X

Software spies can't cut Gates's mustard

The Washington Post revealed last week that appended to Microsoft's $20 million donation to the University of Cambridge was a request to work on an software antipiracy device that would let software firms spy on their customers.

4 min read
"Pop, what the heck happened to you?" Vermel asked, rightly concerned. I had two black eyes and a dirty fedora as I sat down at the breakfast table yesterday morning. "It's all part of the business, kid," and I told him how I got a little too close to a table of high-ranking hardware execs talking turkey on the QT at a local eatery. Some salopard must have ratted me out because before I knew it, two goons had me by the collar and didn't let me go until I tasted the big iron of the dumpster in the alley. If only I had more sophisticated listening equipment like the folks in Cambridge, England.

The Washington Post revealed last week that appended to Microsoft's $20 million donation to the University of Cambridge was a request to work on an software antipiracy device that would let software firms spy on their customers. Dubbed Tempest, the technology has been in use for years by the military and other spooks, but for the first time the Cambridge researchers demonstrated how Tempest could work with ordinary software programs. (It was reportedly the computer department's biggest coup since the Trojan Room coffee pot Webcam went online.)

With Tempest, someone with fancy equipment can park outside an office, pick up the radiation from computer screens inside, and determine what's on them. Tempest-smart software could "broadcast" a serial number; if the snooper picks up more serial numbers than are actually licensed to that business--oh là là--then it's time to call the cops, get a warrant, and book 'em, Dano!

In the Post report, Microsofties promised they wouldn't use Tempest, which would no doubt set off "Big Brother" cries from an already suspicious user base. But the rag didn't ask why Microsoft had no use for Tempest.

According to Ross Anderson, the Cambridge researcher in charge of the project, Tempest doesn't go far enough to curb piracy. The Redmond giant and others in the industry would ultimately like to switch to hardware-based prevention. That means making the copying impossible in the first place by requiring licensees to "log in" with a smart card or by inserting a key into a designated port on PCs.

As thrilling as it might be to eat take-out Chinese and stake out dastardly pirates from an unmarked van, software markers would rather practice preventive medicine. Ironically, Anderson feels such hardware-based prevention is even worse than Tempest.

"We wouldn't like to see this happen, and we have already done a lot to undermine confidence in the claims of tamper-proofness made by smart card salesmen," Anderson wrote to a U.K.-based mailing list for cryptography issues.

Anderson took some heat from his peers on the list, who were shocked that the normally privacy-conscious chap was working on a mass-market implementation of Tempest. Mais au contraire, he argued: His work on Tempest will in fact increase user privacy with special fonts that hide the information on your computer screen from anyone lurking with a souped-up ice cream truck. To see what all the fuss is about, check out the Anderson group's white paper (Adobe Acrobat required), which describes how you can cook up your own spy fonts. Coolio!

Tempers are flaring, if not tempests, over a hoax email circulating ici et là. The email is an allegedly censored interview with Bjarne Stroustrup, designer of the C++ programming language. In it, Stroustrup shocks the interviewer with an admission that C++ was simply a way to slow projects down, make them more complex, and give programmers more work at higher wages. Contacted by one of my Skinformants, Stroustrup ensured him the interview was a hoax not of his own making, and not a very good one at that.

It certainly doesn't hold a candle to a rousing Elizabethan drama, but Javaheads might be in for a new plot twist in the Sun-Microsoft court fight. Just to refresh: Sun slapped Microsoft with a lawsuit, alleging Redmond was putting an unauthorized form of Java into IE 4.0 and its development tools. Microsoft immediately countersued, and the fur has flown ever since. But in recent weeks, both companies have turned the volume down, my legal eagles tell me. Instead of faxing documents and airing dirty laundry to the press, the McNealys and the Gateses have made it downright difficult for the fourth estate to dig for dirt.

At least two reporters asking for Microsoft's most recent filing have been rebuffed at the courthouse in San Jose, California, by a clerk who claims the filing is sealed. Meanwhile, Sun isn't going gently into that good court date, telling reporters they have to schlep over to the courthouse for documents that the Sun staff could just as easily fax to newsrooms.

For two companies that love to speak loudly and carry a big schtick, le silence is deafening and has prompted whispers of settlement. Both sides deny it, of course. Microsoft has a pattern of waving the battle flag and then cutting deals, so let's all keep our ears to the ground between now and the first court date February 27. Let your rumors go forth and Prospero; send one to me today. I cannot make magic without them.