Can't trust Microsoft's 'trustworthy' OS

As reports leak out about a future, more secure version of Windows code-named Palladium, Microsoft has to convince customers to trust the company to build it.
Written by David Coursey, Contributor
commentary Stung by criticism of its current offerings, Microsoft seems to be pinning its hopes for a truly "trustworthy" operating system on a future version of Windows, code-named Palladium.

Don't expect to see that OS anytime soon. Palladium is a long-term project that requires not only a new operating system, but new computers as well. How long Microsoft won't say. I'm thinking 2006 or later.

I didn't expect to write about Palladium until the end of the year. That's because, when Microsoft started pre-briefing analysts this spring, the company made us promise not to talk about the new OS until near year-end.

But then some smart reporters--including Michael Cherry of Directions on Microsoft (a frequent radio guest of mine) and Newsweek's  Steven Levy--discovered that Microsoft had filed for a patent on an operating system with built-in digital rights management features.

Microsoft tried to keep a lid on the story for as long as possible. But after finding out that Levy was going to print something, the company invited him to Redmond for two days to hear the whole story. Even then, Microsoft didn't expect the story to run so soon. When it discovered that Levy's story was about to hit the streets, Microsoft barely had time to warn those of us who were maintaining our silence that the secret was almost out of the bag.

I'm telling you all this because Microsoft would have been better off staying silent on this one. The reports that are surfacing are going to raise many more questions than Microsoft has answers for.

What we do know is this: Palladium will depend on a combination of hardware and software. While Microsoft will design the new OS, chipmakers such as AMD and Intel would design and implement new hardware--specifically, a chip on the motherboard supporting a technology called "public-key cryptography"--on which that OS would rely.

Public key cryptography allows users, software, and devices to authenticate themselves over a network. Palladium started as a way of using public key crypto to manage rights to entertainment content like music and movies. Then Microsoft engineers realized it could do the same thing for entire networks of computers, users, and applications.

According to Microsoft, Palladium is intended to protect a machine only if it's attacked via software or over a network. If someone had physical access to your machine, the crypto chip could be compromised and encrypted information on the machine would no longer be secure.

But beyond those sketchy details, a whole slew of questions remain:

  • Will Palladium reinforce Microsoft's monopoly control over PC operating systems? Might the privacy and competition-conscious Europeans have something to say about this?
  • How will governments deal with the wiretap issues, privacy issues, and employer-employee relationship issues that Palladium raises?
  • What if Palladium is just as buggy as the rest of Microsoft's code? If it is, won't it only create the illusion of security? And isn't such an illusion worse than the bitter truth?
  • The biggest question of all: Why should we trust Microsoft anyway? If PCs need a universal security architecture to protect critical business information, should Microsoft be its sole creator? Is there a public interest that makes this too big for any one company or even country to dominate? (No, Microsoft is not yet a country, although buying one and becoming an offshore corporation always looms as a possibility, I suppose.)

Palladium remains a slippery subject, in large part because Microsoft seems to be talking out of both sides of its mouth.

Levy and I, for example, have interviewed many of the same people. But in his article, he discussed features that I was explicitly told are not part of Palladium. But the reality is--and this is important--that Palladium provides a platform for building just about anything security-related that a developer might want to conjure up.

Palladium is like any other fundamental technology: You can build things with it that will be good for people, and you can build things with the potential to hurt people. And sometimes the same thing will be capable of both.

So while Palladium is explicitly designed to handle rights management--meaning it'll govern what software you are allowed to run and what you're allowed to do with documents and content--it could also be used for user authentication. If that happens (and it's an almost foregone conclusion), a Palladium computer would always know who is using it and what that user is doing--and could report the information to third-parties.

Microsoft promises--and I believe that they're serious--that users will control their own personal information. But how this plays in the real world, where users often have very little power, remains to be seen.

The good news is that we have time. While Levy says Palladium could start showing up as early as 2004, I'm betting most users won't start seeing it until 2006 or 2007--and then only if Microsoft is able to convince any number of organizations, governments, and even individuals that Palladium isn't more of privacy threat than a solution to privacy problems.

Microsoft has one key factor in its favor: the growing realization among its customers that we must do something, and that tomorrow's digital devices--and I'm talking much more than PCs here--need the trustworthiness that Microsoft claims Palladium will offer.

But is the world ready to trust Microsoft on something it has such a hard time explaining?

What do you think? Would you trust Microsoft to make a trustworthy operating system? Do you think the company can? TalkBack below.

Editorial standards