You are viewing an archived webpage. The information on this page may be out of date. Learn about EPIC's recent work at

Microsoft Palladium: Next Generation Secure Computing Base

Top News

  • Doc's Cover Palladium Privacy, Unique Identifier Issues. EPIC has documents from the National Institute of Standards and Technology under the Freedom of Information Act describing Microsoft Palladium. The documents (pdf 980k) describe Palladium's applications for Digital Rights Management and note that the technology embeds "unique machine identifiers," thus raising risks that user behavior may be subject to traffic analysis. Issues raised by Palladium, which is now known as the Next Generation Secure Computing Base, are similar to privacy problems with the controversial Intel Pentium Serial Number.


In June 2002, Microsoft released information regarding its new "Palladium" initiative. Palladium is a system that combines software and hardware controls to create a "trusted" computing platform. In doing so, it would establish an unprecedented level of control over users and their computers.

Palladium could place Microsoft as the gatekeeper of identification and authentication. Additionally, systems embedded in both software and hardware would control access to content, thereby creating ubiquitous Digital Rights Management schemes that can track users and control use of media. Microsoft expects to have elements of the system in place by 2004.

Professor Ross Anderson has written an extensive FAQ on the Palladium system. Seth Schoen of EFF has published a detailed summary of a meeting about Palladium.

Known Elements of the Palladium System

  • The system purports to stop viruses by preventing the running of malicious programs.
  • The system will store personal data within an encrypted folder.
  • The system will depend on hardware that has either a digital signature or a tracking number.
  • The system will filter spam.
  • The system has a personal information sharing agent called "My Man."
  • The system will incorporate Digital Rights Management technologies for media files of all types (music, documents, e-mail communications). Additionally, the system purports to transmit data within the computer via encrypted paths.

Many questions remain regarding the Palladium system. For instance, is the system even necessary? Many of the known elements are already offered by third parties or could be accomplished through simple means that do not require identification and authentication. For instance, simply avoiding the use of Microsoft's Outlook e-mail software, which in some cases automatically executes attachments, can prevent the running of malicious code and the spread of viruses. Products already exist that can store personal information on encrypted partitions of the user's hard drive. Spam avoidance is served by a number of tools, such as whitelists, blacklists, and filtering, without any requirement of identification or authentication.

"Trusted" Computing Means Controlled Computing

The known elements of the Microsoft DRM system will control users and limit the abilities of computers. Microsoft has obtained approval for two patents (Digital Rights Management Operating System, No. 6,330,670 and Loading and Identifying a Digital Rights Management Operating System, No. 6,327,652) in December 2001 that contained many of the basic elements of a trusted operating system. These patents may provide the blueprints for the Palladium system--a system that establishes trust through control.

"A digital rights management operating system protects rights-managed data, such as downloaded content, from access by untrusted programs while the data is loaded into memory or on a page file as a result of the execution of a trusted application that accesses the memory. To protect the rights-managed data resident in memory, the digital rights management operating system refuses to load an untrusted program into memory while the trusted application is executing or removes the data from memory before loading the untrusted program. In the latter instance, the digital rights management system can terminate the trusted application as well. If the untrusted program executes at the operating system level, such as a debugger, the digital rights management operating system renounces a trusted identity created for it by the computer processor when the computer was booted. To protect the rights-managed data on the page file, the digital rights management operating system prohibits raw access to the page file, or erases the data from the page file before allowing such access. Alternatively, the digital rights management operating system can encrypt the rights-managed data prior to writing it to the page file."
--Digital Rights Management Operating System, No. 6,330,670

"The guaranteed loading of a digital lights management operating system on a general-purpose personal computer ensures that downloaded content can be protected from unauthorized access. Furthermore, the generation of an identity for an operating system based on its loaded components allows a content provider to knowledgeably determine whether to trust content to the subscriber computer."
--Loading and Identifying a Digital Rights Management Operating System, No. 6,327,652

"A DRMOS must also protect the content once it is loaded into the client computer's memory by a trusted application. In particular, the DRMOS must prohibit the use of certain types of programs and refrain from performing certain common operating system procedures when content is in memory. "
--Loading and Identifying a Digital Rights Management Operating System, No. 6,327,652

In a June 2002 submission to BSDVault, one user noted that the user agreement in Microsoft's Windows Media Player allows the company to: "provide security related updates to the OS Components that will be automatically downloaded onto your computer. These security related updates may disable your ability to copy and/or play Secure Content and use other software on your computer." This allows Microsoft to control components of the users' operating systems without notice or consent.

News and Resources on Palladium

Share this page:

Defend Privacy. Support EPIC.
US Needs a Data Protection Agency
2020 Election Security