Trusted Or Treacherous Computing?

theodp writes "Just because Richard Stallman is paranoid doesn't mean Microsoft's not out to get you. For a hint about the possible end-game of Microsoft's Trusted Computing Initiative, check out the patent application published Thanksgiving Day for Trusted License Removal, in which Microsoft describes how to revoke rights to render based on 'who the user is, where the user is located, what type of computing device or other playback device the user is using, what rendering application is calling the copy protection system, the date, the time, etc.' So much for Microsoft's you-should-have-control assurances."

Re:Hands up, everyone who DIDN'T see this coming..

[argoff]

I saw it comming more than two years ago ... What DRM is REALLY REALLY REALLY about

Similar to 'certificate revocation'

[quiberon2]

We have had 'certificate revocation' schemes in things like Distributed Computing Environment for a while.

If you believe your password has been compromised, or your PIN had become known to someone else, then for 'high-value' systems you need to be able to administratively indicate that any 'authority to behave as you' is not to be believed any more.

The 'personal' computing market is splitting.

If you inflict this kind of feature on a lawyer, doctor, or engineer, who is trying to go about their professional work, you cause loss and damage and you get your product thrown out post-haste as unfit for purpose. Lawyer, doctor, and engineer have plenty of money and need the top-grade service.

If you give someone a cheap deal on a Star Wars DVD because of them being willing to accept the possibility that their permission to view it might disappear unexpectedly, then that's rather like having a 'standby list' of people who might or might not be able to get on a plane at cheap prices according as whether the plane fills up with full-price passengers.

"Treacherous" is, of course, the answer

[epp_b]

Of course it's "treacherous", not "trusted". It's about taking control away from the owner, the user; and giving it to a remote entity. Hasn't it always been?

Clear evidence of this comes to light when you think closely about the proposed "Owner Override" feature that would effectively disable an onboard TPM chip...or maybe not, depending on whether or not we're being lied to about that.

First off, if this feature is really everything we're told it is -- that it really disables the TPM chip -- then what is the entire point of this? To have software, music and video vendors build their content around a supposedly "unbreakable" remote control scheme in their power...only to be broken by a built-in flick-of-a-switch feature?

And if we are being lied to about "owner override", then it's clear there is something they want to maintain hidden from us.

Either way, it won't work. Somewhere on the motherboard, between the keyboard and the hard drive, if you will, data must be unencrypted. You just can't keep something that is exclusively mine and in my possession, a secret from me!

The technical specification of "owner"

[bitspotter]

The TCPA and TCG technical specifications define what it means to be an "owner" of a device, to "take ownership" of a device. The ability to revoke features on device like this if you, the consumer who purchased the device (the "owner" in the legal sense) is not really problematic. It's a useful feature, in case, eg, your device is stolen.

The problem , of course, comes when you buy or rent a Trusted Computing device from a vendor who has previously "taken ownership" of the device before your purchase, in the technical sense put forth in the spec. If you're renting it, then it's legally the property of the vendor, and they have every right to control of their property. But if you purchase a device outright, there's no excuse for a vendor to retain ownership in the technical sense if they have ceded it to you in the legal one. This is the Crux of all the "evil" potential that Trusted Computing has. If the consumer is the owner, there's not much vendors can do to be evil with it.

The features of Trusted Computing devices work, and they are genuinely useful - but they only serve the "owner" of the device. It is our responsibility to demand full ownership of our devices (and not to settle for "rented" equipment, in the technical sense or the legal one).

Re:Hands up, everyone who DIDN'T see this coming..

[deathy_epl+ccs]

Yes, since the user having the keys solves the problem. Not.

Surveys have shown that users are willing to give out their passwords for a piece of chocolate. Cars are Hijacked every day, and the user just gets out of the car leaving the keys to the attacker. I'm not saying that a TPM chip is the best way to solve the problem, but merely putting it in the users hands doesn't solve much of anything.

I think the real problem here is the lengthening of the digital divide. The people who would benefit from these features are the people who would hand out their password for a chocolate crisp. These people might have some to lose from Treacherous Computing, but not as much as those who are smart enough to know better.

I wonder if Microsoft is aware that they are driving away the technically savvy? Most of us who use Windows and have some tech savvy are the gamer audience and even though making the move back to running a Unix-derived OS of some sort will impact my primary use for my home computer, I am still starting to seriously plan for it. I wonder how many other gamers are thinking the same thing? I wonder if Microsoft has considered how much losing a big share of the gamer market will hurt them? It is my opinion that a significant chunk of the home market is Windows because that's what the games run on, and if game developers suddenly find it economical or desirable to port their games to different platforms, that could have a pretty significant impact on Microsoft's stranglehold on PC gaming.

Of course, I'm probably just a statistical anomaly, but I like to hope I'm not... heheheheh