BBC on DRM and Trusted Computing

distantbody writes "This BBC article by Bill Thompson is balanced and concise on the issues of DRM and 'Trusted Computing,' and offers some insights as to why such systems are the wrong path to follow for consumers and businesses alike. From the the article: 'We need to ensure that trusted computing remains under the control of the users and is not used to take away the freedoms we enjoy today ... the flexibility of copyright law is something that should be embraced and not taken away.'"

DRM

[Sv-Manowar]

They are right about DRM, by limiting the amount of time a user can view the file, they are just increasing demand for a cracked one.

If you had downloaded something, and it had DRM on it limiting the number of times you could view it or how long it could be viewed - it would just be a hassle, and would cause most people to either go looking or just wait for a unlocked version of it.

re-asking the question

[yagu]

Okay, so I've asked this before... I'll ask again... (refer to my previous post... )

I had hoped for definitive answers to these questions, but if you'll re-read some of the responses to my post, while thoughtful, they were divergent and inconsistent among themselves. Again I am concerned what the "trusted computing" platform truly means... mostly because it appears to me it is mostly negative for the linux community.

A scenario played out last summer for me with... a local Mom and Pop grocery store kept EVERYTHING on their Windows XP PC, and one day it went toes-up. They were understandably distraught -- all of their business spreadsheets and wedding pictures (over 1G) were on the hard drive and they couldn't get to them. They were prepping the machine to be sent in to be re-imaged. I asked them if they knew that meant they were likely to lose their data. She was almost in tears. I went home, got my Knoppix CD, and with their permission, played... and, recovered ALL of their data and burned it redundantly to CD's.

So I ask, if theirs were a "trusted computing" machine, and I had tried to do the same thing for them with my Knoppix CD, would I have been able to? I'd hate to think this is one (of many) of the things we lose in this "better" world. Help!

(I honestly can't believe the computing world will stand for this, but maybe it's like boiling frogs in water... by the time we realize what's happening it's too late?)

Re:re-asking the question

[xiando]

"I honestly can't believe the computing world will stand for this" THE problem here is CHOICE. And if we find ourselves in a situation where there are laws who require computer makers to have a feature in order to sell it legally, then obviously they will obey and implement the feature in order to keep selling their products. The feature (or bug..) will soon be part of CPU units, and that, depending on implementation, will make a whole new scenario. The choices may soon be not upgrading or buying something with usage restrictions.

Re: re-asking the question

[Alwin+Henseler]

You might want to check a rant I wrote ages ago (available in English and Dutch). With current knowledge, some of it doesn't make sense anymore, some of it holds even more water as time passes.

Basically, you can view 'trusted computing' as (potentially) a strong enabler for systems integrity checking, user authentication, and yes, DRM. This may be have both good, and evil uses.

It all comes down to whether it's optional, and who (ultimately) has the keys.

Right now, it's optional. There's still plenty hardware out there that doesn't support it, support may be disabled in BIOS, and if I understand TC specs as they are, implementation details ARE in the open, and users HAVE final control over keys. For instance, Free/OSS could provide support, and use it in positive ways (like verifying server hardware/software).

But I can't help feeling that 'treacherous computing' is just some marketing plot, intended to shove 'bad things' onto a public that doesn't see it coming. Or doesn't care, at first.

We all know DRM doesn't work. You hand users some content, users have full control over their own equipment, and to decode the content, they HAVE to get the key(s), somehow. Keeping things locked up after that, just won't work. Maybe for niche applications or in controlled environments, but not for mass-market things like music, movies and such. The BBC article points that out nicely.

Integrity checking of software/hardware, authentication of users? Nice, but you only need proper handling of the keys for that, and reliable working hardware/software. Read: stable running hardware, verified software. This whole TC thing just complicates both, and users remain the weakest link anyway.

Maybe TC is really meant for public-friendly, positive uses, but a paranoid attitude is really needed here.

I can see the future going 2 ways: TC will become commonplace, then hardware NOT supporting it will become obsolete, then the 'open, user controlled' will slowly be switched to 'closed, 3rd party controlled', and the masses will find their equipment isn't really theirs anymore.

Or the masses will consider TC 'having a bad smell' (I know I will), and it will die in the marketplace. Vote with your dollars! No matter how evil, they can't shove it upon you if the masses don't take out their wallet. But then again, knowing how few people think clearly for themselves, and how many act more like 'sheeple', I'm not too sure which direction things will go. Maybe a market split, like you have between Windows and Free/OSS-based software these days.

Just because you're paranoid, doesn't mean they're not after you...

Trusted Computing: Both good and bad

[Neruocomp]

I think hardware based security is something that is needed by government and other organizations that handle sensitive information. That way we wouldn't be hearing about databases being cracked and having millions of people's information leaked. Thats the good part.

The bad part is what it means should trusted computing enter consumer electronics. With DRM it would be like having someone from the MPAA in my living room, and thats something I dont want to happen. While this technology sure has potential, it does need leash to keep it under control. I paid for the machine, so it should do what I want it to do.

Re:Trusted Computing: Both good and bad

[jbridge21]

No... trusted computing means that the first person who finds a flaw in that part of the operating system gets to write a virus that Norton/etc IS NOT ALLOWED TO LOOK AT, LET ALONE REMOVE!

To Be Fair...

[N3koFever]

...the BBC is publicly funded and so doesn't need to make a profit. They don't care if people go and download their stuff (in fact, they're soon going to be offering their archives online) because they don't have advertising revenue to lose and have already made their money from everyone in the UK with a TV who pays £120/year to them. I'm sure that a commercial company that actually had to turn a profit would be singing a different tune.

Re:To Be Fair...

[mrchaotica]

Well, maybe that means the BBC has the right business model and the commercial media industry doesn't?

Re:rms on treacherous computing

[Zeinfeld]

Those who quote RMS rarely know him.

The sad thing about Trusted Computing is that copyright enforcement is probably the one security problem it does not provide significant leverage for. Copyright is break once run anywhere.

I was at an SDMI conference, I could not find a single company interested in talking about the payment side of the problem.

I have little sympathy for either side in the debate. I have no time for the freeloaders who want to get something for nothing and no time for the freeloaders who want to use their economic power to get something for next to nothing and sell it expensive.

Re:Just my opinion, but...

[MysteriousPreacher]

Well yes, you would expect this kind of behaviour from any zealot. A hygeine zealot will consider one shower a day to be a filthy neglect of your hygeine. That's the nature of a zealot so in a strange way, you're right.

The article makes some fair points about the changes in iTunes but doesn't mention the improvements. I can authorise more computers to play my Music Store tracks than I could before (it was only 3, not it's up to 5). I can stream my music over AirPort.

He does make a fair point though that it can be a slippery slope. Perhaps we need to find ways to stop companies inserting "Everything is subject change" clauses in their contracts?

Re:Article buys industry lies

[ScrewMaster]

Hardware security is still only as good as the software that is, ultimately, in charge of it. For the bulk of TC users that will mean Windows, and that will get be exploited as it always has been. Face it: Microsoft is looking for a hardware hack to take care of all the software hacks that are their flagship operating system. They want this for two reasons. A. to assuage all the complaints about operating system security and b. to ingratiate themselves with the media moguls. And yes, I'm sure that Trusted Computing will help make our systems less exploitable, for a time and to a certain degree. But the loss of control of our machines that the black hats will suffer will be nothing compared to what we lose if we accept this poor tradeoff. It wouldn't even be an issue, really, if those promoting Trusted Computing were subject to free market forces. They aren't though. The power of the Federal Government has been conscripted to shove it down our throats. Oh, I know ... Trusted Computing hasn't been mandated (yet.) But DRM has, and Trusted Computing is little more than an extension of that, from a conceptual standpoint. In this connected world, somebody always wants to own your machine ... it's a toss-up, in my mind, whether we're better off with the MPAA, the Office of Homeland Security, or some Bulgarian hacker. They all want a piece of us and don't much care how they get it.

What disturbs me is how easily people buy into the sound bites they're being fed every day. "Why, how can open source possibly be secure if everyone can see how it works?" "I think Trusted Computing sounds great! How else can we stop all the piracy?" And so forth. The larger issues for Americans are about Constitutionality, how far our government's authority should extend, how far foreign oligopolies can influence U.S. government and private-sector technological development ... hell, whether we can even continue to maintain a high-technology civilization and a standard of living that even approximates what we've enjoyed in the past. These are actually very important things that should concern all of us. But sometimes I feel like I'm spittin' into the wind.

Re:Freeloaders

[Psiren]

I agree with pretty much everything you said. The trouble is, DRM is a (poor) technical fix for a social problem. Those that really want to copy these thigns generally still will, whereas some (potential) paying customers such as myself have problems with it (I've yet to see any reasonable online music site offering files I can play under Linux, and no, that dodgy Russian site isn't one, before anyone points me to it).

Personally I still prefer to buy CDs. I like having the physical item in my hands, but even some of these are now coming with Copy Protection. Some people have had problems with these, yet again proving the technical solution is not the correct one. Unfortunately, I've no idea what is.

Generaliation

[Peaker]

Some of us simply do not believe copyright law is just, and think that it is draconian and absurd.

Obeying laws, even absurd ones, is generally good, in order to avoid contempt for the law. Unfortunately, in the case of copyright, obeying the law means empowering the lobbyists that keep the law alive and strengthen it.

The best way is to avoid copyrighted works, and when they are not avoided, at least do not pay those who push for the continuation of the copyright regime.

Piracy is name-calling, and the reason copyright infringement is so common is because people do not find the copyright deal reasonable anymore, ever since the digital revolution.

To make laws that man cannot, and will not obey, serves to bring all laws into contempt. -- Elizabeth Cady Stanton

Unfortunately, due to this law and others, law is already in contempt by the vast majority of the public...

Not True

[argoff]

The sad thing about Trusted Computing is that copyright enforcement is probably the one security problem it does not provide significant leverage for. Copyright is break once run anywhere.

This is not true, because efforts to impose "trusted computing" on all hardware by force of law. Even if an encryption scheme is broken, the media material could have embedded noise in it with a digital signature information and hardware could be mandated not to process any digital media or information unless it's properly signed.

It is indeed an issue of trust

I just thought I'd throw in my own $0.02 worth with a tale of my own experience.

When my brother and I were kids, there was a program on television which we both enjoyed (this would have been around 1985 or so). There was a two-part episode at the end of the first season and we taped the first part with the idea of recording the second part the next week. Well, the program was pre-empted by various things every week for the next several months (e.g. President Reagan, football, etc.). Finally, the second part was broadcast and of course, we taped it. We still have the tape (the show was cancelled in its second season). Since it does not appear that this program will ever be available on DVD or other home video format, I transferred the recorded video to DVD using my computer with TV tuner card. I made one copy for myself and one for my brother.

This incident represents what I believe will become a major problem with current copyright laws and the use of Digital Restrictions Management and Treacherous Computing. In the future, it may no longer be possible to preserve the past (the future's past) due to the short-sightedness of the content owners. Using the broadcast flag would prevent recording. Even if the recording were allowed, it would prevent me from transferring to an archival media (DVD or it's next generation, whatever that may be). New DVD burners are being made that prevent one from transferring a VHS movie with Macrovision to DVD (HP's old Carly Fiorina trumpeted this at the last CES). Instead, shows could be broadcast and disappear into the ether, never to be seen again. Of course, it could be argued that most shows broadcast today are released to DVD soon after the end of the season, but what if they are not? As an example, Malcolm in the Middle -- season 1 was released on DVD a few years ago, but where is season 2? Although this is a silly example, it illustrates why individuals have archived broadcasts in the past and should be allowed to do so in the future.

Why will I not be able (at least as the law currently stands) to buy a device that will record HDTV to the next-gen DVD format (whether that be Blu-Ray, HD-DVD, or HVD)? This would represent nothing more than the status quo as it now exists with analog TV and VCR's.

Furthermore, a principal of abandonment needs to be established in copyright law (i.e. If the content has not been sold or actively promoted for sale for a length of time, it should enter the public domain).

Trust is a two-way street. In general, I trust those who trust me. How can the public trust the content creation (recycling?) companies after they have abused our trust for so long?

PPC?

[yesheh]

Is this technology related to the intel platforms only or is it also going to be present on PPC, Alpha, MIPS, etc? ie. is it req'd by law on every computer or is it just required on new x86s/64s?.. I'd much rather stay with ppc anyway, risc chips are way better...

Re:BBC

[Sajarak]

Yes, this article is actually quite an interesting about-face for him. Just two and a half years ago, when Microsoft announced that it was jumping on the trusted computing bandwagon, he wrote this article, singing the praises of hardware-based restrictions, and governmental regulation of the internet.

It seems that he's only just recently come to the conclusion that maybe this whole trusted computing thing is there to serve the purposes of the hardware and software makers, rather than their users.