Freedom to Tinker

David Reed has an interesting perspective on Intel’s LaGrande proposal.

Reed likens LaGrande to the Intel 432 processor. Few non-techies have heard of the 432, but in the processor-design community the 432 is a legendary failure. As Reed says, the 432 was “Intel’s attempt to create an ‘object oriented’ processor that would embed all the great ideas of object oriented computing in a revolutionary new architecture.”

The 432 died because it tried to build into hardware ideas that were still under development. Of all the parts of a computer system, the hardware is the most expensive to change, and the most difficult. It follows that you only want to put a particular function in hardware if you know that that function is necessary, and you know exactly how to do it. Because if you decide a year later that you want to do it differently, you’re out of luck. Hardware is much harder to change than software.

The Japanese “Fifth Generation” project from the 80’s is another example of a disaster caused by committing too early to a speculative design approach. Fifth Generation was going to reorganize the computing world around logic-based programming. This seemed like a good idea at first, but when it became evident that the right answer lay elsewhere, it was too late to reorient the project.

Reed has a good point, but I think he goes too far. The 432 and the Fifth Generation were both radical departures from existing practice; they wanted to tear up and redesign the whole processor. LaGrande seems much less ambitious. But Reed is right on target in saying that building security features into processor hardware is a risky engineering decision.

Intel is reportedly planning to include security technologies, code-named “LaGrande,” in a future processor chip.

I haven’t seen much in the way of technical detail. The article referenced above says:

Where Internet security technologies already protect information in transit between a user’s PC and Web sites, LaGrande and Palladium attempt to safeguard information and software once it is on a PC. The idea is to partition off parts of a computer into protected sections dubbed “vaults,” and protect the pathways between those areas and keyboards, monitors and other accessories.

One benefit is what Intel calls a “secure boot,” which means that the basic instructions used when starting a computer can’t be modified for improper purposes.

It’s way too early to tell whether this is good or bad for consumers. We’ll need many more technical details before we can even form sensible opinions.

Every security technology is designed to give somebody more control over something. The key questions are who is getting control, and over what will they be given control. We can’t answer those questions yet for LaGrande.

It used to be a given that when somebody talked about securing a computer, that meant giving more control to the computer’s owner. Nowadays the term “security” is more and more applied to measures that take control away from the owner. Whether LaGrande empowers consumers or erodes their control over their property remains to be seen.

Once we know what LaGrande is trying to do, we can move on to the question of whether it actually delivers on its promises. Intel got into trouble once before with a “security” feature – the Pentium III processor ID (PID). The PID raised privacy concerns, which Intel tried to defuse by arguing that the PID could protect consumers against fraud. Unfortunately the technical details of the PID made it fairly useless as an anti-fraud measure. Ultimately, Intel withdrew the PID feature after a storm of public criticism. Such an outcome is good for nobody.

It appears that Intel is being more careful this time. If Intel wants public buy-in, the best thing they could do is to release the technical specifications for LaGrande, to enable an informed public debate about it.