Herbert's Random Musings: December 2003

I just read a
really scary article. I've had mixed feelings about Paladium (now
NGSCB) since I heard about it; in fact, while Stallman somewhat over
dramatizes the situation in Can
you trust your computer?, as in many things... he's apparently
right on the money.

Some choice quotes from the cited scary article; emphasis added is
mine, since I wanted to share the ooginess.

"Today most people who have a computer do not
really completely control their computer. They run a Microsoft
OS, and they will never put any sniffers on their connection to the
Net. Viruses, Trojans, and worms parasitize their machines. In
general, it is hard to get any Microsoft system to do what you want.
But some folk actually have pretty good control of their computers.
Palladium is designed to ensure the continuation of the situation
for most users, and to prevent the sale and use of computers
which can be controlled by the user. "Since today
Microsoft's control is not complete over machines running a Microsoft
OS, many home users copy and re-distribute popular songs, whose
copyrights the home user does not have. So the real issues are not
clear, and discussion of Palladium in most newspapers is centered on
political questions of copyright law and practice." - John
Manferdelli, General Manager for Windows Security, Microsoft.

Since I've quoted a fair amount of the article, fair use dictates
that I attack it. Looking at Manferdelli's statement, it is clear
that he is in fact talking about X issues:

Copyright & Digital Rights
Management.
Restricting what you can run on your PC.

Dealing with these issues in order:

Digital Rights Management (DRM)
DRM has been tried in a
few forms, and generally gets cracked pretty quickly. MS are really
pulling out the stops with Paladium; they have invented “secure
digital path” technology for sound and video (in theory making
it impossible to rip DRM-protected media, or at least preventing
ripping while maintaining a high degree of quality). Ignoring
technical issues such as “will it work”, there are other
problems with DRM as a concept. In particular, DRM has no
understanding of “fair use” and other safeguards built
into copyright law. For example, if the linked article had been
protected by DRM, do you think that the Paladium system would
recognize my right to quote a large chunk of it for critical
analysis? Likewise, if I buy a DVD and want to back it up to my PC (a
perfectly legal task; it would be a copyright violation for me
to redistribute the copy), will Paladium recognize that right? If I
backup some data and need to read it years later, can I guaranty that
Paladium will even recognize my own right to my own data?
Finally,
why does the OS care what I do with my data?
Copyright violation is not a crime, violation is a civil suit –
with the copyright assignee having the sole power to pursue violators
(and only then for provable losses). Since copyright violation is not
a criminal act, Microsoft and other OS vendors at worst have common
carrier status in regard to violation: they simply provide a tool,
and that tool can be used for good or evil. By interjecting
themselves into this, and providing tools that both make life easier
for copyright holders, and infringe on every user's guaranty to Fair
Use, MS not only make themselves a target for deliberate erosion of
every user's rights, they also make themselves liable on one level to
copyright holders (actual liability is probably avoided in the EULA)
since they promise a solution to the assigned copyright holder's
problems.

There is an additional angle to DRM
that merits discussion. MS have indicated that they wish to limit who
can read documents. Imagine if Enron or a similar company had an
extensive signed-DRM system in place. Whistleblowers would have a
much harder time showing documents to the world if they were set to
be unreadable without an Enron-signed key! MS have talked about this
aspect of Paladium extensively, going so far as to have
Paladium-enabled documents not display when they do not have focus,
and screenshot blocking elements of the OS. I guess whistleblowers
will just have to buy cameras or use a printer!

Restricting what I can run
From
what has been released, Paladium relies on a private key embedded in
a PC's BIOS – in such a way that it shouldn't be accessible
through normal code. The BIOS can then refuse to execute OS code that
isn't signed as 'safe' (“signed by whom” is the obvious
question here, and one nobody seems to want to answer!). Does this
mean that users who wish to install Linux, BSD, or even a home-grown
OS (they exist, ask any embedded systems developer) will no longer be
able to do so (without some obscure 'crack')? That will annoy a lot
of enthusiasts, not to mention corporations who extensively use
alternatives. If this is too draconian, it could represent MS
shooting themselves in the foot; that's why I suspect a more gradual
adoption: the system will start with 'safe' defaults, and gradually
permit less and less over time.

There is actually
something to be said for the ability to restrict what can be run on a
system. You can do this already: setup Active Directory Group
Policies for your end users at work, and they won't be running
anything you don't approve of! This is a good thing. Applying a
similar level of control – but with MS in control, and not a
company admin (work)/enthusiast user (home) – and suddenly Pcs
are more like Xboxes... no more installing that neat game you found,
for example!
MS have yet to comment on how homegrown software will
work with Paladium. If the objective is to block all malware, then
software should only work if it is signed – which presumably
means that all software needs to be signed by a higher authority (who
have to check it, since otherwise malware could just be self-signed
and go on its merry way destroying stuff!). I'm really interested to
see how this will work.

Trusted Computing
Stallman's
critique of Paladium hinges on the word “trust”.
Amusingly enough, in security circles a “trusted system”
is one that if it fails you are in deep trouble. Presumably, “trusted
computing” is more an attempt to play on the cuddly aspect of
the word than a clever reference to the house-of-cards that is
network security. Historically, software has trusted its users. This
isn't always true (hence the proliferation of access control tools!),
but ultimately the software trusts the programmer and the
administrators who make it run. In other words, if I ask my trusty
FreeBSD server to run Qmail with my chosen set of patches it says
“sir, yes sir!” and tries to get Qmail running. The big
downside of this model is that if I were to make a mistake, the PC
would also say “sir, yes sir!” to a program functionally
equivalent to “rm -rf /” (i.e. delete all files).
Stallman, most of the Free Software community, and even my humble
self would argue that this is exactly how it should be (and that you
are dumb if you let your users have the permissions to delete
everything; the administrators however should be able to do so!). MS,
and Manferdelli would appear to disagree. In a Paladium universe,
the PC does not trust me – even though I bought it. If I try to
do something it has been told not to allow, I won't be allowed to do
it. That may be okay for game consoles (even there, I object on
principle; if I want to boot Linux on my Xbox, that's my right when I
pay for it!), but the strength of PCs has always been their general
purpose nature. A general purpose tool that won't let you play with
it is useless: you can no longer create new uses for the tool.

Finally, it has to
be said that I don't trust Microsoft to know what I should trust.

Mood: bitchy
Music: Joe Satriani - Surfing with the Alien

Herbert's Random Musings

Friday, December 5, 2003

TSG infrastructure upgrade (part 1)

Wednesday, December 3, 2003

Next Generation Secure Computing Base

Other Sites

Blog Archive

About Me