Tesugen

Palladium revisited

Yesterday, I read a column by Lawrence Lessig in CIO Insight, “Hollywood v. Silicon Valley: Make New Code, Not War”, which although not directly about Microsoft’s Palladium made things a bit clearer for me. When I first read about Palladium (see here – and here), I felt very pessimistic about the future of the Internet and computing. I still am, but I have a clearer picture of what is wrong with their plan now.

A couple of weeks ago (see here) while reading a Wired article by Lessig, I realized that copyright is there to balance the rights of the public and the creators of works. Prior to that, I hadn’t reflected much on it, and assumed it was solely for protecting the rights of the creator. So the point with having copyrights is that without them, less things would be created because the creators would not be able to make money on their works. On the other hand, if the copyright is too strong and gives the creator full protection for a very long period of time, this would stifle creativity, since works most often build upon works of others. So it’s about balance.

In his column, Lessig writes that “old content gives complete control to users”, meaning that digital content lacking any form of copy protection can be copied and spread freely by users. As for “Hollywood’s” plans about content in the future, he continues, this “will give complete control to Hollywood”, meaning that digital rights management (DRM) and such things will let the creators fully control their content in a way that “obliterates traditional values of fair use.” (What’s fair use?) So again it’s about balance.

Lessig writes that “the future is code, control implemented through technology”, which is what Palladium is all about, “so long as the technology protecting that content adequately ensures consumers fair use”. Steven Levy’s article about Palladium sure said that Palladium “could allow users to exercise ‘fair use’ (like making personal copies of a CD) and [that] publishers could at least start releasing works that cut a compromise between free and locked-down.”

But Levy also writes that you could use DRM to protect your e-mails and Word documents, “so that no one (or only certain people) can copy it or forward it to others … [or] could be read only in the next week. In all cases, it would be the user, not Microsoft, who sets these policies.” This suggests total freedom for the creators of digital content, which is equivalent of a copyright system which balances the rights poorly. If the Palladium architecture would allow you to deny the users their fair use rights, what’s to keep big movie and record companies from doing this?

Perhaps DRM isn’t all bad? Perhaps what’s bad about it is that the rights seems likely to be skewed towards the content creators? The DRM architecture could give the creator the right to deny or allow some uses of the content, while preserving the fair use rights for the users. In this way, the architecture itself would enforce a balance. If the architecture should leave the specification of allowed and prohibited uses to the discretion of the creator, perhaps the laws would have to be adjusted to preserve the fair use rights.

Let’s take a look at a fundamental issue regarding Palladium. Steven Levy wrote that Palladium “depends on ubiquity”, meaning that there would have to be millions of Palladium systems in the world for there to be any point with it. If a Palladium system uses DRM to control (in whatever form) digital content, fair-use copies made and transferred to a non-Palladium system would be uncontrolled. Your e-mail and documents that you grant the recipient to view only during the coming week will be viewable forever if the recipient doesn’t have software that treats content as Palladium would. But there’s another thing that Palladium depends upon.

Say all systems in the world were Palladium systems; software would still have to respect the integrity of digital content. You could write a program that converts a DRM-protected music file to a format without protection (like MP3), hence removing the protection. To prevent this, Palladium CPU’s will only run “authorized” executables, which means that they will have to be “signed” by a private encryption key generated by a trusted Certificate Authority (CA). Currently, Internet Explorer has two “root certificates” installed by default: Microsoft’s and VeriSign’s. These root certificates will probably be hidden in the hardware, effectively only allowing programs authorized by either of those two parties. If it would be possible to add your own CA, you could authorize any Napster or Gnutella client to run on your system, and the DRM system in Palladium would be rendered useless. So any program, such as your protection-removal tool, that doesn’t qualify as good citizens for the Palladium platform are unlikely to be authorized by Microsoft or VeriSign.

What will this authorization system mean for free software, or $5 shareware written by individuals in their spare time, or the competition on the software market in general? If I would want to be able to sign my software, I would (with the current pricing) have to pay $400 for a VeriSign Code Signer Standard package. And what if I would want to create the next Perl scripting language? Would I have to require the scripts to be signed in order to execute them? Would my code signing key be revoked if I didn’t?

The future will certainly be about controlling content by technology, so let’s hope that this is done in a way that doesn’t obliterate fair use and doesn’t put Microsoft/VeriSign in control of the competition in the software market. I am still waiting for a sensible analysis of what a Palladium would mean for the future. Most articles and opinions expressed by security experts so far have been very heated and very anti-Microsoft.

The above was posted to my personal weblog on June 26, 2002. My name is Peter Lindberg and I am a thirtysomething software developer and dad living in Stockholm, Sweden. Here, you’ll find posts in English and Swedish about whatever happens to interest me for the moment.

Posted around the same time:

The seven most recent posts:

  1. Tesugen Replaced (October 7)
  2. My Year of MacBook Troubles (May 16)
  3. Tesugen Turns Five (March 21)
  4. Gustaf Nordenskiöld om keramik kontra kläddesign (December 10, 2006)
  5. Se till att ha två buffertar för oförutsedda utgifter (October 30, 2006)
  6. Bra tips för den som vill börja fondspara (October 7, 2006)
  7. Light-Hearted Parenting Tips (September 16, 2006)
Bloggtoppen.se