Reverse Palladium?

[Adam Back]

Anonymous writes in favor of palladium arguing that it is optional, so
all is ok.

On Wed, Jul 13, 2005 at 12:15:21AM -0700, cypherpunk wrote:
> This is precisely the security model which has so many people upset:
> the system owner (the network admin) is giving up control over his
> machine, running software which he cannot control, molest or
> modify. You, a third party, are protected against the computer's
> owner. The ability for owners to voluntarily and verifiably give up
> a degree of control over their computers is anathema to Trusted
> Computing opponents, the height of evil and a threat to be fought at
> all costs. 

See I think it is entirely possible to get the benefits of secure
compartments, which are secured from hostile software, without locking
out the owner of the machine.

All that is needed is to turn over control of the machine to the
owner.  Give the owner of the machine keys for ring-1; he can have a
secured login to ring-1 where he gets to choose which ring-1 processes
he can attach a debugger to, binary patch etc and which loadable
things which are hashed for verification by remote attestation to lie
about the hash of.

In this way the owner can be sure he won't get valuable data hacked by
viruses, trojans etc; (well as secure as he can be under the palladium
model) but the evil remote non-optional control of your own hardware
is removed from the picture.

So the optionality anonymous is arguing about is your "option" to be
refused service outright, or cede ring-1 level (compartmented) access
to your machine.  ie to allow 3rd party software to run that you are
NOT able to debug, inspect, look at source or executable for, patch or
fix to your liking.

And how far this kind of optionality extends depends on the
architecture choices of microsoft eg al in how deeply they embed this
into the OS, their applications and programming frameworks, and how
much other companies choose to use this stuff.

So microsoft has already talked about software rental, etc etc; and
has a history of increasingly intrusive and annoying license
enforcement, so if you ask me you can bet your money that this will be
used throughout the whole system to the point where you can have the
option to switch off your machine, or give up control.  The OS will
become a container for rented, DRMed, uninspectable, unsniffable,
unpatchable corporate-warez.

> The fact that it is voluntary for all concerned means nothing to
> them. 

It would if it was.  But its not.  If its voluntary, give me the keys
to my own computer.  If you're not going to do that then shutup about
"voluntary".  You have about as much control over your own machine
under palladium as you do over a user account on a remote system you
do not have root on.  Except it's your machine! and you still don't
get to control it.

> They don't want people even to have the chance to be tempted to
> utilize this technology, and they will stop at nothing to keep it
> from coming into existence. So far they have been extremely
> successful.

You need to go read Richard Stallman's essay on the right to read.
You and others proposing this software are trying to fast-track us to
the scary but plausible future under Palladium that Richard
presciently paints.

http://www.gnu.org/philosophy/right-to-read.html

Adam