Public key cryptography allows users, software, and devices to authenticate themselves over a network. Palladium started as a way of using public key crypto to manage rights to entertainment content like music and movies. Then Microsoft engineers realized it could do the same thing for entire networks of computers, users, and applications.

According to Microsoft, Palladium is intended to protect a machine only if it's attacked via software or over a network. If someone had physical access to your machine, the crypto chip could be compromised and encrypted information on the machine would no longer be secure.

But beyond those sketchy details, a whole slew of questions remain:

• Will Palladium reinforce Microsoft's monopoly control over PC operating systems? Might the privacy and competition-conscious Europeans have something to say about this?
• How will governments deal with the wiretap issues, privacy issues, and employer-employee relationship issues that Palladium raises?
• What if Palladium is just as buggy as the rest of Microsoft's code? If it is, won't it only create the illusion of security? And isn't such an illusion worse than the bitter truth?
• The biggest question of all: Why should we trust Microsoft anyway? If PCs need a universal security architecture to protect critical business information, should Microsoft be its sole creator? Is there a public interest that makes this too big for any one company or even country to dominate? (No, Microsoft is not yet a country, although buying one and becoming an offshore corporation always looms as a possibility, I suppose.)

LEVY AND I, for example, have interviewed many of the same people. But in his article, he discussed features that I was explicitly told are not part of Palladium. But the reality is--and this is important--that Palladium provides a platform for building just about anything security-related that a developer might want to conjure up.

Palladium is like any other fundamental technology: You can build things with it that will be good for people, and you can build things with the potential to hurt people. And sometimes the same thing will be capable of both.

So while Palladium is explicitly designed to handle rights management--meaning it'll govern what software you are allowed to run and what you're allowed to do with documents and content--it could also be used for user authentication. If that happens (and it's an almost foregone conclusion), a Palladium computer would always know who is using it and what that user is doing--and could report the information to third-parties.

MICROSOFT PROMISES--and I believe that they're serious--that users will control their own personal information. But how this plays in the real world, where users often have very little power, remains to be seen.

The good news is that we have time. While Levy says Palladium could start showing up as early as 2004, I'm betting most users won't start seeing it until 2006 or 2007--and then only if Microsoft is able to convince any number of organizations, governments, and even individuals that Palladium isn't more of privacy threat than a solution to privacy problems.

Microsoft has one key factor in its favor: the growing realization among its customers that we must do something, and that tomorrow's digital devices--and I'm talking much more than PCs here--need the trustworthiness that Microsoft claims Palladium will offer.

But is the world ready to trust Microsoft on something it has such a hard time explaining?

Can you put 'trust' and 'Microsoft' in the same sentence without using 'not'? TalkBack below or e-mail us with your thoughts.

Previous page |   1 2

[an error occurred while processing this directive]

[an error occurred while processing this directive]