Text 15, 117 rader
Skriven 2004-08-21 23:09:00 av Steve Asher (3:800/432.0)
Ärende: (1/2) "Treacherous Computing"
=====================================
Proprietary software - I

Who should your computer take its orders from?

Richard Stallman asked that slightly more than a year ago in his book
Free Software, Free Society.

But with Micro$oft's Palladium slash Next Generation Secure Computing
Base slash NGSCB looming darkly, it takes on renewed relevance.

Now read on >>>>>>>>>>>>>>

Can you trust your computer?
By Richard Stallman

Who should your computer take its orders from? Most people think their
computers should obey them, not obey someone else. With a plan they
call "trusted computing," large media corporations (including the
movie companies and record companies), together with computer
companies such as Microsoft and Intel, are planning to make your
computer obey them instead of you. Proprietary programs have included
malicious features before, but this plan would make it universal.

Proprietary software means, fundamentally, that you don't control what
it does; you can't study the source code, or change it. It's not
surprising that clever businessmen find ways to use their control to
put you at a disadvantage. Microsoft has done this several times: one
version of Windows was designed to report to Microsoft all the
software on your hard disk; a recent "security" upgrade in Windows
Media Player required users to agree to new restrictions. But
Microsoft is not alone: the KaZaa music-sharing software is designed
so that KaZaa's business partner can rent out the use of your computer
to their clients. These malicious features are often secret, but even
once you know about them it is hard to remove them, since you don't
have the source code.

In the past, these were isolated incidents. "Trusted computing" would
make it pervasive. "Treacherous computing" is a more appropriate name,
because the plan is designed to make sure your computer will
systematically disobey you. In fact, it is designed to stop your
computer from functioning as a general-purpose computer. Every
operation may require explicit permission.

The technical idea underlying treacherous computing is that the
computer includes a digital encryption and signature device, and the
keys are kept secret from you. (Microsoft's version of this is called
"palladium.") Proprietary programs will use this device to control
which other programs you can run, which documents or data you can
access, and what programs you can pass them to. These programs will
continually download new authorization rules through the Internet, and
impose those rules automatically on your work. If you don't allow your
computer to obtain the new rules periodically from the Internet, some
capabilities will automatically cease to function.

Of course, Hollywood and the record companies plan to use treacherous
computing for "DRM" (Digital Restrictions Management), so that
downloaded videos and music can be played only on one specified
computer. Sharing will be entirely impossible, at least using the
authorized files that you would get from those companies. You, the
public, ought to have both the freedom and the ability to share these
things. (I expect that someone will find a way to produce unencrypted
versions, and to upload and share them, so DRM will not entirely
succeed, but that is no excuse for the system.)

Making sharing impossible is bad enough, but it gets worse. There are
plans to use the same facility for email and documents -- resulting in
email that disappears in two weeks, or documents that can only be read
on the computers in one company.

Imagine if you get an email from your boss telling you to do something
that you think is risky; a month later, when it backfires, you can't
use the email to show that the decision was not yours. "Getting it in
writing" doesn't protect you when the order is written in disappearing
ink.

Imagine if you get an email from your boss stating a policy that is
illegal or morally outrageous, such as to shred your company's audit
documents, or to allow a dangerous threat to your country to move
forward unchecked. Today you can send this to a reporter and expose
the activity. With treacherous computing, the reporter won't be able
to read the document; her computer will refuse to obey her.
Treacherous computing becomes a paradise for corruption.

Word processors such as Microsoft Word could use treacherous computing
when they save your documents, to make sure no competing word
processors can read them. Today we must figure out the secrets of Word
format by laborious experiments in order to make free word processors
read Word documents. If Word encrypts documents using treacherous
computing when saving them, the free software community won't have a
chance of developing software to read them -- and if we could, such
programs might even be forbidden by the Digital Millennium Copyright
Act.

Programs that use treacherous computing will continually download new
authorization rules through the Internet, and impose those rules
automatically on your work. If Microsoft, or the U.S. government, does
not like what you said in a document you wrote, they could post new
instructions telling all computers to refuse to let anyone read that
document. Each computer would obey when it downloads the new
instructions. Your writing would be subject to 1984-style retroactive
erasure. You might be unable to read it yourself.

You might think you can find out what nasty things a treacherous
computing application does, study how painful they are, and decide
whether to accept them. It would be short-sighted and foolish to
accept, but the point is that the deal you think you are making won't
stand still. Once you come depend on using the program, you are hooked
and they know it; then they can change the deal. Some applications
will automatically download upgrades that will do something different -
- and they won't give you a choice about whether to upgrade.


/Continued/


--- 
 * Origin: Xaragmata / Adelaide SA telnet://xaragmata.thebbs.org (3:800/432)