LaGrandium and the Dark Side of Trusted Computing
Intels LaGrande-based processor chips (AMD plans to include similar features in its own chips) are supposed to team with a future Microsoft OS technology called Palladium to deliver a more controllableand therefore more securecomputing platform than we have today.
Now, whether these "trusted" platforms will result in more security and control for the individual computer user remains to be seen.
The trusted computing platform that Intel and Microsoft are countenancing would be built around a protected memory space in which trusted services run, a sealed storage mechanism for storing encrypted data, and a facility for providing operating environment information to outside parties. In Microsofts Palladium materials, those outside parties are called "external requestors."
Microsofts Palladium talk has spawned a great deal of distrust and conspiracy theorism, and its no surprise. Users were angry and suspicious enough when Windows Product Activation entered their lives, and the only data that WPA wired home to Redmond was an indecipherable string of characters derived from ones hardware configuration.
LaGrande and PalladiumLaGrandium, if you willwould enable any intellectual property provider to exercise a measure of control over user systems that is not currently possible.
In the example of WPA, Microsoft currently requires users to check in to verify the legitimacy of their Windows license when installing Windows XP. With LaGrandium, the fear is that Microsoft (or any other software company or content provider distributing its wares under a trusted model) could choose to revoke your license and prevent you from using its software or accessing its data, even though it resided on your personal computer.
Im not saying that Microsoft or Disney or any other firm would do this, but its the sort of thing that trusted computing schemes could enable. Also, its important to point out that any software or content rights revocation scenario would likely be something that our hypothetical user wouldve agreed to in some click-through EULA screen.
Microsoft has stated that Palladium will be optional, and users will be able to turn it off completely. Again, however, the fear is that eventually, enough content and software providers will require trusted plug-ins and players to consume their content that most users adopt trust schemes out of convenience. Thered always be a community of outlanders, but they could safely be ignored, the way that users of browsers other than Internet Explorer are now.
Putting conspiracy theories aside for a minute, I think if were to enter into trust relationships with these corporations, its fair to ask whats in it for us.
Despite initial reports that Palladium would make computing safer and nicer for individual users by blocking spam and preventing viruses, Microsoft has recently stated that Palladium would achieve neither of those goals.
If trusted computing were enough to prod the content controllers in the music and movie industry to start putting more of their product online, I think that many people would consider that a benefit. However, it seems likely that the sorts of restrictions that content providers will be able to place on these materials would violate fair use rights, and trusted computing would make it no easier to move protected content from your PC to your handheld, for example, than it currently is.
Im not saying that trusted computing doesnt have its placeLaGrandium could be a boon for government or business systems on which confidential data is stored, which is why trusted computing efforts, such as the Trusted Computing Platform Alliance have been at work on these issues for years now.
However, the cadre of trusted computing proponents, both in industry and in government (sometimes its tough to tell the difference between the two), isnt just set to slip in LaGrandium among the machines in some government facility, but right into the machine sitting on my desk at home.
Honestly, has computing become so perilous that individuals require more invasive operating systems? Talk to me at firstname.lastname@example.org.