[ISN] Germany cautious on Microsoft security

From: InfoSec News (isnat_private)
Date: Tue Dec 10 2002 - 00:59:59 PST

  • Next message: InfoSec News: "[ISN] NIPC chief Ron Dick to retire"

    By Declan McCullagh 
    Staff Writer, CNET News.com
    December 9, 2002, 
    The German government is worried about federal agencies adopting
    Microsoft's upcoming Palladium security technology, fearing the system
    could lead to higher costs.
    In what appears to be the first time a nation has criticized the
    technology, Germany's Ministry of Economics and Labor said in a letter
    to the Bundestag, or parliament, that widespread adoption of Palladium
    raises the "danger that applications of software for new high-security
    PCs require a license by Microsoft, resulting in high costs." The Nov.  
    26 letter was a response to queries from members of the conservative
    Christian Democratic Union party.
    The Palladium architecture relies on future "trusted" hardware for
    tasks such as limiting piracy and enhancing security. In part,
    Palladium involves encrypting certain data stored on a hard drive. But
    critics have said that in addition to keeping hackers away from such
    data, the technology could be used as a policing mechanism that bars
    people from material stored on their own computers if they have not
    met licensing and other requirements. Microsoft's licensing policies
    have also come under attack.
    In contrast to the German reaction to Palladium, White House
    cybersecurity czar Richard Clarke said last week that trusted
    computing proposals were "a good beginning, but it's not enough."  
    Clarke called on technology companies to ensure that future operating
    systems incorporate security features.
    The German letter also expressed concern about Palladium's potential
    to create "substantial obstacles to market entry" to competing
    operating systems--particularly ones like Linux that are based on free
    software. It also mentioned a bill introduced by Sen. Fritz Hollings,
    D-S.C., that would jump-start Palladium by implanting copy-protection
    technology in PCs and electronic devices.
    Microsoft said Germany had little to worry about.
    "The plan is not to have Microsoft be the arbiter of what can and
    can't run on your PC," Amy Carroll, the group manager for Windows
    Custom Platform Technology, said on Monday. "One of the stated goals
    of Palladium is to allow the machine owner to maintain control over
    what they do and do not wish to run."
    "We're committed to working with the German government and anyone else
    who wants to talk to us," Carroll said. "Governments in general tend
    to work with sensitive data and sensitive information and have pretty
    deep concerns about the security of the information they're working
    with. Anything that can increase the security of that information is a
    good thing."
    Gerald Himmelein, an editor at the German computer magazine c't, said
    the three-page letter to Bundestag member Martina Krogmann, who
    handles Internet policy for the CDU, is unusual.
    "Normally an answer to an enquiry is a paragraph or two," Himmelein
    said. "In this case it's two and a half pages."
    Himmelein said the government created a working group in August to
    review Palladium and the related Trusted Computing Platform Alliance
    (TCPA) effort, which involves Hewlett-Packard, IBM, Intel and
    News.com's Jonathan Skillings and Robert Lemos contributed to this
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue Dec 10 2002 - 03:34:08 PST