On "Trusted Computing"

Posted by rick Wed, 15 Feb 2006 19:44:00 GMT

The BBC is carrying an article, UK holds Microsoft security talks, which prompted some thoughts from me about so-called “Trusted Computing”.

So:

• A person’s PC holds data they cannot get to.
  • Would they be held accountable in court for that data store, presuming it held information about accessing, say, child pornography (whether correct or incorrect?)

• A person’s PC holds an encryption key they cannot manage:
  • What if this key is compromised, duplicated, etc., for purposes of fraud? Like biometric keys, unless done properly (and you trust Microsoft and friends to pull this off?) key forgery, fraud, duplication can cause serious problems for the rightful holder of the credentials.
  • What if the motherboard on a “Trusted” machine is toasted from a spilled soda—sounds as if the inconveniences of iTunes/Windows Media DRM become consequences to much more than just movie and song data…

• A person is not allowed to install programs that aren’t authorized to run on their system. This would initially be those which might violate a copyright, but would, in various political environments (probably starting with China or other repressive states), expand to match the whims of controlling entities. The slippery slope is steep here, and the chasm probably has big pointy spikes at the bottom.

• Companies (the OS vendor, copyright holders, who else in the future?) determine what may run and what may be stored on a person’s PC. This would quickly expand to governments and any other entities who could lobby, buy, or extort the privilege of being a “Trusted” third party. Imagine, instead of having to dam up the flow of information at highly porous Chinese borders, if the flow could be controlled, in parallel, at its source.

• If a hardware problem arises (seemingly the most likely case where data on the system is changed while the system is offline, which the article makes much mention of) any amount of stored data, apparently, will be unrecoverable—over and above the data which would normally have been affected by the hardware problem.

• Governments are working to make the PC into a Clipper Chip—only this time not only would the government have access, but the OS vendor and who-knows-how-many other entities would have access to the data on the system.

• A general purpose PC is more powerful than a Clipper Chip—rather than just being able to restrict and backdoor data reading, the new PC platforms could readily backdoor functionality as well. If the government, OS vendor, or copyright holder (or …?) wishes for the PC owner not to be able to run certain software, open certain files (which he or she may have created from nothing, e.g., home movies, snapshots, open source software, etc.) or requires that certain software always be run (spyware, logs of content uploaded and downloaded, etc.) then these sorts of “innovations” are also possible, probably trivially enabled.

In this new technological paradigm we have a situation where the person who has the least control and gains the least utility from the PC is the nominal owner. Everyone else has more control over the machine, the software, and the data than the person who purchased the system (or built it from components).

Of course, to ring in the new paradigm in good Orwellian fashion, The Oxford Dictionary of Newspeak <-> Old English gets a few updated definitions:

• “Trust”: mistrust, skepticism, suspicion.
• “Trusted”: (1) mistrusting, skeptical, suspicious; (2) controlling, enforcing, preventing; (3) policed.
• “Owner”: (1) customer, lessee, suspect; (2) one who is monitored, suspected criminal.
• “Hardware failure”: illicit tampering with systems (1) to secure illegal access to copyrighted data, (2) to attempt to attain control of a computer system, (3) to engage in sedition.

It has been facile for government and industry to point to “piracy”, “file sharing”, and “dwindling industry profits” to justify engineering “protections” into our systems, markets, and laws (DMCA, various attempts at CBDTPA type bills, Broadcast Flag legislation, WIPO agreements, trade treaties, etc.). But, Google could buy Hollywood with a stock swap, Microsoft could buy them with cash on hand, and the record labels are truly chump change—without looking I’m going to bet that the backhoe rental industry is bigger, and if not, throw in the engine brush industry, and #2 pencil production.

When the tiny tail is wagging the humongous dog this strongly it’s worth looking a little more closely at the dog.

“Trusted Computing” and the legal framework around it certainly helps the Content Industry, but, really, who cares? Setting a standard for controlling computing hardware (which is the PC, as well as anything with a digital adder or a serial port, cat-5 or cat-3 jack, an infrared port, etc.) means lots of things to lots of entities who really really get off on Control, and, worse, are currently feeling just a bit threatened:

• Microsoft – Vista has no new positive features to speak of, Microsoft’s dominance is being threatened by open source software, Google, and web applications on all fronts. “Trusted Computing” means that Microsoft shores up the vendor of choice position, can exclude open source software completely (whether by “misconfiguration” or by a bold fiat) from its platform.

• Intel – threatened by AMD as well as video card and game station processor builders and integrators, “Trusted Computing” provides Intel with the blessing of the deus ex machina.

• Government – gentlemen don’t read each others’ mail, but governments do. ANY scheme to get more control over the public and weasel more information out of them is going to find a set of sympathetic ears in a legislature, much less an administration. Add a cut of the profits in whatever fashion can keep the “ethics” hawks off the politicians’ backs and you’ve got a hog trough with a waiting line.

• Hardware vendors – the entire planet won’t go “Trusted Computing” (as not everyone is batshit crazy), which means that where there was one product line there are now two. W00t!

• Non-OS Software vendors – Open source software is starting to take a serious toll on the viability of a lot of software lines. Mandating a platform which excludes open source software as “untrusted” shifts the ecosystem drastically.

The biggest loser in all of this is the public, the “consumer”, the untrusted source of dollars to keep the machine running. The gamble comes down to “are people so addicted to the Microsoft/Intel way of life that we can pull this off without running them off?” The Trusted Computing folks are betting the odds are on their side.

UPDATE: This article, HBO stops working with Media Center, seems particularly apropos. The future is already here in some form, eh?

Tags copyright, drm, input, microsoft | no comments