Palladium is mythical security

According to legend, the Palladium was a sacred statue of Athena that the Trojans believed would protect them against the advancing Greek army. But when Odysseus sneaked into Troy and stole the Palladium, Troy did not fall. That happened only when the Greeks built the Trojan horse.

Mysterious and somewhat unfortunate mythological precedents aside, serious questions are being asked of Microsoft Corp.'s forthcoming Palladium technology. Will Palladium fail to provide adequate security for its new wave of worshippers? Conversely, will this product enforce a degree of "protection" so stringent that the Internet's freedom of exchange and technological diversity will itself be at risk? Will Microsoft safeguard users or its own commercial interests? Given the ubiquity of Microsoft technologies in the business world, what kind of problems lie ahead?

The Technology. Part of Microsoft's contribution to the Trusted Computing Platform Alliance (a consortium founded by Hewlett-Packard Co., IBM Corp., Microsoft Corp. and Intel Corp.), Palladium is a software/hardware combination ostensibly designed to prevent piracy and protect corporate information.

Set for release possibly as early as 2005, Palladium requires a new chip technology being developed by Intel and AMD. This chip includes new encryption functions alongside a small memory capacity acting as a digital vault and holding the keys to decrypt protected data.

Palladium could be used to secure VPNs by enabling administrators to authenticate and identify computers on the network. It could protect networks against pirated software and malicious worms. Microsoft has apparently promised to release some of the code so that developers can study and debug the software.

So what's the problem?

Unnatural Selection. While Palladium will protect data, apparently it will do so in a selective manner by limiting users' software choices to those authorized and licensed by Microsoft and its allies: a virtual lock on your business's capacity to employ diverse technologies. This equates to chip-enforced Digital Rights Management (DRM). Microsoft owns a patent for a DRM operating system. If Palladium is bundled with future editions of Windows, will Microsoft have learned its lessons about fair business practice from its recent antitrust case. Can it protect its copyrighted material at the expense of other copyrighted materials?

It seems that computers running Linux or other non-Microsoft operating systems won't be able to use the chip. With many businesses relying on Linux, planners will face some serious choices. Should they work around Palladium, or abandon open-source systems altogether?

Planners should also consider whether complete homogeneity among the security technologies used by business networks would make it easier for hackers to cause damage. Common sense has to be abandoned when there is only one basket to put your eggs in.

"It's a terrible scheme," Philip Carinhas, a Texas-based Linux consultant told me. "Any attempt to control technology is inherently antitechnology. Unless a culture of acquiescence to Microsoft is overcome, however, many businesses will be stuck with it."

The outlook for non-Microsoft-approved technologies is bleak, but it will be an uphill battle for Microsoft to convince consumers and businesses that Palladium is a virtuous technology, intended to protect our city gates.

Me? I'm wondering what form the Trojan horse will take.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about AMDHewlett-Packard AustraliaIBM AustraliaIntelMicrosoftPalladium TechnologyTrusted Computing Platform Alliance

Show Comments