Intel's LaGrange Technology - doomed?

posted Sep 11, 2002

A somewhat technical discussion on why hardware-based content protection is doomed to failure for at least several iterations, based on discussing Intel's "LaGrange" technology. This is the first I've heard of this so I don't know how this fits into the "master plan", whether they believe this is the first and final iteration or what, and how this ties to Palladium. The interesting part about this article is that it's strictly technical and discusses why this just isn't going to work for a while. The main thesis paragraph of the essay is probably this one from the middle:

[Why is embedding content protection directly into the silicon of a processor doomed to failure?] Because we don't know, we really don't know, what sorts of protection make sense in the emerging digital, networked marketplaces. Despite 35 years of computer security research, we have not yet increased our understanding of what needs to be protected beyond a simplified, very unworkable notion of military document security. Now joined with a simplified, very unclear notion of what Hollywood might really need (as defined by its lawyers and lobbyists - not the most technically savvy designers).

(Note my context-setting question in the [] marks is unusually extrapolated from the real context; you should read the real article for true context.)

To paraphrase the article and look at it from a slightly different angle, there is an inherent paradox facing those who wish to build truly strong content protection into everybody's computer: We do not want to put this protection in the software, because there are any number of fundamental ways to bypass the software, up to and including running it on a virtual machine or accessing the data directly with an "untrusted" operating system, which people have already been doing for a long time. As this article points out, we don't want to put this protection into hardware either, because by doing so, we lock our design in at the moment we create the silicon, and we know from engineering history that the first design will absolutely, positively not work correctly, for anybody's definition of "correctly".

In the end, even assuming the desirability and possibility of creating some machine with strong enough protections to satisfy the content industry*, it will take several technology iterations and by my guesstimation at least five years to even get close to right, and I'd say ten years to get polished enough to make everybody (except people who think about something other then money or pure consumption, which technically covers most of us...) happy. The only way to resolve the paradox is a lot of time and money.

Going beyond the article a bit, this situation is somewhat unusual in that while taking the 5 to 10 years to polish the system, we will also get every iteration stuffed down our throat with at least the full marketing power of the content industry plus the part of the tech industry that bases its strategy on consumer lock-in, plus possibly federal laws. Since it seems all but inevitable at this point, won't this be a fun little jaunt?

*: re "enough protections to satisfy the content industry", I've had an unusual amount of direct customer experience in the last six years for a college student in the various jobs I've held. I'm not a software engineer of 30 years experience, but I've seen lots of different types of customers and had to deal with them. Beauracracies are the worst customers imaginable. They demand the impossible, tommorow, are literally incapable of understanding, well, anything (individual members may understand an explanation, but unless the person in charge understands, it will not matter at all... and they never do, these people tend to pride themselves on their ignorance (brutal, but mostly true)), and, most relevant to the current topic, always want what you expect to have six months from now, plus two year's worth of development. They are the customers from hell. The point? Even if Intel+Microsoft+assorted unimportent players can create a system that meets, say, 90% of the content industries criteria, the industry will still have a cow and demand 99%. They will be surly, uncooperative, accuse the tech industry of everything, refuse to support the 90% solution, and basically be incredibly unhelpful, because that's always how these things go. Microsoft et. al. is making a deal with the industry because their interests happen to temporarily coincide, but there's something very Faustian about this. By encouraging the "content industry" and feeding them the first taste of success ever in suppressing a new technology, Microsoft may be awakening something it will regret in a couple of years.


Site Links


All Posts