Slashdot Mirror
Trusted Computing Group Formed
An anonymous reader writes "How does it come that the formation of the Trusted Computing Group goes unnoticed at /.? On Wednesday, heise had the story. At last, we will get `easily-accessible specifications for trusted computing standards that will ultimately let people work, conduct transactions, and use computing devices with a new level of confidence' ..."
"The PC isn't done until Linux won't run."
This has damned ominous ovetones. You guys better watch out, or they're gonna take the ball away from you just like they snatched it away from Borland, Lotus, Novell, &c. &c.
Ah, well, in fifteen years Gates & Balmer will retire and then the world can make some progress, until then bend over and smile!
Ok, so we know that OS and hardware vendors have their representatives but where are the consumer representatives ?
This looks to me like if UK farmers an beef distributors would create "Trusted Beef Group" without any consumer input ..
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
This feels like linking the application to the hardware and perhaps the user so nobody else could possibly use it.
I feel that might be good for some things, like my prescription drug might be better off in a container only I could open. I'm not sure I like the idea for software I buy. It is like saying if I buy a book, I can put it on my bookshelf in my house but if my brother tries to read it, or I try to take it on the bus, it will have blank pages.
I suspect that the reason for most of this extra security is not concern for the user and their data, but some way of making extra profit by the manufacturers ie, if the authorised user is indisposed or incapacitated, then the hardware and software has to be re-purchased.
I'd like to make things difficult for a thief, but for me that mostly means encrypting and backing up data, not rendering the hardware and software useless by anyone but me. How inconvenient. Every time I want to rebuild the hard drive, or install a new one or buy a new computer, I'd have to buy the apps all over again.
I can see I'm going to get so very good at open source products.
-- it must be true, it's on the internet.
Sony for example had a supperior IPOD clone but its shareholders and SONY entertainment sued them to prevent it from being launched. After all burning cd's= pirating in this world. These idiots will now own %50 of Apple.
After all even only potential and not actuall loses in the single digits is enough for wall street to scream at and even fire upper managment.
If you do not believe this look at Caldera before and after SCO was bought? They become SCO thanks to the shareholders and media executives.
Its Microsoft or the RIAA. Take your pick on your new master. Mac or PC.
http://saveie6.com/
First it was the turn of Palladium to be rebranded as The-Next-Generation-Secure-Computing-Services or some such. And now TCPA has been replaced by TCC! So the original TCPA/Palladium FAQ will become invalid, all the Slashdot debates on evil Palladium will be ir-relevant.
Is this a new strategy?
1. Announce something evil. Give it a name.
2. Educate consumers about what it does.
3. Debate the pros and cons in fiery fora.
4. Modify the name/acronymn a bit, and ram the same evil stuff!
Seems to be working.
If you keep throwing chairs, one day you'll break windows....
`easily-accessible specifications for trusted computing standards that will ultimately let people work, conduct transactions, and use computing devices with a new level of confidence' ..."
Confidence for who and of what? Hardly for users.
Confidence that users will have no freedom?
Confidence that anything non TCG/TCPA and non DRM is locked out?
Confidence that there will be TCG backdoors?
Confidence for software & content providers?
Confidence that your system can be wiped/accessed remotely at TCG's whim?
New level of confidence FOR users? Yes, new in the sense of unprecedented low level of confidence that the system can be trusted.
New level of confidence IN users? Yes, now they just lack the high voltage collar linked to the systems to dish out electrocution to all dissidents.
Ah but what was i thinking, thats coming mainly from "God's own country" so that can be wrong, can it?
This article appeared in the February 1997 issue of Communications of the ACM (Volume 40, Number 2).
(from "The Road To Tycho", a collection of articles about the antecedents of the Lunarian Revolution, published in Luna City in 2096)
For Dan Halbert, the road to Tycho began in college--when Lissa Lenz asked to borrow his computer. Hers had broken down, and unless she could borrow another, she would fail her midterm project. There was no one she dared ask, except Dan.
This put Dan in a dilemma. He had to help her--but if he lent her his computer, she might read his books. Aside from the fact that you could go to prison for many years for letting someone else read your books, the very idea shocked him at first. Like everyone, he had been taught since elementary school that sharing books was nasty and wrong--something that only pirates would do.
And there wasn't much chance that the SPA--the Software Protection Authority--would fail to catch him. In his software class, Dan had learned that each book had a copyright monitor that reported when and where it was read, and by whom, to Central Licensing. (They used this information to catch reading pirates, but also to sell personal interest profiles to retailers.) The next time his computer was networked, Central Licensing would find out. He, as computer owner, would receive the harshest punishment--for not taking pains to prevent the crime.
Of course, Lissa did not necessarily intend to read his books. She might want the computer only to write her midterm. But Dan knew she came from a middle-class family and could hardly afford the tuition, let alone her reading fees. Reading his books might be the only way she could graduate. He understood this situation; he himself had had to borrow to pay for all the research papers he read. (10% of those fees went to the researchers who wrote the papers; since Dan aimed for an academic career, he could hope that his own research papers, if frequently referenced, would bring in enough to repay this loan.)
Later on, Dan would learn there was a time when anyone could go to the library and read journal articles, and even books, without having to pay. There were independent scholars who read thousands of pages without government library grants. But in the 1990s, both commercial and nonprofit journal publishers had begun charging fees for access. By 2047, libraries offering free public access to scholarly literature were a dim memory.
There were ways, of course, to get around the SPA and Central Licensing. They were themselves illegal. Dan had had a classmate in software, Frank Martucci, who had obtained an illicit debugging tool, and used it to skip over the copyright monitor code when reading books. But he had told too many friends about it, and one of them turned him in to the SPA for a reward (students deep in debt were easily tempted into betrayal). In 2047, Frank was in prison, not for pirate reading, but for possessing a debugger.
Dan would later learn that there was a time when anyone could have debugging tools. There were even free debugging tools available on CD or downloadable over the net. But ordinary users started using them to bypass copyright monitors, and eventually a judge ruled that this had become their principal use in actual practice. This meant they were illegal; the debuggers' developers were sent to prison.
Programmers still needed debugging tools, of course, but debugger vendors in 2047 distributed numbered copies only, and only to officially licensed and bonded programmers. The debugger Dan used in software class was kept behind a special firewall so that it could be used only for class exercises.
It was also possible to bypass the copyright monitors by installing a modified system kernel. Dan would eventually find out about the free kernels, even entire free operating systems, that had existed around the turn of the century. But not only were they illegal, like debuggers--you could not install one if you had one, without knowing your computer's
Even when my password hits the https client software, how do I know that the information is really being sent securely? I don't.
The counter example used by the digital rights people is that when they send me a key to access controlled media, how can they be certain that I don't intercept the decoded bit stream?
In the first case, it is reasonable to have a trusted platform because the user can choose to accept what software he runs. In particular it can allow me to differentiate between an allowable update and one that isn't.
In the second, then then the owner/user of the system can not be permitted to have control. If the user is permitted to have full control then the platform must disclose to the access granter that the link between the media decryption engine and the output can no longer be trusted.
One can argue that the first is reasonable but the second would prevent anyone from looking at digitally licensed media on an open computing platform such as Linux.
In any case, this all supposes that the platform as installed, is indeed secure. It probably isn't. Even systems that implement a good security reference monitor can be compromised by poor configuration and software layers that cross security levels. For example, the original NT kernel is very good, but it has been slowly compromised by the surrounding software.
It would be possible to make a dedicated system into a trusted platform, for example, an ATM. It is practically very difficult to implement a genera; purpose system in a trusted way.
See my journal, I write things there
The TPM spec is open, right? So what if a program like Bochs just emulates the security chip?
They keep saying this isn't DRM, but it's most of the building blocks you need for DRM.
Quite true. On the other hand, this system does make it easy to implement what they are talking about (allowing the user to verify what's installed), whereas implementing reliable DRM is still going to be extremely difficult (given the ability to combine an emulator with a proxy to the encryption chip, which will provide the ability to examine all data going into or coming out of the chip).
My guess (given the industry track record) is that the first few attempts to create DRM with this system will result in something that will fall pretty quickly to a determined and knowledgeable "attacker". And of course, none of this will plug the "analog hole". My guess is that we'll get a few rounds of attempted repression, which will fail, and eventually, they'll give up, rather than pouring more money into a "solution" that shows no signs of ever working. But I could be wrong - certainly I'm an optimist.
The other thing to note is that they keep stressing RAND (Reasonable And Non-Discriminatory) licenses.
That's a bigger issue in my eyes, at least in the short term. Of course, while it means no open source, it doesn't necessarily mean no licensed add-ons to open-source systems. Which is not a solution I like, but is better than nothing.