular people to MSFT, American Secret Services, the (RI|MP)AA and being able to remotely control their machines and shut them down if desired.

      [Insert 'opensource-protects-users' plug here.]

      • "Really. How can a chip that is designed for encryption and authentication prevent someone from sending spam to you@yourisp.com?"

        I think that what they mean is that the system will have the ability to refuse email not certified as being from another Palladium system. This will prove that the message is from a "respectable" business and therefor not spam. Remember that to the suits it isn't spam if it has a valid From: address and a "click to unsubscribe" link.
      • I wonder how many windows users STILL have not installed the Root Certificates Update Patch on their machines?

        I installed the root cert patch on my laptop's Windows 98 OS. Within two days, the laptop's hard disk failed. I bought a new hard drive. I installed Windows. I installed the root cert patch. The new hard disk failed two days later. I sent the second hard drive in and got a third hard drive. I installed Windows. I did not install the root certificates update patch.

  • This is a pretty surprising article, really... got some stuff I'd definitely want if they can make it work. Even more surprising to me is that they're publishing the source code for it.

    One hurdle is getting people to trust Microsoft.

    If Slashdot ever manages to say it's a good idea, they've won that war. Anyone think it'll happen? :-p
  • Oh! The irony!! (Score:5, Insightful)

    by SwedishChef ( 69313 ) <craig@networkess ... inus threevowels> on Sunday June 23, 2002 @12:25PM (#3752761) Homepage Journal
    Does no one else notice the irony in having the company responsible for 90% of the viruses, worms, back doors, and trojans - all due to poor planning on the part of MS executives and programmers - suggest that now they can fix it for all of us?

    If I were a conspiracy buff I'd think that MS created the security problems so that they could point to the "insecure internet" and offer some solution that benefits only them.

    That anyone, much less some "internet guru" takes this at face value illustrates that P.T. Barnum was right about suckers.
    • Re:Oh! The irony!! (Score:2, Informative)

      by Angron ( 127881 )
      Cringely apparently had the same feelings [pbs.org] about Microsoft's motives, a good bit ago.

      -A

  • to take this article seriously?

    It's easier to vandalize a Web site than to program a remote control.

    Seems like a sensationalist piece intending to attract attention through misinformation rather than inform the reader.

  • Perhaps it would raise the "barrier to entry" for breaking into systems, but once in I think the potential to cause havoc is even worse. Even if they do have some of it implemented in hardware, there will always be a piece of software code somewhere that sends/receives info from that hardware. So now instead of klez spamming you and everyone 6 levels removed from you, your computer starts telling everyone you're an untrusted entity and you cease to be able to interact with anyone (at least anyone with the same system, but assuming this would become pervasive) over the internet. It's not exactly identity theft, more like you now have a big neon sign floating above your head saying "I'm a crook" and whenever you look up to see what's there it disappears...they only way you can tell is asking someone else if its there or not.
  • by Artagel ( 114272 ) on Sunday June 23, 2002 @12:31PM (#3752779) Homepage
    Having read the article, I thought - finally, they came up with a justification that can be sold to consumers for DRM - privacy protection.

    Having the same systems implementing the filtering of spam (unapproved senders), restricting forwarding (unapproved redistribution), and also cover DRM (again, unapproved redistribution) allows the whole scheme to be marketed as an anti-spam system.

    The marketing on "fair use" really is about certain fair uses such as backups. No software is going to be able to figure out whether a transformative use of digital content will be fair or not -- what is the difference between creating a digital commentary on a video (fair) and a remarketing of it? (say in the Spanish language). Nothing that can be discerned by a computer program, I assure you.

    Still, it is encouraging to see MS taking security seriously, even if for the reasons of extending the reach of corporate profiteering. Actually, I can't think of any other reason that would motivate MS to do it, but so it goes.
    • Artagel wrote:
      "Having read the article, I thought - finally, they came up with a justification that can be sold to consumers for DRM - privacy protection."

      The two, privacy and DRM, are *not* the same thing. No amount of slick Microsoft marketing can change that.

      Privacy is about communication among a small number of trusted parties. When, I send e-mail to mom, I don't care about preventing mom from broadcasting to the world. I do care that "the man" doesn't know what I said to mom, and that "the man" can't manipulate or tamper with my communications to mom. Public key cryptography can work to solve these problems.

      DRM is about controlling communication between a small number of producers and large numbers of "untrusted" customers, for the purpose of maximizing profit. DRM is now, and always will be pure snake oil. If I can see it and hear it, there will be a way I can make an "unauthorized" copy of it. That is what computers *DO*. There is no way that DRM can replace the social trust relationship that works among small numbers of individuals, like mom and myself, with a technology solution enforced between a vast corporate entity and the untrusted hordes, like between Microsoft and everybody else.
  • by ckd ( 72611 ) on Sunday June 23, 2002 @12:35PM (#3752792) Homepage

    Good old WebElements [webelements.com] has a little something to say about the biological reaction to palladium [webelements.com]:

    All palladium compounds should be regarded as highly toxic and as carcinogenic.
  • From article: ...Microsoft's ambitious-and risky-plan to remake the personal computer to ensure security, privacy and intellectual property rights.

    So the goal is "ensure ... privacy and intellectual property rights" - isn't that an oxymoron? If you can hear/see it, you can copy it. But on one can know you're copying it unless they invade your privacy. You cannot have it both ways.

  • by RyanFenton ( 230700 ) on Sunday June 23, 2002 @12:48PM (#3752839)

    Even if it means having to pay for overseas shipping, I'll never buy a peice of hardware designed to prevent copying of software. It's just too counter-intuitive a concept to spend that much money on. The ability to back up software in an unlimited manner is a fundamental property of hardware that I will not do without. I find it insulting that there is a presumption of guilt about being able to copy software, especially after discovering that some of my favorite software on CD has been lost due to use and age.

    If this initiative begins to make it into the hardware market, I encourage all of you to explain what it means to anyone you know considering the purchase of hardware. Explain why being able to backup software is such an important aspect of hardware, and why it would be worth even paying more, if needed, to have this ability.

    Thank you.

    Ryan Fenton
  • Just a guess (Score:3, Insightful)

    by Zapdos ( 70654 ) on Sunday June 23, 2002 @12:49PM (#3752842)
    The hardware chip will tie into your Required Microsoft Passport id. Microsoft will set themselves up as the governing authority. Imagine not being able to use any software that is not signed.

    Some System Warnings.

    The requested download of Linux.iso is not allowed, no signature was found. Press any key to continue.

    Please be patient while the computer is cleaned of all unsigned Multimedia files.

    In further news: You will require new digital camera and scanner software that interacts with the "Passport Chip" to auto generate signatures. You just wont be able to save those unsigned pictures of your family reunion sent to you by your Aunt X.

  • ... at the top of the msnbc [msnbc.com] page the post links to, and you know Palladium won't make it.

    4 guys posing for a picture, looking like they just broke into your house and liked what they saw.

    Not for me, thank you indeed.

  • From the article: Palladium won't run unauthorized programs

    OK, who here wants to let Microsoft decide what is an authorized program and what isn't??? Obviously a user can't "self authorize" or that would defeat all of the protection. Sounds like Bill Gate's dream system to me.

    • You can authorize each program yourself. It's just that your OS will complain that it isn't authenticated, or whatever, and ask you if you want to run it or not. I'm sure they'll leave an option to "allow all software to run without authentication;" it's only the Microsoft thing to do....

      Digital media, on the other hand, that's something totally different. Microsoft will keep a firm grip on that stuff, through either requiring encryption keys to allow a piece of software to play a stream through an audio or video device, or by simply requiring that the stream sent to the devices be itself encrypted, or else the quality will be degraded to discourage replication.

      As for hard drives, expect to see some sort of per-sector encryption being built in..

      (This is all worse-case scenario, of course.)
  • My Boss Pitched this same Idea to me.

    Boss: It's a hardware solution to anti piracy.
    Me: Yeah, But how does it work?
    Boss: You put it in their computer.
    Me: Yeah, But how does it work?
    Boss: You get them to put it in by telling them it will make it more secure.
    Me: Yeah, But how does it work?
    Boss: At the Hardware Level.
    Me: Yeah, But how does it work?
    Boss: *Gets pissed off and mutters something about
    me being an idiot for not understanding a simple idea.*

    So it goes...
  • it's about M$ security. With all these neat hardware solutions and their spiffy patent on DRM OSs, M$ will be the only one who can deliver a royalty free OS. This means no more pesky Linux, BSD or whatever. And I doubt that it will even be that secure. Some of the proposed hardware standards for secure transmission between computer and monitor have already shown to be insecure and more will follow. The industry's problem will always be that secure means expensive and if you have the choice between a n expensive secure hardware solution and a cheap reasonably secure hardware solution, they take the cheap one. Just look at CSS. All the people paying royalty for their DVDs to be secure are already screwed, but they still have to pay.
  • by IGnatius T Foobar ( 4328 ) on Sunday June 23, 2002 @12:59PM (#3752873) Homepage Journal
    Microsoft knows what they're doing, and if this thing succeeds, you can forget about any non-Windows operating system being even remotely usable.

    Microsoft holds a patent [uspto.gov] that describes a method by which hardware and software interoperate to guarantee "digital rights management" (aka fair use destruction and monopoly lock-in). The patent describes a mechanism in which there is a private/public key pair, with one half embedded in hardware (possibly the CPU). Only "authorized code" (aka Windows) can run in ring 0 (kernel space) on the CPU. Naturally, only Windows has the other half of the key.

    This is probably how the Xbox prevents third-party operating systems from running, and it probably is why they originally applied for the patent. But it also has lots of uses in the monopoly business. This article [linuxandmain.com] describes how useful the patent could be in implementing the Hollings bill. Take it one step further and it's easy to envision a world in which this type of "protection" is not only mandated by law... but unimplementable by Linux hackers due to patent problems.

    Hopefully, by the time this thing hits critical mass (if ever), Linux will be too firmly entrenched for the industry to allow it to be required. I think we're already there on the server side (1 out of 4 servers sold today ships with Linux, more if you include the ones they can't count). In another couple of years we'll be there on the desktop as well. But as they say, the price of freedom is eternal vigilance. Let's make sure we get heard.b
    • That's the problem, though. If linux is seen as a server-only solution for 90% of it's purchasers, then that means that hardware companies, faced with the prospect of selling specialized CPUs for linux, will start pricing them out of the consumer range. What happens when the CPU is no longer available easily to the average consumer?

      In a somewhat unrelated area, I'm a programmer trying to break into the audio geek area as a hobby. Logistically, it should be really freaking simple to make a device which records audio directly to a harddrive, nowadays, in raw wave format. This is what I want so I can start sampling stuff. But instead, thanks to digital rights management, I can't get anything anywhere near what I want. My only options are either DAT tape recorders or (lossy) professional-model minidisc technology. (Professional by definition, only because it doesn't have copy-protection built into it.) Where are my cheap devices?

      It's laws like these digital rights management laws that keep the average consumer out of areas he would otherwise dabble in as a hobby. I'm waiting for the day that Microsoft requires every binary I compile to have an encryption key, authorized by Microsoft, embedded into it, or else it won't run on anyone else's computer.

      Media companies make me sick.
    • Grief, did they get a patent on that?

      I implemented a system that worked that way on a crappy little Verifone credit card terminal 12 years ago. In fact, some smartcard firms must have done similiar things, if only to check the integrity of their own code.
      • The question is not if you did it. But did you publish how to do the work to the public? Prior art requires public disclosure. Keeping things to yourself allows someone to come along after you and patent something you discovered first.
        • Not really. At least here in the UK, an invention mustn't be obvious or well-known to practitioners. I'm sure that certification vendors such as Schulumberger in France or secure system developers such as the RSRE (Royal Signals and Radar Establishment) here are well aware of such a fundamental principle. My own former colleagues in ICL did a lot of work on trusted OSes - I'm sure that work is relevant and was published.
          • Well of course my statement assumes that the given invention is patentable at all. If it is just having done something before someone else doesn't automatically mean the existence of prior art. Besides Europe doesn't have software patents, Yet.
    • Granting patents on software is the stupidest thing. Programming is just another form of speech whereby one uses a language to communicate, in this case computer language to communicate with the hardware.

      Are patents on English speech next? Am I going to need to pay some corporation a dollar every time I use certain words or phrases? Why not just put patents on walking, breathing and eating too?

    • by Bouncings ( 55215 ) <ken@noSpam.kenkinder.com> on Sunday June 23, 2002 @02:54PM (#3753267) Homepage
      Hopefully, by the time this thing hits critical mass (if ever), Linux will be too firmly entrenched for the industry to allow it to be required.
      I'm not taking that chance. First of all, corporate Linux distributions are becoming increasingly common and increasingly non-geeky. Finding ways around the GPL is just a matter of time and a room full of lawyers. When DRM hits mainstream, I'm sure these companies will find a way to attach it to Linux one way or another.

      I don't know about you, but I'm stocking up on hardware and software NOW. As the article said, future improvements aren't going to be about speed but "security" (read: copy restriction at the cost of improved speed). This means that what we should do now is get the fast and free computers before they are no longer available. This stuff might become very expensive and rare -- available in places like the ghettos in 1984. Get two or three parts of everything. Maybe some LUGs can start "freedom hardware pools" where we will change out parts as the break.

      One thing is certain: digital rights management has momentum, and is gaining more and more of it. The increased profitability of corrupt corporations and corrupt governments are at stake, and the fall of Napster is the first sign that the Internet is not government-proof.

    • OEM?s are wimps. Remember when the athlon first came out and asus denied it even had an athlon motherboard because they were scared of the big bad intel? Or how compaq killed the alpha because they did not want to frighten intel so they signed a contract in exchange for cheaper prices for pentiums in there consumer desktop divisions?

      Like it or not consumers want to buy the latest and greatest versions of Windows and intel chips for the cheapest prices. Consumers who need a newer pc will not invest thousands of dollars for yesterdays software. They want to be on the edge of the upgrade curve for their investment. An oem can't sell pc's without the latest version of Windows or else they will go bankrupt. Linux only makes up %2 or %3 of their sales. Most use it for servers anway so they wont care. If I were Michael Dell I would discontinue linux immediately and sell these drm cripples pc's before compaq or gateway do to outcompete them. If I didn't do this I could lose my job and bankrupt my company. Its sad but true. This is how OS/2 lost. It was beginning to get popular right before Windows95 came out. Then out of nowhere it vanished. Even IBM sold out due to fear from Microsoft after they invested billions into it. It was a waste but their pc division would of went belly up if they didn't cave in.

      The only thing we can do to stop this is to email and snail mail your elected official and explain to them what your opinions are and also explain how it could physically cripple the whole IT industry. This is worse then the anti-trust violation of the bundling of IE. Much, much worse at a whole different scale. At least with the internet explorer case, consumers benefited by having a zero cost browser. This new scheme offers no benefits besides to lock consumers into agreeing to buy only microsoft operating systems with dracionian eula's attached to them that will prohibit fair use. Who knows, maybe .net my services will finally take off. After all you agreed to use it didn't you? If you don?t agree to it USE A TYPEWRITTER will be Microsofts attitude. This is why ms wants drm so bad. Sure it will prohibit piracy but it will also insure their renting schemes and license hikes at the hardware level. Very, very dangerous in my opinion. My guess is the 2nd version of Windows.net will not run without drm enabled hardware. This would make the OEM's cream in their pants. Microsoft always lets the OEMS do their dirty work and this is probably MS's latest scheme. Sadly, I guess 5 years from now we will all be running linux on slow and expensive macs. This will be our only choice for a cost effective linux platform. We need to write our representatives because the linux marketshare won?t make a difference with the oems and yes it will go through. If Microsoft and the OEMs are for it then their is no stopping it. With or without linux.
  • by Anonymous Coward on Sunday June 23, 2002 @01:09PM (#3752913)
    Rant following...

    the world of computer bits. An endless roster of security holes allows cyber-thieves to fill up their buffers with credit-card numbers and corporate secrets. It's easier to vandalize a Web site than to program a remote control. Entertainment moguls boil in their hot tubs as movies and music are swapped, gratis, on the Internet. Consumers fret about the loss of privacy. And computer viruses proliferate and mutate faster than they can be named.

    Whaaaaa ? My website is secure, TYVM, it hasn't been defaced even once. Nobody ever stole my credit card number, and my personal info is well guarded. I have never have a single virus on my many computers. And none of my intellectual property was ever stolen.

    So what the Hell is the problem ? People are taking advantage of your computer-illiteracy ? Then learn, or drop dead.

    I see this whole Palladium thing as a solution to a manufactured problem. Oh-my-goodness people on the Internet are filthy script-kiddies cracking servers and spreading virii mainly because Microsoft can't code secure programs ! And they're stealing music and movies because the RIAA can't sell CDs and DVDs cheaper !
    And then they say the solution should be another patch upon this ? Why couldn't they get it right first ? Why can't they fix what already exist ? Microsoft is running so far away from the very concept of QA they try to sell a solution to the problem they are the most responsible for in the first place !

    I wish they'd just stop thinking for me, or rather stop thinking at all. Their reasoning is flawed from the begginning: I don't need to have it fixed for me, I took care of that myself already.

    So I'll just go on and ignore this stupid thing. Nobody'll ever force me to use it.
    • You're missing the point. Palladium isn't merely a solution to keeping your secrets safe and your system integrity intact, it's a solution to keeping other people's secrets safe from you when in "your" environment. That's why is needs to be tamper-proof hardware - the first problem can be solved by using Java or a similar software-only platform.
  • Hmmm (Score:4, Interesting)

    by Monkelectric ( 546685 ) <slashdot AT monkelectric DOT com> on Sunday June 23, 2002 @01:09PM (#3752915)
    So I have to pay money for extra hardware so Sony can sell me movies and music ... and because MS can't secure an OS without it? (It's perfectly possible - BSD).

    I'm sure a MS's execs reply would be, "Of course you dont have to pay extra for a pc... [ you dont have to use a pc at all ]

    Which might be just what I do -- move to mac.

    I'm *really* sick of the adversarial attitude held by alot of companies latley -- "the customers are our enemies, we will dog them to do what *we* want." If you dont like this (and I sure dont), vote with your $$ and dont buy it.

  • According to the book "Hack Proofing you Network", client side security is fundementally flawed and will always eventually be broken.
    The reason for this is that the person owns the client and if they can spend the time, they can over-ride any security implementation. Just look at the X-Box.
  • Interesting to note that none of the six bulletted features, all relating to users' control and users' trust relationships, require anything new or different from current PC platforms. Therefore the only reason for Intel & co. to be involved must relate to other parties trust and control.

    To give a concrete example, a virtual machine like Python or Java can offer complete control over what an application can do with your identity and information and guarantee the integrity of your PC. No hardware support is required at all.

    However, for other parties to trust your identity and control the use of their information requires a locked-down platform. Again, a VM-like system is a solution, but the VM's integrity must be guaranteed for them to trust it, hence the need for a tamper-proof, hardware-based solution.

    Now, here's the interesting bit. Both open source and closed systems appear to be converging on the use of VMs, but for different reasons.
    In the open source world, Java, Parrot and Mono/DotGNU are seen as simply practical solutions to portability problems, with security and other factors some way further down the list. For closed systems, security (meaning keeping the information closed) will soon be the priority, far surpassing the need to maintain cross-platform (i86, PPC, ARM etc.) builds cheaply.

    Open source advocates should not respond by continuing to develop more monolithic and fundamentally insecure C binaries - this will just leave Linux exposed to criticisms from future security-related interests, such as corporate IT management. Instead, we should embrace systems that can guarantee security - the difference being that it is security on the user's terms, not the vendor's. In fact, a high-level VM (like Java's) is the ideal platform for open source because (thanks to decompilers and the semantic equivalence of bytecode and Java source) it is impossible to ship code that isn't open.

    There's a lot of positive spin for Open Source to be gained from this development, but the first thing to recognize is the critical importance of VMs (preferably a single "anointed" VM) to the viability of Linux platform.
  • I worry that an unholy alliance is going to form between the entertainment/media industry, the software industry and "national security" interests to push computers into becoming closed systems that can only play games and run software approved by a relatively small number of large organizations.

    These restrictions would be justified on the baisis of national security as a way to:

    1) prevent sinister interests from finding and exploiting weaknesses (security through obscurity)

    2) prevent sinister interests from launching distributed attacks against such weaknesses.

    3) provide a "secure" backdoor for use in monitoring sinister interests.

    All of which would serve the entertainment and software industries desire to control who gets to view media, and how.
  • by nologin ( 256407 ) on Sunday June 23, 2002 @01:34PM (#3752970) Homepage

    If I remember my greek mythology correctly, the Palladium was supposedly used to protect the city of Troy. As long as the statue was there, the city would be safe.

    The Palladium was eventually stolen and afterwards the city of Troy fell.

    I don't know about you, but isn't it ironic that Microsoft names their next security product in reference to this same Palladium?

    • I usually don't reply to myself, but here is some information confirming what I had stated.

      The word Palladium comes from an ancient Greek legend of a statue that stood in the city of Troy holding a shield and a spear. It was believed to have been hurled from Olympus by the god Zeus at the founding of the city, and it was thought that this statue protected the city. In the tenth year of the Trojan War the Greek heroes Diomedes and Odysseus stole the Palladium, thus facilitating the fall of Troy.

      Yep, the statue was stolen, ironically during the Trojan War.

      Ooh, the irony. Too bad the Palladium was only made out of wood. :)

    • What irony? (Score:5, Informative)

      by dangermouse ( 2242 ) on Sunday June 23, 2002 @03:35PM (#3753383) Homepage
      Cripes. This must be the third post I've read saying the same thing, and not one of you get it. Using the name "Palladium" is intentional, and it's not at all ironic.

      It's a brilliant name. They're talking about supplying a Palladium to a Troy, which will thereby prevent things like "Trojan horses" from bringing about the downfall of that Troy. The Palladium provided security. Microsoft wants to supply a Palladium. Jumping Jesus on a pogo stick, man, this isn't that hard to fathom.

      If I may, I'd like to thank my grade school teachers for their emphasis on reading comprehension and critical thinking skills.

  • In other words, MS will be offering a semblance of what *Linux and *BSD already offer, except with the addition of DRM to violate our fair use rights and enslave us to the RIAA/MPAA.

    How much is the RIAA/MPAA funding this behind the scenes?

    This is really little more than a giant smoke screen to interweave DRM into the very fabric of all software.

    Also, why would anyone use this over what *Linux and *BSD offer? Linux and BSD already great security and stability, but they don't shove DRM down your throat. Furthermore, Linux and BSD will also be able to take advantage of these new "security-class chips".

    Finally, consider the source. When has MS ever given anyone a good reason to trust them? MS saying they'll help us is sort of like Jack The Ripper saying he's a protector of prostitutes.
    • Stability isn't the same thing as security. I have exactly the same problem running a binary on Linux as I do on Windows - integrity isn't guaranteed (uncontrolled pointers...), rights can only be given at a very coarse level (run as root, write anything in this directory...) and so forth.

      Windows is about to fix this with Dotnet. Palladium will just be icing on the cake for the DRM crowd. Meanwhile, precisely nothing equivalent is happening on what we refer to as the Linux platform, only in assorted addons (Java, Dotnet, Parrot etc.) which are semi-integrated at best.
  • by sulli ( 195030 ) on Sunday June 23, 2002 @01:38PM (#3752983) Journal
    Palladium is being offered to the studios and record labels as a way to distribute music and film with "digital rights management" (DRM).... a more interesting possibility is that Palladium could help introduce DRM to business and just plain people.... Palladium might allow you to send out e-mail so that no one (or only certain people) can copy it or forward it to others. Or you could create Word documents that could be read only in the next week. In all cases, it would be the user, not Microsoft, who sets these policies.

    This is so laughably stupid it's amazing. Do they not know about screen capture? Or - if that's disabled - digital cameras? I can just imagine the whistleblower at a future Merrill Lynch taking a picture of a future Henruy Blodget's "it's a piece of shit" email and sending it to the press - while the IT manager is shocked and dismayed that Microsoft's "secure email" failed so spectacularly.

  • It's easier to vandalize a Web site than to program a remote control.

    This article just lost all credibility.

  • That's what the whole MS antitrust lawsuit is all about. The government wants more control over MS code, they want to have control over technology, they want to supervise everything, and they want to take away control from the consumers.

    I've come to realize that every Microsoft's new announcments have something to do with the lawsuit. Despicable.

    The anti-trust lawsuit won't be dropped until MS becomes the governments puppet.
  • I was aghast at the article and I shouldn't've been. It's on MSNBC and is intrinsically unable to cast Microsoft into anything but godlike form.

    Obviously, MS is trying to link concepts of "your security and privacy" with "intellectual property rights" in the consumer's mind, and there's simply no functional reason to do so other than bowing to the big IP producers in Hollywood. (The article says "[Microsoft researchers] quickly understood that the problems of intellectual property were linked to problems of security and privacy"; I'm sure that the consumer's security and privacy were obstacles to controlling the IP that flowed through their computer.) I don't know if this bowing thing is due to fear of litigation ("our clients allege that Microsoft willfully constructed and distributed an operating system that allowed easy violations of copyrights") or simply from being paid off in some manner like partnerships; perhaps both.

    But, statements like "cries for a safeguard" and "easier to vandalize a Web site than to program a remote control" places the article firmly in the ranks of propaganda.

    "[T]he system is designed to dramatically improve our ability to control and protect personal and corporate information"? Who's "our"? I'm sure the system will make give you incredible control over that movie, song or book you made ... oh, wait, the common man is not a production house. Suddenly that "our" becomes "their".

    The IP industrials have their own controls, and when they've implemented them (various forms of copy protection) the consumer mass has either raised an uproar or produced a crack. That alone shows the lifecycle of control (plan, implement, ruckus/crack, retreat/pointlessness) and thus that controls are a pointless exercise. The point is further made even if an end-run is made around the consumer by embedding controls into the OS. Despite MS's near monopoly position, MacOS and Linux are viable alternatives to MS Windows, and I've seen people make the switch when sufficiently motivated. Does MS expect the people on college campuses (who are doing a large fraction of the file sharing) -- with all their computer-saavy and access to IT skills -- to just sit in their dorm rooms and offices and let some ACCESS DENIED message blink in front of their faces when they try to fetch or open the latest sn0g, pr0n, m0vie or w4r3z?

    The privacy solutions raised in the article aren't anything that can't be made with software right now. We could encrypt all our outgoing packets right now; every email could be encrypted, and every file put up on FTP and Web sites. Why isn't that kind of security pervasive? I think that answer is more along the lines of "we [the people] don't want it" rather than "encryption software isn't pervasive". I am reminded of the Clipper chip ... the fiasco that occurred such that we don't have encrypted phones everywhere today. The gov wanted free, backdoor access and the industry (and consumers) knew that it would be selling unsecure products therefore. The consumers didn't want pervasive phone encryption that wasn't secure from the gov; and the consumers simply don't want pervasive Internet security that doesn't allow Libertine file sharing.

    There's more outrageous propaganda: the system "[c]ans spam". Oh, puh-leeez. The age-old problem of mailbox access will still be there; we can stop spam now with restricted mailbox access, but we just don't do that since a restricted mailbox is a big problem against receiving mail in general. So perhaps this Palladium plan will address outgoing verification, so ... what, is AOL, Hotmail and other such services going to deny members outgoing mailing privileges? Obviously not.

    This further piece is even funnier: the system "[s]afeguards privacy", so "it's possible not only to seal data on your own computer, but also to send it out to "agents" who can distribute just the discreet pieces you want released to the proper people." Ah, built-in file sharing, and until somebody logs on, downloads and then blabs, Hollywood isn't going to know.

    Finally, the last laugh: "[c]ontrols your information after you send it". This must mean the end of cut-n-paste from a window; either that, or you will need Microsoft Visual Implants {tm} so that encrypted data will be emitted from a screen pattern and then safely reconstructed into an image upon your retina.

    Sorry to degrade into sarcasm, but the article -- and the Palladium system -- really deserves my scorn. You can keep reading past the article's last laugh but it is just more smoke and mirrors.
  • Wasn't Microsoft found guilty of Criminally breaking federal anti-trust law?

    Or maybe I'm confused?
  • by guttentag ( 313541 ) on Sunday June 23, 2002 @01:58PM (#3753062) Journal
    Because its ultimate success depends on ubiquity, Palladium is either going to be a home run or a mortifying whiff. "We have to ship 100 million of these before it really makes a difference," says Microsoft vice president Will Poole... Chipmakers Intel and Advanced Micro Devices have signed on to produce special security chips that are integral to the system. "It's a groundswell change," says AMD's Geoffrey Strongin. "A whole new class of processors not differentiated by speed, but security." ... And the new additions will make your next computer a little more expensive.
    So basically, consumers have figured out that more Mhz does not make a better computer. The industry has milked that one for all it's worth, so the next "innovative" step is to get people to buy new computers with "secure chips" that don't really provide any extra protection for 99.9% of users.

    Let's take a look at these new innovations:

    The system uses high-level encryption to "seal" data so that snoops and thieves are thwarted. It also can protect the integrity of documents so that they can't be altered without your knowledge.
    So MS is going to claim it invented encryption and checksumming in 2002.
    Palladium won't run unauthorized programs, so viruses can't trash protected parts of your system.
    Most Windows users get viruses via email scripts, which aren't programs. So this won't cut down on viruses (why would MS want to when they can claim that the virus writers are just getting savvyer and that you need to buy a more secure system to stay one step ahead).
    Eventually, commercial pitches for recycled printer cartridges and barnyard porn can be stopped before they hit your inbox--while unsolicited mail that you might want to see can arrive if it has credentials that meet your standards.
    I've seen the "unsolicited mail you might want to see." Hotmail calls them newsletters and prevents you from blocking them.
    With Palladium, it's possible not only to seal data on your own computer, but also to send it out to "agents" who can distribute just the discreet pieces you want released to the proper people. Microsofties have nicknamed these services "My Man." If you apply for a loan, you'd say to the lender, "Get my details from My Man," which, upon your authorization, would then provide your bank information, etc. Best part: Da Man can't read the information himself, and neither can a hacker who breaks into his system.
    Bull$hit. No company is going to spend the money to store, manage and distribute your information if they aren't getting paid or reading your information. If you're already talking to the lender, why can't you give them the information yourself... or are people really too lazy to write down their name, address and phone number?
    ...Palladium could help introduce DRM to business and just plain people. "It's a funny thing," says Bill Gates. "We came at this thinking about music, but then we realized that e-mail and documents were far more interesting domains." For instance, Palladium might allow you to send out e-mail so that no one (or only certain people) can copy it or forward it to others. Or you could create Word documents that could be read only in the next week.
    Yeah, it's funny how people didn't buy into DRM the first time around, kinda like pay-per-view DVDs. But if we sugar-coat it and convince consumers that they can benefit from DRM (after all, a reader of a protected Word document can't copy its contents down while he has access to it and redistribute it later), they will accept it, the music industry will turn to us for DRM-formatted CDs and MS will control the audio CD format.
    In 1997, Peter Biddle, a Microsoft manager who used to run a paintball arena, was the company's liason to the DVD-drive world. Naturally, he began to think of ways to address Hollywood's fear of digital copying. He hooked up with ' Softie researchers Paul England and John Manferdelli, and they set up a skunkworks operation, stealing time from their regular jobs to pursue a preposterously ambitious idea--creating virtual vaults in Windows to protect information.
    Great. The future of the PC redefined by a paintball arena manager.
    There will also be components that encrypt information as it moves from keyboard to computer (to prevent someone from wiretapping or altering what you type) and from computer to screen (to prevent someone from generating a phony output to your monitor that can trick you into OKing something you hadn't intended to).
    Because terrorists and hackers keep welding antenna-laden black boxes to my keyboard and monitor.
    Others will note that the Windows-only Palladium will, at least in the short run, further bolster the Windows monopoly. In time, says Microsoft, Palladium will spread out. "We don't blink at the thought of putting Palladium on your Palm... on the telephone, on your wristwatch," says software architect Brian Willman.
    Now that's innovative... convincing consumers that someone is trying to wiretap their watches so they will pay more to hardware-encrypt data between the crystal and LCD.
    And what if some government thinks that Palladium protects information too much? So far, the United States doesn't seem to have a problem...
    With the current U.S. push to chip away at privacy rights in the name of preventing terrorism, the FBI/the CIA/Ashcroft would be speaking out against this if it really protected the individual's privacy.
    according to this article at MSNBC, Microsoft has an ambitious new plan...
    Please note that this is a Newsweek article, not an MSNBC article. Newsweek's parent, The Washington Post Company, cut a deal with Microsoft about two years ago in which MSNBC would publish Newsweek.com in a more cost-effective way than the WashPostCo could.

    Whether you want to trust Newsweek's articles about Microsoft any more than you would trust a MSNBC article about Microsoft is up to you.


  • From the article: It's easier to vandalize a Web site than to program a remote control.

    Translation: The author of the article has done neither. If you are an editor, this is one of those phrases that tip you off that the author is willing to say anything to make the article more interesting to the average reader, even if it is entirely invented. Further translation: It's time to fire Steven Levy, the author.

    This article, I'm guessing, was paid for by Waggener Edstrom [wagged.com] (wagged.com, as in "the tail wagged the dog"), Microsoft's PR company.

    Notice that they are already preparing you for the reality of Microsoft's efforts: "I firmly believe we will be shipping with bugs," says Paul England.

    The article says, One hurdle is getting people to trust Microsoft. Here are more than 200 pages in which the U.S. government said that Microsoft could not be trusted: U.S. Justice Department complaints against Microsoft [usdoj.gov].

    Will we begin trusting people who have abundantly proven that they cannot be trusted, and have been convicted of breaking the law? Will the government let Jeffrey Dahmer [tornadohills.com] or Charles Manson [cris.com] free? Will an adversarial, self-destructive company suddenly become charitable?
  • "Apple. Computing with no boundaries" Seriously, Jobs and Co. are probably drooling at the thought of this going forward and mucking up everyone's attempt to use their PC's for what they have become accustomed to, not to mention the added cost involved that will level the price playing field even more. Once the genie is out of the bottle, there's NO WAY to squeeze it back in. The growth of Napster alternatives since the RIAA shutdown shows this clearly, and an alternative OS that allows people to have what they are used to will suddenly look really, really good. Good Lord, the confusion this would bring to a client/server environment running different OS's is mind-boggling.
  • Microsoft, Apple, the MPAA and the RIAA are the Inner Party. Their secret goal is absolute power. Power is not a means, but an end.

    The Inner Party, if not stopped soon, will take over the entire world. The next thing you know, Digital Rights Management will be present in every part of life.

    Upon birth, your DNA, along with biometric scans of every part of your body will be encrypted and stored in two places: In a huge central government computer, located in the Ministry of Love, and in nano-sized implants located throughout your body, implanted upon birth. These implants will contain every piece of known information about you: Police records, medical records, bank records. The implants will also have a Global Positioning System, among other "convenient" features. A history of every location you've been to since birth will be stored, for investigation purposes. Your pulse, blood pressure, and other values will constantly be read and stored as well, for both medical and investigative purposes. Huge computers will constantly perform consistency checks and automated investigations of every person in the world every so often. If any patterns are present in any of your records or positioning coordinates that suggest any kind of abnormal activity, you'll be snatched off by the Thought Police and taken directly to Room 101.

    Soon, they will know your every move, your every transaction, your every thought. It'll be like Johnny Mnemonic meets 1984 and the Biblical Antichrist all in one, And Microsoft will be at the helm of this innovative technology.

    Ooooooooh well. I need to get another Negra Modelo, while I still can.

  • This may be M$ last hurrah.

    They have obviously lost touch with reality. Maybe they've been listening to their lawyers.

    For all Bill Gate's money, his entire wealth has been based on reducing over-head. Not even production costs. OVER-HEAD. The guy doen't have a clue.

    CIO are talking to Linux vendors. HP is advertising Linux machines. IBM is gung-ho on Linux. Governments are refusing to consider closed-source.

    M$ now has a competitor. M$ is DOOMED. Its not IF, its now just UNTIL.

    Like the insane drift towards higher production costs that can break a studio if the audience using what ever brain cells remain in its media-addled pates decides NOT to make its way to the latest budget-&-ball-busting cinematographic turkey, in lemming-like waves throwing bills from its wallets at the bubble-gum chewing minimum-wage earners at the Odeon as patrons hurtle over the cliff, or simply slip and slide in the darkened meat-locker on the oozed-out-through-the-bottom-of-the-bag pop-corn topping to smash their skulls on the arm-rest mounted "bucket-O-Coke" holders.

    Like Josip Brox Tito's insistence to the firing squad that his people loved him and his wife. Followed by eleven shots from the twelve rifles.

    If Bill Gates went out holding a lamp and shining it into the faces of every stranger he encountered, he would have a longer road to tread in the search for anyone who has not been burnt in someway or another and still trusted M$, than that walked by Diogenes in his search for an honest man (There is no record that Diogenes ever bothered to even head towards Redmond.)
  • This article smells like a trial balloon. "We'll invite in a reporter to say nice things about us and see what public response we get." We need to make it clear that putting Microsoft-designed security/DRM hardware in our boxes is not an option and will never be.
  • by Patrick ( 530 ) on Sunday June 23, 2002 @03:17PM (#3753335)
    This, right here, is all the evidence you need that the system is flawed: "For instance, Palladium might allow you to send out e-mail so that no one (or only certain people) can copy it or forward it to others. Or you could create Word documents that could be read only in the next week." If I can read it, I can copy it. If I can read it today, I can read it tomorrow. The only way to even begin to enforce that absurd policy is to trust every application with access to your encryption keys or decrypted text not to permit copying.

    There are two ways to do that: by banning any software not directly trusted by Microsoft, or by passing the data around encrypted until it reaches the screen (and, of course, trusting that the screen's private key will never be discovered). I'm not sure which is scarier, but I honestly don't think even Microsoft has the power to accomplish either.

    And they claim this: "Eventually, commercial pitches ... can be stopped before they hit your inbox--while unsolicited mail that you might want to see can arrive if it has credentials that meet your standards." There is no way to allow email from strangers without also allowing commercial email from strangers. It's possible to reject all unsigned email (and thus, at least, know who is sending you spam). All hail the death of anonymity.

    And last, it pains me to see that "security" has stopped meaning "protecting your computer and data from attackers" and now instead means "protecting your computer and data from you." A computer that enforces DRM isn't more secure. More authoritarian, more expensive, and more likely to let me watch DVDs, but not by any means more secure.

  • by dlur ( 518696 ) <dlur&iw,net> on Sunday June 23, 2002 @03:19PM (#3753342) Homepage Journal

    Yup there already is a secure OS that provides great strides in privacy as well. You don't need any special hardware to run it, and it doesn't cost you anything. It doesn't include any DRM garbage and it's called Open BSD [openbsd.org].

  • How to fight this (Score:4, Interesting)

    by Ogerman ( 136333 ) on Sunday June 23, 2002 @03:38PM (#3753394)
    They also realized that if they wanted to foil hackers and intruders, at least part of the system had to be embedded in silicon, not software. This made their task incredibly daunting.

    So there you have it. They believe that security through obscurity will be sufficient if that obscurity is in the hardware, buried under a layer of ceramic or epoxy. In other words, using hidden encryption keys in the hardware so that the key exchange won't be accessible via software tools. And the only way this can work is if everybody upgrades all their hardware at once. Fat chance! I'm all for cryptographically secure hardware--but only if I am the one setting the keys, not some secret industry / government consortium. DRM is absolutely not possible with obscurity and therefore is our enemy.

    What to do about this?
    1.) Don't buy or support M$ software. That means being choosy about employers too.
    2.) Implement excellent free software solutions that will be inherently incompatible with any nonsense M$ pushes. The more people satisfied with Linux/BSD, the more people that will refuse this rubbish.
    3.) Don't buy any hardware that supports any standards they dream up.
    4.) Come up with our own open hardware/software security model. Be innovative. Find a way to make security and encryption easy for the average user.
    5.) Spread the word to the non-tech folks. Use propaganda if needed--fight fire with fire.
  • Classical irony (Score:3, Informative)

    by Shimbo ( 100005 ) on Monday June 24, 2002 @05:14AM (#3755974)
    As the article mentions, there was an prophecy that Troy was safe as long as the Palladium remained in the city.


    However, a band of smart geeks (erm Greeks) found a back door into the city, disabled the protection mechanism thus leaving the city wide open to attack.

  • by juliao ( 219156 ) on Monday June 24, 2002 @08:50AM (#3756526) Homepage
    DRM is probably _the_ hot topic right now. Everyone seems to be designing and proposing DRM schemes. And the Open Source community has found serious flaws in both design and intention in every scheme proposed so far.

    The community complains loudly about companies that want to forcefully restrict liberty for users and developers alike. But has the community come forth with its own proposal?

    How do we implement rights management for the independent author? How do we support code signing for the independent programmer? I should have an Open system that allows me to produce my documents, write my code, distribute what I want, and have everything appropriately signed by me.

    Are we up to this? Are we able to propose alternates? Instead of just saying "no", shouldn't we be constructive and say "this is how to do it"?

    I'm willing and able to work towards this, altough it's not something I can/want to do alone. Any takers? Let me know.

Think of it! With VLSI we can pack 100 ENIACs in 1 sq. cm.!

Working...