Slashdot Mirror
Trusted Or Treacherous Computing?
theodp writes "Just because Richard Stallman is paranoid doesn't mean Microsoft's not out to get you. For a hint about the possible end-game of Microsoft's Trusted Computing Initiative, check out the patent application published Thanksgiving Day for Trusted License Removal, in which Microsoft describes how to revoke rights to render based on 'who the user is, where the user is located, what type of computing device or other playback device the user is using, what rendering application is calling the copy protection system, the date, the time, etc.' So much for Microsoft's you-should-have-control assurances."
Anyone who has ever believed that Microsoft is genuinely on the consumer's side in any kind of licensing question is so naive they shouldn't be allowed out of the house without a minder.
-- Old Man Kensey
Since my laptop was stolen about five months ago I can appreciate the qualities of a system which could be used to at least cripple hardware which was stolen or otherwise suspect.
As a realist, though, I cannot possibly trust that a large organization could implement this properly without willingly abusing it or unwillingly fscking it up.
the NPG electrode was replaced with carbon blac
I think that, like many things, the reasons behind these ideas are well intentioned, but can be used for evil if not policed.
There are a lot of good reasons to do the things Microsoft proposes. Stolen laptops, Malware, Leaked confidential information (think patient records, social security numbers, etc..). The problem is, of course, that most such technologies cut both ways.
If you need web hosting, you could do worse than here
I saw it comming more than two years ago ...
What DRM is REALLY REALLY REALLY about
Or maybe it's just a way for them to manage licenses? Like you purchase a license to view a movie. They send you the .WMV and the license to view the file. You upgrade your computer and want to migrate all your purchases to the new machine. So you request to remove the license from the current system.
Maybe someone should read the patent in question?
If you believe your password has been compromised, or your PIN had become known to someone else, then for 'high-value' systems you need to be able to administratively indicate that any 'authority to behave as you' is not to be believed any more.
The 'personal' computing market is splitting.
If you inflict this kind of feature on a lawyer, doctor, or engineer, who is trying to go about their professional work, you cause loss and damage and you get your product thrown out post-haste as unfit for purpose. Lawyer, doctor, and engineer have plenty of money and need the top-grade service.
If you give someone a cheap deal on a Star Wars DVD because of them being willing to accept the possibility that their permission to view it might disappear unexpectedly, then that's rather like having a 'standby list' of people who might or might not be able to get on a plane at cheap prices according as whether the plane fills up with full-price passengers.
It stops anyone else from trying it.
If my call is important, why am I talking to a recording?
Sorry, but I happen to think that's crap. Much like the government, whenever a controversial law/license is proposed, and its supporters, when confronted with an egregious abuse it would permit, use a phrase along the lines of 'Perhaps in theory, but the law would never be applied in that way' - they're LYING. They intend to use the law that way as early and as often as possible.
Those situations would fall under the jurisdiction of law enforcement, not Microsoft.
...Rob
The American Dream isn't an SUV and a house in the suburbs; it's Don't Tread On Me.
Since when is Richard Stallman paranoid?
I suffer from attention surplus disorder.
If you want to protect the user, you give the keys to the user (or let him chose them). No encription that hides the keys from you is there for your benefit.
Rethinking email
Those situations would fall under the jurisdiction of law enforcement, not Microsoft.
Once Billy Boy is President, they will be one and the same....
"Every great cause begins as a movement, becomes a business, and eventually degenerates into a racket." -- Eric Hoffer
Of course it's "treacherous", not "trusted". It's about taking control away from the owner, the user; and giving it to a remote entity. Hasn't it always been?
Clear evidence of this comes to light when you think closely about the proposed "Owner Override" feature that would effectively disable an onboard TPM chip...or maybe not, depending on whether or not we're being lied to about that.
First off, if this feature is really everything we're told it is -- that it really disables the TPM chip -- then what is the entire point of this? To have software, music and video vendors build their content around a supposedly "unbreakable" remote control scheme in their power...only to be broken by a built-in flick-of-a-switch feature?
And if we are being lied to about "owner override", then it's clear there is something they want to maintain hidden from us.
Either way, it won't work. Somewhere on the motherboard, between the keyboard and the hard drive, if you will, data must be unencrypted. You just can't keep something that is exclusively mine and in my possession, a secret from me!
microsoft aren't a public institution subject to control by the people, thats what.
If you mod me down, I will become more powerful than you can imagine....
Stallman is not a paranoid. He is a cynic, and an accurate one. He merely rips away all the happytalk and states the problem in stark terms. That's not paranoia, which is a loaded term come to be used by PR masters to smear opponents. That and "conspiracy theorist".
Stallman and I are old enough to remember how Microsoft has comported itself for a quarter century. They are consistent liars and cheats, and pointing this out is just a service to the yunguns who don't even remember MS criminally falsifying video evidence -- and getting caught red-handed, too -- at the monopoly trial. IF you or I had done that, we'd still be in federal prison. MS just had a president dump their criminality into the shredder, and then made even more monopoly money.
They perform no action idly. They've a plan, and it involves killing competition and keeping all the money in the world for themselves. It's a mission statement.
Not only are they not under control of the public, they are also not subject to any form of auditing. If MS wants to play policeman, they will need an Internal Affairs Department that can bust them for pulling stupid shite like this. "Power tends to corrupt, and absolute power corrupts absolutely. Great men are almost always bad men."
~Lord Acton
I may be redundant here, but the EFF article looks great. It is long though, but I just want to post this to encourage you reading it all. It may prevent a couple of misconceptions. (it did for me)
And for the record, Richard Stallman is very good at foreseeing problems way before other people, but that does not make him paranoid, just foresightful.
We don't see the world as it is, we see it as we are.
-- Anais Nin
The TCPA and TCG technical specifications define what it means to be an "owner" of a device, to "take ownership" of a device. The ability to revoke features on device like this if you, the consumer who purchased the device (the "owner" in the legal sense) is not really problematic. It's a useful feature, in case, eg, your device is stolen.
The problem , of course, comes when you buy or rent a Trusted Computing device from a vendor who has previously "taken ownership" of the device before your purchase, in the technical sense put forth in the spec. If you're renting it, then it's legally the property of the vendor, and they have every right to control of their property. But if you purchase a device outright, there's no excuse for a vendor to retain ownership in the technical sense if they have ceded it to you in the legal one. This is the Crux of all the "evil" potential that Trusted Computing has. If the consumer is the owner, there's not much vendors can do to be evil with it.
The features of Trusted Computing devices work, and they are genuinely useful - but they only serve the "owner" of the device. It is our responsibility to demand full ownership of our devices (and not to settle for "rented" equipment, in the technical sense or the legal one).
In all honesty, this dude might be a professional paranoiac with an easily google-able catchphrase, but you are a fool, a knave, a liar, and an enemy of liberty everywhere.\
Anyone who knows jack or shit about law enforcement knows that they can, do, and will use every law and tactic available to prosecute whoever they think are the "bad guys".
And that's not a slag on law enforcement - that's called "doing their jobs". Obviously, they can get overzealous. And do. And will.
The point is that you give people power, and they will abuse it to the degree they are permitted . That's why Arlo Guthrie got busted for littering (when his real crime was being a dirty hippy), that's why Al Capone got nailed for tax evasion, that's why the Patriot act leads to waitresses on a plane thinking they can kick off breast-feeding mothers just because they feel like it, that's why we've got another 20 years of releasing the falsely convicted based on DNA evidence (too late for the wrongly executed), and it's why your flip attitude is functionally equivalent to saying "exterminate the jews? go ahead - if the authorities are against them, they must have done something!".
And so anything - a new law, a new technical system - that isn't done with an eye to how it could be abused, well, it's foolish and ignorant and entirely predictable, and predictably the people who mean to fuck over everyone ignore these things as plainly as can be.
You really need to study American history again if you don't get this shit by now. Our founding fathers understood this stuff, and that's why "checks and balances" are a part of our government (2000-2006 excepted). You know that scence in Pulp Fiction with the multi-way Mexican Standoff? That's how the US government is supposed to work; go too far, and you'll get blown away, because you can't take out all the other dudes.
Expanding a vast wasteland since 1996.
Surveys have shown that users are willing to give out their passwords for a piece of chocolate. Cars are Hijacked every day, and the user just gets out of the car leaving the keys to the attacker. I'm not saying that a TPM chip is the best way to solve the problem, but merely putting it in the users hands doesn't solve much of anything.
I think the real problem here is the lengthening of the digital divide. The people who would benefit from these features are the people who would hand out their password for a chocolate crisp. These people might have some to lose from Treacherous Computing, but not as much as those who are smart enough to know better.
I wonder if Microsoft is aware that they are driving away the technically savvy? Most of us who use Windows and have some tech savvy are the gamer audience and even though making the move back to running a Unix-derived OS of some sort will impact my primary use for my home computer, I am still starting to seriously plan for it. I wonder how many other gamers are thinking the same thing? I wonder if Microsoft has considered how much losing a big share of the gamer market will hurt them? It is my opinion that a significant chunk of the home market is Windows because that's what the games run on, and if game developers suddenly find it economical or desirable to port their games to different platforms, that could have a pretty significant impact on Microsoft's stranglehold on PC gaming.
Of course, I'm probably just a statistical anomaly, but I like to hope I'm not... heheheheh
It's worse than you imagine. There is no clear policy on who will obtain the master keys for Palladium or Trusted Computing signature authorities: as things stand, Microsoft will own and sell such authorities. New software signatures must be purchased. This effectively grants Microsoft tremendous access to other company's, or person's trusted keys, and makes installing your own personally created keys prohibitively difficult.
This also provides BIOS and booatable hardware DRM, in order to control over booting systems. While such is good from a security standpoint, it means that with very trivial changes in hardware such as DRM-managed CD and DVD and USB devices, nothing other than a host-designated, signed Windows operating system will be able to boot the machine enough to install new keys and install a new OS. While the designer of such technologies may not envision such abuse, it's certainly within Microsoft's history of anti-competitive behavior to do this.
Microsoft's ultimate goal is to have code in their products that allows it to intelligently deal with anything Microsoft might see as a threat. For example, if it saw evidence that it was in a virtual machine (ex The Matrix) it could freak out and retaliate. Retaliation could be anything from an error dialog to a grind-to-a-halt command that can only be undone if the user upgrades.
Think about it. It would be like having a Microsoft board member sitting inside of your computer! The best part is that he can phone home whenever he wishes, to be updated.
Windows 98 was easy to pirate and hack.
Windows XP was a little more difficult to pirate, but about the same to hack. The protections in place caused a large annoyance to those that bought the software legally. And that was BEFORE the WGA shit.
Windows Vista will be more difficult to pirate/hack, but I GUARANTEE that it will be. Of course, the legal end user will suffer the most damage, as usual.
I fucking loathe the day that mod chips become necessary to actually be in control of your own computer.
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
With all of the lock down that they have?
*You can only use our phones
*You must pay for a data plan to the get discount on that phone
*You can only use apps that you buy at our store
*Our phones are locked to our network
*We force updates on to you
*We lock out things on your phone to force you to use our network to use them
aka get photos off of the phone
*We have a download limit on our unlimited data plan
and so on?
This whole saga has been the final straw for me. I have kept a working install of Linux or BSD for several years, but always needed Windows for something. No more. I have rebuilt my system and shifted to Linux for all home computing. I have always wanted to switch, but never got around to solving each of the minor speed bumps that came along. It was just easier to boot Windows and do what I needed to do. When I wanted to play, I would boot Linux and tinker away. No more. I am completely switched and have remained Windows free for a month. Learning to use Linux and the accompanying applications takes time, not because it is hard, because it is different.
Thank you, Microsoft. You have scared me with the latest blatant attempt to derail open source by dividing the community. The increased presence of DRM in Windows gives me chills, I don't think I can control my own data when you keep the keys to my computer. I don't call Chevrolet for permission to drive to work, I'll be damned if I need your permission to access my own data. Here is the summary, you are fired! Don't worry about pirate protection, trust me, I won't bother. I think I can find the energy (and community support) to solve my remaining migration issues.
To quote a co-worker, "technical solutions to non technical problems will only lead to insanity."
Malware, stolen laptops and confidential information being leaked are not technical problems. They're social problems. Stop keeping confidential information in places where it can be leaked (i.e. on employees' laptops) and these problems go away. A technical solution is not called for.
Point of order: that is false. Surveys have shown that users were willing to give out things that they claimed were their passwords for a piece of chocolate.
Perhaps a little-known law called the Computer Fraud and Abuse Act of 1986 (18 USC 1030), reasonable or not, defines malware as illegal.
Granted, the enforcability of this law, just like any U.S. law, tends to stop at the border, so no a Romanian script-kiddie isn't going to be dragged into a California courtroom, and he won't be dragged into any Romanian courtroom either unless writing malware's a crime in Romania as well.
It must be Windows. It needs half a gig of RAM and a hardware-accelerated graphics card just to run Solitaire.
Encryption was moved from the Munitions list to the Commerce list in 1996 "because of the increasingly widespread use of encryption products for the legitimate protection of the privacy of data and communications in nonmilitary contexts"
. htm
"November 15, 1996: Encryption products that presently are or would be designated in Category XIII of the United States Munitions List and regulated by the Department of State pursuant to the Arms Export Control Act (22 U.S.C. 2778 et seq.) shall be transferred to the Commerce Control List,"
http://www.fas.org/irp/offdocs/eo_crypt_9611_memo
There is nothing actually wrong with Microsoft producing the tools. What is wrong is for Microsoft to use the tools. They should be producing the tools for use by law enforcement. Other companies and industries design and make tools for law enforcement to use, and do not use them themselves to enforce the law. So why should Microsoft not do the same rather than acting as vigilantes and taking the law into their own hands?
I completely agree with the parent. I am that old too - but it took some time. Actually I remained a cluelessly happy MS user until having to compile and teach a course on various IT issues including its history (was back in 2000). Digging into the books and websites for course materials, I unearthed so much stinky stuff about a certain corporation and their typical practices that it made me sick. Thankfully, in those days Stardivision released their StarOffice 5.1 and 5.2 which along with Mandrake (6.1?) gave me a mostly working platform for academic office needs. Since then it has been Linux for me.
But the real problem is IMHO still the champignon syndrome (kept in dark, fed on shit) of normal, ordinary people (not to say this is unique to IT - happens elsewhere too). As long as the typical Joe/Jane Sixpack does not care, things like this will go on. This is universal - people who are well-educated and smart otherwise are equally clueless in this matter (e.g. it has been a big news for many of them that you should not use your XP without password and in admin mode).
Quoting a popular movie: blue or red pill?