November 2, 2003
Trusted Computing
I've finally gotten around to reading up on Trusted Computing (a process that, ironically enough, was interrupted by my being rootkitted a couple of weeks ago). I'd heard some pretty unsettling things about trusted computing, but now that I've done some digging... well it's still pretty disturbing.
Trusted Computing (TC) is one of several names for a set of changes to server, PC, PDA and mobile phone operating systems, software and hardware that will make these computers "more trustworthy." Microsoft has one version, known as Palladium or Next Generation Secure Computing Base (NGSCB), and an alliance of Intel, Microsoft, IBM, HP and AMD known as the Trusted Computing Group has a slightly different one called either trusted computing, trustworthy computing, or "safer computing." Some parts of Trusted Computing are already in Windows XP, Windows Server 2003, and the in the hardware for the IBM Thinkpad, and many more will be in Microsoft's new Longhorn version of Windows scheduled for 2006.
The EFF has a nice introduction to trusted computing systems, written by Seth Schoen, and Ross Anderson has a more detailed and critical analysis. A brief summary of the summary is that a trusted computer includes tamper-resistant hardware that can cryptographically verify the identity and integrity of the programs you run, verify that identity to online "policy servers," encrypt keyboard and screen communications, and keep an unauthorized program from reading another program's memory or saved data. The center of this is the so-called "Fritz" chip, named after Senator Fritz Hollings of South Carolina, who tried to make digital rights management a mandatory part of all consumer electronics. (He failed and is retiring in 2004, but I've no doubt there will be attempts to pass similar laws in the future.)
When most people think about computer security they think about virus detectors, firewalls and encrypted network traffic — the computer analogs to burglar alarms, padlocks and opaque envelopes. The Fritz chip is a different kind of security, more like the "political officer" that the Soviet Union would put on every submarine to make sure the captain stayed loyal. The whole purpose of the Fritz chip is to make sure that you, the computer user, can't do anything that goes against the policies set by the people who wrote your software and/or provide you with web services.
There are many people who would like such a feature. Content providers such as Disney could verify that your version of Windows Media Player hasn't had digital rights management disabled before sending you a decryption key for a movie. Your employer could prevent email from being printed or read on non-company machines, and could automatically delete it from your inbox after six months. Governments could prevent leaks by doing the same with sensitive documents. Microsoft and AOL could prevent third-party instant-message software from working with the MSN or AIM networks, or lock-in customers by making it difficult to switch to other products without losing access to years worth of saved documents. Game designers could keep you from cheating in networked games. Distributed computing and mobile agents programs could be sure their code isn't being subverted or leaked when running on third-party systems. Software designers could verify that a program is registered and only running on a single computer (as Windows XP does already), and could even prevent all legitimate trusted computers from reading files encrypted by pirated software. Trusted computing is all about their trust, and the person they don't trust is you.
End users do get a little bit of "trust" out of trusted computing, but not as much as you might think. TC won't stop hackers from gaining access to a system, but it could be used to detect rootkits that have been installed. TC also won't prevent viruses, worms or Trojans, but it can prevent them from accessing data or keys owned by other applications. That means a program you download from the Internet won't be able to email itself to everyone in your (encrypted) address book. However, TC won't stop worms that exploit security holes in MS Outlook's scripting language from accessing your address book, because Outlook already has that permission. In spite of what the Trusted Computing Group's backgrounder and Microsoft's Palladium overview imply, TC won't help with identity theft or computer thieves physically accessing your data any more than current public key cryptography and encrypted file systems do.
As long as you agree with the goals of the people who write your software and provide your web services, TC isn't a bad deal. After all, most people don't want people to cheat at online games and can see the value of company email deletion policies. The same can be said of the political officer on Soviet submarines — they were great as long as you believed in what the Communist Party stood for. And unlike Soviet submarine commanders, you won't get shot for refusing to use TC on your computer. Your programs will still run as always, you just won't be able to read encrypted email from your customers, watch downloaded movies, or purchase items through your TC-enabled cellphone. Some have claimed that this is how it should be, and that the market will try out all sorts of agreements and those that are acceptable to both consumers and service providers will survive. That sounds nice in theory, but doesn't work when the market is dominated by a few players (e.g. Microsoft for software, wireless providers for mobile services, and the content cartel for music and movies) or when there are network externalities that make it easy to lock in a customer base (e.g. email, web, web services and electronic commerce). What choice will you have in wordprocessors if the only way you can read memos from your boss is by using MS Word? What choice will you have in stereo systems when the five big record companies announce that new recordings will only be released in a secure-media format?
Of course, even monopolies respond to strong enough consumer push-back, but as Ross Anderson points out there are subtle tricks software and service providers can pull to lock in unwary consumers. For example, a law firm might discover that migrating years of encrypted documents from Microsoft to OpenOffice requires sign-off for the change by every client that has ever sent an encrypted email attachment. That's a nasty barrel to be over, and the firm would probably grudgingly pay Microsoft large continuing license fees to avoid that pain. These kinds of barriers to change can be subtle, and you can bet they won't be a part of the original sales pitch from Microsoft. But then what do you expect when you invite a political officer into your computer?
References
- Trusted Computing Group
- Windows Rights Management Services: Helping Organizations Safeguard Digital Information from Unauthorized Use (Microsoft, updated 15 September 2003)
- Trusted Computing: Promise and Risk (Seth Schoen, Electronic Frontier Foundation, 1 October 2003)
- Trusted Computing' Frequently Asked Questions — TC / TCG / LaGrande / NGSCB / Longhorn / Palladium / TCPA Version 1.1 (August 2003) (Ross Anderson, University of Cambridge CS Laboratory, August 2003)
- U.S. prepares to invade your hard drive (Paul Boutin, Salon, 29 March 2002)
- Trusted Computing Group Backgrounder (Trusted Computing Group, May 2003)
- Microsoft "Palladium": A Business Overview (Amy Carroll, Mario Juarez, Julia Polk and Tony Leininger, Microsoft Windows Trusted Platform Technologies, August 2002)
- EFF Report on Trusted Computing (anonymous blogger, 6 October 2003)
A better analogy than the Soviet political officer is that Trusted Computing allows you to commit to being honest.
It gives you the power, for the first time, to convince someone else that you will abide by certain rules in handling data. You can make a voluntary commitment to run a certain program, and he can be sure that you will follow through with it.
In real life, these kinds of promises and commitments are the rule. We all make promises and agreements every day that depend on being able to verify that people follow through. But in the online world, this has not been possible. There has been no way for anyone to know if you kept your word in handling or processing data on your computer.
In this sense, Trusted Computing brings to the computer world the ability to make the same kind of agreements and commitments that we are accustomed to in the physical world. It allows us to commit and bind ourselves in ways that we could not previously manage.
In a world where everyone was honest, Trusted Computing would be both unnecessary and implicit. If someone gave his word about what he would do with his computer, you could rely on him to follow through. Trusted Computing allows us to gain this kind of reliance even in an imperfect and dishonest world.
Essentially, Trusted Computing benefits honest people at the expense of the dishonest. It is thus a terrible threat to an online community which has become addicted to information which it uses and transmits in plain violation of the agreements made by the rightful recipients of that data. Much of the online world today is built on this foundation of dishonesty, of broken promises and conscious, intentional violations. No wonder that Trusted Computing is getting such a cold reception.
Posted by: Some at November 4, 2003 3:16 PMIn this sense, Trusted Computing brings to the computer world the ability to make the same kind of agreements and commitments that we are accustomed to in the physical world. It allows us to commit and bind ourselves in ways that we could not previously manage.
I think your second sentence hits the crux of the matter: TC allows us to commit and bind ourselves in ways that we could not previously manage, even in the physical world. In the physical world rights are decided by a combination of three things: the market, government regulation, and practical enforceability. So when I purchase a book, the book publisher and I negotiate through the market what price I will pay. We negotiate through the legislative system what fair-use rights I may enjoy, and whether it is legal for me to resell that book at a used bookstore. And as a practical matter publishers can't keep me from reading my book multiple times or from scribbling in the margins, even if they were able to make it illegal.
Market forces, practical enforceability and government regulation are mutually-balancing safety valves in our market-based society, each helping different people in different situations. In the case of intellectual property, practical enforceability overwhelmingly favors the consumer and second-comers to the market because IP is so easy to duplicate. The balance is restored by governmental regulation in the form of copyright and patent laws that trade off limited exclusive rights of the content creator with rights of second-comers and fair use. In the case of consumer rights the practical enforceability is comparatively small, which is why we have laws that mandate truth in advertising and labeling of food and drugs.
By making it possible to bindingly commit, as you put it, Trusted Computing removes the practical enforceability leg of the triad. That might be fine when you have a competitive market or a market where government oversight is already in place, but when you have a monopoly or oligopoly it puts all the cards in the hands of the service or product providers. They're the ones who get to say "here's our completely enforceable deal, take it or go to our (non-existent) competitors." And because TC makes lock-in so much easier it makes it less likely that competitors will come around later either.
Posted by: Bug at November 4, 2003 5:20 PMA better analogy than the Soviet political officer is that Trusted Computing allows you to commit to being honest.
Commitment is a two-way street. Trusted Computing does not come with any such commitment from the music vendors.
There is no commitment that after reinstalling my OS (after an HP scanner driver install scrambles it), that I will still have access to my backed-up, paid-for "trusted" music. Instead I can (and was) told "you're not the same person who saved this music."
There's no commitment that I won't lose all my music if the vendor has financial problems or changes their business model. (As in more than one recent download service.)
There's no commitment that the vendor won't remotely disable my music when I change credit cards. (As in iTunes)
There's no commitment that my hardware won't be retroactively "made more secure", taking away even more of my rights, by a command snuck into the download of a future music purchase. (As planned for SDMI-compliant hardware. Yes, really.)
There's no commitment that my hardware and music collection won't be made obsolete by a new "version" of the Trusted Computing standard. (As in the Microsoft Reader / Barnes & Noble ebooks / Pocket PC fiasco/scam.)
Most importantly, there is no commitment that I can make a *proper * backup of my music. (One that can be restored onto a new computer, or the same one after an OS reload.)
Trusted Computing does not target pirates - it targets people who want to buy music only once. People repurchased their entire music collection when 8-tracks came out, then when cassettes came out, then again with CD's. They purchased the same songs over again as records and tapes wore out. Digital music, easily copied to a new device, does away with this.
The real goal of Trusted Computing is to bring back this golden era. Bought a new computer? Your OEM Windows XP can't be moved over from your last one. ('cuz it was licensed to that one, that's why.) Your "trusted" music was tied to the old computer too. (Or some registry key on your current computer, before you reloaded the OS.)
Trusted Computing is a cash grab, nothing more.
I went and read the anonymous website maintained by "Some" and found some interesting and thoughtful statements. That does not mean I agree with them!
I believe Some has fallen into the classical libertarian trap, an optimistic belief in the self-correcting nature of a market. The biggest problem is that the market is rigged, not only by monopolies (which I agree will eventually fade out; but not without first causing a lot of damage), but also by the government. The government unfortunately does not tend to fade-out; typically the best case is that certain laws just become ignored.
I think the example of the government regulation of digital audio recorders is very instructive. The market did speak, and utterly rejected DAT. This was bad for virtually everyone (performers, consumers, electronics-manufacturers, and societal creative-output). The distribution channel was the only one who got some benefit (stifling independent music groups and perhaps delaying some piracy), but they probably lost in the long run too (much like movie studios would have lost lots of money if they had succeeded in the killing or even just more tightly controlling the VCR market).
What many people don't understand is that the laws that lead to DAT are still in existence, and are still hurting the market 17 years later. The only way you can buy digital audio recorder of any sort (DAT, etc.) that does not assume you are a pirate, is to get a professional model (thanks to an exemption left in the Digital-Audio-Recording-Act). Why don't today's nifty MP3 recorders do high-quality stereo recording -- because the US government handed a big stick to the music-distributors that allows them to suppress this technology. Even today when my non-profit group wants to record our music performances; there are no cheap solutions at the consumer level – we have to spend the extra money for a "professional" recorder (a DAT without the SCM system).
Now lets go back on-subject to Trusted-Computing. Perhaps in the very long run things will even out, but why should we wait 15+ years before transactions become "fair". I think Roger's comments on the one-sided nature of TC are very much to the point. In the short term things might work-out OK for both sides - but this will require very clear negotiations of trust up front.
I'm pessimistic that the industry will properly describe terms up front, as it is quite a change for businesses that are used to dictating and changing terms (EULA, patches that contain new EULA, software sold with hidden copy protection, etc.). Ironically the main point consumer-electronics manufacturers got from the DAT debacle was that consumers won't __knowing__ buy products with copy protection. That leads to today's world where manufacturers sell equipment without informing customers about copy protection (for example, JVC has systematically removed all mention of the copy protection that is now built into all VCRS – courtesy of the DMCA I might add; you won't find in the manuals or the box, and JVC has removed all mentions from the website too).
---
Finally I'd like to point out one other area where Some is naïve, which is the whole area of contract and copyright law. On his website there is an example of an author privately loaning a manuscript, and a discussions about promises made to obtain the manuscript. This is a good example, but the conclusions lack an understanding of how and why contract and copyright law works. When the author loans a manuscript, this falls primarily under contract law, although the author still has some copyright protections. When someone obtains a book through a mass-transaction, most contract law does not apply and copyright law governs (this is largely due to the first-sale doctrine established in the courts and formalized in 1976).
In both contract law and copyrights, there are certain "defaults" assumed about the transaction (an attempt to modify these defaults for computer software is the well known UTICA). It is quite common for contracts (and especially EULAs) to modify these defaults, but some modifications are not legally permissible. That is why people can safely ignore certain outrageous provisions (for example the Microsoft ban on publishing benchmarks of .Net), because they won't be held up in court.
Now we get to the heart of the matter. If we assume that publishers will continue to put outrageous clauses in their TC (much like their EULA), we can no longer ignore the illegal ones. We now have to pay attention to all of them, fair or not (and the whole point of these legal "defaults" is to establish what is fair). This was the primary idea behind's Lessig's book "Code", because DRM allows publishers to establish their own laws. Eventually the market may correct, but the government has already broken the playing field (one-sided DMCA anti-circumvention laws, and the recent broadcast flag are good examples).
The attempt to get UTICA passed was an attempt to change the defaults (very much in the software producer's favor). For example, normally a customer can't contractually give up the right of reverse engineering without receiving considerable value – merely granting the use of the product does not cut-it. What UTICA does is change the defaults in the contract, therefore allowing reverse-engineering clauses with much less value given up. Trusted-Computing essentially allows the producer to ignore all of these contract defaults, and dictate whatever they want.
Yes, eventually the market will probably compensate for the worst abuses. But before you depend upon that, please reflect upon why contract law has these "defaults" in the first place. They set expectations, stop the worst abuses, and in general serve as a safety valve. Some's idealized market correction of Trusted Computing abuses is going to be a lot more painful to everybody!
Posted by: Seaan at November 12, 2003 6:21 PMThought-provoking discussion. Seems that the substantial portion of your disagreements concerns public policy: the copyright term is too lengthy; governments fail to regulate effectively in favor of a competitive market etc.
In these circumstances, a system of enforcement may become onerous rather than protective.
A few thoughts to add to the mix:
1. The possibility that the market may over time allow one monopoly to be replaced by others (serial monopoly) or that competitors may join the fray at some point in the future as the environment changes does not relieve authorities of the need to regulate the market now to foster competition.
2. There remain practical issues as to how this can be done in a market that changes as rapidly as the technology industry. Where some companies appear to trample patent protection as corporate policy, and where courts are slow to respond, and where legislation tends to be obsolescent, clumsy, or worse, and where democracies sometimes seem influenced more by money that argument, there is clearly going to be hesitancy with the introduction of a technology that may make some things more rigid.
3. Nevertheless, properly caste, trustworthy computing potentially changes the market dynamic by giving anyone a means of distributing valuable information for consideration universally - hence removing the distribution bottleneck that protects, say, Hollywood's monopoly or the advantage of first worlders over developing countries in having access to the market.
4. Trustworthy computing - which is a technology intended to provide assurance and reliability in the storage, exchange and use of information - offers a set of tools to users. It doesn't by itself tell us HOW we use them. Clearly there are some obnoxious and some beneficial uses for the technology.
5. In turn, this suggests the want of some sort of structure to protect users from the excesses described. You seem to be arguing the toss between constitutional and legal safeguards, market forces and practical security: truth is, we usually use all three in some combination. Trustworthy computing may upset the balance. But I see no reason to believe that we (and this we may be local rather than universal) cannot frame certain use freedoms to protect the consumer from the kinds of harm described.
6. The more powers that we can distribute to individual users in this model the better - e.g. robust property rights, user control of identity.