Germany cautious on Microsoft security

[InfoSec News <isn () c4i org>]

http://news.com.com/2100-1001-976620.html?tag=fd_top

By Declan McCullagh 
Staff Writer, CNET News.com
December 9, 2002, 

The German government is worried about federal agencies adopting
Microsoft's upcoming Palladium security technology, fearing the system
could lead to higher costs.

In what appears to be the first time a nation has criticized the
technology, Germany's Ministry of Economics and Labor said in a letter
to the Bundestag, or parliament, that widespread adoption of Palladium
raises the "danger that applications of software for new high-security
PCs require a license by Microsoft, resulting in high costs." The Nov.  
26 letter was a response to queries from members of the conservative
Christian Democratic Union party.

The Palladium architecture relies on future "trusted" hardware for
tasks such as limiting piracy and enhancing security. In part,
Palladium involves encrypting certain data stored on a hard drive. But
critics have said that in addition to keeping hackers away from such
data, the technology could be used as a policing mechanism that bars
people from material stored on their own computers if they have not
met licensing and other requirements. Microsoft's licensing policies
have also come under attack.

In contrast to the German reaction to Palladium, White House
cybersecurity czar Richard Clarke said last week that trusted
computing proposals were "a good beginning, but it's not enough."  
Clarke called on technology companies to ensure that future operating
systems incorporate security features.

The German letter also expressed concern about Palladium's potential
to create "substantial obstacles to market entry" to competing
operating systems--particularly ones like Linux that are based on free
software. It also mentioned a bill introduced by Sen. Fritz Hollings,
D-S.C., that would jump-start Palladium by implanting copy-protection
technology in PCs and electronic devices.

Microsoft said Germany had little to worry about.

"The plan is not to have Microsoft be the arbiter of what can and
can't run on your PC," Amy Carroll, the group manager for Windows
Custom Platform Technology, said on Monday. "One of the stated goals
of Palladium is to allow the machine owner to maintain control over
what they do and do not wish to run."

"We're committed to working with the German government and anyone else
who wants to talk to us," Carroll said. "Governments in general tend
to work with sensitive data and sensitive information and have pretty
deep concerns about the security of the information they're working
with. Anything that can increase the security of that information is a
good thing."

Gerald Himmelein, an editor at the German computer magazine c't, said
the three-page letter to Bundestag member Martina Krogmann, who
handles Internet policy for the CDU, is unusual.

"Normally an answer to an enquiry is a paragraph or two," Himmelein
said. "In this case it's two and a half pages."

Himmelein said the government created a working group in August to
review Palladium and the related Trusted Computing Platform Alliance
(TCPA) effort, which involves Hewlett-Packard, IBM, Intel and
Microsoft.


News.com's Jonathan Skillings and Robert Lemos contributed to this
report.

 

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.