Slashdot Mirror
DRM Based on Trusted Computing Chips
An anonymous reader writes "We've always know that Trusted Computing is really about DRM, but computer makers always denied it. Now that their Trusted Computing chips are standard on most new PCs, they've decided to come clean. According to Information Week, Lenovo has demonstrated a Thinkpad with built-in Microsoft and Adobe DRM that uses a Trusted Computing chip with a fingerprint sensor. Even worse: 'The system is also aimed at tracking who reads a document and when, because the chip can report back every access attempt. If you access the file, your fingerprint is recorded.'"
Oh, come on. Drop the bias. This is technology aimed towards businesses. People who have truly sensitive information and need to be able to track who sees it. It's not targetted at warez-kiddies, movie downloaders or porn magnets. Sure, it will be used in that capacity sooner or later, but the hardware manufacturers are responding to a perceived customer requirement.
This and the plan to put a camera in every house...
What next?
I would sell my soul for total control over you. Or something like that. What has come of the world that corporate greed has taken over from the free harmonious society? I would love to say everyone will just scrap computers and move onto other ventures (like going outside) but that is the Utopian view. In reality the Orwellian scenario us coming upon us. It won't be long now people.
What is sad about this is they are touting the "legitimite" uses of making sure software is unmodified and doesn't contain root kits and protecting sensitive data from attackers. I find it funny that SHA1SUM and gpg --checksig tells me when my download isn't what the author intended. Cryptoloop (and a tonne of other software) keeps my files highly secure and safe from prying eyes even if they do steal my disks.
There are no legitimite uses for this technology that can't already be accomplished today. There are only evil uses!
I drink to make other people interesting!
The CB App. What's your 20?
Is it just me, or is anyone else thinking, "The way the industry is going towards Orwellian dystopian dreams, I might just want to get out of computing"?
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
Ultimately I think a lot of this DRM technology - specifically remote attestation - is going to result in me changing my habits in one minor regard - I'll be putting the wireless router on top of my desk, rather than under, with the ports facing me so I can easily unplug my computer. In the majority of cases, problem solved.
--Ryvar
If you're working somewhere where you have to be positively identified and sign on each occasion when you access particular sensitive documents then the techonology described is a significant improvement in usability.
You no longer have to travel to the document repository, and you are no longer restricted to the hours that the librarian keeps.
Trust goes both ways. Software and hardware industry now keep treating software and hardware for consumers as if it's a privilage to buy, and assumes that none of customers can be trusted as owners of a product.
I'm just disgusted that companies are putting on a smile and trying to gain consumers' "trust," yet none trusts consumers. However when consumers do not trust companies by removing DRM, consumers quickly become criminals, and are called pirates and thieves. While companies abuse the consumers' trust and play market share or monopoly or pricing/licensing games, companies are just looking out for the economy/artists/share holder's best interest.
There is no such thing as "trusted" computing. No one trust anyone here. This shouldn't be called "trusted computing." This should be called "Untrustful Consumers Computing."
"Don't let fools fool you. They are the clever ones."
How long until you can buy a fake thumb with Elvis Presley's print on it? :)
Steve
A work that expires before its copyright never enters the public domain and thus enjoys eternal copyright protection.
Bingo!
The customers and the consumers are not the same. The customer is the corporation who wants to lock up its data. The consumer is the person to whom the corporation wishes to grant access to that data.
Yes, lots of consumers are also customers of the hardware manufacturers but the corporations are larger customers and their voice is louder. If you dont want this stuff in a computer that you are buying then you need to let those manufacturers know about it. Buy something else and send them a copy of the receipt with a note explaining why you didnt buy their hardware.
You're right: this can *eventually* change the way we think about data and the way we interact with computers.
But not yet. This is just a "chip on a motherboard." So what if the adobe doc requires all this authentication? It's ultimately passing unencypted over a bus in a machine of otherwise conventional design. No core level encryption, no encrypted root level executable. That means all the "security" in the world is just so much appendage waiting to be hacked off by the first experienced coder to come along.
Such a platform CAN change the way we think about things, though. Ad denough encryption and it gets awfully damn hard to remove attributes form data. This is *not* a bad thing. Once we can give data attributes that canot be easily removed we enter into the realm of being able to move *things* across the internet. Want to move your World of Warcraft *things* into your new Sims pad? It can be done, if the game designers adopt the new standards for "trusted object model data."
This is not just about recording your biometrics every time you listen to maria carey. The possibilities this opens up can literally change the world economy - when the tools of production are in the hands of the proletariat, and the only raw material needed to supply that production is *knowledge,* a lot of people suddenly have a lot of new opportunities to better their lives.
I really hate the way DRM and hardware DRM now gets fully integrated into our own lawfully purchased computers.
I have the right to use my computer to whatever I feel like and it is of no concern to anyone but me. If the companies disagrees with this they can take a hike for all that I care.
All this will contribute to - is to further alienate Linux and users of alternate operating systems and demean our hard efforts to get legal DVD-playback software etc. for our chosen platforms. I am so put down by this Ill probably never run anything with DRM on it again just for the opposition of it. I will not purchase DRM enabled mp3-players, I will NOT purchase DRM harddisks or any hardware with DRM on it.
If I am forced to do it because of the fact that every hardware producer is forced by Microsoft to do so... I will do anything I can in my power to make sure that my system will be rid of such hardware, modding, jacking, compiling - I really dont care. Its my hardware and NO one shall take that right away from me! No one shall control my software or my computers or what I will be doing with them.
I fully and completely agree with the companies about piracy, I dont support piracy in any way. That said - I also support my own freedom to chose, and past experience shows us that businesses will always do whats best for them FIRST before the customers, the customers are just milking-cows to them - which is fair enough if you give us what we pay for. When you decide to mess with our hardware and deprecate our already paid for services and hardware - then I am putting my foot down and say - Enough already!
All this will probably further feed a grassroot "linux-like" organization that will form an alternate OS that will NOT conform to DRM - even if by law (god forbid it goes that far). DRM and control of customers hardware is a CRIME against the public!
What this world is coming to - is for you and me to decide.
Keeping corporate proprietary info secure
Or, keeping an internal memo that reveals the company has broken laws etc. secret. DRM of this kind (and on emails, something else they want to implement) makes it very difficult for whistleblowers to collect evidence and expose a company that should rightly be exposed.
The effects of DRM are certainly chilling. Also, as far as trade secrets go, there are laws designed to protect those. DRM will only ever be (ab)used to hide things that shouldn't be hidden and to strip away fair use rights. The media companies weren't able to do it through the law courts, so they sneak in fair-use crippling measures by the back door.
I am NaN
It never ceases to amaze me how slashdotters can't see pas their own noses on things like DRM. There are people with legitimate security needs that don't give a rat's ass about your pirated copy of Brittany Spears. Keeping corporate proprietary info secure is a MUCH bigger deal than preventing you from watching pirated movies.
...).
If I *did* have a legitimate security need, I wouldn't trust this; it's almost certainly backdoored (because I can imagine certain law enforcement agencies could be quite pissed if it wasn't - imagine some criminal using TPM hardware to encrypt their data such that it's password-protected, can only be accessed on that computer with an untampered OS, and erases itself after three consecutive wrong passwords). And if it is, there's no guarantee that someone won't get access to the backdoor who you don't trust with your data (criminals, one of your competitors,
I konw, I'm a bad citizen, and I certainly don't smile now.
It's nice to know that the content industry now trusts my computer and lets it play its crappy movies. The problem is, I don't trust it anymore. I won't trust it with my data, I won't trust it with my files, I won't trust it with my time.
At least until I find a way to make MY computer MINE again.
Until now, I was a good citizen. I bought my music. I bought my movies. I bought my games. My reward was a rootkit, DVDs that don't play on my equipment and software that crippled my system.
Sorry, but I don't trust your computers. And I will do whatever it takes to make my computers mine again!
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
With DRM comes one problem for you as a company: You have to trust the DRM manufacturer completely. And I mean completely. They will not allow you to snoop into their protection mechanism. Trust it or get lost.
So would you, if you were a software company, trust Microsoft? Would you, if you were a mainboard manufacturer, trust Intel? Would you, if you were a chip producer, trust Infinion?
There are other ways to protect your intellectual property. Open Source encryption mechanisms, the source code of which you can read, audit and evaluate, and even adjust to your security needs.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Sarbox has had a very bad impact on businesses. Aside from the billions its drained out of the economy, it also places regulartory requirements to track data within a business and ensure proper controls are in place. This DRM is a way of accomplishing this. It helps with the audit trails of who accessed and modified the data in a way that non-repudiatable. CEO's, when they sign the financial statments, put their job and freedom on the line that the numbers are correct and traceable. Failure to do that ends them up in prison. Even if there is no wrongdoing. Sarbox assumes everyone is a crook and you have to prove you're not. Thanks Congress...
You don't need this to secure documents. There are already nice products like TrueCrypt available that let you encrypt a volume and even create hidden volumes within. If someone steals your PC or laptop, they get nothing but the hardware.
It's not entirely about DRM, though. I'd bet there are still more "features" we haven't been told about. If that system can track who reads a document, it can also be used to figure out who visited a web page or who originated an email. Count on it, that's what this is really about. Taking away the remaining shreds of anonimity that's left on the internet. There will likely be some upside to that. Stolen hardware will be easier to locate, as will trojaned spam bots. You'll be able to access software online with reasonable assurance that no one else can get to your stuff. But, overall, we're all going to get dicked.
And it will keep happening until those companies implement something like this and experience a giant decrease in sales. Like Sony and rootkit follies.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
For the most part, as large a community as Slashdot is, the number of people around here that don't like where all this stuff is going (myself included), and the positions most of us are in to influence tech decisions of those around us, my suggestion to defeat this, is simply to not use it. Keep copies of your older software. Keep that old machine in decent shape and on a shelf somewhere. Keep some spare parts around.
Pretty much anything you can do to create a hardware/software version freeze, so that when the shit really hits the fan on all of this, all you have to do is say "no thanks, I already have 'xyz' and it's working fine for me and i've made assurances that it will continue to work fine for me."
If you have a job at the moment, are you actually working or are they paying you to sit there and wait for the next round of upgrades?
In my mind, that's going to be the best way to defeat all of this stuff they are forcing on us. We need to take away their ability to force it on us.
I know wanting a faster processor is something we all want, but when I think about it, it hasn't really gotten all that much faster when you consider the OS's portion and how with almost every new speed bump, something is there to utilize that speed basically nullifying the benefeit it would have on your apps.
So, why upgrade at all? If windows 3.11 had thte ability to deal with large amounts of RAM and large HDD's think of just how fast it would run on our modern processors.
Basically what I'm getting at, is, empower ourselves to take the upgrade cycle out of their hands, because when everyone says "i'm happy with what i've got" then they have no market. Same for the **AA's as someone mentioned. Take away their audience. Since we are pretty sure they are making a killing from digital music and video, just don't watch it on your computer or device etc. Get a DVD player now. Keep it and use it. When nobody is buying their newer crippled stuff, they are going to start whining that nobody uses their computers for media and it's hurting their wallets, and we can just point and say "you said the opposite of that 'x' years ago."
It's definately not impossible to make these things happen on our terms. It's not even that hard. We just have to say we're not going to buy it or just be content working with what we have now.
More and more the computing industry is coming off as a racket. Every time I buy something digital I'm forced to pay for crap that I don't want. 6-in-1 card reader? Who gives a shit? Fingerprint sensor. I don't give a fuck. It's like buying a toaster with a built in Pez dispenser. Only, nowadays, you can't find a fucking toaster without the Pez dispenser.
WTF?
The one thats signed by the creator , that cant be removed, deleted or changed without the fingerprint of the creator. All its going to take is a a hundred or so companies having to buy 50 or so new thinkpads because they cant remove the trusted virus to cause a real big stink and forever doom trusted computing
I trust Microsoft as far as I could comfortably spit a dead rat
I find all this 'Trusted Computing' a bit too much to take in. Trust the computer but don't trust me? That sounds like a disaster waiting to happen.
1) So I create a Word document at work. I use my fingerprint to lock it down so no other can read it (I'll unlock it after the draft stage). My company moves me to another project just before it's finished and I die in a freak car accident the same afternoon.
What now? It's not like you can brute force the password as you can do now with Word documents. Thousands and thousands of pounds were spent on the document. More than all the chips inside the grey box are worth.
So what now? Someone please tell me.
2) I refuse to give my fingerprints over to my employer.
"Look boss, you can have 40 hours of my time a week at 100% effort but you're not having anything more from me. No blood, no sweat and no tears. That includes my fingerprints."
Will my employer sack me?
What about if I want my fingerprints back when I leave the company? Track down every document I've ever written to undo the fingerprint locks? I can imagine a phone call 6 months down the line asking me to pop-in for 5 minutes ($1m an hour for my fingerprint service btw boss).
3) We currently send documents over the internet that are worth hundreds of thousands of pounds to possible future tenderers. We use email. We might use PDF but there will be no security on it.
Are we going to change the way we work? No, no way. We don't even use Track Changes or Version Control on SharePoint.
Someone highup expects people to understand this Trusted Computer lark? It's not going to happen at my company (10,000 employees).
I see no benefit in any of this.
This post contains benzene, nitrosamines, formaldehyde and hydrogen cyanide.
The ability to tell who accessed a document and when would be good for hi security government documents, to tell who did what when to them.
Maybe for some industries with real sensitive data as well, but of little use to the average person, except to please the *AA's.