Preparing For The Digital Dark Age (Comments on Palladium)

[InfoSec News <isn () c4i org>]

Fowarded from: Richard Forno <rforno () infowarrior org>

Preparing For The Digital Dark Age
Richard F. Forno
(c) 2002 - Permission granted to reproduce with appropriate credit.

(Article with active URL links and references)
http://www.infowarrior.org/articles/2002-08.html

Article #2002-08

23 June 2002

A recent MSNBC article by techno-pundit Steven Levy discusses
Microsoft's plans for a new computer operating environment (code-named
"Palladium") that links hardware, software, and data into a neat
package that allegedly is more secure and convenient for users.

Or, putting it in simpler terms, it's Microsoft's answer to fixing
everything that's wrong with computing today.

According to the article, "Palladium" is a hardware and software
combination that will supposedly seal information from attackers,
block viruses and worms, eliminate spam, and allow users to control
their personal information even after it leaves their computer. It
will also implement Digital Rights Management (DRM) for movies and
music to "allow users to exercise ³fair use² rights of such products.
"Palladium" will essentially create a proprietary computing
environment where Microsoft is the trusted gatekeeper, guard,
watchstander, and ruler of all it surveys, thus turning the majority
of computing users into unwilling corporate serfs and subjects of the
Redmond Regime.

Isn't it ironic that the company responsible for nearly every major
computer security problem, virus, and backdoor - thanks to its poor
software development and testing among other factors -- is now
heralding its ability to make everything better? One might sense this
is a manufactured problem resulting from Microsoft's inability to
develop effective software in the first place.  As is commonly known,
the single most significant factor contributing to the dismal state of
today's internet security is Microsoft's complacency, not because of
hackers, crackers, and pirates. As I mentioned in an earlier article,
we're vulnerable because Microsoft makes it so damn easy for the bad
guys to cause mischief. (It's also a result of lazy or incompetent
system administrators, poor network design, and clueless executives
and congressfolk, but that's another essay.)

Contrary to Levy's fear-mongering remarks and positive spin on the
need for "Palladium" to protect us, the Internet is not all evil. In
fact, the Internet is safer than many parts of our physical world. It
does, however, represent an evolution in social control, something
that evokes fear in the hearts of established entities of such control
- corporations, media, and governments. Hence the desire to trump up
any number of reasons - real or perceived - to beguile public and
garner support for ways to maintain social control and profit margins.  
This technical tool of social control follows on the heels of CBDTPA,
TCPA, DMCA, and other such controversial legislative efforts.

As such, Levy's article is full of several very sensational
soundbytes, including one particularly fear-mongering paragraph:

"An endless roster of security holes allows cyber-thieves to fill up
their buffers with credit-card numbers and corporate secrets. It¹s
easier to vandalize a Web site than to program a remote control.
Entertainment moguls boil in their hot tubs as movies and music are
swapped, gratis, on the Internet. Consumers fret about the loss of
privacy. And computer viruses proliferate and mutate faster than they
can be named."

Vandalizing a website is most often not because of the skillset of the
vandal, but rather a combination of poor system administration coupled
with notoriously buggy, easily-exploitable website software such as
Microsoft's Internet Information Server. From what I've seen over the
years, you probably don't even need opposable thumbs to break into
IIS. "Palladium" won't help here, but more competent system
administrators and much more secure server software (such as Apache or
WebStar) most certainly would.

Regarding the potential of stealing credit cards numbers, you've got a
greater chance of losing your wallet or purse walking around town than
a cyber-thief stealing your credit card from a webserver. What people
forget in the hype is that despite the immense pain-in-the-ass
associated with canceling credit cards and re-authorizing charges on a
new one, people are not responsible for losses over $50 provided they
promptly report the loss to their credit card issuer. I've had my card
stolen online, but I haven't run away in terror about the chances it
could happen again. Again, "Palladium" won't be of benefit to me -- my
credit card company already protects me and limits my liability.

Perhaps the most sinister part of Microsoft's "Palladium" concept
(something that Levy quickly glosses over) is that "Palladium won¹t
run unauthorized programs, so viruses can¹t trash protected parts of
your system." True, Windows-based viruses do proliferate and mutate
quickly, but it's because Microsoft products are so interlinked and
poorly-configured that enables such incidents to occur. And while
"Palladium" is certainly one way to deal with viruses on Windows
systems, what Levy doesn't say is that such a 'feature' means that
Microsoft alone could decide what software is 'authorized' to run on
Windows under "Palladium" -- and thus impose a layer of software-based
censorship.

In short, under the feel-good guise of 'enhanced security' and 'new
features for customers' and despite its being found guilty of being a
monopoly, Microsoft still wants to rule all it surveys. "Palladium"
can be interpreted as Microsoft's attempt to play God. Again.

With the announcement of "Palladium" Microsoft competitors and
independent programmers should be gearing up for another court case,
as this concept reeks of Microsoft's historic anti-competitive tactics
in the marketplace. Techno-savvy consumers should be very concerned
that "Palladium" would mean their computers and information are no
longer under their positive control but rather the omnipresent
surveillance and enforcement of a third party more interested in
making a profit than truly empowering their customers to think and act
for themselves. The computer will essentially become an appliance and
tool of control over its user, rather than a tool of innovation,
communication, and enlightenment for its user.

Given the pervasiveness of computers in modern global society, the
worldwide social ramifications of "Palladium" are enormous. Consider
the ability of one entity - in this case, Microsoft - dictating what
"is" and "is not" deemed acceptable behavior or content (remember
Smart Tags?) for computer users or - more exactly - Microsoft's
business interests. If your behavior or actions are deemed
'unacceptable' by such a third party, you could find yourself impotent
on the global stage. So you better toe the party line and be a good
little Windows user.

Just as the catapult and crossbow were technological innovations
leading to the Dark Ages in Europe, "Palladium" represents a modern
'innovation' that could lead to a similar outcome today.  
Unchallenged, this likely will result in a Digital Dark Age, a period
of innovative stagnation where the majority of the world's computing
population will become unwitting subjects and indentured servants to
the profiteering desires of the new corporate ruling class with
Microsoft as its enforcer.

One wonders if "Palladium" error messages will include a
computer-generated audio clip of Bill Gates patronizingly announcing,
"I'm sorry <USERNAME>, I'm afraid I can't do that....?"

The first step in any revolution is the seizure of the lines of
communication to hinder the target population's ability to communicate
and exchange information amongst themselves. "Palladium" has the
ability to do just that, and convert the traditionally-open fabric of
the modern computing environment into a closed, proprietary domain
under the rule of Redmond.

Under the "Palladium" concept - despite the marketing spin and hype -
the danger is that you will be asked (though not directly) to pledge
your abilities and servitude to Microsoft (and its poor track record
of security and reliability) and thus unwittingly relinquishing your
ability to remain an independent person in cyberspace. In essence,
you'll go back to the future instead of forward to innovation and
enlightenment.

Personally, I prefer being the one in-charge of the relationship with
my computer and not subordinate to it or its vendors. I also prefer
Camelot over Redmond....which probably goes a long way explaining why
I don't run Windows.

(c) 2002 - Permission granted to reproduce with appropriate credit.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.