Like it or not, there is little chance you will escape Microsoft's
latest security initiative.
Are you jumping for joy at the prospect of Palladium, Microsoft's
latest security offering? Or are you depressed about the potential
loss of freedom and privacy? Chances are it's a bit of both. Either
way, the idea presages a shift in power. The winners include IT
departments and governments, Hollywood studios and other copyright
owners, and Microsoft. Users are both winners and losers.
Naive users should find Palladium helps keep their PCs secure,
working and virus-free. But the related Digital Rights Management
features mean they probably won't be free to copy anything they
like as many times as they like.
The problem is that Palladium hype is obscuring the fact that
Trusted Computing is an industry-wide project that depends on
hardware being added to PC motherboards. That is the responsibility
of the Trusted Computing Platform Alliance, formed by Compaq, HP,
IBM, Intel and Microsoft.
This open alliance was founded in 1999 and published its v1.0
specification in January 2001. Some computers already conform,
including some IBM Thinkpads. You may already be using a
Palladium-compatible computer.
Palladium also seems to bear a strong resemblance to Embassy
(Embedded Application Security System), developed by Wave Systems
and AMD.
The important thing about Embassy is that it is not PC-specific. It
can just as easily be used in television set-top boxes, palmtops,
consumer electronics products - including games consoles and DVD
players - and peripherals such as keyboards and smartcard readers.
So here are two home truths for those who have been misled by the
simplistic Microsoft-bashing that has so far marked much Palladium
coverage.
First, "trusted client" computer hardware is being developed and
could become widely distributed, because governments, IT
departments and content providers want it. If you think you can
stop it by stopping Palladium, then you are wrong.
Second, trusted client hardware will probably be added to other
products without your knowledge or consent. If you manage to stop
it being built into PC motherboards, it could still appear in the
CD/DVD drive installed in your PC, and so on. If you do not have a
trusted PC, other devices may simply refuse to talk to it.
You could, of course, avoid Palladium by using an operating system
other than Windows, such as GNU/Linux. However, this piggybacks on
the mass market created by Windows, so Linux PCs will still have
trusted client hardware features and may have to survive in a world
where everything else demands these features be used. Solving these
problems will be an interesting challenge for the free software
movement.
Jack Schofield is computer editor at the
Guardian