palladium

Preparing For The Digital Dark Age
Richard F. Forno
(c) 2002 - Permission granted to reproduce with appropriate credit.

Article #2002-08

Reader Feedback & Comments

23 June 2002

A recent MSNBC article by techno-pundit Steven Levy discusses Microsoft's plans for a new computer operating environment (code-named "Palladium") that links hardware, software, and data into a neat package that allegedly is more secure and convenient for users.

Or, putting it in simpler terms, it's Microsoft's answer to fixing everything that's wrong with computing today.

According to the article, "Palladium" is a hardware and software combination that will supposedly seal information from attackers, block viruses and worms, eliminate spam, and allow users to control their personal information even after it leaves their computer. It will also implement Digital Rights Management (DRM) for movies and music to "allow users to exercise “fair use” rights of such products. "Palladium" will essentially create a proprietary computing environment where Microsoft is the trusted gatekeeper, guard, watchstander, and ruler of all it surveys, thus turning the majority of computing users into unwilling corporate serfs and subjects of the Redmond Regime.

Isn't it ironic that the company responsible for nearly every major computer security problem, virus, and backdoor - thanks to its poor software development and testing among other factors -- is now heralding its ability to make everything better? One might sense this is a manufactured problem resulting from Microsoft's inability to develop effective software in the first place. As is commonly known, the single most significant factor contributing to the dismal state of today's internet security is Microsoft's complacency, not because of hackers, crackers, and pirates. As I mentioned in an earlier article, we're vulnerable because Microsoft makes it so damn easy for the bad guys to cause mischief. (It's also a result of lazy or incompetent system administrators, poor network design, and clueless executives and congressfolk, but that's another essay.)

Contrary to Levy's fear-mongering remarks and positive spin on the need for "Palladium" to protect us, the Internet is not all evil. In fact, the Internet is safer than many parts of our physical world. It does, however, represent an evolution in social control, something that evokes fear in the hearts of established entities of such control - corporations, media, and governments. Hence the desire to trump up any number of reasons - real or perceived - to beguile public and garner support for ways to maintain social control and profit margins. This technical tool of social control follows on the heels of CBDTPA, TCPA, DMCA, and other such controversial legislative efforts.

As such, Levy's article is full of several very sensational soundbytes, including one particularly fear-mongering paragraph:

"An endless roster of security holes allows cyber-thieves to fill up their buffers with credit-card numbers and corporate secrets. It’s easier to vandalize a Web site than to program a remote control. Entertainment moguls boil in their hot tubs as movies and music are swapped, gratis, on the Internet. Consumers fret about the loss of privacy. And computer viruses proliferate and mutate faster than they can be named."

Vandalizing a website is most often not because of the skillset of the vandal, but rather a combination of poor system administration coupled with notoriously buggy, easily-exploitable website software such as Microsoft's Internet Information Server. From what I've seen over the years, you probably don't even need opposable thumbs to break into IIS. "Palladium" won't help here, but more competent system administrators and much more secure server software (such as Apache or WebStar) most certainly would.

Regarding the potential of stealing credit cards numbers, you've got a greater chance of losing your wallet or purse walking around town than a cyber-thief stealing your credit card from a webserver. What people forget in the hype is that despite the immense pain-in-the-ass associated with canceling credit cards and re-authorizing charges on a new one, people are not responsible for losses over $50 provided they promptly report the loss to their credit card issuer. I've had my card stolen online, but I haven't run away in terror about the chances it could happen again. Again, "Palladium" won't be of benefit to me -- my credit card company already protects me and limits my liability.

Perhaps the most sinister part of Microsoft's "Palladium" concept (something that Levy quickly glosses over) is that "Palladium won’t run unauthorized programs, so viruses can’t trash protected parts of your system." True, Windows-based viruses do proliferate and mutate quickly, but it's because Microsoft products are so interlinked and poorly-configured that enables such incidents to occur. And while that's certainly one way to deal with viruses on Windows systems, what Levy doesn't say is that such a 'feature' means that Microsoft alone could decide what software is 'authorized' to run on Windows under "Palladium" -- and thus impose a layer of software-based censorship.

In short, under the feel-good guise of 'enhanced security' and 'new features for customers' and despite its being found guilty of being a monopoly, Microsoft still wants to rule all it surveys. In essence, "Palladium" can be interpreted as Microsoft's attempt to play God. Again.

With the announcement of "Palladium" Microsoft competitors and independent programmers should be gearing up for another court case, as this concept reeks of Microsoft's historic anti-competitive tactics in the marketplace. Techno-savvy consumers should be very concerned that "Palladium" would mean their computers and information are no longer under their positive control but rather the omnipresent surveillance and enforcement of a third party more interested in making a profit than truly empowering their customers to think and act for themselves. The computer will essentially become an appliance and tool of control over users, rather than a tool of innovation, communication, and enlightenment for users.

Given the pervasiveness of computers in modern global society, the worldwide social ramifications of "Palladium" are enormous. Consider the ability of one entity - in this case, Microsoft - dictating what "is" and "is not" deemed acceptable behavior or content (remember Smart Tags?) for computer users or - more exactly - Microsoft's business interests. If your behavior or actions are deemed 'unacceptable' by such a third party, you could find yourself impotent on the global stage. So you better toe the party line and be a good little Windows user.

Just as the catapult and crossbow were technological innovations leading to the Dark Ages in Europe, "Palladium" represents a modern 'innovation' that could lead to a similar outcome today. Unchallenged, this likely will result in a Digital Dark Age, a period of innovative stagnation where that majority of the world's computing population will become unwitting subjects and indentured servants to the profiteering desires of the new corporate ruling class and Microsoft as it's enforcer.

One wonders if "Palladium" error messages will include a computer-generated audio clip of Bill Gates patronizingly announcing, "I'm sorry <USERNAME>, I'm afraid I can't do that....?"

The first step in any revolution is the seizure of the lines of communication to hinder the target population's ability to communicate and exchange information amongst themselves. "Palladium" has the ability to do just that, and convert the traditionally-open fabric of the modern computing environment into a closed, proprietary, domain under the rule of Redmond.

Under the "Palladium" concept - despite the marketing spin and hype - the danger is that you will be asked (though not directly) to pledge your abilities and servitude to Microsoft (and its poor track record of security and reliability) while unwittingly relinquishing your ability to remain an independent person in cyberspace. In essence, you'll go back to the future instead of forward to innovation and enlightenment.

Personally, I prefer being the one in-charge of the relationship with my computer and not subordinate to it or its vendors. I also prefer Camelot over Redmond....which probably goes a long way explaining why I don't run Windows.