Germany cautious on Microsoft security
The German government is worried about the adoption by federal agencies of Microsoft's upcoming Palladium security technology, fearing the system could lead to higher costs.
In what appears to be the first time a nation has criticized the technology, Germany's Ministry of Economics and Labor said in a letter to the Bundestag, or parliament, that widespread adoption of Palladium raises the "danger that applications of software for new high-security PCs require a license by Microsoft, resulting in high costs." The Nov. 26 letter was a response to queries from members of the conservative Christian Democratic Union party.
The Palladium architecture relies on future "trusted" hardware for tasks such as limiting piracy and enhancing security. In part, Palladium involves encrypting certain data stored on a hard drive. But critics have said that in addition to keeping hackers away from such data, the technology could be used as a policing mechanism that bars people from material stored on their own computers if they have not met licensing and other requirements. Microsoft's licensing policies have also come under attack.
In contrast to the German reaction to Palladium, White House cybersecurity czar Richard Clarke said last week that trusted computing proposals were "a good beginning, but it's not enough." Clarke called on technology companies to ensure that future operating systems incorporate security features.
The German letter also expressed concern about Palladium's potential to create "substantial obstacles to market entry" to competing operating systems--particularly ones like Linux that are based on free software. It also mentioned a bill introduced by Sen. Fritz Hollings, D-S.C., that would jump-start Palladium by implanting copy-protection technology in PCs and electronic devices.
Microsoft said Germany had little to worry about.
"The plan is not to have Microsoft be the arbiter of what can and can't run on your PC," Amy Carroll, the group manager for Windows Custom Platform Technology, said on Monday. "One of the stated goals of Palladium is to allow the machine owner to maintain control over what they do and do not wish to run."
"We're committed to working with the German government and anyone else who wants to talk to us," Carroll said. "Governments in general tend to work with sensitive data and sensitive information and have pretty deep concerns about the security of the information they're working with. Anything that can increase the security of that information is a good thing."
Gerald Himmelein, an editor at the German computer magazine c't, said the length of the letter to Bundestag member Martina Krogmann, who handles Internet policy for the CDU, is unusual.
"Normally an answer to an inquiry is a paragraph or two," Himmelein said. "In this case, it's two and a half pages."
Himmelein said the government created a working group in August to review Palladium and the related Trusted Computing Platform Alliance (TCPA) effort, which involves Hewlett-Packard, IBM, Intel and Microsoft.
News.com's Jonathan Skillings and Robert Lemos contributed to this report.