Slashdot Mirror
TPM Security Chip For Your Cell Phone
pete314 writes "The Trusted Computing Group has unveiled that it is working on a mobile version of its TPM security chip. It should prevent the phone world from being hit by the same virus and hacking issues that face computers. However, the EFF is not amused, stating that the chip will be used for DRM, and could even limit which software the owner installs on his cell phone."
It seems a logical next step for this to be used to only allow certain installs. After all, the carriers have long-since wanted you to *only* install stuff you pay them to download. I mean MP3 ringtons are just that-MP3s (short, 32Kbps ones even), yet you often can't transfer them simply by USB, you need to pay the carrier $3 for them.
So, why would it be surprising that the carriers would want yet another layer of hardware/software protection to ensure that this golden revenue stream is the only way for people to add games/ringtones/wallpaper etc?
"Reality is merely an illusion, albeit a very persistent one " -Albert Einstein
Newsflash: Phones already have DRM, it's a lot harder for the average person to bypass than a computer, and phones already limit what applications can be installed, or what they can do.
Meet me. Joe Consumer.
By posting on slashdot you prove that you actually know about TPM and have formed an opinion on it (at least in regards to mobile phones). Joe Consumer most definitely doesn't know about TPM and hasn't formed an opinion on it. Ergo, you're not Joe Consumer.
These systems are a two edged sword. The more open a system is the easier it is for malicious developers to exploit them. We could easily end up in a situation where in the name of securing systems the big players will lock out smaller players from the market by digitally controlling what applications are allowed to run on these systems. We may be on the dawn of an age where real monopoly's in computing are about to develop, where start-ups face real physical barriers that stop them from entering a market.
The scariest part about this is, consumers will probably go for these systems as they will be hassle free, safe and free of worry. The only worry consumers will have is that the content of these systems is not only controlled for their own protection but also controlled to limit what they can and can't do, for alot of people I think the costs will be outwayed by the benefits.
They already limit cell phones. At my last job we got Motorola T720 cellphones form Alltel. One of the features that wow'd everyone was the ability to play MIDIs for ringtones. So they all wanted custom ringtones (I personally just use a phone ring sound). They also wanted custom backgrounds (it only had a few). So one guy got a data cable so everyone could upload stuff. Er, wrong. None of that kind of stuff was accessable. It was basically only useful for transfering numbers and using it as a modem if you had a data package. You had to purchase new wallpaper and ringtones via the store. Same for games,
Ended up having to search the net and find some utilities to hack it. Even if you got a utility to directly access the file system and added something, it wouldn't be usable on the phone, you had to alter data files. It was quite clearly a deliberate lockout.
With this sort of thing, they'll just step it up to the next level.
Well you certainly have a resonable point about being "joe consumer" and wanting to just get something that works. But the the rights of joe comsumer are exacty what is at stake. When the corporations (I am not making a political statement) create a device under the TCP they WILL contend that it is illegal to create software for the device. The DMCA has a provision that allows for the reverse engineering of a device for the process of creating software. However it is the process of creating software/development and its inherent nature that will come under scrutiny. On the bright side the TCP is not legislation. It is a consortium (I guess a kind way of saying colusion) of companies. If the TCP is fully realized the consumer will be morbidly limited to what they can actually do with the device. Ergo over time you will pay much more money for functionality because essentially the open source community will be unable to legally create, distribute and refine software.
The death of DRM is imminent. It might take some time... but it'll come for sure.
Picture this - all mobile manufacturers will start shipping DRM enabled phones. Manufacturers will tie-up with content providers, and most of the content being provided will be DRMed.
After a sizeable number of consumers are stuck with DRMed schmuck which makes them pay $$$ for every time they press a button on the phone... there'll be a HUGE demand for a non-DRMed phone.
At that point of time if any company comes up with a non-DRMed phone with enough non-DRMed content to make the consumer moderately happy - it will strike gold!
For this to work - consumers need to unhappy about DRM... that's almost like a social revolution - and revolutions take time!
Nandz.
I posted this already, many times. But regardless, I am going to repeat myself.
I simply do not accept to pay when buying something with DRM as if I were buying it but am in reality RENTING IT.
By that I mean that if I BUY an apartment, then I am allowed to paint the walls the color that pleases me because it is MINE, I own it and can do as I please with MY apartment. However, if I RENT an apartment, then I must ASK the OWNER of the apartment for his/her permission to paint the walls. If I own it I do not need to ask, it is mine to do as I please. If I rent, then it is NOT mine and I must ask the REAL owner.
Now, with DRM, I am paying like I am buying, I am told I am buying, but the reality remains I still have to get someone else to give me permission to do as I please with my device. And if I have to do that, then I do not feel like I am the real owner.
9/11: Never forget it was a false-flag operation
And when the DRM is in-place, you're being charged exhorbant fees for any little bit of code you might want to use (ringtones, backgrounds, programs, etc), and yet your phone isn't any more secure, even blocking you from installing a program to REMOVE the virus/worm... Then what?
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
TPM has its place, and this is it - protecting me.
No. The TPM is specifically designed to be secure AGAINST THE OWNER, and something is only DRM if it is trying to be secure AGAINST THE OWNER.
You could get all of the same owner benefits that you want from an otherwise identical system except where you were allowed to know your own master keys. Since it would be essentially identical hardware it would have identical capabilites to protect you, however since you know your master keys the system is not secure against YOU. You could use your key to unlock anything if you wanted to, and you'd be able to control the system if you wanted to. However it would then no longer be a Trusted Platform Module. It would no longer be "Trusted" because the very meaning of "Trusted" is that they Trust it to be secure AGAINST YOU. That they Trust your own property will enforce things like DRM AGAINST YOU.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
You know, for a technology that's starting to be quite wide-spread, it's amazing the amount of mis-information spread about trusted platforms -- by both the pro and the con side.
I've worked quite a bit with the technology, and it's not all THAT complicated.
Over-stating what a TPM can do is common from the pro-trusted computing industry. Statements like "It should prevent the phone world from being hit by the same virus and hacking issues that face computers" are just ridiculous (I saw a press release one time that claimed they'd protect people from phishing too!).
Simply put, a TPM does nothing -- nada, zilch -- to prevent viruses or external threats that you can't do in software with no hardware trusted platform additions. OK, you might make the argument that you're just adding another layer for defense in depth, but how about making the software better in the first place?
The only -- yes, only -- extra capability given by a TPM is the ability to protect from local attacks. Meaning attacks from people with physical control over the hardware. Now before the "anti" side runs off and raves about how the TCG is trying to take over their computer, keep in mind that (a) it's optional and (b) there are applications where this makes complete sense. Ignore the DRM side of the issue, and there are still good applications. Imagine playing on-line games and having some assurance that your opponents aren't using hacked up clients that allow them to cheat. Imagine connecting to a peer-to-peer network where the peer you're connecting to can give assurance that it's not a hacked, fake RIAA node. For the cell phone, the obvious point is that it makes cell phone cloning exteremely difficult. None of those are bad things.
If you don't like DRM, then don't accept stores or software that enforce it. And don't mistake every single issue as content providers trying to restrict what you can do.