Finally--built-in security?

William Jackson

Be careful what you wish for.

Users for years have been complaining that security should be designed into computer systems and networks from the ground up, not added as an afterthought. Now Microsoft Corp. plans to do just that with its Palladium project. Palladium would build into future Windows versions a series of secure vaults for storing and transferring data.

The catch is that Palladium will rely on entirely new chips from Intel Corp. and Advanced Micro Devices Inc. of Sunnyvale, Calif. Palladium computers could connect securely only with each other, and Palladium-style security would demand new computers, new keyboards and new monitors. So if we want security built in, we"ll have to pay.

That"s only fair, but the cost amounts to more than dollars and cents. Three-letter federal agencies charged with gathering information might consider the cost too high and raise objections.

Some people have called Palladium another Microsoft attempt at world domination, and certainly a number of folks at the Justice Department and elsewhere will be keeping a close eye on it. A security monopoly would be a powerful market tool.

More to the point, will Palladium even work as described? It"s up to five years off--too soon to say. Opinions range from that of cryptography expert Bruce Schneier, who gave it a zero chance, to Chris Wysopal, R&D director at @Stake Inc. of Cambridge, Mass., who called it "a big step in the right direction. The first release will probably be pretty good."

As Palladium moves from separate chip sets into the CPU, security could get really serious. Microsoft"s Xbox video gaming system security took about six months to break, Wysopal said, and "I think they will learn something from this."

Security in hardware rather than software is a powerful paradigm. It could herald a return of the crypto wars of the 1990s when the government struggled--ultimately unsuccessfully--to rein in commercial cryptography because of law enforcement and national security concerns. Simply put, is there any way to ensure that Palladium is used for good and not evil?

For example, Wysopal asked, "How is the FBI going to seize documents?"
Arguments for and against key escrow, back doors and export restrictions will be dusted off, but in a radically different environment from the one of the last decade.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above