The two-edged sword of trust

Microsoft says its Palladium security initiative is for the benefit of the users. So why is it being so secretive about its true intentions?

Remember Palladium? That was Microsoft's summer fun announcement this year -- security add-ins for Windows that turn it into a 'trusted system'. In other words, both data and software running on your computer will be able to guarantee that it -- and you -- are what they claim to be, and deny access to anything that hasn't been approved. Not in itself a bad thing even if Microsoft insist on selling it as some sort of super antivirus package, entirely intended to make the lives of the users better.

Predictably, there's been a lot of fuss about Palladium. For some reason, people find the thought of Microsoft setting itself up as the creator and arbiter of trusted systems risible. Perhaps it's the idea of trusting a company that piously intones "we're doing what's right for the users" while religiously making 85 percent profit from those users. And it's true that Palladium could easily be used for very heavy-handed rights management, with the creator of a program or data being able to restrict or destroy your access even after you've bought and registered it. Microsoft says that what people do with it is up to the users and the applications writers and not the company itself -- a tad disingenuous, given the company's history of writing most of the important Windows applications.

Microsoft is right on one point: we need security in our computing. That's long been recognised, with an industry consortium called the Trusted Computing Platform Alliance beavering away to sort out the hardware and software necessary to provide core trusted services. A hundred and seventy companies are in the club with the Gang of Four presiding -- HP, Intel, IBM and Microsoft -- and so far they've produced a specification called TCPA 1.1. Until recently, it wasn't too inaccurate to think of TCPA as being like the hardware and BIOS specification of a PC, with Palladium being the operating system component. The two work together along open standards: there may be a near-monopoly on the OS, but lots of people can do the hardware.

But earlier today, that all changed. In a TV interview for the BBC, Microsoft's UK chief security officer, Stuart Okin, told me that Microsoft is proposing Palladium as the whole of the next version of TCPA, v 1.2. What the other members of the consortium have to say, I cannot tell -- they're unable to talk about it by dint of non-disclosure agreement. That's scary in its own right. But if this goes through, then the single most important standard in e-commerce, digital rights management and program licensing will be controlled by Microsoft, who will own the key intellectual property and will licence it. How much that will cost and what happens if Microsoft takes a dislike to a company isn't clear, but if Microsoft chooses to exercise those rights to maximise its profits it'll make the Windows monopoly seem like a pleasant dream of childhood innocence.

Here's how it would happen. Microsoft first of all makes Palladium the basic standard for trusted computing and produces the next version of Windows using the technology. It then goes to businesses and says: "Upgrade to Trusted Windows, and you can control your applications, your emails and other data much more closely. Viruses are impossible! Sending emails that can be read outside your company is impossible!" None of this is strictly true, but it'll be close enough for most places to believe the reduced cost of ownership figures that Microsoft will produce. The same technology will go into Trusted Windows for the home. It'll then be almost impossible for vendors of online services and products not to say: "We'll only deal with customers running Trusted Windows." The user will have the stark choice: upgrade to TW Home or stop using e-banking, Amazon, even email.

And, of course, Microsoft will have forced nobody to do this, in the same way as it forced nobody to give up DOS for Windows. Then comes the real fun. One day, your computer will tell you you're running untrusted open-source software and it refuses to export your email data to it. Or you haven't paid your annual licence fee, and you have 28 days to cough up or your word processor will expire. Your data will still be on your hard disk, but you'll no longer be authorised to use the only application that can access it. It gets better -- it's possible for data to be deleted from your computer without your knowledge or permission. That news story you downloaded detailing misbehaviour on behalf of a large organisation? Bad luck -- it got an injunction and all copies of that document worldwide have been deleted. That sort of global infrastructure is frightening enough: to have a convicted monopolist in ultimate control is beyond Orwellian.

The alternative is to make Palladium a true open standard, for Microsoft to hand it over to an industry body -- the TCPA would do, but with more input from non-commercial groups -- and relinquish control. Open standards are the closest we get to a democratic institution in this industry, and there is no way that anything other than full public disclosure, control and oversight should be allowed to set the standards for trusted computing. Otherwise, it'll be like having a police force with unlimited powers controlled by an unaccountable company. Trust, as Microsoft should know to its cost by now, has to be earned, not demanded, and the company has comprehensively disqualified itself as the arbiter of any such ideas.

To have your say online click on TalkBack and go to the ZDNet UK forums.