June 25, 2002
3:58 PM   Subscribe

Microsoft unleashes Palladium, an intrusive doozy of a feature involving specially secure AMD/Intel computer chips and cryptology provided by Microsoft. Newsweek's head-bobbing Steven Levy, the first to get the story, remains taciturn, failing to call into question Microsoft's security sins of the past. Geeks run scared while digital rights and GPL concerns are wholly ignored by the mainstream media. Is this yet another example of a malcontent media that will never possess the balls to actually question a new feature put out by Microsoft? Even Wired can't seem to read between the lines of a technology that "stemmed from early work by engineers to deliver digital movies that couldn't be pirated."
posted by ed (16 comments total)
Whoa there ed! Microsoft just announced the strategy they are calling Palladium. It is a long long way from implementation and requires the cooperation of other companies. In other words, the strategy will look nothing like the initial proposal (based on what happened with the .Net myServices/Hailstorm strategy).
posted by srboisvert at 4:04 PM on June 25, 2002

srboisvert: I know that it's early in the game, but I find it interesting that Levy treated this news with all the journalistic integrity of a PR flack. It's one thing to be given a lead or tip on a story, it's another thing to stay silent on features that could be considerably privacy-invasive or cut on the turf of other OSes. It would seem prudent to me to take a crack at these sorts of issues early on, just to gauge precisely where Microsoft intends to go with them.
posted by ed at 4:10 PM on June 25, 2002

It requires the cooperation of other companies *and* a whole ton of people willing to buy it.

Basically, it looks like they're taking DRM and trying to figure out how to convince people they want it. DRM alone has almost no benefits for the consumer and many disadvantages, so it's an impossible sell without goodies. So they add on some goodies (that don't seem all that useful, I might add) and wave it around pretending it's pretty.

Basically, it's like they're trying to sell you a rabid dog that will eat your children by dressing it up in sexy lingerie.

Um... the analogy wasn't useful, was it.
posted by whatnotever at 4:19 PM on June 25, 2002

Here's the kicker:

"One hurdle is getting people to trust Microsoft."

I'd say that's a pretty substantial hurdle.
posted by mr_crash_davis at 4:21 PM on June 25, 2002


Not a useful analogy, no, but a very colorful one.
posted by mr_crash_davis at 4:21 PM on June 25, 2002

"Microsoft's name for its efforts, Palladium, comes from the statue of Pallas Athena, which was believed to protect the ancient city of Troy from invaders. " *caugh*trojan*caugh*
posted by dabitch at 4:48 PM on June 25, 2002

I too am bothered by the PR regurgitation I've been seeing in a lot of media outlets these days. A big one is record company sales are down due to piracy. Almost every story these days embraces that spin, and even outlets I'd expect to know better don't seem at all bothered by reporting that as an accepted truth.

With respect to rolling out Palladium, one report, possibly the wired story, suggested the path to implementation would be all government computers, where the security "benefits" could be sold big time. Followed by Corporate customers who would generally prefer to have ways to tie down what happens on their client machines. The big if is then how do you transition to consumers, and the answer right or wrong seems to be critical mass. By that point that will be all that's available, and there will be so many services that require the technology that it will just smoothly transition over to consumers.

I have my doubts as well - primarily because I think the corporate sell of MS as the security vendor of choice will be a much harder sell than ice to eskimos, but time will tell.
posted by willnot at 4:57 PM on June 25, 2002

I think the first story linked (the Newsweek story) is interesting because it's a shining example of serious things, like "news" and "content" getting mixed up in marketing because of the mega-global-hyper-corps that are at the same time both media outlets *and* news.

I saw on HeadlineNews last week, in the "tiny article area" at the bottom of the screen, an "article" that announced the premiere of a TW movie on HBO that night. Hey, wait a minute, I thought, is that news?

I ask you -- Is this news at MSnbc.com or something else? I found the coverage high on spin and low on objections or serious treatments of interesting issues. It seemed like a big press release.

And I fear that this trend is going to get a lot worse.
posted by zpousman at 5:51 PM on June 25, 2002

Hmm, the news here, is that Levy's cred has just dropped off the radar...
posted by inpHilltr8r at 6:29 PM on June 25, 2002

One more reason to get a Mac. If you don't have one already.
posted by Holden at 6:35 PM on June 25, 2002

Levy had any cred left?

Seriously, though, the biggest hurdle to having PKI that's actually useful to Sam and Susie User is that in the past, every attempt to deliver on the promise of widespread, publicly-used public-key crypto has been 1) a single vendor's non-interoperable product, 2) a poorly thought-out camel-standard designed to protect each vendor-member of the committee's turf, rather than actually solve any technical problems in an elegant, or even barely workable, way, or 3) a technically elegant system that requires too much effort for people who aren't really serious about crypto to use. (I'll ignore the certificate system used by SSL for now, as certificates are basically a method by which CAs, which provide no service and create no value, may fleece an unsuspecting, technically challenged business community into paying an e-business toll. In any case, the technology itself falls pretty squarely into column 2 above).

Palladium's PKI carrot to offset the DRM stick will fail. Why? Because it's in column 1. Nothing in Column 1 makes it out of the enterprise market, where a single authority can oversee deployment and force compliance from the captive user community. Yes, of course, one could say that the Mickeysoft masses are a captive user community, as they're PR'd into thinking that Redmond actually cares about making their lives easier. It is a harder, though still tenable, argument to say that Microsoft represents a central deployment authority; despite the best efforts of the pre-Ashcroft DoJ, Microsoft still dictates terms to the OEM community. Add to all this that Palladium's PKI basically looks like a spoonful of sugar to help the MPAA/RIAA-approved DRM medicine go down, and I still hold out hope that this'll be Microsoft Bob all over again.

Which is not to say that my next computer won't be a TiBook. :)
posted by Vetinari at 8:24 PM on June 25, 2002

Small detail: "these highly secure computers could safely exchange information only among themselves."

Sounds like another gimmick for forcing you to throw out the perfectly serviceable machine you're using and plunk down the $ for a new one. Surprise.
posted by sheauga at 8:59 PM on June 25, 2002

Since nearly everyone perforce buys Microsoft software already, they don't really have to sell Palladium to the public. They will just have to introduce it on all new machines, and gradually it will impose itself.
posted by Rebis at 11:01 PM on June 25, 2002

Since nearly everyone perforce buys Microsoft software already, they don't really have to sell Palladium to the public. They will just have to introduce it on all new machines, and gradually it will impose itself.

Indeed. With Microsoft's market share and the general public's ignorance of RSA encryption technology, a cool name like "Windows Palladium" and a tagline like "Safer and more secure than ever before / Stops spam and viruses dead" is sure to boost windows sales.

Here's a question: If RSA encryption is implemented at the hardware level, does that mean that everybody has to buy new boxes in 5 years when higher processor speeds force the world to move from 128 to 256 bit encryption standards?
posted by astirling at 5:02 AM on June 26, 2002

Wave Systems (wave.com) and the TCPA (trustedpc.org) have been working on this type of thing for a long while.

I think they are actually working (in trials) with the Banks in Europe (finread.com).
posted by pbeaul00 at 7:24 AM on June 26, 2002

Bob Cringely says I told you so.

Last August, I wrote of a rumor that Microsoft wanted to replace TCP/IP with a proprietary protocol -- a protocol owned by Microsoft -- that it would tout as being more secure.

It seems he was right again. Love him or loathe him, this weeks column is important reading.
posted by grahamwell at 8:08 AM on June 28, 2002

« Older Karakuri trick Boxes   |   Newer »

This thread has been archived and is closed to new comments