text warez on Sun, 30 Jun 2002 01:57:36 +0200 (CEST)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

<nettime> TCPA / Palladium Frequently Asked Questions



  TCPA / Palladium Frequently Asked Questions


  Version 0.1 26 June 2002

  1. What are TCPA and Palladium? 


  TCPA stands for the Trusted Computing Platform Alliance (TCPA), an
initiative 
  led by Intel. Their website is here. Their stated goal is `a new computing

  platform for the next century that will provide for improved trust in the
PC 
  platform.' Palladium appears to be a Microsoft version which will be
rolled 
  out in future versions of Windows, will build on TCPA hardware, and will
add 
  some extra features. The Palladium announcement appears to have been
provoked 
  by a paper I presented on the security issues relating to open source and
free 
  software at a conference on Open Source Software Economics in Toulouse on
the 
  20th June. This paper criticised TCPA as anticompetitive. This has been
amply 
  confirmed by new revelations over the past few days. 

  2. What does TCPA / Palladium do, in ordinary English? 


  Its obvious application is to embed digital rights management (DRM)
technology 
  in the PC. The less obvious implications include making it easier for 
  application software vendors to lock in their users. 

  3. So I won't be able to play MP3s on my PC any more?


  With existing MP3s, you may be all right for some time. But in future,
TCPA / 
  Palladium will make it easier to sell music, movies, books and other
content 
  packaged so that people can play them on their PCs but not copy them. You 
  might be allowed to lend your copy of some digital music to a friend, but
then 
  your own backup copy won't be playable until your friend gives you the
main 
  copy back. Quite possibly you will not be able to lend music at all. (It
looks 
  likely that the music publisher will be able to make the rules - and to
change 
  them at will by remote control.) 

  4. How does it work? 


  TCPA provides for a monitoring component to be mounted in future PCs. The 
  likely implementation in the first phase of TCPA is a `Fritz' chip - a 
  smartcard chip or dongle soldered to the motherboard. 

  When you boot up your PC, Fritz takes charge. He checks that the boot ROM
is 
  as expected, executes it, measures the state of the machine; then checks
the 
  first part of the operating system, loads and executes it, checks the
state of 
  the machine; and so on. The trust boundary, of hardware and software 
  considered to be known and verified, is steadily expanded. A table is 
  maintained of the hardware (audio card, video card etc) and the software
(O/S, 
  drivers, etc); if there are significant changes, the machine must be re-
  certified. The result is a PC booted into a known state with an approved 
  combination of hardware and software. Control is then handed over to 
  enforcement software in the operating system - this is presumably
Palladium if 
  your operating system in Windows. 


  Once the machine is in this state, Fritz can certify it to third parties:
for 
  example, he will do an authentication protocol with Disney to prove that
his 
  machine is a suitable recipient of `Snow White'. The Disney server then
sends 
  encrypted data, with a key that Fritz will use to unseal it. Fritz makes
the 
  key available only so long as the environment remains `trustworthy'. For
this 
  purpose, `trustworthy' means that the media player application won't make
any 
  unauthorised copies of content. 

  5. What else can TCPA and Palladium be used for? 


  TCPA can be used to implement much stronger access controls on
confidential 
  documents. For example, you might arrange that your soldiers can only
create 
  word processing documents marked at `confidential' or above, and that only
a 
  TCPA PC with a certificate issued by your own armed forces can read such a

  document. This is called `mandatory access control', and governments are
keen 
  on it. The Palladium announcement implies that the Microsoft product will 
  support this. Once TCPA is widespread, corporations can do this too - and
so, 
  for that matter, can the Mafia. This can make life harder for spies,
corporate 
  whistleblowers, and FBI agents alike (though it is always possible that
the 
  FBI will get some kind of access to master keys). A whistleblower who
emails a 
  document to a journalist will achieve little, as the journalist's Fritz
chip 
  won't give him the key to decipher it. 

  6. This all seems on balance fairly worthwhile. But surely Intel are not 
  investing all this money just for charity? How do they propose to make
money 
  out of it? 


  My spies at Intel tell me that it was a defensive play. As they make most
of 
  their money from PC microprocessors, and have most of the market, they can

  only grow their company by increasing the size of the market. They are 
  determined that the PC will be the hub of the future home network. If 
  entertainment is the killer application, and DRM is going to be the
critical 
  enabling technology, then the PC has to do DRM or risk being displaced in
the 
  home market. 

  7. Where did the idea come from? 


  It first appeared in a paper by Bill Arbaugh, Dave Farber and Jonathan
Smith, 
  ``A Secure and Reliable Bootstrap Architecture'', in the proceedings of
the 
  IEEE Symposium on Security and Privacy (1997) pp 65-71. It led to a US
patent: 
  ``Secure and Reliable Bootstrap Architecture'', U.S. Patent No. 6,185,678,

  February 6th, 2001. Jonathan's thinking came from work done at Cambridge
while 
  he was here on sabbatical in 1996(ish): see here for the most relevant 
  published work. 

  The basic idea, of a specially trusted `reference monitor' that supervises
a 
  computer's access control functions, goes back to the early 1970s and has
been 
  a feature of US military secure systems thinking since then. 


  8. How is this related to the Pentium 3 serial number? 

  Intel started an earlier program in about 1997 that would have put the 
  functionality of the Fritz chip inside the main PC processor, or the cache

  controller chip, by 2000. The Pentium serial number was a first step on
the 
  way. The adverse public reaction seems to have caused them to pause, set
up a 
  consortium with Microsoft and others, and seek safety in numbers. 


  9. Why call the monitor chip a `Fritz' chip? 

  In honour of Senator Fritz Hollings of South Carolina, who is working 
  tirelessly in Congress to make TCPA a mandatory part of all consumer 
  electronics. 


  10. OK, so TCPA stops kids ripping off music and will help companies keep
data 
  confidential. It may help the Mafia too, but apart from the pirates, the 
  industrial spies and the FBI, who has a problem with it? 

  A lot of companies stand to lose out. For example, the European smartcard 
  industry may be hurt, as the functions now provided by their products
migrate 
  into the Fritz chips in peoples' laptops, PDAs and third generation mobile

  phones. In fact, much of the information security industry may be upset if

  TCPA takes off. 


  But there are much deeper problems. The fundamental issue is that whoever 
  controls the Fritz chips will acquire a huge amount of power. There are
many 
  ways in which this power could be abused, and Intel has refused to answer 
  questions on the governance of the TCPA consortium. 

  11. How can TCPA be abused? 


  One of the worries is censorship. An application enabled for TCPA, such as
a 
  media player or word processor, will typically have its security policy 
  administered remotely by a server. This is so that content owners can
react to 
  new piracy techniques. However, the mechanisms might also be used for 
  censorship. 

  For example, the police could get an order against a specific pornographic

  picture of a child, and cause the policy servers to instruct all PCs under

  their control to search for it and notify them if it were found. As
another 
  example, the scientologists have a record of getting courts to give them 
  injunctions against their critics. In future, if they can convince a court

  that a certain document should be banned, they might also get an order
against 
  a policy server. 


  12. Scary stuff. But can't you just turn it off? 

  Sure - one feature of TCPA is that the user can always turn it off. But
then 
  your TCPA-enabled applications won't work, or won't work as well. It will
be 
  like switching from Windows to Linux nowadays; you may have more freedom,
but 
  end up having less choice. If the applications that use TCPA / Palladium
are 
  more attractive to the majority of people, you may end up simply having to
use 
  them - just as many people have to use Microsoft Word because all their 
  friends and colleagues send them documents in Microsoft Word. 


  13. So economics are going to be significant here? 

  Exactly. The biggest profits in IT goods and services markets tend to go
to 
  companies that can establish platforms (such as Windows, or Word) and
control 
  compatibility with them, so as to manage the markets in complementary 
  products. For example, some mobile phone vendors use challenge-response 
  authentication to check that the phone battery is a genuine part rather
than a 
  clone - in which case, the phone will refuse to recharge it, and may even 
  drain it as quickly as possible. Some printers authenticate their toner 
  cartridges electronically; if you use a cheap substitute, the printer
silently 
  downgrades from 1200 dpi to 300 dpi. The Sony Playstation 2 uses similar 
  authentication to ensure that memory cartridges were made by Sony rather
than 
  by a low-price competitor. 


  TCPA appears designed to maximise the effect, and thus the economic power,
of 
  such plays. Given Microsoft's record of competitive strategic plays, I
expect 
  that Palladium will support them. So if you control a TCPA-enabled 
  application, then your policy server can enforce your choice of rules
about 
  which other applications will be allowed to use the files your code
creates. 
  These files can be protected using strong cryptography, with keys
controlled 
  by the Fritz chips on everybody's machines. What this means is that a 
  successful TCPA-enabled application will be worth much more money to the 
  software company that controls it, as they can rent out access to their 
  interfaces for whatever the market will bear. So there will be huge
pressures 
  on software developers to enable their applications for TCPA; and if
Palladium 
  is the first operating system to support TCPA, this will give it a
competitive 
  advantage over GNU/Linux and MacOS with the developer community. 

  14. But hang on, doesn't the law give people a right to reverse engineer 
  interfaces for compatibility? 


  Yes, and this is very important to the functioning of IT goods and
services 
  markets; see Samuelson and Scotchmer, ``The Law and Economics of Reverse 
  Engineering'', Yale Law Journal, May 2002, 1575-1663. But the law in most 
  cases just gives you the right to try, not to succeed. Back when
compatibility 
  meant messing around with file formats, there was a real contest - when
Word 
  and Word Perfect were fighting for dominance, each tried to read the
other's 
  files and make it hard for the other to read its own. However, with TCPA
that 
  game is over; without access to the keys, or some means of breaking into
the 
  chips, you've had it. (Locking competitors out of application file formats
was 
  one of the motivations for TCPA: see a post by Lucky Green.) 

  15. So can't TCPA be broken? 


  The early versions will be vulnerable to anyone with the tools and
patience to 
  crack the hardware (e.g., get clear data on the bus between the CPU and
the 
  Fritz chip). However, from phase 2, the Fritz chip will disappear inside
the 
  main processor - let's call it the `Hexium' - and things will get a lot 
  harder. Really serious, well funded opponents will still be able to crack
it. 
  However, it's likely to go on getting more difficult and expensive. 

  Also, in many countries, cracking Fritz will be illegal. In the USA the 
  Digital Millennium Copyright Act already does this, while in the EU the 
  situation may vary from one country to another, depending on the way
national 
  regulations implement the EU Copyright Directive. 


  Also, in many products, compatibility control is already being mixed quite

  deliberately with copyright control. The Sony Playstation's authentication

  chips also contain the encryption algorithm for DVD, so that reverse
engineers 
  can be accused of circumventing a copyright protection mechanism and
hounded 
  under the Digital Millennium Copyright Act. The situation is likely to be 
  messy - and that will favour large firms with big legal budgets. 

  16. What's the overall economic effect likely to be? 


  The content industries may gain a bit from cutting music copying - expect
Sir 
  Michael Jagger to get very slightly richer. But I expect the most
significant 
  economic effect will be to strengthen the position of incumbents in 
  information goods and services markets at the expense of new entrants.
This 
  may mean a rise in the market cap of firms like Intel, Microsoft and IBM -
but 
  at the expense of innovation and growth generally. The majority of the 
  innovations that spur economic growth are not anticipated by the
manufacturers 
  of the platforms on which they are based; and technological change in the
IT 
  goods and services markets is usually cumulative. Giving incumbents new
ways 
  to make life harder for people trying to develop novel uses for their
products 
  will create all sorts of traps and perverse incentives. 

  There may also be distinct regional effects. For example, many years of 
  government sponsorship have made Europe's smartcard industry strong, at
the 
  cost of crowding out other innovation. Senior industry people to whom I
have 
  spoken anticipate that once the second phase of TCPA puts the Fritz 
  functionality in the main processor, this will hammer smartcard sales.
Many of 
  the functions that smartcard makers want you to do with a card will
instead be 
  done in the Fritz chips of your laptop, your PDA and your mobile phone. If

  this industry becomes a casualty of TCPA, Europe could be a significant
net 
  loser. Other large sections of the information security industry may also 
  become casualties. 


  17. Who else will lose? 

  We expect that copyright regulations due out later this year in Britain
will 
  deprive the blind of the fair-use right to use their screen scraper
software 
  to read e-books. Normally, a bureaucratic stupidity like this might not
matter 
  much, as people would just ignore it, and the police would not be idiotic 
  enough to prosecute anybody. But if the copyright regulations are enforced
by 
  hardware protection mechanisms that are impractical to break, then the
blind 
  may lose out seriously. (There are many other marginal groups under
similar 
  threat.) 


  18. Ugh. What else? 

  TCPA may undermine the General Public License (GPL), the license under
which 
  many free and open source software products are distributed. The GPL is 
  designed to prevent the fruits of communal voluntary labour being hijacked
by 
  private companies for profit. Anyone can use and modify software
distributed 
  under this licence, but if you distribute a modified copy, you must make
it 
  available to the world for free. 


  At least one company has started a development program to produce a TCPA-
  enhanced version of GNU/linux. How could they make money out of this?
Well, 
  making a TCPA version of the product will involve tidying up the code and 
  removing a number of features. The sponsor will then submit the pruned
code to 
  an evaluation lab, together with a mass of documentation for the work
that's 
  been done, including a whole lot of analyses showing why various known
attacks 
  on the code don't work. 

  The trick is this. Although the modified program will be covered by the
GPL, 
  and will be free to everyone, it will not make full use of the TCPA
features 
  unless you have it signed, and have a certificate that enables you to use
the 
  TCPA Public Key Infrastructure (PKI). That is what will cost you money (if
not 
  at first, then eventually). 


  You will still be free to make modifications to the modified code, but you

  won't be able to sign the resulting code (at least, not with a key that
will 
  make third parties trust the code). Something similar happens with the
linux 
  supplied by Sony for the Playstation 2; the console's copy protection 
  mechanisms prevent you from running an altered binary, and from using a
number 
  of the hardware features. Even if a philanthropist does a not-for-profit 
  secure linux, the resulting product would not really be a GPL version of a

  TCPA operating system, but a proprietary operating system that the 
  philanthropist could give away free. (There are still issues about who
would 
  pay for use of the PKI that hands out user certs.) 

  People believed that the GPL made it impossible for a company to come
along 
  and steal code that was the result of community effort. That may have been
the 
  case so long as the processor was open, and anyone could access supervisor

  mode. But TCPA changes that. Once the majority of PCs on the market are
TCPA-
  enabled, the GPL won't work as intended. 


  19. I can see that some people will get upset about this. 

  And there are many other political issues -- the transparency of
processing of 
  personal data enshrined in the EU data protection directive; the
sovereignty 
  issue, of whether copyright regulations will be written by national 
  governments, as at present, or an application developer in Portland or 
  Redmond; whether TCPA will be used by Microsoft as a means of killing off 
  competitors such as Apache; and whether people will be comfortable about
the 
  idea of having their PCs operated, in effect, under remote control --
control 
  that could be usurped by courts or government agencies without their 
  knowledge. 


  20. But hang on, isn't TCPA illegal under antitrust law? 

  Intel has honed a `platform leadership' strategy, in which they lead
industry 
  efforts to develop technologies that will make the PC more useful, such as
the 
  PCI bus and USB. Their modus operandi is to set up a consortium to share
the 
  development of the technology, have the founder members of the consortium
put 
  some IP into the pot, publish a standard, get some momentum behind it,
then 
  license it to the industry on the condition that licensees in turn cross-
  license any interfering IP of their own, at zero cost, to all corsortium 
  members. 


  The positive view of this strategy was that Intel grew the overall market
for 
  PCs; the dark side was that they prevented any competitor achieving a
dominant 
  position in any technology that might have threatened Intel's dominance of
the 
  PC hardware. Thus, Intel could not afford for IBM's microchannel bus to 
  prevail, not just as a competing nexus of the PC platform but also because
IBM 
  had no interest in providing the bandwidth needed for the PC to compete
with 
  high-end systems. The effect in strategic terms is somewhat similar to the
old 
  Roman practice of demolishing all dwellings and cutting down all trees
close 
  to their roads or their castles. No competing structure may be allowed
near 
  Intel's platform; it must all be levelled into a commons. But a nice,
orderly, 
  well-regulated commons: interfaces should be `open but not free'. 

  The consortium approach has evolved into a highly effective way of
skirting 
  antitrust law. So far, the authories do not seem to have been worried
about 
  such consortia - so long as the standards are open and accessible to all 
  companies. They may need to become slightly more sophisticated. 


  21. When is this going to hit the streets? 

  It has. The first specification was published in 2000. In May, IBM
launched 
  the T-30 version of the Thinkpad which can be bought with a TCPA-compliant

  security subsystem. Some of the features in Windows XP and the X-Box are
TCPA 
  features: for example, if you change your PC configuration more than a
little, 
  you have to reregister all your software with Redmond. The train is
rolling. 


  22. But isn't PC security a good thing? 

  The question is: security for whom? The average user might prefer not to
have 
  to worry about viruses, but TCPA won't fix that: viruses exploit the way 
  software applications (such as Microsoft Office) use scripting. He might
be 
  worried about privacy, but TCPA won't fix that; almost all privacy
violations 
  result from the abuse of authorised access, often obtained by coercing 
  consent. If anything, by entrenching and expanding monopolies, TCPA will 
  increase the incentives to price discriminate and thus to harvest personal

  data for profiling. 


  The most charitable view of TCPA is put forward by a Microsoft researcher:

  there are some applications in which you want to constrain the user's
actions. 
  For example, you want to stop people fiddling with the odometer on a car 
  before they sell it. Similarly, if you want to do DRM on a PC then you
need to 
  treat the user as the enemy. 

  Seen in these terms, TCPA and Palladium do not so much provide security
for 
  the user, but for the PC vendor, the software supplier, and the content 
  industry. They do not add value for the user. Rather, they destroy it, by 
  constraining what you can do with your PC - in order to enable application
and 
  service vendors to extract more money from you. 


  No doubt Palladium will be bundled with new features so that the package
as a 
  whole appears to add value in the short term, but the long-term economic, 
  social and legal implications require serious thought. 

  Ross Anderson

source:
http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html

-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net

#  distributed via <nettime>: no commercial use without permission
#  <nettime> is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: majordomo@bbs.thing.net and "info nettime-l" in the msg body
#  archive: http://www.nettime.org contact: nettime@bbs.thing.net