Untrusted Microsoft


Original Article By Matt Loney

Published at ZDNET

Editorial comments Spencer Kittelson

Date: June 27, 2002


The following article has had several key points highlighted.  My additional comments have been added in green italics.
It's rather a long read but if you value privacy and freedom it's worth it.

Original Article Link

COMMENTARY--The words 'Microsoft' and 'trust' only really seem to fit together with the help of an 'anti' somewhere in the middle. I find it somewhat odd therefore, to find this particular company proposing the development of a 'trusted computer platform'.

Trusted by whom? Not by me, that's for sure.

(Nor should anyone else trust Microsoft.  When you buy a new computer with the XP operating system you open yourself up to nearly continuous monitoring of your online activities.  What sites you visit, the content you listen to or watch, the programs that are installed on your system, all are recorded and transmitted to Microsoft at one time or another.  If you value your privacy and freedom, decide now to move away from Microsoft based products.  More on this below.)

It's not an altogether new idea, of course. In 1998 Intel came under fire for its processor ID idea, which enabled software -- or a Web site -- to quiz your CPU for its unique 64-bit serial number. This CPUid, which is built into almost every Intel processor since the Pentium III, is now switched off by default after initial outrage at the discovery that Web sites and applications could record it without the users' knowledge. Now, you have to download a utility from Intel here and switch the CPUid feature on. Not that any software or Web sites actually use it.

The problem with Intel's CPUid was twofold. First, Pat Gelsinger and Paul Otellini et al at Intel insisted they were merely trying to provide a technology that would benefit the consumer and help verify client PCs, but many suspected that the main thrust of the initiative was to make it easier to track stolen chips and spot counterfeits.

Second, the idea was poorly executed, and led to accusations that it could have the opposite effect to that which it was ostensibly created for, and actually increase fraud. If Internet merchants began to rely on the ID as proof that you really are you, went the argument, then your data could be at risk from thieves who could relatively rig their computer to transmit a different number than the one found in the Intel microprocessor.

But whatever Intel's past foibles, they pale by comparison to Microsoft's current plan, code-named Palladium.

First, Microsoft is insisting that it is trying to build a 'trusted computer platform', yet it appears to be ignoring the Trusted Computing Platform Alliance (TCPA), which is backed by more than 135 companies -- and on the steering committee of which Microsoft serves. The goal of the TCPA is to build platforms that can be trusted for e-commerce. It should provide: authenticity, so that users are confident that they know to whom and to what entity they are talking; integrity, so that users know information is transmitted accurately; and privacy.

(The TCPA is designed to ensure that no single company controls the technology or access points for determining who's systems are trusted.  Microsoft explicitly has ignored the TCPA and is intent on becoming the "gateway" company that everyone must connect to for trusted authentication.  Only YOU can prevent this by excluding Microsoft from you purchasing plans.)

Microsoft exposed its motivation for Palladium when, on filing a core patent for the technology, it used the term Digital Rights Management Operating System. Far from providing authenticity, integrity and privacy of data, Microsoft actually wants to police copyright laws.

Now I have a major problem with this, not least because I don't like the idea of a company that has been found guilty of criminal activity providing technology that will be used to police laws. For a start, it looks for all the world like Microsoft is introducing technology which does not benefit the consumer, but which is designed to prevent crimes being committed. And in the process, consumer rights could actually end up being curtailed; it appears that limitations built into Palladium could redefine "fair use" of digital media from a legal right, to a technological grant from a company.

If you don't consider such moves odd, consider a world where a gun can only be shot by someone empowered by a state to do so, and which furthermore will only fire a bullet if it is pointing at someone designated by that state as a legitimate target. Or a world where cars can never go above a certain speed limit. On the face of it, this could be an attractive world, and there would certainly be fewer deaths. So why don't we live in such a world? After all, the technology is readily and cheaply available for the automotive example, and also for at least the first part of the firearm example.

Because there would be uproar. And because, unlike intellectual property, human life is not meaningfully protected by laws and conventions that are effectively upheld by nation states. OK, so I've moved from naive to cynic, but there is an important issue at stake.

Copyright laws are a peculiar beast. They are the product of corporate lobbying. They protect, to a large extent, corporate interests. Individuals accused of breaking copyright laws are pursued at the behest of corporates (in the case of Adobe's persecution of Dmitri Sklyarov). And now corporates are introducing the technologies to police the laws. I'm not sure that any other area of law is so controlled -- and now policed -- by corporate interests.

That is what makes me nervous. If you are worried by the idea of cars unable to travel faster than 55mph regardless of which country you are driving them in, then you too should be worried by this corporate policing of copyright laws.

What makes me really nervous is when the corporates doing the policing are themselves guilty of criminal acts. Should we really trust Microsoft, which has been found guilty in the highest court in the U.S. of breaking laws in a way that harmed consumers, to build a 'trusted platform' for us? This is the very same Microsoft, remember, which now stands accused infringing 11 patents belonging to InterTrust in 144 separate claims. I am not suggesting that Microsoft is guilty; merely that it is less than suitable as a candidate to police laws or to develop technology that can be used to police laws. I'd rather trust my trusted platform to Nobby the Weasel who sells counterfeit cologne in the Star and Garter. 

(As a fundamental principle, it is essential that you decide that your freedom is more important than your convenience.  Microsoft has a long and tortured history of making things that appear nice on the surface but which are riddled with security holes, trapdoors for those "in the know" to use and which are invasive in the extreme to your privacy.  Without privacy we cannot have security and Microsoft is perhaps the most untrusted corporation on the planet, right behind Enron, Worldcom and Arthur Anderson.

You can now buy very inexpensive and powerful PC's at Wal Mart for $300-$600 that have NO Microsoft software on them at all!  These systems allow you to web surf, do email, have built in spreadsheet and word processing, etc. but use the Linux operating system and have the same windowing look and feel that most of you are familiar with.  Best of all, these systems allow you to read Microsoft documents and spreadsheets from your unenlightened friends so you won't be left stranded in cyberspace.  In addition, some of these systems even run your old Windows programs so you won't be forced to upgrade and pay the "Microsoft Tax" ever again!  There are also several new models of Apple computers that use a Unix base but provide Apple's famous ease of use.

The other thing to avoid at all costs is using any form of Microsoft servce, such as Hotmail or MSN network.  Microsoft sells the contact information from Hotmail within hours of signing up even when you explicity advise them not to during the sign up process.  You also need to have a Passport account which becomes a permanent record of you that Microsoft then owns forever.  DON'T DO IT!  Save yourself from future Microsoft marketing and resultant spamming and attacks by those who purchase the contact information from Microsoft.

This is hard but essential work.  Defending our freedom requires diligent effort.  Please do your part and decide today to get free from Microsoft and stay free.)


Pssst!  We've updated our Shopping Page.