the tweney report

from the notebooks of d. f. tweney, writer and technology critic


2002-06-28: Broken trust

Sometimes, Bill Gates' timing is not so good.

Worldcom announces that it overestimated the year's earnings by $3.8 billion. Xerox says it goofed, too, inflating the past five years' revenues by $1.9 billion (and it's such a small number, compared to the Worldcom debacle, that hardly anyone notices). Enron's vaunted revenues turned out to be nothing more than a house of cards. Does anyone trust big corporations anymore?

As if that weren't enough, here's another reason to hate big companies, particularly those that develop bloated, buggy software: A new study shows that software bugs costs us nearly $60 billion every year.

And yet, Microsoft wants you to entrust it with the safekeeping of your computer's processor, memory, and hard drive.

Microsoft's newest project, code-named Palladium, is supposed to make computing safer, by building encryption and authentication technology into the hardware of your computer, right down to the level of the CPU. For example, data will be encrypted as it passes from your keyboard to the computer, to prevent wiretapping. It will be encrypted before it's stored on your hard disk. Files and documents can be digitally signed to ensure their authenticity. And your computer can defend itself against viruses and hacker attacks, because unauthorized programs won't even run on your computer without Palladium's permission.

Windows XP has some rudimentary self-protection technologies built in, but Palladium won't appear full-blown until the next major release of Windows in a couple of years. That's because Palladium depends on specialized chips being developed by Intel and AMD, which will handle the encryption and authentication. In the early stages, this will rely on a so-called "Fritz" chip (named after Sen. Fritz Hollings, the sponsor of a draconian digital rights bill), which verifies that your computer is running an approved combination of hardware and software -- before your computer even boots up. Once Fritz certifies the system, it can pass that certification along to third parties, such as Microsoft, Disney, Sony, or AOL/Time Warner. Later, "Fritz" capabilities will be built right into the central processor, making it next-to-impossible to intercept unencrypted data. Everything coming in and out of the CPU will be encrypted and digitally signed.

The problem is that Palladium requires users to place a huge amount of trust in Microsoft. You don't get to decide what runs on your computer -- Microsoft does. You can't even open files unless you've been authorized by Microsoft, or by a third party. And that puts a huge amount of power into the hands of these corporations.

Music and movie executives will love Palladium, because it puts digital copy protection into the realm of hardware, making it nearly unbreakable. You won't be able to give music files to your friends any more, and you might not be able to make backup copies for yourself. You can't even use nonstandard hardware to play the files, because they'll be in an encrypted file format that will only play on Palladium systems.

But the rest of us should be very wary of putting so much faith in Microsoft. The real question is, for whom does Palladium make computing safer? It will surely make the digital world safer for Microsoft and Disney. But who will defend us from Bill Gates?

Newsweek: "Trustworthy Computing jihad"

Anti-Palladium FAQ: "When you boot up your PC, Fritz takes charge."

Cringeley: "a militarized network architecture that only Dick Cheney could love"

NIST: Buggy software costs users, vendors nearly $60B annually


copyright © 2002 d. f. tweney / tweney media

home | writing | about | search | contact