Courtesy of Cryptography List.
http://www.pbs.org/cringely/pulpit/pulpit20020627.html
JUNE 27, 2002 I Told You So Alas, a Couple of Bob's Dire Predictions Have Come True
By Robert X. Cringely
Just over three years ago I wrote a column titled "Cooking the Books: How Clever Accounting Techniques are Used to Make Internet Millionaires." It explained how telecom companies were using accounting tricks to create revenue where there really was none. Take another look at the column (it's among the links on the "I Like It" page), and think of Worldcom with its recently revealed $3.7 billion in hidden expenses. Then last August, I wrote a column titled "The Death of TCP/IP: Why the Age of Internet Innocence is Over." Take a look at that column, too, and think about Microsoft's just-revealed project called Palladium.
The end is near.
Sometimes I'd rather be wrong, but it's a no-brainer to guess that accountancy, which has apparently become something of an art form or interpretive dance, could have a dark side. And you'll never lose money betting for Microsoft and against Microsoft's competitors and customers.
Let's concentrate on the Microsoft story. Last August, I wrote of a rumor that Microsoft wanted to replace TCP/IP with a proprietary protocol -- a protocol owned by Microsoft -- that it would tout as being more secure. Actually, the new protocol would likely be TCP/IP with some of the reserved fields used as pointers to proprietary extensions, quite similar to Vines IP, if you remember that product from Banyan Systems. I called it TCP/MS in the column. How do you push for the acceptance of such a protocol? First, make the old one unworkable by placing millions of exploitable TCP/IP stacks out on the Net, ready-to-use by any teenage sociopath. When the Net slows or crashes, the blame would not be assigned to Microsoft. Then ship the new protocol with every new copy of Windows, and install it with every Windows Update over the Internet. Zero to 100 million copies could happen in less than a year.
This week, Microsoft announced Palladium through an exclusive story in Newsweek written by Steven Levy, who ought to have known better. Palladium is the code name for a Microsoft project to make all Internet communication safer by essentially pasting a digital certificate on every application, message, byte, and machine on the Net, then encrypting the data EVEN INSIDE YOUR COMPUTER PROCESSOR. Palladium compatible hardware (presumably chipsets and motherboards) will come from both AMD and Intel, and the software will, of course, come from Microsoft. That software is what I had dubbed TCP/MS.
The point of all this is simple. It may actually make the Internet somewhat safer. But the real purpose of this stuff, I fear, is to take technology owned by nobody (TCP/IP) and replace it with technology owned by Redmond. That's taking the Internet and turning it into MSN. Oh, and we'll all have to buy new computers.
This is diabolical. If Microsoft is successful, Palladium will give Bill Gates a piece of every transaction of any type while at the same time marginalizing the work of any competitor who doesn't choose to be Palladium-compliant. So much for Linux and Open Source, but it goes even further than that. So much for Apple and the Macintosh. It's a militarized network architecture only Dick Cheney could love.
Ironically, Microsoft says they will reveal Palladium's source code, which is little more than a head feint toward the Open Source movement. Nobody at Microsoft is saying anything about giving the ownership of that source code away or of allowing just anyone to change it.
Under Palladium as I understand it, the Internet goes from being ours to being theirs. The very data on your hard drive ceases to be yours because it could self-destruct at any time. We'll end up paying rent to use our own data!
Can you tell I think this is a bad idea?
What bothers me the most about it is not just that we are being sold a bill of goods by the very outfit responsible for making possible most current Internet security problems. "The world is a fearful place (because we allowed it to be by introducing vulnerable designs followed by clueless security initiatives) so let us fix it for you." Yeah, right. Yet Palladium has a very real chance of succeeding.
How long until only code signed by Microsoft will be allowed to run on the platform? It seems that Microsoft is trying to implement a system that will enable them, once and for all, to charge game console-like royalties to software developers.
But how will this stop the "I just e-mailed you a virus" problem? How does this stop my personal information being sucked out of my PC using cookies? It won't. Solving those particular problems is not Palladium's real purpose, which is to increase Microsoft's market share. It is a marketing concept that will be sold as the solution to a problem. It won't really work.
Let's understand here that not all Microsoft products are bad and many are very good. Those products serve real customer needs and do so with genuine purpose, not marketing artifice. But Palladium isn't that way at all. This is NOT about making things better for the user. This is about removing the ability for the end user to make decisions about how his or her computer functions. It is an effort by Microsoft to take literal ownership of Internet technology, Microsoft's "embrace and extend" strategy applied for the Nth time, though on a grander scale than we've ever seen before. While there is some doubt that the PC will survive a decade from now as a product category, nobody is suggesting the Internet will do anything but grow and grow over that time. Palladium assures that whatever hardware is running on the network of 10 years from now, it will be generating revenue for Microsoft. There is nothing wrong with Microsoft having a survival strategy, but plenty wrong with presenting it as some big favor they are doing for us and for the world.
What's saddest about this story is that it could be positive. The world is a dangerous place and finding ways to make people responsible for what they do on the Net is probably good, not bad. I just don't think we have the right people on the job.