A Critical Look at Trusted Computing

mod12 writes "After just attending a two-week summer program on the theoretical foundations of security (one of the speakers was from Microsoft research), I have been interested in trying to find out if the "trusted computing" initiative was still alive. I got my answer today in the New York Times from an article that was fortunately rather critical of the concept."

Re:non DRM computers?

[I Want GNU!]

I misspoke--I meant that they surely would prefer computers that aren't controlled by the manufacturers after the sale.

Article Text (For those who don't want to reg.)

[Anonymous Coward]

SAN FRANCISCO, June 29 -- Your next personal computer may well come with its own digital chaperon.

As PC makers prepare a new generation of desktop computers with built-in hardware controls to protect data and digital entertainment from illegal copying, the industry is also promising to keep information safe from tampering and help users avoid troublemakers in cyberspace.

Silicon Valley -- led by Microsoft and Intel -- calls the concept "trusted computing." The companies, joined by I.B.M., Hewlett-Packard, Advanced Micro Devices and others, argue that the new systems are necessary to protect entertainment content as well as safeguard corporate data and personal privacy against identity theft. Without such built-in controls, they say, Hollywood and the music business will refuse to make their products available online.

But by entwining PC software and data in an impenetrable layer of encryption, critics argue, the companies may be destroying the very openness that has been at the heart of computing in the three decades since the PC was introduced. There are simpler, less intrusive ways to prevent illicit file swapping over the Internet, they say, than girding software in so much armor that new types of programs from upstart companies may have trouble working with it.

"This will kill innovation," said Ross Anderson, a computer security expert at Cambridge University, who is organizing opposition to the industry plans. "They're doing this to increase customer lock-in. It will mean that fewer software businesses succeed and those who do succeed will be large companies."

Critics complain that the mainstream computer hardware and software designers, under pressure from Hollywood, are turning the PC into something that would resemble video game players, cable TV and cellphones, with manufacturers or service providers in control of which applications run on their systems.

In the new encrypted computing world, even the most mundane word-processing document or e-mail message would be accompanied by a software security guard controlling who can view it, where it can be sent and even when it will be erased. Also, the secure PC is specifically intended to protect digital movies and music from online piracy.

But while beneficial to the entertainment industry and corporate operations, the new systems will not necessarily be immune to computer viruses or unwanted spam e-mail messages, the two most severe irritants to PC users.

"Microsoft's use of the term `trusted computing' is a great piece of doublespeak," said Dan Sokol, a computer engineer based in San Jose, Calif., who was one of the original members of the Homebrew Computing Club, the pioneering PC group. "What they're really saying is, `We don't trust you, the user of this computer.' "

The advocates of trusted computing argue that the new technology is absolutely necessary to protect the privacy of users and to prevent the theft of valuable intellectual property, a reaction to the fact that making a perfect digital copy is almost as easy as clicking a mouse button.

"It's like having a little safe inside your computer," said Bob Meinschein, an Intel security architect. "On the corporate side the value is much clearer," he added, "but over time the consumer value of this technology will become clear as well" as more people shop and do other business transactions online.

Industry leaders also contend that none of this will stifle innovation. Instead, they say, it will help preserve and expand general-purpose computing in the Internet age.

"We think this is a huge innovation story," said Mario Juarez, Microsoft's group product manager for the company's security business unit. "This is just an extension of the way the current version of Windows has provided innovation for players up and down the broad landscape of computing."

The initiative is based on a new specification for personal computer hardware, first introduced in 2000 and backed by a group of companies called the Trusted Compu

Re:It's full of hex!

[Anonymous Coward]

No, that's not a key. Have a look at the ASCII on the right, and note the hex character codes interspersed with nulls - it's UTF-16 formatted text. It's hard to make out, but near the end there's the text "Unexpected Type [%s]", so the code dump is probably from a compiled binary.

Re:non DRM computers?

[jeffy124]

IBM. They already build them into some ThinkPad laptops under Win2k, and have a driver for their TCPA chip available for Linux somewhere on their website. There was a story on /. some months ago about that driver.

Re:It's full of hex!

[cperciva]

The text is the following (in unicode):

[%s] & Ed[%s] values for User Name TextBox event description. \00\00\00\0A Unexpected Type[%s] & Id[%s]

Looks like a dump from an executable file.

Re:The meaning of trust

[SiliconEntity]

In this context, trusted computing means that your computer program can be trusted to operate according to its software code. That implies that the end user (or anyone else) cannot debug, alter or inspect the program while it is running. All he can do is exert the ultimate control: pull the plug, shut down the computer, stop the program. But if it is allowed to run, it can be trusted to run according to its code.

In practice this is achieved by having some secure hardware report a hash of the program's code as it is loaded into memory, and arranging that no other programs (or the user) can alter the program as it exists in that memory. Microsoft is augmenting the Intel memory management model to achieve this kind of protection.

It's not a matter of the program lying to you as the user. You can trust the program just as much as anyone else - to run according to its code. You no longer have the power to alter the program and to make it run differently. But you can still trust it to behave as it was coded to behave.

This means that trusted programs do have a certain immunity to viruses, in that if another program gets corrupted, it can't affect the trusted one. However trusted programs can still have bugs and so they will still be able to be subverted. All the "trusted" protection can achieve is to minimize the damage, so that one program which gets broken can't infect or alter others.

Sayonara, Internet!

[some old guy]

In case you've missed the forest for the trees, this isn't just about running DRM-protected apps/content on the little boxes on our desks and laps.

Now that Big Biz has swallowed web-based networking and software management, it only follows that in the future ISP's will be required to enforce DRM by not allowing noncompliant connections. Read: our way or no way, Skippy!

End result? Microslut, through the magic of DRM, finally has everyone by the short hairs.

When it reaches that point, what good will OSS do anyone, except maybe having a low-cost species of the same freedom-choking anaconda?

Funny, I can envision a world where completely unfettered exchange of ideas devolves back to the one medium that isn't software-dependent: print.

At least until Gates et al decide DRM 1984 isn't enough and implement Fahrenheit 4.51

Re:Video editing at 3GHz

[tkrotchko]

I'm thinking of video editing where you need to change the exposure. That takes serious processor power.

Just cutting and pasting video, you're right. But when you get more processor power, there are a lot more things you can do (special effects, blending, convert to and from various formats).

My point isn't really about video editing as such; the point is that we aren't "done" in the CPU department.

Re:non DRM computers?

[Jeremi]

It's not the computer that gets locked away, it's the data. It won't matter how many CDs you own if only Microsoft Certified Secure CD-ROM drives can play them. At that point, your choice will be either (a) not buy anything, or (b) pay whatever price (in terms of both cash and compliance) that Microsoft wants you to pay.

Yes, it's only a problem for non-DRM content. But the long term goal is to make DRM ubiquitous, at which point there won't be very much non-DRM content.