The following text is copyright 2002 by Network World, permission is hearby given for reproduction, as long as attribution is given and this notice is included.


Not quite independence day


The edition of this paper and the edition of Newsweek that one came out closest to July 4th both had articles about the recently divulged Microsoft Palladium project to secure both computer systems and intellectual property rights.  But neither of the articles spent much time exploring another aspect of the proposal -- the user's ability to control their own computing environment.


For those of you with short memories, or who did not read either of those articles, Palladium is Microsoft's project to implement the Trusted Computing Platform Alliance's ( trusted computing architecture.  The aim of the project is to develop a hardware/software combination that can be used to identify the user of a computer and give the user control over what software gets run on the machine and over who can read or forward material the user creates or transmits.  The latter feature can be used by copyright holders to control the distribution of their material.  But Palladium  is a tool, and like many tools could be turned into a weapon. And not just a weapon against violations of copyrights. 


In the era of Internet dependence and rampant vulnerability of the computers on the Internet something does need to be done to protect us against viruses, invasions of privacy, the information on our machines and maybe even spam.  It has been claimed that Palladium  equipped systems will do all of that plus protect Disney if someone wants to run off with a copy of the Little Mermaid.  So why do I worry.


For one thing, in order to deliver on these promises Palladium implementations will have to be bug-free.  "Bug-free" and Microsoft are not often enough associated concepts.  But a bigger worry is that Palladium  could be too good at what its designed to do.  Palladium  could be used by Microsoft to control what software you could run on your own computer, a government could use this technology to control what you could read or see on the Internet, or a PC vendor could make it impossible for you to sell your used computer.  With Palladium,  people could send email that could only be read by the intended recipient, a neat feature if you are Bill Gates about to be hauled into court, but not so good if you want to prove that someone is harassing you.  Not exactly Independence Day concepts.


I might be a bit less worried about these scenarios if the update to the Microsoft Media Player that came out about the same time as these articles did. requires the user to agree to let Microsoft "automatically" (i.e. without your knowledge or permission) update software on your computer, not limited to Media Player, that could keep you from using software Microsoft does not approve of on your computer. 


Palladium will be a success if it is very widely adopted and that will require that people trust it and trust the organizations that will be able to control it.  With the Media Player update, Microsoft has shown again that trust will not come easily.


disclaimer:  Ask our neighbors, trust in Harvard improves with distance, but the University has not expressed an opinion on this topic.