Palladium Comments

posted Jun 29, 2002

*updated*, now more link-a-licious!

The problem is that Palladium requires users to place a huge amount of trust in Microsoft. You don't get to decide what runs on your computer -- Microsoft does. You can't even open files unless you've been authorized by Microsoft, or by a third party. ...Music and movie executives will love Palladium, because it puts digital copy protection into the realm of hardware, making it nearly unbreakable. You won't be able to give music files to your friends any more, and you might not be able to make backup copies for yourself. You can't even use nonstandard hardware to play the files, because they'll be in an encrypted file format that will only play on Palladium systems.

Let's flip the question around and look from an economic perspective. What features does Palladium give us that only Palladium can deliver?

This interview with the product manager of the project is probably as close to the "official" answer we're going to get. Chop away all the babble about "trusted code" (because as many have observed, they are the ones doing the "trusting", not you), and the only feature the project manager comes up with that I can see is "The user can be sure of the channel between their keyboard and computer." Two problems:

  1. Almost nobody is clamoring for this functionality. They should be, but they aren't. In fact, the only known attacker who interferes with the keyboard and intercepts keystrokes is the federal government, and you can be sure they will have a backdoor anyhow, so this is a complete red herring.
  2. In light of the extreme levels of control granted to other entities over your computer, you really can't trust your computer anymore, even if you're vanishingly more sure that it correctly received your commands. Palladium will cause you computer to come up with reasons it can't do that. Or more accurately, Palladium will force you to come up with reasons you can do that. The users gain is negligible compared to the gain of entities who will be able to tell the user's computer not to do what the user wants it to do.

The article missed a few features, or didn't clearly describe them. Here's what I can see:

The system will be bug-ridden, of course, which means both that the protection can be violated in some ways, but far more importently, that the computer will say "no" to a lot of legal actions. (The only way to make this system even have a chance of working is for the system to always assume guilty until proven innocent.) No appeal to the computer's decision will be possible, of course; the computer is always right.

So we get practically useless, more expensive (both initial and support costs), slower, critically bug-ridden systems, that will probably even be extremely psychologically disturbing to use (it really is watching you...)... what's the carrot for us, the actual customers of the system? Movies and crappy music, now legally downloadable for about the same price as the actual CD/DVD? (Based on historical records of media company digital offers.) Software that Apple, Linux, and old Windows already has, only with a bigger version number, bigger price (both initial and support costs), and fewer features? Oh, and a pretty holographic reflecty box?

These computers will be useless. It won't take long for this fact to penetrate even the thick American general psyche. Companies, no matter how large, screw their customers at their own peril. If this is anything but vaporware, if this ever makes it into your local store with the features largely as described by the recent news stories on the topic, if Microsoft really makes this their tip-top priority... then I'm going to go out on a limb and say this will be the death of Microsoft as the dominant player of the industry. (And with the complicity of AMD and Intel, possibly the end of "WinTel" too.) With billions shot down this sinkhole, with customer trust abused right into nonexistance on both the corporate and consumer fronts, and with a Congressional backlash (dare I hope Supreme Court backlash as well?) virtually inevitable, and an endless media frenzy jumping on Microsoft's grave, nobody, but nobody, will want to buy these things. "Nobody ever kept their job buying Palladium."

Brave prediction, but under the conditions I gave, I'll stick by it. I'd offer to long bet it but I don't have the resources to put up a stake of any kind. (Plus it's conditional on Palladium existing at all, which I'm not willing to bet on.)

TCPA FAQ. Strategy analysis. Don't hold your breath waiting for somebody to crack this. Several links via Hack the Planet.


Site Links


All Posts