Microsoft developing Hardware-Based Security

Microsoft is developing a hardware-based security initiative that would make computers more secure and protect copyrighted material.

With the new system, codenamed Palladium, information technology officials could use cryptographic hardware keys rather than software-based passwords to lock up secure information including student records and prevent illegal copying of materials.

While Microsoft bills Palladium as "the next-generation secure computing base," critics say it could curb the Internet's free flow of information, and in the process give Microsoft too much control over colleges' digital information.

Palladium is supported by publishers because it would give them greater control over their material by allowing them to lock a document so that it could only be viewed on a screen, and disabling the copy, paste and print functions. It would also limit users' ability to run unauthorized copies of software programs.

Palladium's software components will be included in the next version of Windows, expected out toward the end of 2004. The new version of Windows would work with new hardware components currently under development by manufacturers such as Intel.

In order for users to view Palladium-based documents, they too would have to be use a Palladium-based computer. Computers without the Palladium core, such as Macintoshes and PCs manufactured before the new version of Windows is released, would be unable to decrypt the documents. Computers will not be able to be retrofitted with the Palladium standard.

For a college to invest in Palladium would be a massive undertaking because all computers would have to be equipped with the new encryption. At Tufts, hundreds of computers would have to be replaced.

Even if colleges decide not to embrace Palladium, they may face enormous pressure to buy into the system, especially if publishers of books, journals, software and other electronic content adopt the Palladium standard.

This pressure worries many in academia, who believe that publishers would use Palladium to bar some uses of digital material which scholars argue that they are entitled to under copyright law.

Doug Herrick, the associate director of data network operations with Tufts Computing and Communications Services (TCCS), said he could "never see Tufts using a program like Palladium," and he foresees Microsoft facing much difficulty getting users to upgrade.

"Right now I can't imagine Tufts using such an intrusive system," he explained. "We already have our security measures and Palladium wouldn't fit into those measures."

Microsoft claims that Palladium would give all users more control over their digital property. According to Brian LaMacchia, a software engineer working on Palladium, colleges have been demanding more computer security. "It's a two-edged sword," LaMacchia told the Chronicle of Higher Education, acknowledging that commercial publishers are also demanding more protection for their works.

Professors at Tufts agree that publishers have the right to control how their work is used, but also realize that they can easily abuse Palladium.

History professor Jeanne Penvenne has already had many difficulties dealing with the fair-use issue. "Tufts spends a fortune to get subscriptions, yet I find it infuriating how I can't use them; I can use them once but not more," she says.

Penvenne used to make reading lists for her classes, but once she had to seek permission for every article before redistributing it, she became bogged down with writing permission letters. She said she could not be a good teacher if she spent all her time writing letters, so she stopped using the articles altogether.

According to Penvenne, if the university is going to invest in Palladium, they must think it through.

She says the University needs a staff dedicated to fair use issues; not having teachers do what she calls "donkey-work."

Professor Lee Minardi of the School of Engineering respects the rights of publishers to restrict their materials in ways they see fit, and sees Palladium as a way for publishers to keep up with the digital age.

"Publishers have the right to be able to charge for an item or to give it away for free if they want to." Minardi equates the publishers' dilemma with the issue of the music industry trying to stop file transferring because they still function on an antiquated system.

Students have responded to Palladium with mixed reactions. Freshman Margaret Hunter sees the possible benefits. "It would definitely help to stop violations of copyright laws, but if people want to plagiarize, they're going to find a way to plagiarize," she said.

But some students worry about the costs of implementing the new standard. "Hacking is [not] a large enough problem on campus to justify the cost and restrictions of acquiring Palladium systems," said sophomore and TCU Senator Adam Koeppel. "[Microsoft's] tactics force consumers to continuously upgrade their operating systems forcing manufacturers like Dell to accept Palladium as a standard, and replace conventional computers with exclusively Palladium systems."

Koeppel believes that Palladium is too much of a restriction of information for too little a gain in security.

According to David Rice, a security consultant and adjunct faculty member in James Madison University's graduate program in information security, students are not going to "consciously go out and buy a product that necessarily limits their ability to do what they want to do," he told the Chronicle. "They'll definitely buy a product if it means security for them. I don't know if they're going to buy a product if it means security for somebody else."

Comments

Be the first to comment on this article!

Add comment


I am not posting spam. I understand posting spam or other comments that are unrelated to this article will cause my comment to be flagged for deletion and possibly cause my IP address to be permanently banned from this server.

Enter the characters in the image above: