RE: [DotGNU]Here It Is: Microsoft's Palladium

[James Mc Parlane]

Why does this remind me of the "Clipper" chip?

> -----Original Message-----
> From: Seth Johnson [mailto:address@hidden
> Sent: Monday, June 24, 2002 7:13 AM
> To: address@hidden
> Subject: [DotGNU]Here It Is: Microsoft's Palladium
> 
> 
> 
> (Link from Jay Sulzberger of the New Yorkers for Fair Use
> Discussion list, address@hidden  Note that
> this specifically corroborates the bit about Intel endorsing
> content control.  Don't know if this is or is not TCPA, but
> it's the same general idea.  -- Seth)
> 
> > http://www.msnbc.com/news/770511.asp
> 
> The Big Secret    An exclusive first look at Microsoft's
> ambitious-and risky-plan to remake the personal computer to
> ensure security, privacy and intellectual property rights.
> Will you buy it?   By Steven Levy NEWSWEEK
> 
> 
> HERE'S SOMETHING THAT cries for a safeguard: the world of
> computer bits. An endless roster of security holes allows
> cyber-thieves to fill up their buffers with credit-card
> numbers and corporate secrets. It's easier to vandalize a
> Web site than to program a remote control. Entertainment
> moguls boil in their hot tubs as movies and music are
> swapped, gratis, on the Internet. Consumers fret about the
> loss of privacy. And computer viruses proliferate and mutate
> faster than they can be named.
> 
> Computer security is enough of a worry that the software
> colossus Microsoft views it as a threat to its continued
> success: thus the apocalyptic Bill Gates memo in January
> calling for a "Trustworthy Computing" jihad. What Gates did
> not specifically mention was Microsoft's hyperambitious
> long-range plan to literally change the architecture of PCs
> in order to address the concerns of security, privacy and
> intellectual property. The plan, revealed for the first time
> to NEWSWEEK, is... Palladium, and it's one of the riskiest
> ventures the company has ever attempted. Though Microsoft
> does not claim a panacea, the system is designed to
> dramatically improve our ability to control and protect
> personal and corporate information. Even more important,
> Palladium is intended to become a new platform for a host of
> yet-unimagined services to enable privacy, commerce and
> entertainment in the coming decades. "This isn't just about
> solving problems, but expanding new realms of possibilities
> in the way people live and work with computers," says
> product manager Mario Juarez. 
> 
> Because its ultimate success depends on ubiquity, Palladium
> is either going to be a home run or a mortifying whiff. "We
> have to ship 100 million of these before it really makes a
> difference," says Microsoft vice president Will Poole.
> That's why the company can't do it without heavyweight
> partners. Chipmakers Intel and Advanced Micro Devices have
> signed on to produce special security chips that are
> integral to the system. "It's a groundswell change," says
> AMD's Geoffrey Strongin. "A whole new class of processors
> not differentiated by speed, but security." The next step is
> getting the likes of Dell, HP and IBM to remake their PCs to
> accommodate the system.
> 
> "It's one of the most technically complex things ever
> attempted on the PC," says Gartner analyst Martin Reynolds.
> And the new additions will make your next computer a little
> more expensive. Will the added cost-or a potential
> earlier-than-otherwise upgrade-be worth it? Spend a day or
> two with the geeks implementing Palladium-thrilled to be
> talking to a reporter about the project-and you'll hear an
> enticing litany of potential uses.
> 
> * Tells you who you're dealing with-and what they're doing.
> Palladium is all about deciding what's trustworthy. It not
> only lets your computer know that you're you , but also can
> limit what arrives (and runs on) your computer, verifying
> where it comes from and who created it.
> 
> * Protects information. The system uses high-level
> encryption to "seal" data so that snoops and thieves are
> thwarted. It also can protect the integrity of documents so
> that they can't be altered without your knowledge.
> 
> * Stops viruses and worms. Palladium won't run unauthorized
> programs, so viruses can't trash protected parts of your
> system.
> 
> * Cans spam. Eventually, commercial pitches for recycled
> printer cartridges and barnyard porn can be stopped before
> they hit your inbox-while unsolicited mail that you might
> want to see can arrive if it has credentials that meet your
> standards.
> 
> * Safeguards privacy. With Palladium, it's possible not only
> to seal data on your own computer, but also to send it out
> to "agents" who can distribute just the discreet pieces you
> want released to the proper people. Microsofties have
> nicknamed these services "My Man." If you apply for a loan,
> you'd say to the lender, "Get my details from My Man,"
> which, upon your authorization, would then provide your bank
> information, etc. Best part: Da Man can't read the
> information himself, and neither can a hacker who breaks
> into his system.
> 
> * Controls your information after you send it . Palladium is
> being offered to the studios and record labels as a way to
> distribute music and film with "digital rights management"
> (DRM). This could allow users to exercise "fair use" (like
> making personal copies of a CD) and publishers could at
> least start releasing works that cut a compromise between
> free and locked-down. But a more interesting possibility is
> that Palladium could help introduce DRM to business and just
> plain people. "It's a funny thing," says Bill Gates. "We
> came at this thinking about music, but then we realized that
> e-mail and documents were far more interesting domains." For
> instance, Palladium might allow you to send out e-mail so
> that no one (or only certain people) can copy it or forward
> it to others. Or you could create Word documents that could
> be read only in the next week. In all cases, it would be the
> user, not Microsoft, who sets these policies.
> 
> Some of these ideas aren't new-they're part of the promise
> of public key cryptography, discovered 25 years back.
> Palladium is a dead-serious attempt to finally make it
> happen, with a secure basis and critical mass. But it didn't
> start that way. In 1997, Peter Biddle, a Microsoft manager
> who used to run a paintball arena, was the company's liason
> to the DVD-drive world. Naturally, he began to think of ways
> to address Hollywood's fear of digital copying. He hooked up
> with ' Softie researchers Paul England and John Manferdelli,
> and they set up a skunkworks operation, stealing time from
> their regular jobs to pursue a preposterously ambitious
> idea-creating virtual vaults in Windows to protect
> information. They quickly understood that the problems of
> intellectual property were linked to problems of security
> and privacy.
> 
> They also realized that if they wanted to foil hackers and
> intruders, at least part of the system had to be embedded in
> silicon, not software. This made their task incredibly
> daunting. Not only would they have to build new secrecy
> functions into Windows (without messing up any programs that
> run on the current versions), but then they'd have to
> convince the entire industry to, in effect, update the basic
> hardware setup of the PC.
> 
> Intel originally turned down the idea before eventually
> embracing it. AMD had already been thinking along similar
> lines, and eagerly signed on. Biddle's virtual team kept
> working, and in October 2001, it became a formal
> green-lighted project.  
> 
> As now envisioned, Palladium will ship "in a future version
> of Windows." (Perhaps in the next big revision, due around
> 2004.) By then the special security chips will be rolling
> out of the fabs, and the computer makers-salivating at an
> opportunity to sell more boxes-will have motherboards to
> accommodate them. There will also be components that encrypt
> information as it moves from keyboard to computer (to
> prevent someone from wiretapping or altering what you type)
> and from computer to screen (to prevent someone from
> generating a phony output to your monitor that can trick you
> into OKing something you hadn't intended to). Only certain
> applications will access the part of Windows (nicknamed "the
> nub") that performs Palladium's functions with the help of
> the security chip-everything else will work exactly the
> same.
> 
> The first adopters will probably be in financial services,
> health care and government-places where security and privacy
> are mandated. Then will come big corporations, where
> information-technology managers will find it easier to
> control and protect their networks. (Some employees may
> bridle at the system's ability to ineluctably log their
> e-mail, Web browsing and even instant messages.) "I have a
> hard time imagining that businesses wouldn't want this,"
> says Windows czar Jim Allchin.
> 
> Finally, when tens of millions of the units are in
> circulation, Microsoft expects a flood of Palladium-savvy
> applications and services to spring up-that's when consumers
> will join the game.
> 
> None of this is a cinch. One hurdle is getting people to
> trust Microsoft . To diffuse the inevitable skepticism, the
> Redmondites have begun educational briefings of industry
> groups, security experts, government agencies and
> civil-liberties watchdogs. Early opinion makers are giving
> them the benefit of the doubt. "I'm willing to take a chance
> that the benefits are more than the potential downside,"
> says Dave Farber, a renowned Internet guru. "But if they
> screw up, I'll squeal like a bloody pig." Microsoft is also
> publishing the system's source code. "We are trying to be
> transparent in all this," says Allchin.   
> 
> Others will note that the Windows-only Palladium will, at
> least in the short run, further bolster the Windows
> monopoly. In time, says Microsoft, Palladium will spread
> out. "We don't blink at the thought of putting Palladium on
> your Palm... on the telephone, on your wristwatch," says
> software architect Brian Willman.
> 
> And what if some government thinks that Palladium protects
> information too much? So far, the United States doesn't seem
> to have a problem, but less tolerant nations might insist on
> a "back door" that would allow it to wiretap and search
> people's data. There would be problems in implementing this,
> um, feature.
> 
> Other potential snags: will Microsoft make it easy enough
> for people to use? Will someone make a well-publicized crack
> and destroy confidence off the bat? "I firmly believe we
> will be shipping with bugs," says Paul England. Don't expect
> wonders until version 2.0. Or 3.0. Ultimately, Palladium's
> future defies prediction. Boosting privacy, increasing
> control of one's own information and making computers more
> secure are obviously a plus. But there could be unintended
> consequences. What might be lost if billions of pieces of
> personal information were forever hidden? Would our ability
> to communicate or engage in free commerce be restrained if
> we have to prove our identity first? When Microsoft manages
> to get Palladium in our computers, the effects could indeed
> be profound. Let's hope that in setting the policies for its
> use, we keep in mind the key attribute of the woman embodied
> in the first Palladium. Athena was the goddess of wisdom.
> 
> _______________________________________________
> Developers mailing list
> address@hidden
> http://subscribe.dotgnu.org/mailman/listinfo/developers
>