[cap-talk] A strategic pejorative

[Ka-Ping Yee]

Norm Hardy wrote:
> It seems that Microsoft believes that security is achieved by knowing
> the author of the code that runs on your machine.

Jonathan Zittrain's op-ed piece in the New York Times
on Monday reveals that Microsoft has been able to dupe
him into believing this as well.  I wrote a response,
which is included below.  (I previously sent this to
Mark, but i hope you won't mind it here on the list.)


-- ?!ng


--- letter to the editor follows
Date: Thu, 14 Mar 2002 01:31:23 -0600 (CST)
From: Ka-Ping Yee <ping@lfw.org>
To: letters@nytimes.com
Subject: Letter: In Response to Zittrain


In Monday's Op-Ed section, Jonathan Zittrain lamented that
in order for computers to be secure and reliable, we must
lose the freedom to share and control the information on them.
This is not so.

Yes, we need computers that can be reliably controlled --
but Zittrain missed the crucial distinction between control
by the consumer and control by the manufacturer. Whenever
one encounters the word "trusted", as in "trusted PC", one
must ask "trusted by whom?" A computer should be reliable
in that it reliably carries out the wishes of its *owner*.

Zittrain implied that PCs can be made reliable only by
removing their flexibility to run arbitrary software.
In fact, it is entirely possible to create computers that
can safely run untrusted software. But Microsoft would
rather have us believe as Zittrain does, to justify
controlling what software we are allowed to use.
Don't be taken in.



Ka-Ping Yee
Computer Science Department, University of California, Berkeley

home address: 1730 La Loma Avenue, Berkeley, CA 94709
cellphone number (anytime): 510 612-1824


--- text of the article follows
(http://www.nytimes.com/2002/03/11/opinion/11ZITT.html)

March 11, 2002


Taming the Consumer's Computer

By JONATHAN L. ZITTRAIN
CAMBRIDGE, Mass.

Last month the top executives of two of the most powerful
media companies in the world traveled to Washington to
testify before Congress about the most dangerous threat they
face: the American consumer.

Of course they didn't quite phrase it that way. Michael
Eisner, chief executive of the Walt Disney Company,
complained that the technology industry made it too easy for
"people wanting to get anything for free on their television
or computer or hand-held device." Peter Chernin, president
of the News Corporation, worried that the Internet's
"ability to empower the general public" would lead to the
online theft of some of the contents of media companies'
digital treasuries.

Both men want the next generation of personal computers to
be unable to deliver unauthorized movies, music and other
content, and they asked that Congress stand ready to
intervene if industry failed to deliver the necessary
technology to safeguard its products. A lone executive, from
Intel, objected.  The market, he said, not Congress, should
dictate how technology works.

The debate on Capitol Hill between content providers like
Disney and those who make the products to deliver that
content, like Intel, was really a proxy for a much larger
debate: What do we want our technology to do? How do we want
it to work? And do we have any say in the matter?

For most forms of current technology, these questions have
long been settled.  No executives are worried about illegal
uses of televisions or coffee makers, for instance, and no
consumers need to worry that these appliances will crash or
become infected with viruses - and we would never accept it
if they did. Our TV's and VCR's don't take ill when we watch
infected programs, and our refrigerators never require
rebooting.

Yet we have come to tolerate such problems from our
personal computers. The PC's fundamental and unique
unreliability flows from its construction as a so-called
flexible platform - a mere staging area for many kinds of
software.  The point (and bane) of a PC is, essentially, to
run whatever software it encounters.

There are plenty of reliable computers: the controls of the
modern Airbus 340 are fully given over to a computer, and
video-game consoles consistently work as advertised, as do
Aegis missile cruisers, cellular telephones and digital
watches. All contain transistors. Can technologists figure
out how to replicate the reliability of airplanes,
telephones, watches and televisions in future versions of
Windows and Linux, so that a mischievous 12-year-old half a
world away can't erase a thousand far-flung hard drives?

Absolutely. In January Bill Gates sent a memo to all
Microsoft employees declaring a new, overarching, even
revolutionary mandate: Software must be reliable and
"trustworthy." This new focus is both welcome and worrisome,
because the very steps needed to secure our computers and
networks can be the steps that will deaden them to continued
innovation and creative uses - while opening them to more
intrusive monitoring by mainstream technology manufacturers
and content providers.

Mr. Gates and the co-captains of his industry are producing
blueprints for so-called "trusted" PC's. They will employ
digital gatekeepers that act like the bouncers outside a
nightclub, ensuring that only software that looks or behaves
a certain way is allowed in. The result will be more
reliable computing - and more control over the machine by
the manufacturer or operating system maker, which essentially
gives the bouncer her guest list.

And as soon as there are limits on the software a PC can
run, there will be limits on what PC users can do. That's
exactly what executives like Mr. Eisner and Mr. Chernin
want. They'd like software and hardware companies to build
PC's to allow a publisher an exquisite level of control over
a book or a song or a movie in the hands of a consumer.
Trusted PC users might spend $1.95 for a single viewing of
the latest Disney animated feature, or they might pay a
similar amount for three listens of U2's most recent single.
Security, stability, reliability - and control.

Users may buy a trusted PC even if it won't show a digital
video lent by a friend, because it will act less like a
temperamental computer and more like a crash-free super-VCR
- like the just-released Microsoft X-box. But in the process
of "improving" our PC's, the manufacturers and their
partners will be able to determine what software will and
won't be allowed to run, what we can and can't do with the
information to which we're exposed, and what data about our
online activities will be collected and sent to the
manufacturer or content provider to assist in future
marketing.

Apart from manufacturers' desire not to define the uses of
a PC too narrowly, the public interest in flexible computer
platforms and open data exchange remains almost entirely
absent from this debate. Disney and its cohort are free to
view PC's as delivery systems for Mickey Mouse and friends -
and to make their content available through broadband. But
it's an entirely different matter to re-engineer the PC so
it becomes simply another appliance.

The PC platform and the Internet to which it connects is
the engine of the information revolution - as important to
our economy and culture as all the movies in Hollywood. A
shift from open platforms to closed appliances may be
inevitable, as our consumerist desire for trustworthy PC's
dovetails with information providers' obsession with
control. But we should beware the haste with which some
would sacrifice flexibility for control. If we can't at
least temper this taming of the chaotic PC, the victims will
be competition, innovation and consumer freedom.

--- fin