Palladium
In June of 2002, Microsoft made public its plans to develop a new system of digital rights management called Palladium. The idea behind the monopoly’s newest initiative is a fairly old one: combine hardware and software to create a so-called “trusted” user interface. This idea, in its pure form, benefits users immensely. It would allow for an exceedingly pure and safe form of computing, compared to today’s standards. If properly implemented, the system would only allow certain applications and scripts to access certain pieces of data. Users could specify which applications or vendors to wholly trust their computer to, and which applications to block out completely. The Palladium plan would also virtually eliminate the threat of viruses, as they would not be able to access any of the user’s data without their consent.
However, many critics have voiced their doubts about whether or not Microsoft can really be trusted to create such a platform. A growing number of end-users learning about Palladium have expressed nervousness towards the idea of having Microsoft be, essentially, the gatekeeper of all information entering, being stored on, and leaving their computer. The rise of Palladium could also spell out the end of online MP3 and movie trading, as future CDs my come encrypted so that they can only be played on a computer with certain applications, which don’t allow CD “ripping” (ripping is the act of copying audio data off of a CD to a user’s hard disk.) DVDs would function the same way, refusing to be played or accessed unless it was by a certain “trusted” application, which wouldn’t allow for copying.
As well as the aforementioned features of Microsoft Palladium, the system would also implement code that allows certain data to be tied to certain pieces of hardware, in a way such that if the hardware is not present, the data cannot be accessed. Slashdot, a respected technology site in the “techie” world, has a forum open to this topic. In the thread, the user “Jerf” expressed the concern, “What kind of data recovery plans will exist if I buy $1000 dollars worth of digital music that is tied to my processor, only to have my processor get fried in a power surge (http://ask.slashdot.org/article.pl?sid=02/10/15/2245243&mode=thread&tid=109, 10-28-02)?” Microsoft has not yet addressed this issue in any of its announcements or whitepapers to date. If there is not a plan for recovery, then Microsoft cannot honestly state that they have the user’s best interest in mind, as they often have stated. If, however, there is a plan for recovery, it would mean that the security has a loophole in it. “The meta-point [of the argument is that] perfect protection implies no recoverability. Recoverability implies imperfect protection. You can not have it both ways (http://ask.slashdot.org/article.pl?sid=02/10/15/2245243&mode=thread&tid=109, 10-28-02),” as “Jerf” puts it. This means that all of the “secure” data that you have on your Microsoft Palladium system, say, business plans, personal e-mails, bookmarked sites, a digital receipt for the present you bought your son or daughter for their birthday, could all be easily jeopardized.
Users also point out that Microsoft could even be planning to use Palladium to slip files into systems or monitor its users, as they have had a reputation of doing in the past with products such as the native Windows Media Player.
In order for Palladium to work as proposed, third-party businesses would need to exist to be the organization to actually sign each application to be run on a Palladium system. These businesses can be thought of as notary publics, sealing applications to verify their authenticity. The problem with this lies on the premise that the third party cannot be guaranteed to be secure itself. In theory, anyone could digitally sign applications, and end-users would not know which label to trust and which to not.
Overall, the ideals set forth in Microsoft Palladium are excellent, but at this point in time there is a staggering lack of information and many, many questions that have so far been left unanswered. Before the Palladium initiative can be implemented or even accepted, queries need to be answered and a solid, well-formed foundation needs to be laid. Without these two requirements fulfilled, Palladium will most likely end as yet another technological pipedream.