Microsoft "Palladium"
Introduction
Microsoft is planning to incorporate software known as "Palladium"
into it's operating system over the next several years. The purpose of this
software is the enhance the security of Windows operating systems by creating
a trusted computing environment within the system. One article describes it
as a "fenced-off area to run and store documents where viruses and hackers
can't gain access" (Hulme).
In addition to securing user files and applications, Palladium could potentially
be used in an attempt to curtail piracy of music, videos and software. Ultimately,
the goal of Palladium is to be incorporated in all Windows operating systems
and to enhance the security of all Microsoft (and possibly others) computing
environments.
Palladium is the brainchild of an initiative known as Trusted Computing Platform
Alliance (TCPA). This initiative, composed of leading hardware and software
companies, seeks to "drive and implement TCPA specifications for an enhanced
HW and OS based trusted computing platform that implements trust into client,
server, networking, and communication platforms" (TCPA).
Microsoft has only recently begun planning of Palladium and, as the Microsoft
site claims, it is a "long-term endeavor". The first implementations
of the software are not expected to be released for several years and it will
take several years after that for Palladium to become widely incorporated.
Pros and Cons
On its surface, Palladium seems attractive. Anytime security can be enhanced,
particularly on as widespread a basis as TCPA proposed with Palladium, it is
a positive thing. Palladium, on principle, could provide a much more secure
computing environment worldwide. Access control could be monitored and enforced
much more strongly with Palladium's protocols by requiring a particular key
from a particular computer or group of computers to access information. The
implications for corporate, national and individual security are clear. The
potential for data leak of sensitive information would be greatly reduced. Even
for personal PC's, the advantages are clear. Palladium would secure against
intrusion through viruses so that, even if your computer was infected by, say,
a Trojan Horse, the invader would be still be unable to access the 'fenced-off'
region of your data storage. Also, there are suggestions that Palladium could
be used in secure commercial interchanges over the Internet, making purchasing
over the World Wide Web easier and more secure. Finally, for companies, Palladium
would provide tools that could seriously curtail the piracy of electronic media,
such as mp3's and software. Palladium would be able to prevent hardware from
making copies of copyrighted material and could possibly even detect unlicensed
files on the computer and erase them. This sort of copyright protection could
save companies millions of dollars, potentially. (TCPA,
Carroll)
However, with any program of this expansive a nature, there are concerns. One of the most predominant is the potential for Palladium to become a tool for censorship. The ability to delete unlicensed software from a user's personal computer is cause for concern. Not only is there the potential for error (i.e.. Something gets deleted that is properly licensed) but even there are clear implications for an individuals right to privacy when computer companies can dictate what can and cannot be on the computer. The possibility for content censorship, in a system like this, while seemingly far-fetched, would not be implausible. Where is the line between piracy prevention and privacy drawn? Also, some suggest that such heightened levels of security could be used by 'the bad guys' as well. Timelocks and limited access could make electronic evidence of criminal activity more difficult to locate and track. Finally, with a concept this broad and intensive, there are concerns about how difficult Palladium would be to successfully develop and implement. Microsoft products have had their share of bugs and other shortcomings in the past and this may be one of their most all-encompassing projects ever. What happens when people begin to lose data to faulty and impenetrable Palladium software? (Anderson)
Overall, it is likely that Microsoft will go on to implement Palladium within the next five or so years, but I have a feeling some of TCPA's ambitions may be diminished by public wariness and legislative barriers. In addition, if Microsoft is not careful with its implementation, early frustration with bugs and the like could result in consumer animosity towards Palladium and serious setback or even cancellation of the program. The benefits to Palladium are worthwhile pursuits, I think, but it's very important for computer consumers to be aware of what is being incorporated into their machine and demand that Microsoft and TCPA protect their privacy as well as their data.
Anderson, Ross - TCPA/Palladium Frequently Asked Questions v.1.0 - http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html
Hulme, George - Trust This: Microsoft Tries to Secure Windows - http://www.informationweek.com/story/IWK20021122S0017
Carroll, Amy, et. al. - "Microsoft "Palladium" - A Business Overview -
http://www.microsoft.com/presspass/features/2002/jul02/0724palladiumwp.asp
TCPA Homepage - http://www.trustedcomputing.org/tcpaasp4/index.asp