DRM Based on Trusted Computing Chips

An anonymous reader writes "We've always know that Trusted Computing is really about DRM, but computer makers always denied it. Now that their Trusted Computing chips are standard on most new PCs, they've decided to come clean. According to Information Week, Lenovo has demonstrated a Thinkpad with built-in Microsoft and Adobe DRM that uses a Trusted Computing chip with a fingerprint sensor. Even worse: 'The system is also aimed at tracking who reads a document and when, because the chip can report back every access attempt. If you access the file, your fingerprint is recorded.'"

Biased article?

[Dibblah]

Oh, come on. Drop the bias. This is technology aimed towards businesses. People who have truly sensitive information and need to be able to track who sees it. It's not targetted at warez-kiddies, movie downloaders or porn magnets. Sure, it will be used in that capacity sooner or later, but the hardware manufacturers are responding to a perceived customer requirement.

Re:Biased article?

[Roachgod]

Its not biased, its true. When trusted computing was announced it was to 'foil malware'. Now it has been switched to 'foil owner's use of own property'. Realistically, every company is going to demand this feature to lock down their software on user PCs and to try and make piracy stop completely. For a while, this will seem reasonable, but then it will inevitably be abused. Forced upgrades and time outs that can't be undone or reset come to mind. And once software demands it, people (like myself) that use older equipment will be forced to upgrade to the new hardware in order to use the new software, even if the old hardware is 'powerful' enough to run said software adequately. Its really just a cash out for the assorted industries at the user's expense.

So, while the current incarnation may seem ok, things are only a few steps from being really bad and invasive. Couple this with the DMCA, and half the things we take for granted with computers now could be taken away, and it will be illegal to 'break' things to get those abilities back.

Re:Biased article?

[KitFox]

But if you run a business, and made the choice to use WordPerfect, or even a freeware Linux application, would you want to be FORCED to purchase MS Word to read a document that another company sends you? Not only that, but they intend to lock out the capabilityt o export (No Copy/Paste, etc), so you need to buy Word for EVERYBODY who needs to read the document.

Now comes interesting Tidbit Number two...
The article mentions "My fingerprint results in Access Denied, but the person who wrote it gets into the [document]." Right... So what if they want ME to be able to get in, but not my coworker? How do they acquire MY credentials to allow me in? How secure is this acquisition? Already things like PK Encryption require chains of custody and KNOWN Public Keys to have the proper security. When you get into the extremely-high levels of security, it gets somewhat complex. But now there is a certificate associated with my fingerprint?

Overall, while they claim "Makes it easier", from a security standpoint, I actually see a lot of room for complication, error, and massive breaches of security. And as the article points out: Do you REALLY trust Microsoft to not have security holes? One "Oops" and suddenly the document that you need -ME- to be able to read is not at all accessible by me, but who knows who instead.

And what kind of "Oops" does it take? Gee... Spoofed email of a Public Key maybe? Social Engineering of a phone call to claim to be me, and give them a false cert fingerprint? And of course if I use Linux, I'm {censored} out of luck. If Linux will even RUN on the systems anymore, since Microsoft doesn't sign it to be trusted.

Re:Biased article?

[mshiltonj]

the hardware manufacturers are responding to a perceived customer requirement.

I don't believe that for a second. They are responding to arm-twisting by Microsoft and Adobe (,etc.) and working *against* customer interests. Consumers have no interest in DRM at all. The question on manufactures' minds is how much DRM they can shove down consumers' throats before they balk and stop buying. They are counting on consumers being either too ignorant or too passive or too apathetic -- until it's too late.

Re:Biased article?

[ozmanjusri]

After all, if nobody did this and only did fair use copying, the companies wouldn't give a rat's ass.

Bullshit they wouldn't. The software companies realise they have a product that never gets old, never wears out and will perform the task it was purchased to do until hell freezes over unless they find a way of breaking it. Software companies have been trying to find ways of making software wear out for decades so they can rake a continuous income from their customers the way other manufacturers do. They use product activation to tie the non-wearing software to the fragile hardware for example, but their customers hate them for it.

The customer wants to buy a tool and use it forever, or until they no longer have a use for it, whichever comes first. We know damn well when they're being scammed, and want nothing to do with this license once and pay forever crap. We've tolerated buying the same product over and over again because we accepted we were paying for new features and improvements.

The cost of production of each copy of a program is nil, so the only controllable cost variable for a producer of software is the cost of development, the development of those features and improvements we've been paying for. If they can get away with using this DRM garbage to artificially obsolete programs, they won't need to keep improving the software, they'll have their continuous income without the cost of development. Say goodbye to software innovation.

Re:Biased article?

[Znork]

"This advances technology as well as culture much faster than it otherwise would."

Yep, that's what is quickly becoming the worlds most parrotted unsubstantiated claim, with more and more indications, ranging from the rapid ascendance of opensource through the economic rules of free market competition, suggesting that it's blatantly false.

I suggest that competition, communications and the free exchange of ideas drive the advance of science, technology and the arts. I suggest that intellectual monopoly legislation not only does not serve its purpose, it actively slows the advance down through removing competetive pressure and the introduction of barriers for information combination.

Re:Biased article?

[NemoX]

The ***only*** reason consumers aren't screaming about this yet is because they don't know it exists, nor how it is incompatable with their expectations about what it means to 'buy' something.

By saying "yet", you imply that you believe people will start screaming about it, at some point. I think you give way too much trust in that the general public is actually educated enough to differentiate between propoganda and the truth. I think they will be fed some load of crap about hackers, and theives and such. Then the media will help by putting a bunch of it in the news in a timely manner, and all the people will be like "wow there's a lot of that going on, I understand" then they'll say my favorite line "...besides, I have nothing to hide, I'm not a theif or a hacker" (which is equivilant to what pastor Martin Niemoller is known for saying). Then they will be forced to pay annual fees and all that nonsense, and continually be told new reasons "why" they have to pay more and more, and the general public will just eat it because, the majority of people are just plain stupid.

First they came for the [hackers] and I did not speak out -- because I was not a [hacker].
Then they came for the [music and movie theives] and I did not speak out -- because I [never stole music or movies].
Then they came for the [software pirates] and I did not speak out -- because I was not a [software pirate].
Then they came for me -- and by then there was no one left to speak out for me.
(Attributed to Pastor Martin Niemöller, German priest during WWII as the Nazis took everyone away to the camps)

Oh no, I can hear them cry

[thegrassyknowl]

This and the plan to put a camera in every house...

What next?

I would sell my soul for total control over you. Or something like that. What has come of the world that corporate greed has taken over from the free harmonious society? I would love to say everyone will just scrap computers and move onto other ventures (like going outside) but that is the Utopian view. In reality the Orwellian scenario us coming upon us. It won't be long now people.

What is sad about this is they are touting the "legitimite" uses of making sure software is unmodified and doesn't contain root kits and protecting sensitive data from attackers. I find it funny that SHA1SUM and gpg --checksig tells me when my download isn't what the author intended. Cryptoloop (and a tonne of other software) keeps my files highly secure and safe from prying eyes even if they do steal my disks.

There are no legitimite uses for this technology that can't already be accomplished today. There are only evil uses!

Re:Oh no, I can hear them cry

IBM, Dell etc. are not the evil ones here, neither is MS. Its the *AAs who don't care about destroying the universal computer.

Oh god, you are so fucking wrong it actually hurts to read this.

DRM is all about controlling applications -- music and video are just the high-profile stuff. Applications spread/use data, if you are going to control data, you must control applications. TCPA hardware decides which code gets to run, and what it can access... and it does it behind walls of encryption to ensure that *you* can't see what is executing. IBM, Dell etc etc all have massive hard-ons for this hardware because *THEY WILL CONTROL WHAT YOU DO WITH YOUR PC*. They will broker the CPU, memory, hard disc, sound/gfx card on your machine to the RIAA/MPAA members, or just anyone they feel like. You will have no say in the matter. They can install software on your computer without you ever knowing about it, and you will not be able to remove it or disable any undesirable features because your computer will not be "trusted" anymore.

In addition, it will allow them to take GPLed software like the Linux kernel and make it de facto proprietary... simply because the hardware will not "trust" the binary unless it is signed by Dell/Intel/IBM etc etc. So your GPL source is worthless in that world -- you can't modify it... hell, you can't even recompile it yourself without modification, because the result won't work as it did.

Re:Oh no, I can hear them cry

[Shanep]

What next?

Open Hardware to go with our Open Source Software?

I imagine the smaller hardware shops like Soekris will become more popular and be able to ramp up production, become cheaper and more viable. I realise that Soekris make stuff for embedded and router type hardware, but surely there will always be desktop and laptop machines available without built in DRM?

Hmm, maybe some motherboards put out with some powerful FPGA's for the CPU and maybe some other parts for controllers and graphics.

Surely the people can take the power back!

Re:Oh no, I can hear them cry

[MooUK]

"In addition, it will allow them to take GPLed software like the Linux kernel and make it de facto proprietary... simply because the hardware will not "trust" the binary unless it is signed by Dell/Intel/IBM etc etc. So your GPL source is worthless in that world -- you can't modify it... hell, you can't even recompile it yourself without modification, because the result won't work as it did."

And now we see why v3 of the GPL has provisions to prevent this.

*THIS* is what FOSS is all about.

[bennomatic]

Free is as much about the principle as the price. GIMP really isn't a photoshop substitute, but if I had to offer up my thumb every time I was about to use Photoshop, I wouldn't. I refuse to work that way; I'd rather use lesser-quality tools than be monitored and have each use of the software I've licensed be tracked with as much dilligence as a mortgage contract signature...

Re:*THIS* is what FOSS is all about.

[Rosco+P.+Coltrane]

I'd rather use lesser-quality tools than be monitored and have each use of the software I've licensed be tracked

You won't even be able to use your OSS tools on a "trusted computing" platform. That's the whole point.

This new scheme is aimed explicitely at locking out any software from vendors that don't lick the RIAA/MPAA's collective bottoms.

Re:*THIS* is what FOSS is all about.

[Stan+Vassilev]

"Free is as much about the principle as the price. GIMP really isn't a photoshop substitute, but if I had to offer up my thumb every time I was about to use Photoshop, I wouldn't. I refuse to work that way"

Somehow, million of people don't refuse this way and put themselves to authorisation and authentication ("genuine advantage") procedures, product activation and "calling home" on startup.

So you may not, but the business doesn't care about you, you're a minority.

Re:*THIS* is what FOSS is all about.

[mrchaotica]

Somehow, million of people don't refuse this way and put themselves to authorisation and authentication ("genuine advantage") procedures, product activation and "calling home" on startup.

Did anybody else munge that together into "authoritarian," like I did?

getting out of computing?

[CAIMLAS]

Is it just me, or is anyone else thinking, "The way the industry is going towards Orwellian dystopian dreams, I might just want to get out of computing"?

Pulling the plug

[Ryvar]

Ultimately I think a lot of this DRM technology - specifically remote attestation - is going to result in me changing my habits in one minor regard - I'll be putting the wireless router on top of my desk, rather than under, with the ports facing me so I can easily unplug my computer. In the majority of cases, problem solved.

--Ryvar

Trusted Computing == Untrustful Customers

[layer3switch]

Trust goes both ways. Software and hardware industry now keep treating software and hardware for consumers as if it's a privilage to buy, and assumes that none of customers can be trusted as owners of a product.

I'm just disgusted that companies are putting on a smile and trying to gain consumers' "trust," yet none trusts consumers. However when consumers do not trust companies by removing DRM, consumers quickly become criminals, and are called pirates and thieves. While companies abuse the consumers' trust and play market share or monopoly or pricing/licensing games, companies are just looking out for the economy/artists/share holder's best interest.

There is no such thing as "trusted" computing. No one trust anyone here. This shouldn't be called "trusted computing." This should be called "Untrustful Consumers Computing."

Ah! I see a new profitable market! Fake Thumbs!

[maillemaker]

How long until you can buy a fake thumb with Elvis Presley's print on it? :)

Steve

Re:What about the customer?

[Plunky]

Wait a minute. I forgot. Or maybe I just never heard it explained right. Exactly how does this benefit the customer? How is nearly perfect DRM coupled with remote reporting of your access something consumers have asked for?

Bingo!

The customers and the consumers are not the same. The customer is the corporation who wants to lock up its data. The consumer is the person to whom the corporation wishes to grant access to that data.

Yes, lots of consumers are also customers of the hardware manufacturers but the corporations are larger customers and their voice is louder. If you dont want this stuff in a computer that you are buying then you need to let those manufacturers know about it. Buy something else and send them a copy of the receipt with a note explaining why you didnt buy their hardware.

I truly hate this crap, the companies will pay!

[MindPrison]

I really hate the way DRM and hardware DRM now gets fully integrated into our own lawfully purchased computers.

I have the right to use my computer to whatever I feel like and it is of no concern to anyone but me. If the companies disagrees with this they can take a hike for all that I care.

All this will contribute to - is to further alienate Linux and users of alternate operating systems and demean our hard efforts to get legal DVD-playback software etc. for our chosen platforms. I am so put down by this Ill probably never run anything with DRM on it again just for the opposition of it. I will not purchase DRM enabled mp3-players, I will NOT purchase DRM harddisks or any hardware with DRM on it.

If I am forced to do it because of the fact that every hardware producer is forced by Microsoft to do so... I will do anything I can in my power to make sure that my system will be rid of such hardware, modding, jacking, compiling - I really dont care. Its my hardware and NO one shall take that right away from me! No one shall control my software or my computers or what I will be doing with them.

I fully and completely agree with the companies about piracy, I dont support piracy in any way. That said - I also support my own freedom to chose, and past experience shows us that businesses will always do whats best for them FIRST before the customers, the customers are just milking-cows to them - which is fair enough if you give us what we pay for. When you decide to mess with our hardware and deprecate our already paid for services and hardware - then I am putting my foot down and say - Enough already!

All this will probably further feed a grassroot "linux-like" organization that will form an alternate OS that will NOT conform to DRM - even if by law (god forbid it goes that far). DRM and control of customers hardware is a CRIME against the public!

Re:I truly hate this crap, the companies will pay!

[MindPrison]

But there is nothing UNlawful about putting DRM into every product.

You couldnt be more wrong even if you intended to (no offence). If the products are capable of putting outside powers to control your own purchased product - then that in itself is wrong. We create the law, if we find something sinister to what corporate does to us - we protest, such is the way of democracy.

Take the Recent Sony battle as an example on how good
intentions (for themselves) could go horribly wrong.

There are plenty of things that you are not allowed to do with your computer by the law. You are not allowed to crack into other computers (either with intent to steal or for learning something new.) You are not allowed to say, download child-porn, etc.

I think that kind of goes without saying, I assumed that you - the reader - know how to follow the law. You have knifes to cut your food but you could potentially KILL someone with it, but of course most of us will never do that. So your point falls to the ground with a boom. I do however believe that in order to fight cybercrimes - better investigation software, filters etc. are better tools for protecting each other, and not the very least...better education rather than enforcement.

You think you have some kind of a natural right, to be sold computer hardware without built in DRM? Nope, you do not.

Im starting to believe that Im falling victim to a TROLL here...Of course we all have a NATURAL right to be sold any products without whatever we dont want - we are the customers - we have the money. Duh!

You are going to spend all of your time cracking your hardware and software? It is going to be very time consuming, if at all possible.

*cough* Linux *cough* GPL...hello, where have you been the last 10 years? Under a rock? We have plenty of free alternatives programmed by ourselves and our GPL friends in our spare time. This is all about the freedom of controlling our own hardware / software. No need for cracking of any kind.

Companies are going to pay? No. Companies are going to get paid better now.
How can you be so sure? You are assuming everyone is a pirate. Guess what? There are thousands, if not - millions of alternatives to everything you can buy - largely thanks to the effective communication of the internet. Do I need to buy the latest hit from Madonna? Do I need the collective hits of Michael Jackson? No - At least not me.... I do just fine with thousands of remakes and independent music made by independent artists who have placed their music in the open and free for everyone (LEGALLY mind you) from their own bedroom or garage band, there are more quality alternatives than you might think.

Same goes for software really... I have made a living out of using Blender 3D software, the Gimp and much more to produce high end advertising, packaging art etc. All free - legal - alternatives. No use being blinded by what someone WANTS you to do, there are other ways.

And as for Companies getting better paid after DRM? I dont think so. here is why: Remember the radio days? People used to exchange tunes they listen to on the radio on tapes etc. and finally sales boomed because people wanted the real thing on vinyl (or later ...cds). The music industry have NO clue if they could earn less or more with less exchange of MP3s on the net, they just think they could - but there are countless articles FOR and AGAINST this all over - in an endless debate.

To cut it out in carboard paper why I think Hardware DRM is wrong:

- The ability of any corporate to control your computer are borderline dictatorship. No corporate in a democracy are allowed to breach your privacy - for ANY reason - period!

- No company with money as the no.1 priority have the rights
to decide what you shall read, use, develop, sell, give, share unless its their own product. Initially DRM is made to protect their property which in itself is fair enough - until YOU the CUSTOMER are made to pay for the chip or FORCED to have such a chip installed in YOUR paid for computer, then it all goes wrong!

Re:Amazingly shortsighted

[Phil+John]

Keeping corporate proprietary info secure

Or, keeping an internal memo that reveals the company has broken laws etc. secret. DRM of this kind (and on emails, something else they want to implement) makes it very difficult for whistleblowers to collect evidence and expose a company that should rightly be exposed.

The effects of DRM are certainly chilling. Also, as far as trade secrets go, there are laws designed to protect those. DRM will only ever be (ab)used to hide things that shouldn't be hidden and to strip away fair use rights. The media companies weren't able to do it through the law courts, so they sneak in fair-use crippling measures by the back door.

Re:Amazingly shortsighted

[makomk]

It never ceases to amaze me how slashdotters can't see pas their own noses on things like DRM. There are people with legitimate security needs that don't give a rat's ass about your pirated copy of Brittany Spears. Keeping corporate proprietary info secure is a MUCH bigger deal than preventing you from watching pirated movies.

If I *did* have a legitimate security need, I wouldn't trust this; it's almost certainly backdoored (because I can imagine certain law enforcement agencies could be quite pissed if it wasn't - imagine some criminal using TPM hardware to encrypt their data such that it's password-protected, can only be accessed on that computer with an untampered OS, and erases itself after three consecutive wrong passwords). And if it is, there's no guarantee that someone won't get access to the backdoor who you don't trust with your data (criminals, one of your competitors, ...).

I don't trust my computer

[Opportunist]

I konw, I'm a bad citizen, and I certainly don't smile now.

It's nice to know that the content industry now trusts my computer and lets it play its crappy movies. The problem is, I don't trust it anymore. I won't trust it with my data, I won't trust it with my files, I won't trust it with my time.

At least until I find a way to make MY computer MINE again.

Until now, I was a good citizen. I bought my music. I bought my movies. I bought my games. My reward was a rootkit, DVDs that don't play on my equipment and software that crippled my system.

Sorry, but I don't trust your computers. And I will do whatever it takes to make my computers mine again!

Other and better ways to protect your stuff exist

[Opportunist]

With DRM comes one problem for you as a company: You have to trust the DRM manufacturer completely. And I mean completely. They will not allow you to snoop into their protection mechanism. Trust it or get lost.

So would you, if you were a software company, trust Microsoft? Would you, if you were a mainboard manufacturer, trust Intel? Would you, if you were a chip producer, trust Infinion?

There are other ways to protect your intellectual property. Open Source encryption mechanisms, the source code of which you can read, audit and evaluate, and even adjust to your security needs.

Re:I have one...

More and more the computing industry is coming off as a racket. Every time I buy something digital I'm forced to pay for crap that I don't want. 6-in-1 card reader? Who gives a shit? Fingerprint sensor. I don't give a fuck. It's like buying a toaster with a built in Pez dispenser. Only, nowadays, you can't find a fucking toaster without the Pez dispenser.

WTF?

I cant wait for the first Trusted Virus!

[Kilz]

The one thats signed by the creator , that cant be removed, deleted or changed without the fingerprint of the creator. All its going to take is a a hundred or so companies having to buy 50 or so new thinkpads because they cant remove the trusted virus to cause a real big stink and forever doom trusted computing