Home > Microsoft’s plan to take over your computer

Microsoft’s plan to take over your computer

by Open-Publishing - Saturday 1 January 2005
20 comments

Edito International Digital-Technology


by Richard Stallman

Who should your computer take its orders from? Most people think their computers should obey them, not obey someone else. With a plan they call "trusted computing", large media corporations (including the movie companies and record companies), together with computer companies such as Microsoft and Intel, are planning to make your computer obey them instead of you. (Microsoft’s version of this scheme is called "Palladium".) Proprietary programs have included malicious features before, but this plan would make it universal.

Proprietary software means, fundamentally, that you don’t control what it does; you can’t study the source code, or change it. It’s not surprising that clever businessmen find ways to use their control to put you at a disadvantage. Microsoft has done this several times: one version of Windows was designed to report to Microsoft all the software on your hard disk; a recent "security" upgrade in Windows Media Player required users to agree to new restrictions. But Microsoft is not alone: the KaZaa music-sharing software is designed so that KaZaa’s business partner can rent out the use of your computer to their clients. These malicious features are often secret, but even once you know about them it is hard to remove them, since you don’t have the source code.

In the past, these were isolated incidents. "Trusted computing" would make it pervasive. "Treacherous computing" is a more appropriate name, because the plan is designed to make sure your computer will systematically disobey you. In fact, it is designed to stop your computer from functioning as a general-purpose computer. Every operation may require explicit permission.

The technical idea underlying treacherous computing is that the computer includes a digital encryption and signature device, and the keys are kept secret from you. Proprietary programs will use this device to control which other programs you can run, which documents or data you can access, and what programs you can pass them to. These programs will continually download new authorization rules through the Internet, and impose those rules automatically on your work. If you don’t allow your computer to obtain the new rules periodically from the Internet, some capabilities will automatically cease to function.

Of course, Hollywood and the record companies plan to use treacherous computing for "DRM" (Digital Restrictions Management), so that downloaded videos and music can be played only on one specified computer. Sharing will be entirely impossible, at least using the authorized files that you would get from those companies. You, the public, ought to have both the freedom and the ability to share these things. (I expect that someone will find a way to produce unencrypted versions, and to upload and share them, so DRM will not entirely succeed, but that is no excuse for the system.)

Making sharing impossible is bad enough, but it gets worse. There are plans to use the same facility for email and documents—resulting in email that disappears in two weeks, or documents that can only be read on the computers in one company.

Imagine if you get an email from your boss telling you to do something that you think is risky; a month later, when it backfires, you can’t use the email to show that the decision was not yours. "Getting it in writing" doesn’t protect you when the order is written in disappearing ink.

Imagine if you get an email from your boss stating a policy that is illegal or morally outrageous, such as to shred your company’s audit documents, or to allow a dangerous threat to your country to move forward unchecked. Today you can send this to a reporter and expose the activity. With treacherous computing, the reporter won’t be able to read the document; her computer will refuse to obey her. Treacherous computing becomes a paradise for corruption.

Word processors such as Microsoft Word could use treacherous computing when they save your documents, to make sure no competing word processors can read them. Today we must figure out the secrets of Word format by laborious experiments in order to make free word processors read Word documents. If Word encrypts documents using treacherous computing when saving them, the free software community won’t have a chance of developing software to read them—and if we could, such programs might even be forbidden by the Digital Millennium Copyright Act.

Programs that use treacherous computing will continually download new authorization rules through the Internet, and impose those rules automatically on your work. If Microsoft, or the US government, does not like what you said in a document you wrote, they could post new instructions telling all computers to refuse to let anyone read that document. Each computer would obey when it downloads the new instructions. Your writing would be subject to 1984-style retroactive erasure. You might be unable to read it yourself.

You might think you can find out what nasty things a treacherous computing application does, study how painful they are, and decide whether to accept them. It would be short-sighted and foolish to accept, but the point is that the deal you think you are making won’t stand still. Once you come depend on using the program, you are hooked and they know it; then they can change the deal. Some applications will automatically download upgrades that will do something different—and they won’t give you a choice about whether to upgrade.

Today you can avoid being restricted by proprietary software by not using it. If you run GNU/Linux or another free operating system, and if you avoid installing proprietary applications on it, then you are in charge of what your computer does. If a free program has a malicious feature, other developers in the community will take it out, and you can use the corrected version. You can also run free application programs and tools on non-free operating systems; this falls short of fully giving you freedom, but many users do it.

Treacherous computing puts the existence of free operating systems and free applications at risk, because you may not be able to run them at all. Some versions of treacherous computing would require the operating system to be specifically authorized by a particular company. Free operating systems could not be installed. Some versions of treacherous computing would require every program to be specifically authorized by the operating system developer. You could not run free applications on such a system. If you did figure out how, and told someone, that could be a crime.

There are proposals already for US laws that would require all computers to support treacherous computing, and to prohibit connecting old computers to the Internet. The CBDTPA (we call it the Consume But Don’t Try Programming Act) is one of them. But even if they don’t legally force you to switch to treacherous computing, the pressure to accept it may be enormous. Today people often use Word format for communication, although this causes several sorts of problems (see "We Can Put an End to Word Attachments"). If only a treacherous computing machine can read the latest Word documents, many people will switch to it, if they view the situation only in terms of individual action (take it or leave it). To oppose treacherous computing, we must join together and confront the situation as a collective choice.

For further information about treacherous computing, see <http://www.cl.cam.ac.uk/users/rja14...> .

To block treacherous computing will require large numbers of citizens to organize. We need your help! The Electronic Frontier Foundation and Public Knowledge are campaigning against treacherous computing, and so is the FSF-sponsored Digital Speech Project. Please visit these Web sites so you can sign up to support their work.

You can also help by writing to the public affairs offices of Intel, IBM, HP/Compaq, or anyone you have bought a computer from, explaining that you don’t want to be pressured to buy "trusted" computing systems so you don’t want them to produce any. This can bring consumer power to bear. If you do this on your own, please send copies of your letters to the organizations above.
Postscripts

1. The GNU Project distributes the GNU Privacy Guard, a program that implements public-key encryption and digital signatures, which you can use to send secure and private email. It is useful to explore how GPG differs from treacherous computing, and see what makes one helpful and the other so dangerous.

When someone uses GPG to send you an encrypted document, and you use GPG to decode it, the result is an unencrypted document that you can read, forward, copy, and even re-encrypt to send it securely to someone else. A treacherous computing application would let you read the words on the screen, but would not let you produce an unencrypted document that you could use in other ways. GPG, a free software package, makes security features available to the users; they use it. Treacherous computing is designed to impose restrictions on the users; it uses them.
2. Microsoft presents palladium as a security measure, and claims that it will protect against viruses, but this claim is evidently false. A presentation by Microsoft Research in October 2002 stated that one of the specifications of palladium is that existing operating systems and applications will continue to run; therefore, viruses will continue to be able to do all the things that they can do today.

When Microsoft speaks of "security" in connection with palladium, they do not mean what we normally mean by that word: protecting your machine from things you do not want. They mean protecting your copies of data on your machine from access by you in ways others do not want. A slide in the presentation listed several types of secrets palladium could be used to keep, including "third party secrets" and "user secrets"—but it put "user secrets" in quotation marks, recognizing that this somewhat of an absurdity in the context of palladium.

The presentation made frequent use of other terms that we frequently associate with the context of security, such as "attack", "malicious code", "spoofing", as well as "trusted". None of them means what it normally means. "Attack" doesn’t mean someone trying to hurt you, it means you trying to copy music. "Malicious code" means code installed by you to do what someone else doesn’t want your machine to do. "Spoofing" doesn’t mean someone fooling you, it means you fooling palladium. And so on.
3. A previous statement by the palladium developers stated the basic premise that whoever developed or collected information should have total control of how you use it. This would represent a revolutionary overturn of past ideas of ethics and of the legal system, and create an unprecedented system of control. The specific problems of these systems are no accident; they result from the basic goal. It is the goal we must reject.

This essay is published in Free Software, Free Society: The Selected Essays of Richard M. Stallman

http://www.gnu.org/philosophy/can-y...

translations of this page:
http://www.gnu.org/philosophy/can-y...

Forum posts

  • Mr. Stallman:

    A slight rephrasing of what one famous American once said explains your articles point of view: "Stupid is as stupid says." I would suggest you keep a watch out for crop circles, black helicopter, shadow people and most everything else Art Bell/George Norey deliver nightly on talk radio. They will provide you with a host of other conspirators beside MSFT.

    • The preceding message is defamatory and abusive. And whatever you think of his point of view, it is patently absurd to call Mr. Stallman "stupid".

    • dickhead mmmmmmmmmmmmmmmmmmmmmmmmmmmmm

  • Here’s a comment from from another article on windows
    Windows XP Professional Bugging Device?
    http://iraqwar.mirror-world.ru/tiki...

    knoppix is a great linux for windoze users interested in switching over

    What is KNOPPIX?

    KNOPPIX is a bootable CD with a collection of GNU/Linux software, automatic hardware detection, and support for many graphics cards, sound cards, SCSI and USB devices and other peripherals. It is not necessary to install anything on a hard disk. Due to on-the-fly decompression, the CD can have up to 2 GB of executable software installed on it.

    ie- you can download this free linux, and try it out today- no need to change anything on your computer, just boot from cd. then if you like it and want to migrate, you can install this alongside windoze and have a dual-boot setup (choose win/linux when you turn machine on) so you can always go back to windoze when you need it.

    (when you install to hard drive, you have to re-partition it, so if you only have one drive, you will have to reinstall windoze, but it is worth it. when partioning, keep in mind linux can see and use the windoze drive, but windoze can’t see the linux side.)

    when you see how incredible linux is, and it comes with (or you can download) all the free software you will ever need, you will absolutely love it. if you trade stocks you will want to short micro$oft bigtime.

  • This sounds like somehting the US govt (and all govts for that matter) should outlaw at all costs, not give it’s support to. Once control of private computers takes hold, the danger instantly becomes worldwide and overwhelming. Even govt computers will be vulnerable to hackers implanting coding to control them from elsewhere - such as the middle east ?

  • Oh,I get it ! The government want this coding implanted in private computers so they can spy on individuals and/or take control of them. What won’t this government do in the cause of fighting terrorism? Everything this government does backfires. Once governments catch on to this bit of malice all governments will be spying on, and taking control of, each other - serves them right. USA is near collapse.

  • This is a very very dangerous threat. Most intelligent people now in Europe and USA have already realised their freedom is under serious threat and will already be making plans to live elsewhere. Elsewhere will be the only remaining resort for freedom lovers, quite soon. Someone tell me how to get myself organised with encoded email and surfing for privacy.

  • It is quite obvious that every effort is being made by government, corporate America, and whoever else is interested, to exert power and influence over our lives. Spyware has been around for quite a while, and now there is a big business in selling spyware blockers and virus detectors, which give computer owners a false sense of security. It is all a facade. Those with the power will use it... often and maliciously. The only way to be unaffected is to unplug yourself from the net, buy out of the system, and find a nice, quiet place to wait out the coming collapse of the empire. Or not.

    • The only way ’out of this system’ is to buy a mac!

      www.apple.com

      I have had malware, adware, spyware free computing for over 14 years!

      It’s great to know that I can get an email with the latest windows virus in it and deliberately clicking on the attachment and it not doing anything to effect my fantastic Mac OS X panther OS!!

      Want to leave all that windows malware crap behind - THEN BUY A MAC - BELIEVE ME YOU WILL NEVER REGRET IT!!

  • Instead of working yourself into a righteous tizzy, why not just do what the smart folks do? Buy a Mac!

    • Absolutely. Don’t use Microsh*t at all.

      Just get a Mac!

    • From Apple’s 2003 SEC filing:

      "In August 1997, the Company and Microsoft Corporation (Microsoft) entered into patent cross license and technology agreements. In addition, Microsoft purchased 150,000 shares of Apple Series A nonvoting convertible preferred stock ("preferred stock") for $150 million. These shares were convertible by Microsoft after August 5, 2000, into shares of the Company’s common stock at a conversion price of $8.25 per share. During 2000, 74,250 shares of preferred stock were converted to 9 million shares of the Company’s common stock. During 2001, the remaining 75,750 preferred shares were converted into 9.2 million shares of the Company’s common stock."

      Oh yeah. Buy Apple. That will save you....

    • The 1997 agreement with Microsoft was for a span of five years. The Microsoft shares were non-voting shares.

      The agreement was never renewed as far as I am aware. Apple now has the ability to stand on its own two feet and is one of the very few profitable computer hardware companies. It was profitable before the advent of the recent iPod sales explosion.

      In an interview with Kevin Browne of the Microsoft Macintosh Business Unit (they produce a Mac version of Office):

      BROWNE: I don’t believe we still have that investment. Five years is a long time. They were nonvoting shares, and it isn’t like that had a lot to do with how we approached the business. [A spokesman for Microsoft later confirmed that Microsoft no longer holds the Apple investment it made under the companies’ 1997 agreement.]

  • before i switched to linux, i had heard it was a lot of command line prompts, etc.... i couldn’t believe it when i loaded it up for the first time- it’s a full point and click operating system with menus, rt click everything, incredible graphics, everything you need right there, nothing more to buy (except an external modem at the thrift store)

    it’s like there is a big scare meme out there regarding linux- what a joke

  • You don’t have to be a socialist left leaning America hater to know that Microsoft totally sucks.

    Go Linux! Go Firefox! Go open source!

  • Richard Stallman, I’m sorry but this is one of the worst pieces of journalism I’ve read in the last year. Your summary of trusted computing is so off the mark, it is laughable. All trusted computing does is basically remove your option for ripping off digital data. That’s it. It doesn’t change anything else. If you are upset about that, then you are a thief, otherwise it wouldn’t bother you. But this goes well beyond a Song by Prince. This is about who you are. When your fingerprint data is on your computer, or your SSN, or anything about you (especially your medical records), once that is compromised, it cannot be changed. You cannot change your fingerprint. Your "person", Your "entity", will be hacked...permanently!

    If you understood that, you would embrace trusted computing. Rather than fear trusted computing, you should fear a future without it! I can’t imagine a world where my data would be open to anyone with a decent PC. Hackers could change my medical records to read incorrectly, so the pharmacist would prescribe exactly what I’m allergic to just to kill me easily, without my even knowing it! It would be ridiculous.

    • man..you’re scary..you sound like a try to convince the dumb a$$ people politician. Do not accept the unacceptable and by the way..WAKE UP!

    • There’s only one valid point in your message.... True original digital works need to be protected... but you’ve failed to grasp the main points of Stallman’s peice...

      The computing industry as it stands does not have a trustworthy record when it comes to software and hardware for the masses. "Trustworthy computing" is an oxymoron for the current state of the industry. To many companies have put the companies priorities above their customers. Spyware... hidden "features"...... who’s to say what is being transmitted where without your knowldge or approval.
      You assume that people who object to the formulations in trusted computing are theives wanting to steal digital material.... When in fact they may in fact simply not want digital material stolen from them. It simply boils down to a total lack of trust between consumer and the Industry .... If that trust were there ... extremly few people would have a problem with it.

      Joe Average Programmer.
      ps. I have several copyrighten works that I defend the copyright and patents on ... vigorously

    • > Your summary of trusted computing is so off the mark, it is laughable. All trusted computing does is basically remove your option for ripping off digital data.

      The only way it can do so is by taking control of your computer away from you and putting it in the hands of somebody else. That’s why it’s called "trusted computing" - it’s not that you can trust your computer, it’s that the corporations can trust your computer.

      Once you lose control of your own computer, the various nasty things Stallman describes are indeed possible. And we can see from Microsoft’s previous behaviour, it is capable of some very nasty, anticompetitive, consumer-harming actions. So these nasty things are not only *possible* but *probable*.

      > If you are upset about that, then you are a thief

      Copyright infringement is not theft. Please refer to Dowling vs US, 1985 if you disagree.

      The rest of your post is misinformed scaremongering that Stallman actually addressed in the article if you would bother to read and understand it. There’s nothing about trusted computing that stops people from breaking into your computer.

      I dislike this article, but for different reasons to you. It seems to be all over the place - I can’t tell who the audience is meant to be. Some parts seem to be geared towards non-techies, others will confuse or alienate them. The whole thing reads like a paranoid conspiracy rant, mostly due to the choice of language, I think. I am sympathetic to the point Stallman is trying to make, but from reading his other work, I feel he is capable of writing a much more convincing piece than this.

  • I believe time has arrived that LINUX and the like start building real competition between the makers. Currently we are forced to obey rules and we are ffited into boxes without a choice. So please people wake up and start inventing, that’s what business is all about. No more spying on my computer .