Posted on 10/25/2001 3:19:32 PM PDT by kevkrom
For more than two centuries Americans have prided themselves on protecting their freedom by limiting the concentration of power. With its famous “balance of power,” the U.S. Constitution divides federal power among the three branches of government, while the Bill of Rights provides other checks – all of which have served the country well.
With new threats have come new protections. In the nineteenth century, corporations grew and multiplied, and some amassed the kind of power we had always sought to limit in our own government. Anti-trust laws were passed to guarantee that commercial power would be distributed among competing companies in every sector of business.
These protections have also served us well.
But now a new threat has arisen that may be less obvious but more dangerous.
While computer and communication technology have enhanced our lives in many ways, they have also caused fundamental changes that make protecting ourselves from the concentration of power more difficult--in part because these technologies have made it feasible to build organizations that are larger and more globally-distributed than ever before. The result: we need to be more alert to potential abuses of power.
The fact that everything is interconnected makes it possible to concentrate power in a new way. A business that holds a monopoly in one area may be able to use its influence to extend its monopoly in entirely new ways. This is what is happening as Microsoft attempts to extend its monopoly over personal computer operating systems into the Internet world.
Microsoft .NET (pronounced “dot net”') is a far-reaching project to channel the personal information of all customers who browse, shop, and congregate on the Internet into Microsoft or Microsoft-controlled companies. It is made up of components: Passport establishes an individual's identity on the Internet .NET My Services collects various pieces of private information--including .NET Contacts, .NET Location, .NET Inbox, .NET Documents, .NET Devices, and .NET Wallet.
The control over computer software that Microsoft has achieved through its dominance of operating systems has limited competition and innovation throughout the computer field. Through .NET, it is attempting to exert the same control over all Internet commerce. Just as kings got to grant or deny royal charters to businesses, the Redmond giant, if successful, may be able to say who can do business on the Net and who can't.
But there is another and more immediate problem with .NET--something that could evolve from a problem to a national crisis even if Microsoft is well behaved or well regulated in the use of its new powers. That is the problem of security, as opposed to privacy.
What is the difference? If Microsoft knows everything about everyone--and the information being collected by Passport and My Services make that look quite likely--the company could still be constrained in how it uses that information by laws or corporate privacy policies. That presupposes, however, that Microsoft is actually in control of the information it has collected.
Microsoft’s security record is nothing to brag about. Windows is the most widely used yet one of the least secure operating systems around. Microsoft programs have shown themselves vulnerable to worms, viruses, and break-ins, on Microsoft's own computers and on everybody else's. The Melissa virus spread through Microsoft's word processing and e-mail programs, sending itself to the first 50 people in each of the infected machine's address lists. A year later the ILOVEYOU virus infected the Web through a different part of Microsoft’s e-mail package. More recently Microsoft's own internal systems were hacked, and the intruders spent over a month accessing system source code, likened to Microsoft's “crown jewels,” before their unlawful entry was discovered.
Why should Passport be any different? Early security analyses show that compromises made for the sake of universal availability make Passport less secure than it might have been, less secure than it should be, and perhaps just plain insecure. The My Services databases will be a particularly ripe target for hackers. (Since all users of Microsoft's free Hotmail service have Passports, many unknowingly, there are already 160 million Passport users.)
Remember, Willie Sutton used to rob banks because “that's where the money is.”
Suppose that in a year or two Microsoft has succeeded in funneling the lion's share of information about people's identities, preferences, financial assets, and shopping habits to itself and putting them all in one big database. If Microsoft can't protect its own systems: what hope is there for Microsoft databases that will contain the credit, locations, and private files of millions upon millions of users?
Suppose somebody breaks in. Everyone's personal and financial information would suddenly be in the hands of the intruders. Or worse--they could be scattered about in a series of resulting malfunctions. The extent of the financial, social, and political disaster that could result is hard to imagine.
If history has shown us anything, it's that the best protection lies in decentralizing power and promoting competition. We need to take the same approach to our digital identities and make sure that who and what we are is not held captive by a single entity.
Whitfield Diffie and Susan Landau are respectively distinguished engineer and senior staff engineer at Sun Microsystems and co-authors of “Privacy on the Line: The Politics of Wiretapping and Encryption,” MIT Press, 1998. Diffie is also the co-inventor of public-key cryptography.
The "Windows is full of holes" assertion will really have nothing to do with .NET one way or the other in the long run. Microsoft now has even more incentive to tighten up Windows - a project that will be a lot easier for them when everyone starts running .NET code and gets rid of ancient software (and buggy old hardware drivers - the real cause of most Windows problems).
Internet Commerce Commission
Three better words: Don't use Passport. But migrating to Linux is still a good idea. :)
Could it be that they're just jealous Microsoft is rolling out their implementation first? Naaaawwwww!
It would be safer, but still a bad idea. Nobody should be able to collect such a large amount of personal information -- no matter what the "convenience" of that is. A better solution would be smart-card technology where individuals can store and manage their own personal information and choose how and when to divulge parts of it.
For instance, the Operating System is declining in importance. What matters today is whether you can read someone else's e-mail and view someone else's web page. In other words, the browser matters more than the OS. Consider Free Republic. It doesn't matter what Operating System you are running to see FR, but it DOES matter that you are using a modern browser.
Moreover, companies have a vested interest in running their old software. This means that new Operating Systems must be compatible with their old (and existing) systems. No company wants to scrap years of its internal software development merely to have a new OS (that does what, precisely, to advance the bottom line of a company).
For another example, consider two products for sale. They sit side by side on web pages at Amazon.com and on the shelf at CompUSA. They both sell for $99. One product speeds up your internet access by a factor of 1.5. The other gives you new Operating System gadgets. Which will you buy? Which will corporations buy?
The answer will be speed far more often than gadgets. Microsoft has gone to their well (of the OS) far more times than they should have. They are eventually going to run up against the law of diminishing returns as people figure out that a new OS doesn't do anything besides cause old software to malfunction (as well as force users to relearn the steps that are required to perform their same tasks).
People and corporations aren't buying and replacing new PC's every 18 months anymore, either. Everyone already has enough computing power, and everyone realizes that the bottleneck is in the bandwidth connection to the net. Well, at least everyone except Sun and Microsoft (and Apple, if they still count).
I don't trust Sun with my information much more than I would trust Microsoft. They may secure it better, but they shouldn't have it in the first place.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.