June 28, 2002

Palladium's perilous promise

Author: JT Smith

- By Jack Bryar -

Is Microsoft's proposed "Palladium" software an honest attempt to
improve system security? Or is it a Trojan horse designed to let content
providers, the police and your boss get into your computer?
Once upon a time, "high 'mid rock and wood," the ancient city of Troy featured a statue of Pallas Athene
that was said to have fallen from the heavens when the city was founded. The
Trojans believed that this "Palladium" was a guarantee from the gods. They
believed that this "holy thing" would "secure from harm your city ...
forevermore." As any student of Homer or other Greek and Roman texts may recall, it
didn't work out that way.

Apparently some classics major with a sense of irony persuaded
Microsoft to adopt the name of Troy's ineffective idol as the code name for a
proposed new operating platform the company wants to put on your next computer.
Presumably, developers hope Palladium software will secure the company
against effective competition. Unfortunately, if Microsoft is successful with
Palladium, lots of consumers may need securing from harm. And that's the least
dangerous thing about the platform.

Last January, in typically grandiose fashion, Bill Gates announced
his company was launching a "jihad" focused on creating trustworthy computing. Most
observers assumed, or at least hoped, that perhaps Microsoft was going to repair
core elements of its architecture, particularly, the patchwork of
under-documented legacy components that's been so successfully exploited by hackers and virus writers.

They would have been wrong had they assumed that.

Instead, Redmond's marketeers have determined that the biggest
security problem is the free flow of information and content. Microsoft's solution is
Palladium, a computer-inside-the-computer, complete with its own chips and
operating system designed to restrict your ability to access or process
information. Whoever thought processing information was the whole reason for
computers in the first place?

This week, Microsoft launched its opening salvo in what promises to be a
massive marketing program designed to drown out any complaints about the
proposed new system coming from the technical community. Through a series of
exclusives with non-technical publications owned by infotainment conglomerates,
the company hopes to position its patented "Digital Rights Management Operating
System" as the consumer's friend.

The first media outlet given an exclusive peek was Newsweek Magazine,
a rival of Time (and by extension, AOL Time Warner). The
publication's reporters took the bit, and described Palladium as an architecture
that will "improve our ability to control and protect" information, and a
platform for a "host of yet-unimagined services." They may be unimagined in part
because Palladium consists of mostly imagination and relatively little
software. The Newsweek reporter saw little more than white boards and graphics.
One observer commented that much of the presentation sounded like a re-work
of the company's Hailstorm project.

Based on the presentation, the system is to consist of a
computer-within-a-computer that will preprocess all external system communications, and any other "security" issues. The components include an authentication
system, special hardware chips, and a "nub" software module designed to handle
security tasks. Project Manager Mario Juarez said that the company will publish
the source code for Palladium, or at least for the nub component. This
appears to be something less than Open Source, however, in that the code will
be strictly look-but-don't-touch. GPL-style Open Source use, distribution,
and development rights don't seem to be part of the deal, and it is not
clear if code will be offered to anyone other than hardware developers and
selected software and content publishers. The company has simply promised that
Palladium will be a "collaborative effort" among "stakeholders," with some
user feedback solicited "later."

Among the features of Palladium:

  • It uniquely identifies both you and your PC to those you
    deal with. Any connection between you and any other device is mediated by
    the system, which can prevent transmission of content or your access to that
    content.
  • Documents you receive cannot be modified (or in some cases,
    retransmitted) without the originator's permission. This means any attempt to summarize
    content, or even mark it up, may be restricted.
  • Email will be mediated by the system. Only content authorized by
    you (or your employer? or your government?) can pass through the system.

  • "The Man" will be on your system. Or at least "My Man."
    Content originators can send an agent accompanying their content to ensure that
    content is not waylaid between them and their intended recipient. This is
    marketed as insurance that hackers and identity thieves can't capture, alter or
    audit messages transmitted between you and your recipient. How this
    represents an improvement over current encryption systems or secure channels such
    as virtual private networks is not clear. It is also not clear whose "man"
    this will be. Microsoft has hinted that the "man" might be fitted with a
    back door for nervous government and police types.

Even without a back door, Palladium may allow third parties to monitor
your activity. Although the system is still in early stages of development,
it appears to extend a concept developed for Microsoft's Directory
Services products. Products like Active Directory generate a "unique object identifier" for
every document and code element in the enterprise. Based on that identifier,
object flow can be tracked and user access restricted. Who holds the
identifier (besides your company or ISP)? Well, Microsoft does it today, along with a
limited number of corporate partners.

From Redmond's perspective, Palladium's design is brilliant. It hands
security over to a "consortium" of developers, effectively unloading
responsibility for the entire issue. As separate code, it signals other software
developers that the company might start to modularize and open elements of its
code base. And it puts a firewall around the company's separate and proprietary
Windows platform. The company even gets to use the phrase "Open Source."

It makes chip developers happy. The design will require a whole new
generation of processors and input/output devices. Microsoft gets to choose its
hardware partners, giving it leverage over Intel and AMD while making life
potentially more difficult for firms like Motorola and Transmeta. And instead of
Microsoft pressuring computer and consumer electronics developers to adopt
Palladium, the company can rely on major media companies and allied government
officials to do their coercion for them. Any company that goes to the trouble of
adopting Palladium will take little convincing to take on the accompanying
Windows products optimized for it.

Happy too, should be anyone in big media.

Palladium's most promising feature (for content owners) has been
digital rights management code. DRM assumes that authors or owners of material
ranging from email to the latest Britney Spears CD must have some way of
preventing unauthorized reproduction of content. Such a concept is the antithesis
of the original Internet, which was designed to facilitate wide
reproduction of content to ensure that a message could travel to its
destination even if the network were badly damaged. However, DRM fits into the
plans of content developers who believe that their rights to control the
distribution of their materials should allow them to control your PC.

What the system really loads into the Palladium "user vault" is a user
identity, "rights managed" content, and a "trusted application" that only it can
bring into memory for execution. Unless the user's machine is verified as an
"allowed" system, the software or content won't run. Imagine a scenario where a
CD you bought will run on your PC or CD player, but not on your girlfriend's
equipment, and then only for six months, and you begin to get the idea.

While much of the speculation about digital rights management involves
music, text content is significantly more important to Microsoft and to many
big media companies. Many vendors of news and information have tried to
keep alive a two-tiered marketplace, selling content once, as "news" or
"current awareness," then re-selling the content a second time to archival
services such as Lexis-Nexis or Dialog, among others. In order to make this
work, electronic news services frequently require their customers to promise
not to re-publish articles or to delete content after a limited number of
days. Today news vendors have to rely on an "honor" system among corporate
customers to ensure content won't be kept indefinitely. In the future such
content would automatically disappear or at least become unreadable after a
certain date. Palladium can also limit the distribution of email and other
informal documents through the same process.

Whatever the concerns of consumer advocacy groups about Palladium or
other digital rights management schemes, they pale compared to the concerns
of human rights activists. Done poorly, digital rights systems could
let content originators track down who read what, who they
shared it with, and how they got it. That's bad enough when Walt Disney is
monitoring you. It's quite a different issue if the originator of a document is
the government of a country like China or Zimbabwe, or deservedly paranoid company execs at a firm
like Enron or WorldCom. Dissidents and whistleblowers have no reason to
welcome Palladium or any similar system.

To its credit, Microsoft has sought out at least some opinion leaders,
such as the Center for Democracy and Technology. It has also helped
publicize a critique of the Trusted Computer Platform Alliance (of which it is a
member) for pushing DRM ideas that would further compromise worker and citizen
rights against corporate of government snooping. But unless these "enhanced"
systems allow the user to trust the machine on his or her desktop, both Palladium and
DRM are likely to meet with fierce consumer resistance, and further ensure
the growth of Open Source alternatives.

Click Here!