November 25, 2024

Archives for September 2002

Lessig, DRM, and Palladium

As I noted yesterday, Lessig’s Red Herring piece on Palladium has generated a lot of interesting talk among techno-law-bloggers. (See e.g. Copyfight, Ernie the Attorney, Lessig, and Frank Field.)

This is all interesting, but it’s very speculative. As Bruce Schneier points out, in the best technical perspective on Palladium I’ve seen, we really know very little about how Palladium will actually work. When it comes to security, the devil is in the details; and we know only the barest outline of how Palladium will work.

Even if we did know the technical details of Palladium, it is far from obvious what effect it would have on the everyday practice of computing. My own view is that Palladium will make less difference than people expect. It won’t do much to prevent viruses and network attacks, since it doesn’t address the vulnerabilities that those attacks usually exploit.

More to the point, even if we assume that Palladium is totally bulletproof, I doubt that it will enable the kind of pervasive DRM that some people seem to want – at least, it won’t do so without making the PC essentially useless for ordinary computing tasks. (I plan to elaborate on this argument in a future posting.) A pervasive-DRM “computer” will be more like a CD player than like a computer.

Real computers are so useful that people will insist on having them, and the market will continue to provide them. Most likely it will provide them by pressuring software vendors into not using any draconian features of Palladium.

Lessig on Microsoft and DRM

Larry Lessig has a provocative piece in Red Herring on Microsoft’s plans regarding DRM and Palladium. Lessig says that Palladium is not as bad as some people say, and that Palladium may in fact benefit consumers (at least compared to the alternatives).

This piece has provoked some really interesting discussion over on Copyfight, Ernie the Attorney (read the comments on Ernie’s site too), and Lessig’s blog.

There is enough material here for a dozen postings. Unfortunately I don’t have time to write any of them today. Tune in tomorrow.

China Stops Blocking Google

AP reports that China is no longer blocking Google. (Ben Edelman’s site at Harvard confirms this.)

Reed: LaGrande Another 432?

David Reed has an interesting perspective on Intel’s LaGrande proposal.

Reed likens LaGrande to the Intel 432 processor. Few non-techies have heard of the 432, but in the processor-design community the 432 is a legendary failure. As Reed says, the 432 was “Intel’s attempt to create an ‘object oriented’ processor that would embed all the great ideas of object oriented computing in a revolutionary new architecture.”

The 432 died because it tried to build into hardware ideas that were still under development. Of all the parts of a computer system, the hardware is the most expensive to change, and the most difficult. It follows that you only want to put a particular function in hardware if you know that that function is necessary, and you know exactly how to do it. Because if you decide a year later that you want to do it differently, you’re out of luck. Hardware is much harder to change than software.

The Japanese “Fifth Generation” project from the 80’s is another example of a disaster caused by committing too early to a speculative design approach. Fifth Generation was going to reorganize the computing world around logic-based programming. This seemed like a good idea at first, but when it became evident that the right answer lay elsewhere, it was too late to reorient the project.

Reed has a good point, but I think he goes too far. The 432 and the Fifth Generation were both radical departures from existing practice; they wanted to tear up and redesign the whole processor. LaGrande seems much less ambitious. But Reed is right on target in saying that building security features into processor hardware is a risky engineering decision.

Intel to Offer "Security" Features in Future Microprocessors

Intel is reportedly planning to include security technologies, code-named “LaGrande,” in a future processor chip.

I haven’t seen much in the way of technical detail. The article referenced above says:

Where Internet security technologies already protect information in transit between a user’s PC and Web sites, LaGrande and Palladium attempt to safeguard information and software once it is on a PC. The idea is to partition off parts of a computer into protected sections dubbed “vaults,” and protect the pathways between those areas and keyboards, monitors and other accessories.

One benefit is what Intel calls a “secure boot,” which means that the basic instructions used when starting a computer can’t be modified for improper purposes.

It’s way too early to tell whether this is good or bad for consumers. We’ll need many more technical details before we can even form sensible opinions.

Every security technology is designed to give somebody more control over something. The key questions are who is getting control, and over what will they be given control. We can’t answer those questions yet for LaGrande.

It used to be a given that when somebody talked about securing a computer, that meant giving more control to the computer’s owner. Nowadays the term “security” is more and more applied to measures that take control away from the owner. Whether LaGrande empowers consumers or erodes their control over their property remains to be seen.

Once we know what LaGrande is trying to do, we can move on to the question of whether it actually delivers on its promises. Intel got into trouble once before with a “security” feature – the Pentium III processor ID (PID). The PID raised privacy concerns, which Intel tried to defuse by arguing that the PID could protect consumers against fraud. Unfortunately the technical details of the PID made it fairly useless as an anti-fraud measure. Ultimately, Intel withdrew the PID feature after a storm of public criticism. Such an outcome is good for nobody.

It appears that Intel is being more careful this time. If Intel wants public buy-in, the best thing they could do is to release the technical specifications for LaGrande, to enable an informed public debate about it.