Graham Lally wrote:
> http://www.theregister.co.uk/content/4/23715.html
Just to pick up on some of the points in this... Firstly, Bill's
defining MS' next big catchphrase, "Trustworthy Computing" (Capitalised.
Always with the capitals). After a load of blah regarding where this has
come from and what people want, he finally gets down to business,
outlining the company's intentions: Availability, Security and Privacy.
(Not to be confused with ASP though.)
<quote>
Availability: Our products should always be available when our customers
need them. System outages should become a thing of the past because of a
software architecture that supports redundancy and automatic recovery.
</quote>
Yadda yadda, our products should do what people actually expect them to
do in a professional business environment. For a change. Yadda.
<quote>
Security: The data our software and services store on behalf of our
customers should be protected from harm and used or modified only in
appropriate ways.
</quote>
Here we start to ponder the definitions of word such as "harm" and
"appropriate". But the fundamental principals are solid, if PR material
from the realms of extremist unoriginality. Technical implementation has
never been MS' strong point though, and while the e-mail in the link
describes the training that all employees are going through, etc, track
records and apparent "in-house" experience combined do not particularly
bode well. This leaves them at least 2 tracks - either focus on
long-term training and experience, expecting numerous flaws and
swallowing their pride, or buy and integrate existing tech. Bets please?
<quote>
Privacy: Users should be in control of how their data is used. Policies
for information use should be clear to the user. Users should be in
control of when and if they receive information to make best use of
their time. It should be easy for users to specify appropriate use of
their information including controlling the use of email they send.
</quote>
With their interest in integral DRM, this was only a matter of time.
I've noticed a couple of attempts at e-mail security which have
apparently faded into relative obscurity (anyone have any current
details of such schemes? Automatic expiraton springs most to mind).
Leaving monopolistic tendencies aside (what are the chances you'd be
able to read a DRM mail on a non-MS client, even if the sender wanted
you to read it?), is this a Good Thing or a Bad Thing? Whilst
popularisation of standard encryption, and its understanding, must be
good, I fear the element of corporate control over where and when it can
be used - it's not hard to imagine "essential patches" to prevent
encryption of *illegal*, or indeed simply *controversial* content. It's
ok to restrict substance as long as it's non-threatening and uninteresting?
Crypto without fear? A society further embedded in a false sense of
security that has even more ammo to throw at those who question it. One
to watch closely mayhaps.
.g
--
"Sometimes I use Google instead of pants."
