Who trusts Microsoft's Palladium? Not me

Microsoft wants you to trust them to build technology to ensure your privacy. Should we really trust a company that has been found guilty of criminal activity to provide technology that will be used to police copyright laws?

COMMENTARY--The words 'Microsoft' and 'trust' only really seem to fit together with the help of an 'anti' somewhere in the middle. I find it somewhat odd therefore, to find this particular company proposing the development of a 'trusted computer platform'.

Trusted by whom? Not by me, that's for sure.

It's not an altogether new idea, of course. In 1998 Intel came under fire for its processor ID idea, which enabled software -- or a Web site -- to quiz your CPU for its unique 64-bit serial number. This CPUid, which is built into almost every Intel processor since the Pentium III, is now switched off by default after initial outrage at the discovery that Web sites and applications could record it without the users' knowledge. Now, you have to download a utility from Intel here and switch the CPUid feature on. Not that any software or Web sites actually use it.

The problem with Intel's CPUid was twofold. First, Pat Gelsinger and Paul Otellini et al at Intel insisted they were merely trying to provide a technology that would benefit the consumer and help verify client PCs, but many suspected that the main thrust of the initiative was to make it easier to track stolen chips and spot counterfeits.

Second, the idea was poorly executed, and led to accusations that it could have the opposite effect to that which it was ostensibly created for, and actually increase fraud. If Internet merchants began to rely on the ID as proof that you really are you, went the argument, then your data could be at risk from thieves who could relatively rig their computer to transmit a different number than the one found in the Intel microprocessor.

But whatever Intel's past foibles, they pale by comparison to Microsoft's current plan, code-named Palladium.

First, Microsoft is insisting that it is trying to build a 'trusted computer platform', yet it appears to be ignoring the Trusted Computing Platform Alliance (TCPA), which is backed by more than 135 companies -- and on the steering committee of which Microsoft serves. The goal of the TCPA is to build platforms that can be trusted for e-commerce. It should provide: authenticity, so that users are confident that they know to whom and to what entity they are talking; integrity, so that users know information is transmitted accurately; and privacy.

Microsoft exposed its motivation for Palladium when, on filing a core patent for the technology, it used the term Digital Rights Management Operating System. Far from providing authenticity, integrity and privacy of data, Microsoft actually wants to police copyright laws.

Now I have a major problem with this, not least because I don't like the idea of a company that has been found guilty of criminal activity providing technology that will be used to police laws. For a start, it looks for all the world like Microsoft is introducing technology which does not benefit the consumer, but which is designed to prevent crimes being committed. And in the process, consumer rights could actually end up being curtailed; it appears that limitations built into Palladium could redefine "fair use" of digital media from a legal right, to a technological grant from a company.

If you don't consider such moves odd, consider a world where a gun can only be shot by someone empowered by a state to do so, and which furthermore will only fire a bullet if it is pointing at someone designated by that state as a legitimate target. Or a world where cars can never go above a certain speed limit. On the face of it, this could be an attractive world, and there would certainly be fewer deaths. So why don't we live in such a world? After all, the technology is readily and cheaply available for the automotive example, and also for at least the first part of the firearm example.

Because there would be uproar. And because, unlike intellectual property, human life is not meaningfully protected by laws and conventions that are effectively upheld by nation states. OK, so I've moved from naive to cynic, but there is an important issue at stake.

Copyright laws are a peculiar beast. They are the product of corporate lobbying. They protect, to a large extent, corporate interests. Individuals accused of breaking copyright laws are pursued at the behest of corporates (in the case of Adobe's persecution of Dmitri Sklyarov). And now corporates are introducing the technologies to police the laws. I'm not sure that any other area of law is so controlled -- and now policed -- by corporate interests.

That is what makes me nervous. If you are worried by the idea of cars unable to travel faster than 55mph regardless of which country you are driving them in, then you too should be worried by this corporate policing of copyright laws.

What makes me really nervous is when the corporates doing the policing are themselves guilty of criminal acts. Should we really trust Microsoft, which has been found guilty in the highest court in the U.S. of breaking laws in a way that harmed consumers, to build a 'trusted platform' for us? This is the very same Microsoft, remember, which now stands accused infringing 11 patents belonging to InterTrust in 144 separate claims. I am not suggesting that Microsoft is guilty; merely that it is less than suitable as a candidate to police laws or to develop technology that can be used to police laws. I'd rather trust my trusted platform to Nobby the Weasel who sells counterfeit cologne in the Star and Garter.