Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

Security vs. Freedom

In the most thorough form of incapacitation, technology makers are building their products to resist any form of alteration once they leave the factory. The paradox here is that while many technology users resent such control, they also need it. A computer network that is truly open, for example, is also dangerously vulnerable to attack by viruses.

Not surprisingly, these days the computer industry is giving higher priority to security than openness. Take, for example, the controversial Microsoft project originally known as Palladium and recently renamed Next-Generation Secure Computing Base for Windows. This effort involves the development of a set of secure features for a new generation of computers. The goal: let users such as banks communicate in ways that prevent disclosure of information to unauthorized persons, using stronger hardware as well as software protection. The system would protect the privacy of medical and financial data far more effectively than today’s security software, and Microsoft insists that it will not restrict the rights of most computer owners; machines will be shipped with the new capabilities turned off.

A computer built on the new specification could run existing software like any other. But the Secure Computing Base could give Microsoft or other vendors the power to disable third-party software on their customers’ computers, if they believe it circumvents rights management. Vendors could also detect and disable user hardware modifications that, as judge, jury, and executioner, they deem a threat to the security of their programs. As evidence of this intent, critics point to phrases in the user license agreements of Microsoft’s Windows Media Player that seem to allow the program’s security updates to disable other programs. “The keys will be kept in tamper-resistant hardware rather than being hidden in software,” contends Ross Anderson, a University of Cambridge computer scientist. “There will be lots of bugs and workarounds that people discover, but eventually they will get fixed up, and it will be progressively harder to break.”

Paul England, a software architect at Microsoft familiar with the system, considers such fears unwarranted. There is, he says, “no a priori remote control” that it will impose or let others impose on a user’s applications. Copyright owners would not, he insists, be able to use the system to inactivate other programs that could capture their data and store it in different file formats.

This blanket of security can smother as well as protect. Web businesses and software vendors will have the option of offering their products only to “trusted” machines-that is, those in which the protection system has been activated. Most content companies would probably begin to restrict compatibility to trusted machines. Downloading a magazine article or a song, for example, might require a machine in which the Microsoft technology was present and activated.

Such measures can prevent hackers and unethical companies from stealing personal information and hijacking personal machines for nefarious purposes. But tamperproofing technology also allows companies, while flying the banner of fighting piracy, to take steps that degrade the performance that law-abiding consumers get from their computers.

Critics argue that Microsoft’s Secure Computing Base comes at too high a price. Princeton computer scientist Edward W. Felten warns that if technology vendors “exploit Palladium fully to restrict access to copyrighted works, education and research will suffer.” Scientists, he points out, must be able to inspect and modify electronic technology, just as automotive engineers and designers must be able to take vehicles apart and tweak components.

Indeed, the kinds of tamperproofing now being put in place threaten the individual tinkering upon which so much innovation is based. They would deprive people of their long-standing right to improve on products they lawfully own-even when they are not violating copyrights or creating hazards. Such user-centered innovation has a long history in the United States. Henry Ford’s Model T and tractor, for example, were made for resourceful country people who constantly found new uses for them: once the drive axle was lifted and a wheel removed, the hub could drive tools and farm equipment. It was a mini power station on wheels, its variations and applications limited only by the user’s imagination.

Some contend that the freedom users have to modify a system and its software is worth the risk. As John Gilmore, a cofounder of the Electronic Frontier Foundation, a Washington, DC-based civil-liberties organization, has written, “Be very glad that your PC is insecure-it means that after you buy it, you can break into it and install what software you want. What you want, not what Sony or Warner or AOL wants.”

0 comments about this story. Start the discussion »

Tagged: Business, Web

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me