Control freaks target PCs
Karen Dearne
MAY 13, 2003 

HOLLYWOOD and Bill Gates may be able to take control of our PCs via 
new digital rights management techniques that allow content providers 
to enforce their policies on our machines, IT security pioneer Professor 
Bill Caelli has warned.  

Microsoft's Next-Generation Secure Computing Base (NGSCB, formerly 
dubbed Palladium) and the Trusted Computing Group (TCG), led by US 
industry giants including Intel, are building software and hardware 
platforms that will offer greater trust in the PC environment.  

But while Mr Gates was trumpeting a $US250 million ($390 million) 
investment in security system for PC users at the Windows Engineering 
Conference in New Orleans last week, in head office chief executive 
Steve Ballmer was telling customers corporate data protection and 
anti-piracy locks were at the core of Microsoft's future.  

Both NGSCB and TCG aim to produce a platform for applications that 
cannot be accessed - "tampered with" - by users, and cannot run 
pirated software or other content.  

Those applications also may be able to communicate securely with the 
vendor.  

Obvious candidates would be music and film producers who could sell 
DVDs or CDs that could not be copied, and could only be played on 
approved machines.  

"I believe the scene was being set last week," said Professor Caelli, 
head of the Queensland University of Technology school of software 
engineering. "Microsoft has conceded that it doesn't need NGSCB at 
all, really, to provide highly secure email and other services.  

"In January it announced a collaboration with (secure messaging 
company) Spyrus to deploy an Exchange Server and Outlook system to 
the US Department of Defence, and was apparently happy to use the 
Spyrus sub- system as a trusted unit."  

Elsewhere, chip-maker AMD said digital rights management (DRM) was 
regarded as critical to protect intellectual property.  

"In a company document AMD goes to extreme depths to explain why it's 
important that the manufacturers of software and systems have their 
rights protected, and that they enforce them," Professor Caelli said.  

"Specifically, they say that sales price reflects piracy. There's a 
lack of third- party trust - that's you and I."  

But these DRM initiatives would sorely test global trust in corporations 
and industries.  

"I think there will be a major push here in Australia and elsewhere 
to develop reverse engineering tools," he said.  

"We're going to have to be better educated and may even need to 
develop new tools simply so we can evaluate what were being sold."  

However, present laws effectively prevent reverse engineering 
copyright protection schemes without the owners express permission.  

SingTel Optus' counsel Hamish Fraser told the AusCERT 2003 conference 
that recent amendments to the Copyright Act in Australia allowed 
reverse engineering for error correction, security testing and 
interoperability.  

These changes are yet to be tested in court.  

Professor Caelli warned: "People in e-government, e-health, should 
take a very clear note that the manufacturers have said: 'This is an 
untrustworthy product, we're doing something about it, but you can't 
buy it with confidence now'."  

                            -==-

Source: Australian IT - http://australianit.news.com.au/articles/
0,7204,6422580%5E15319%5E%5Enbv%5E15306,00.html


Cheers, Steve..

---