Your mission for this weekend: go to your local library–if you can find one that doesn’t [fingerprint](–check out a copy of 1984 and the director’s cut DVD of Bladerunner. Read the one, watch the other, and report back on Monday. HP just announced [your future](, and you’ll probably want to get a leg up on the other kiddies.

> PALO ALTO, Calif.–(BUSINESS WIRE)–May 27, 2005–HP (NYSE:HPQ)(Nasdaq:HPQ) today announced the availability of the HP National Identity System (NIS) solution on the Microsoft(R) .NET platform.
> The HP NIS solution allows governments to build and quickly deploy at an affordable price a complete, standards-based and technologically agile infrastructure that meets their changing needs for security and identity management.
> Going beyond simple secure identification and authentication functionality, the solution enables modern national identification systems to allow citizens to access e-government services and conduct secure transactions. The solution also provides citizens with improved secure and intelligent identity documents.

> The NIS leverages HP’s extensive experience in delivering fully integrated solutions, which include consulting and integration, desktops, servers, management software and support services. Recognizing HP’s .NET commitment and unique capabilities, Microsoft has endorsed HP as its worldwide prime integrator for Microsoft .NET technologies.
> For the HP NIS solution, Microsoft supplies a wide range of software products and technologies, including Microsoft Server 2003 Enterprise Edition, Microsoft BizTalk Server 2004, Microsoft SQL Server 2000 (64-bit), the Microsoft .NET Framework and Microsoft Services.
> “Microsoft recognizes that national governments and their principal agencies have unique information technology requirements, particularly as more governments look to implement e-government solutions,” said Jan Muehlfeit, vice president, Public Sector -EMEA, Microsoft. “Secure and reliable identification and authentication of individuals helps power more useful and compelling experiences for users and provides citizens easy and secure access to services. Working with industry partners such as HP is an important step and will provide public sector organizations with new technology solutions to address these key customer concerns.” ([link](

This is scary. Really scary, both in theory and in practice. On the theoretical side, one likes to be able to audit one’s government, get into the archive, dig around a little and see what’s really going on. But this project will be proprietary code. Secret. Un-FOIAable. Never a matter of public record. I’m not normally a conspiracy theorist, but after the voting machine debacle, even my normally naieve faith is in short supply.

On the practical side, .Net means C#. And C# isn’t exactly the language of choice secure applications in any sense of the word I’m familiar with. None of the available compilers are quite what I’d call “robust”. There’s a reason we run web apps in chrooted envronments. And that only becomes an issue after you get past all of Windows’ known exploits.

There are secure systems out there; none of them are mentioned in the HP press release.

The truly baffling thing here is that HP is better than this. Why commit to Microsoft when you own the source for HP-UX? (via [boingboing](


I’ve been mulling over something David Gratton mentioned the other day:

> Now a recent post from a Princeton student has got me thinking. If a technology inhibits fair use, but does not inhibit illegal copying and distribution should the technology be legal at all? That is what DRM technologies do. They severely inhibit fair use, while doing nothing to stop illegal copying and distribuition. [link](

Probably it shouldn’t. Unfortunately, in the U.S. the fact that DRM inhibits fair use (if, in fact, it does) doesn’t really matter; unlike the French in the case Gratton’s talking about, we’re normally free to sign away as many of our rights (maybe we should really call them “writes”) as we want to, even when we’ve signed them away in fine print, unless it can be proved that there was intent to deceive on the part of the seller. And I’d say the record companies have been pretty up front about DRM. Maybe Gratton will have better luck with this line of reasoning in Canada; I don’t know.

I’m going to go him one better, though: I think it’s time for the consumers to start doing the suing, instead of the record companies. They’ve sold us dmamged goods. DRM doesn’t work. It’s trivial to break, and it exposes consumers to uncoscionable liability. If someone steals my iPod, if they have half a brain and 15 minutes they can unDRM every song I’ve downloaded from iTMS and put them out there on the p2p network of their choice. All that will be disabled, though, is the password, and the files will still be marked as DRM’d. And guess who’ll get the call from the RIAA? But let’s say it’s not my laptop. Let’s say my upstairs neighbor unDRMs his girlfriend’s iTMS tracks and Bit torrent’s them. Further, let’s say that he’s patched into my 802.11g network when he does it (hey, it happens. sometimes when you reset the network you leave it open fo a couple hours until you remember to lock it down again). Guess whose transfer logs the FBI is going to get from Cablevision? I think there’s a case for material harm or potential material harm.

Digital Music resellers are distributing products they know to be dangerously deffective. And I have two words: class action.

Of course, that isn’t a long-term solution DRM. But shooting down the current incarnation would be a pretty god place to start.

About a two weeks before I started this blog, I posted a rant to my (now) personal journal about the way everyone whines about DRM, but no one does anything about it. It seems [Evil Genius Chronicles]( heard me. If you don’t mind the profanity, [Take Your DRM and Shove It]( is an entertaining little rant that gets it just right…assuming that you’re in the anti-DRM camp. Me? I’m somewhere in between:

Originally Posted 04:14 pm April 13th, 2005


> It seems like at the moment you can’t really call yourself a geek if you aren’t thinking about DRM, the DMCA, and copyright issues in general 24 hours a day.

> Hwaet.

Read the rest of this entry »