"Palladium" and TCPA
Richard Leyton
ukcrypto at leyton.org
26 Jun 2002 11:13:51 +0100
The Register has a good opinion piece on Palladium too, with the
possibilities of how MS may use this to counter GPL based products (eg.
Linux), which ultimately may affect the options open to businesses and
individuals.
http://www.theregister.co.uk/content/4/25891.html
Regards,
Richard.
On Wed, 2002-06-26 at 08:45, Telepathic Industries wrote:
> WIRED have just reported on Palladium
>
> Microsoft Hard at Work on 'Vault'
> Associated Press
> 6:41 a.m. June 25, 2002 PDT
> WASHINGTON -- Microsoft has disclosed an ambitious new project to improve security by creating within its Windows software a virtual "vault" where customers would conduct electronic transactions and store sensitive information.
>
> The effort, called "Palladium," would require consumers to buy new computers and other devices equipped with ultra-secure computer chips from Intel and Advanced Micro Devices, which already are involved in the project, or other companies.
>
>
>
>
> See also: . Signs of 'Trustworthy Computing'
> . Bill/Steve's Sexcellent Adventure
> . Super-Secure Linux, Inch by Inch
> . MS Security Plan: OK, Kind Of
> . EarthLink's Passwords Are Naked
> . Give Yourself Some Business News
> . Read more Technology news
>
>
>
>
>
>
>
> The project's success also depends on broad consumer adoption of such devices, since these highly secure computers could safely exchange information only among themselves.
>
> Microsoft said the technology, which stemmed from early work by its engineers to deliver digital movies that couldn't be pirated, won't be available for at least 18 months. Company officials have told other executives in private briefings they do not expect to see mainstream products for at least five years.
>
> "We're so early in the process, we're really just drawing the road map," said Mario Juarez, who is running the project for Microsoft. "This won't happen tomorrow or next year."
>
> The project was first reported by Newsweek, although Microsoft officials have discussed their efforts privately for months in meetings with technology and civil liberties groups in Washington and elsewhere.
>
> Some industry experts were skeptical of Microsoft's chance for success.
>
> "If this works, it will be the first time in the history of computing that it works," said Bruce Schneier, a cryptography expert and author of Secrets & Lies, Digital Security in a Networked World.
>
> "Lots and lots of encryption is broken all the time because it's done wrong," Schneier said. "The odds are actually zero this will be secure."
>
> David Farber, the Federal Communications Commission's former chief technologist, said he was "somewhat satisfied" with Microsoft's plans, but he will watch closely to ensure the company doesn't try to use Palladium to control the world's software markets.
>
> "One has to keep their feet to the fire on how they use it," said Farber, who testified against Microsoft during its antitrust trial. "Right now, I don't see any signs there's any devious plot."
>
> Supporters said the technology, to be offered as an option in an upcoming version of Windows, would be able to distinguish safe software from data containing viruses or other malicious computer code. The technology could be turned on and turned off. Customers could store within this part of Windows personal details, such as financial or medical records, that is encrypted and otherwise inaccessible even from other software running on the computer.
>
> "Users can be assured that your intentions are properly carried out," Juarez said. "No one can masquerade as you. They're not on your computer."
>
> Microsoft's efforts are similar to those of the Trusted Computing Platform Alliance, an industry group also working on new hardware technology to let computers distinguish "trustworthy" software. IBM has already shipped new laptop computers featuring such security chips.
>
> Under Palladium, Intel and AMD, the world's largest chipmakers, will redesign computer processors to include cryptography features. Palladium also will require changes to video and keyboard technologies to ensure that a customer's typed information is displayed without changes on the screen. That would require billions of dollars in new equipment upgrades by consumers, corporations and governments.
>
> Further, since a consumer's personal information will be scrambled within a vault and tied to a specific computer chip, that information could not readily be stored elsewhere in case of disaster or if the computer fails.
>
> Microsoft also acknowledged that it hasn't resolved sensitive issues of permitting access by government with a court order to a person's encrypted data. The FBI has indicated it rarely encounters scrambled information during investigations, but making such technology as ubiquitous as Windows could invite use by criminals or terrorists.
>
> "We recognize that something like this needs to be done responsibly," Juarez said.
>
> Microsoft's name for its efforts, Palladium, comes from the statue of Pallas Athena, which was believed to protect the ancient city of Troy from invaders. In modern parlance, a palladium is considered a guarantee of integrity.
>
>
> Alistair Kelman
> Telepathic Industries Limited
> 37 Station Road
> London NW4 4PN
>
> Tel: 020 8202 8215 (direct)
> Mobile: 07973 312513
> Tel 020 8202 5675
> Web: www.telepathic.com
> E-Mail: A.Kelman@telepathic.com
>
>
> ________________________________________________________________________
> This e-mail has been scanned for all viruses by Star Internet. The
> service is powered by MessageLabs. For more information on a proactive
> anti-virus service working around the clock, around the globe, visit:
> http://www.star.net.uk
> ________________________________________________________________________
________________________________________________________________________
This email has been scanned for all viruses by the MessageLabs SkyScan
service. For more information on a proactive anti-virus service working
around the clock, around the globe, visit http://www.messagelabs.com
________________________________________________________________________