MS Palladium: A must or a menace?

Microsoft's upcoming Palladium architecture for "Trusted computing" may secure PCs, but it also threatens to turn people's computers into spies.

SAN FRANCISCO--At the USENIX Security Conference held here recently, Microsoft developers touted the company's upcoming Palladium architecture as technology that would enhance privacy, stymie piracy and increase a corporation's control over its computers.


Palladium
Here's how Palladium works
Commentary: Can you trust Palladium?


Others, however, see a more nefarious role for the security software.

Instead of just keeping hackers out, critics say programs like Palladium could also block computer users from certain data. For example, the technology could be used as a policing mechanism that bars people from material stored on their own computers if they have not met licensing and other requirements.

"The perception is that the security protects content on the user's PC from third parties," said a security consultant who goes by the moniker of Lucky Green. "That's wrong."

The conflict highlights a growing debate over "trusted computers"--machines equipped with the technology to wall off data, secure communications and verify the characteristics of their system. Although military and intelligence agencies have used such systems, the concept has been met with opposition in mainstream consumer markets.

The reason: The masses don't necessarily trust the companies developing "trusted computing" technology.


Richard Stallman, founder of the Free Software Foundation and co-founder of the GNU project for creating free versions of key Unix programs, lampooned the technology in a recent column as "treacherous computing."

"Large media corporations, together with computer companies such as Microsoft and Intel, are planning to make your computer obey them instead of you," he wrote. "Proprietary programs have included malicious features before, but this plan would make it universal."

He and others, such as Cambridge University professor Ross Anderson, argue that the intention of so-called trusted computing is to block data from consumers and other PC users, not from attackers. The main goal of such technology, they say, is "digital-rights management," or the control of copyrighted content. Under today's laws, copyright owners maintain control over content even when it resides on someone else's PC--but many activists are challenging that authority.

Microsoft denies that Palladium is designed as a mechanism to police consumers' use content. The company plans to release the technology in 2005, as part of a major update to Windows. "We get very strong feedback from our customers about the freedom for data migration," said Peter Biddle, a Microsoft product manager pushing the initiative. "We are not going to use Palladium to make our customers--our favorite people--angry at us."

In fact, Microsoft sees the initial markets for the Palladium technology to be in the business realm. The new software and hardware could secure VPNs (virtual private networks) by allowing administrators to positively identify computers on the network. Corporate executives, concerned that embarrassing e-mail messages might end up appearing in court and in the news, could require employees to use trusted computing technologies that could throw away the digital keys to any message more than one month old. Such considerations could make Palladium and other trusted technologies a fairly easy sell to businesses.

It's consumers that could be the hitch.


News focus
Cracks in Microsoft's empire
Microsoft wins antitrust victory

Concerns about trusted computing initiatives have been fueled by policies and legislation such as the Digital Millennium Copyright Act (DMCA), which has been used repeatedly by the music industry, movie studios and even the software industry to attack programmers and consumers who break the copyright protections. While several challenges are being waged in court, opponents worry that "trusted" technologies will preempt these cases.

Moreover, lawmakers have introduced controversial bills this year that could strengthen copyright controls over computers and the data they store. A measure proposed by Sen. Ernest "Fritz" Hollings, D-S.C., would require hardware makers to include anti-copying mechanisms in all new consumer electronic devices. Another bill promoted by Rep. Howard Berman, D-Calif., would allow copyright owners to use technical measures, including unauthorized access and attacks on file-sharing networks, to prevent copyright infringement.

Such pro-security measures have gained momentum in the post-Sept. 11 political climate, which has focused attention on Internet threats of terrorism.

"I think we need a trusted environment. Things are too insecure," said David Farber, a telecommunications law professor at the University of Pennsylvania and one of four advisers to the Trusted Platform Computing Alliance (TPCA), a hardware-based security initiative. "They were insecure before 9/11, and they are needed more now."

Advertising their trust
With TPCA or Palladium technology, a computer can advertise its trustworthiness to other systems, such as Web sites. Trojan horses and applications for pirating software, meanwhile, won't be able to change data processed in the trusted parts of the PC.

"A trusted platform can attest to its configuration, and I, a merchant, can decide if I want to deal with that PC," Marcus Varady, marketing manager for Intel's safer computing initiative and the chair of the TCPA steering committee, said in a recent interview. "I can then drop my wall of protection within that environment to collaborate with them on a trusted level."

A Web site selling music, for example, could determine if a customer has a PC outfitted with such copyright protections before allowing any songs to be downloaded from the Internet. However, opponents maintain that the price of such protection would be a reversal of the Information Age, in that it would impose more restrictions on people's use of information than any previous technology.

William Arbaugh, an associate professor of computer science at the University of Maryland, acknowledged that the TPCA could improve security but said hardware and software modifications could do even more harm if abused by companies.

"The TCPA as it stands now is unacceptable," Arbaugh concluded.

In addition, even proponents of the technology concede that it is not foolproof in preventing piracy. Palladium, for instance, could not stop a hardware attack, which might cause some information to leak out. The technology's security disappears when data is outside the Palladium infrastructure, Microsoft's Biddle said.

"Once Elvis has left the building, Elvis can't get back in the building," he added.

Small changes, big results
The modifications to PC hardware are fairly mild for technology that could completely change how data is dealt with in the future.

The TCPA and Microsoft's Palladium rely on additions to the hardware of normal PCs. While Palladium calls for more extensive changes, the modifications are remarkably similar.

Both call for a new chip to be placed on the motherboard of all future computers. The chip would include new encryption functions as well as a small amount of memory that would act as a digital vault to store important keys to decrypt protected data. The TCPA refers to the chip as the "trusted platform module," a successor to Intel's processor ID--an idea the chipmaker abandoned in 1999 after a public outcry over privacy. Microsoft refers to the hardware component of Palladium as the "security support component."

Microsoft and the TCPA envision that operating-system makers will add code to take advantage of the new hardware features. The software side of Palladium is Microsoft's vision of where such features can lead: Called the nexus or nub--or, more formally, the "trusted operating root"--the core software will handle all access to the new security. Microsoft will release the code for its nexus so that security-concerned developers can vet the software for flaws.

Opponents criticize any process or technology controlled by a single company that may have ulterior motives--especially when that company is Microsoft. Eben Moglen, a noted Free Software Foundation attorney and professor of law at Columbia University, has argued that such proprietary initiatives could stunt the growth of open-source technologies like Linux, which is gathering strength as a challenger to the Windows operating system.

More empire-building?
Lucky Green warns that Palladium-like technologies could end up giving too much power to manufacturers of operating systems, such as Microsoft, at the expense of applications makers.

"Since operating systems that restrict data can determine which applications can run, it changes the software landscape into first-citizen applications that have access to the content and second-citizen applications that don't have access," he said. "That puts the software makers at the mercy of the hardware vendors."

Green suspects that Microsoft wants to use Palladium to enforce software licenses. He claims the day after attending the USENIX Security Conference, he contacted an attorney and filed two patents on ways that Palladium-like systems could be used for such enforcement. While Green won't discuss his intentions, many believe he is trying to preempt companies from using the technology for this purpose.

"The objective and capabilities are to secure the applications and data against the end user to the benefit of third parties," he said of trusted computing initiatives in general.

Proponents scoff at such notions as conspiracy theory. "I have seen no signs that Microsoft and Intel are out to screw the world; and if they do screw the world, I think Congress will stop them," said the University of Pennsylvania's Farber.

Nevertheless, all parties involved acknowledge the confounding complexity of the issue, and even Microsoft doesn't know where it will end up.

"We can speak to what we intend to have happen," said Mario Juarez, another product manager for Palladium, but "there are so many unanswered questions at this point."