net.wars: Disabling technologies
by Wendy M Grossman | posted on 05 July 2002
Recipes for scepticism? Maybe, skepticism (if you're American?) Wendy Grossman has found some irony in it all- starting with ...
It turns out that the perfect recipe for skepticism is to have the following happen, all in the same week: 1) Microsoft announces Palladium; 2) you interview Donald A. Norman ; 3) you spend two days at a course on networking security run by ISS . So Microsoft has "gotten security" like it "got Net" in 1995. At the time, there was a lot of worry that the Net would wind up as a proprietary Microsoft system. That hasn't happened (at least, yet), for a variety of reasons. From the sounds of it, with Palladium they're trying to correct the biggest of those - too many alternatives - by getting the chip manufacturers involved. Overall, it sounds like the company wants to roll every Holy Grail of Internet computing into one intiative: it's going to give us the encryption and trust of PGP, our very own digital rights management (hey, Ma, you can't read my email!), secure our systems from evil outsiders (viruses or Linux?), and throw out the junk email! I bet it will do micropayments, too!
Let's leave out the philosophical reasons why we might not want this. Like, that in the wake of all that anti-trust mess we might object to a system that can be so clearly manipulated to lock all non-Microsoft suppliers out of the software market and turn our computers into slaves of the entertainment industry. Let's think instead about how ordinary users are going to cope with systems designed not as enabling technology, like the original Silicon Valley dreams, but as disabling technology . Computer manufacturers have been trying ever since Donald Norman's 1988 classic, The Design of Everyday Things , to make computers easy to use. They have completely and wholly failed.
Norman's book launched several generations of usability specialists. Yet despite their best efforts, computers are harder to use now than they ever were, even if they look prettier. This is particularly true for the huge swath of middle-ground users (my category): not guruate, not incomputerate. I know enough to back up my own files, make my computers talk to each other, and complain to the PR people when the Bluetooth PCMCIA card still won't talk to the damn printer they sent for review. As of yesterday, I have a vague idea of how to edit a routing table - that is, I've learned just enough to make some serious trouble for myself.
It's very difficult to get intelligent help that's not aimed at experts. The presumption seems to be that either you're a dummy in need of cartoons, bad jokes, and lots of bright yellow to drag yourself through learning how to change your desktop colors or VB.NET Core Classes in a Nutshell is your idea of light reading. Even Windows' online help is prone to this syndrome, in which you're offered a small set of troubleshooting options for, say, your network connection, and when those run out you're told to contact your system administrator. Hey! That's me! Now what?
So, Palladium. How are they going to build this thing so anyone can use it? This is an industry that builds an operating system such that when you attach a scanner to the computer nothing happens. Oh, Windows detects new hardware and you install a driver. But then the computer doesn't offer to scan anything; it just sits there. It's impenetrable stuff, it really is. This is the same sensibility that turns on HTML by default for email for users who don't know what you're talking about when you ask them to turn it off. We're talking a company whose products get near-daily security patches and users who can't deal with them. Palladium is going to protect your system from viruses by not running "unauthorized" code. Is Outlook unauthorized? Is Word?
Seems to me that what will happen is that people's computers will fail in unpredictable ways, like the friend of mine who found himself stuck in the middle of nowhere with a laptop that had de-activated its installation of Office XP so he couldn't work. (Now you know why I am not running XP anything.) People will not necessarily know why the computer has failed or how to fix the problem. Some files will mysteriously not copy. Years of trying to teach people the importance of making backups out the Window. They will not understand what the default settings are or where to find them, or what they mean if they do. Online help explains controls thusly: "Turns smegglediff on and off." What is smegglediff? When do you use it? To accomplish what? On these subjects, your online help is mysteriously silent.
Open-mindedness suggests we must wait for more details and sample implementations before launching into full-scale attack mode (meantime, we can amuse ourselves by protesting against David Blunkett's "entitlement card," back in Parliament this week and speculating how FIPR's ex, Caspar Bowden, will spend his first week as Microsoft's security guru). But at first glance Palladium sounds, overall, like warmed-over Hailstorm: a bad idea.
What amazes me most is the name. Palladium, the statue of the goddess Athena, that guarded Troy? Hey, folks! As we used to say of America's most popular brand of condoms, Troy lost . And it was defeated by having some people penetrate their wall ! It doesn't bear thinking about.
Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, follow on Twitter or send email to netwars(at) skeptic.demon.co.uk (but please turn off HTML).
net.wars: Disabling technologies