Trusted Computing Best Practices

The Trusted Computing Group (TCG) is an industry consortium that is trying to build more secure computers. They have a lot of members, although the board of directors consists of Microsoft, Sony, AMD, Intel, IBM, SUN, HP, and two smaller companies who are voted on in a rotating basis.

The basic idea is that you build a computer from the ground up securely, with a core hardware “root of trust” called a Trusted Platform Module (TPM). Applications can run securely on the computer, can communicate with other applications and their owners securely, and can be sure that no untrusted applications have access to their data or code.

This sounds great, but it’s a double-edged sword. The same system that prevents worms and viruses from running on your computer might also stop you from using any legitimate software that your hardware or operating system vendor simply doesn’t like. The same system that protects spyware from accessing your data files might also stop you from copying audio and video files. The same system that ensures that all the patches you download are legitimate might also prevent you from, well, doing pretty much anything.

(Ross Anderson has an excellent FAQ on the topic. I wrote about it back when Microsoft called it Palladium.)

In May, the Trusted Computing Group published a best practices document: “Design, Implementation, and Usage Principles for TPM-Based Platforms.” Written for users and implementers of TCG technology, the document tries to draw a line between good uses and bad uses of this technology.

The principles that TCG believes underlie the effective, useful, and acceptable design, implementation, and use of TCG technologies are the following:

  • Security: TCG-enabled components should achieve controlled access to designated critical secured data and should reliably measure and report the system’s security properties. The reporting mechanism should be fully under the owner’s control.
  • Privacy: TCG-enabled components should be designed and implemented with privacy in mind and adhere to the letter and spirit of all relevant guidelines, laws, and regulations. This includes, but is not limited to, the OECD Guidelines, the Fair Information Practices, and the European Union Data Protection Directive (95/46/EC).
  • Interoperability: Implementations and deployments of TCG specifications should facilitate interoperability. Furthermore, implementations and deployments of TCG specifications should not introduce any new interoperability obstacles that are not for the purpose of security.
  • Portability of data: Deployment should support established principles and practices of data ownership.
  • Controllability: Each owner should have effective choice and control over the use and operation of the TCG-enabled capabilities that belong to them; their participation must be opt-in. Subsequently, any user should be able to reliably disable the TCG functionality in a way that does not violate the owner’s policy.
  • Ease-of-use: The nontechnical user should find the TCG-enabled capabilities comprehensible and usable.

It’s basically a good document, although there are some valid criticisms. I like that the document clearly states that coercive use of the technology—forcing people to use digital rights management systems, for example, are inappropriate:

The use of coercion to effectively force the use of the TPM capabilities is not an appropriate use of the TCG technology.

I like that the document tries to protect user privacy:

All implementations of TCG-enabled components should ensure that the TCG technology is not inappropriately used for data aggregation of personal information/

I wish that interoperability were more strongly enforced. The language has too much wiggle room for companies to break interoperability under the guise of security:

Furthermore, implementations and deployments of TCG specifications should not introduce any new interoperability obstacles that are not for the purpose of security.

That sounds good, but what does “security” mean in that context? Security of the user against malicious code? Security of big media against people copying music and videos? Security of software vendors against competition? The big problem with TCG technology is that it can be used to further all three of these “security” goals, and this document is where “security” should be better defined.

Complaints aside, it’s a good document and we should all hope that companies follow it. Compliance is totally voluntary, but it’s the kind of document that governments and large corporations can point to and demand that vendors follow.

But there’s something fishy going on. Microsoft is doing its best to stall the document, and to ensure that it doesn’t apply to Vista (formerly known as Longhorn), Microsoft’s next-generation operating system.

The document was first written in the fall of 2003, and went through the standard review process in early 2004. Microsoft delayed the adoption and publication of the document, demanding more review. Eventually the document was published in June of this year (with a May date on the cover).

Meanwhile, the TCG built a purely software version of the specification: Trusted Network Connect (TNC). Basically, it’s a TCG system without a TPM.

The best practices document doesn’t apply to TNC, because Microsoft (as a member of the TCG board of directors) blocked it. The excuse is that the document hadn’t been written with software-only applications in mind, so it shouldn’t apply to software-only TCG systems.

This is absurd. The document outlines best practices for how the system is used. There’s nothing in it about how the system works internally. There’s nothing unique to hardware-based systems, nothing that would be different for software-only systems. You can go through the document yourself and replace all references to “TPM” or “hardware” with “software” (or, better yet, “hardware or software”) in five minutes. There are about a dozen changes, and none of them make any meaningful difference.

The only reason I can think of for all this Machiavellian maneuvering is that the TCG board of directors is making sure that the document doesn’t apply to Vista. If the document isn’t published until after Vista is released, then obviously it doesn’t apply.

Near as I can tell, no one is following this story. No one is asking why TCG best practices apply to hardware-based systems if they’re writing software-only specifications. No one is asking why the document doesn’t apply to all TCG systems, since it’s obviously written without any particular technology in mind. And no one is asking why the TCG is delaying the adoption of any software best practices.

I believe the reason is Microsoft and Vista, but clearly there’s some investigative reporting to be done.

(A version of this essay previously appeared on CNet’s News.com and ZDNet.)

EDITED TO ADD: This comment completely misses my point. Which is odd; I thought I was pretty clear.

EDITED TO ADD: There is a thread on Slashdot on the topic.

EDITED TO ADD: The Sydney Morning Herald republished this essay. Also “The Age.”

Tags: , , , , , , , , , , ,

Posted on August 31, 2005 at 8:27 AM58 Comments

Comments

Alf Watt August 31, 2005 10:08 AM

This issues is getting some coverage in the Mac press due to Apples use of the TPM chips in their developer transition machines. Much like other copy-protect schemes these have reportedly been hacked around by patching ‘secure’ binaries to return good values for TPM checks. Of course, with a full TPM implementation this would become much more difficult.

Apple deserves credit for implementing it’s FairPlay DRM system in a way that benefits consumers, and their use of the TPM doesn’t seem onerous in this case since the goal is to make it difficut to run the Intel version of OS X on commodity hardware.

In the end Trusted Computing is – just as it’s name implies – all about trust. If vendors go down the road of turning our hardware into their property customers will stop trusting them and go looking for other choices. Microsoft may have a virtual monopoly today, but when your copy of Windows Vista needs to be ‘renewed’ or cannot connect to the local network due to trust problems you might reconsider buying that next Dell box.

Unixronin August 31, 2005 10:09 AM

My best understanding of “Trusted Computing”, as in the “Trusted Computing Platform”, is that the only person it DOESN’T trust is you, the owner. It doesn’t care in the slightest who steals your data, just so long as there’s not the slightest possibility of it even being possible for you to “steal” (back up, for instance) some “content provider”‘s data — even if the very thought of doing so had never crossed your mind.

I see a lot of indications that the pendulum has swung back to the Bad Old Days of intrusive copy-protection on almost every piece of software you buy. I have at least half a dozen games, which I bought, paid full price for, and own perfectly legally, for which I have no choice but to use No-CD cracks if I want to actually play them — because the copy-protection software that ensures the original master CD/DVD is physically present in the drive fails on my Athlon64/PCI-Express hardware.

(To their credit, Ubicom technical support actually sent me one such No-CD patch for one of their games once we’d determined what the problem was.)

Jochen Schäfer August 31, 2005 10:15 AM

I can only guess on Microsoft’s motives here, but I guess, they want to create a fait accompli.
Then a major piece of software is not complying and so MS never will be (or at least how much they like it to be).

Andy S. August 31, 2005 10:25 AM

While I understand the potential criticisms of trusted computing base approaches, I haven’t seen any other solutions presented. We’ve know for more than 30 years that we can’t actually make a truly secure system without a TCB/reference monitor.

While there are certainly downsides, I’m not seing nearly the excitement I’d expect in the purely security realm for this capability.

The OpenBSD guys have taken advantage of proper MMUs to provide better protection against stack overflows, which is the proper way to use hardware capabilities to increase security.

Where is the discussion about using TPM to do the same?

MikeN August 31, 2005 10:36 AM

If they manage to ship a non-complying Vista, no future MS product will comply because they can always claim that establishing compliance would break “backwards compatibility”, no matter if it’s actually true. Ingenious.

S. Mandal August 31, 2005 10:37 AM

Trusted Computing will protect against malware as long as it is not trusted. But, if virus writers manage to break TCP and create a “trusted” virus, it will be much worse than current scenario. Most likely anti-virus softwares will refuse to delete or quarantine the malware because the OS says it (malware) is a trusted application.

jconde August 31, 2005 10:46 AM

Much like four wheel drive means getting stuck in less accessible places, a locked down system means that when you, inevitably, get a virus/Trojan/adware/etc on your system it will be nigh impossible to remove it.

Not to mention to mention how much faster malware will spread once someone figures out how to take advantage of the perfect trust these systems will place in anything that can fake proper authorization.

DarkFire August 31, 2005 11:49 AM

While disliking Microsoft seems to have become something of a fashion, I can’t help thinking that this is a classic case further empire-building.

Furthermore, what will the implications be for small software developers? I can imagine a scenario whereby a small company will not be able to afford to make their software trust-compliant, and will therefore not be able to market it for the Windows OS.

This concept also looks like a bad idear for the gam,ing community – how do you distribute user-created content if it has to be trust-compliant etc.

To me it seems there are too many un-awnswerd questions at the present time. Plus I’m naturally suspicious of a company that does all it can to increase it’s market share without doing anything about the responsibility that comes with this dominance.

Kevin August 31, 2005 12:27 PM

I was wondering if their delaying means they can release a non-compliant version, and when the standards change, sell us yet another package that does.

But these systems run a huge risk of an exploit having catastrophic results; that’s what scares me the most.

Chris Wundram August 31, 2005 12:38 PM

I get the impression that microsoft is trying to skirt the line of making the content providers happy, so that Vista will be able to play next gen DVDs, and keeping the customers happy. Since MS received such a huge backlash from customers on Pladdium, they have really backed off on the whole trusted computing issue.

I think it is possible that if MS is trying to delay the publishing of documents on trusted computing, is so they can go under the spec, not over it.

paul August 31, 2005 12:47 PM

One thing that comes to mind for me is that in addition to the obvious question of whether Vista’s behavior is in line with the document (even modulo bugs and holes) there’s the question of who gets to take a look to verify what Vista does. That could be a sticking point.

Anonymous August 31, 2005 2:11 PM

“Near as I can tell, no one is following this story. No one is asking why”

Because a good majority of people are stupid, they just want to work their computer like a toaster while sneering at the geeks for being geeks, until they require the services of said geeks. The intelligent ones with the red pill can use Linux and other like open source offerings, but for how long? How long until a corporation has enough money to buy politicians with their hooks in -\0llyW00d and the minds of many and makes open source illegal under whatever guise they desire? Or what if these closed source “protective measures” are required to connect to the internet one day? Layer upon layer of bundled bull$hit which will eventually be required or stamped into our foreheads or hands.

M$ has had a “ticket to ride” for far too long. Things will only get worse because of the millions of people who allow it to happen.

Today we have “win”modemsbut tomorrow we could have “win”motherboards, “win”BIOS, you name it. But the majority of knuckleheads in society don’t care, again this is the problem! People don’t want to talk about real issues, they want to be fed fantasy, they want to plug in and stop their mind from thinking, just as TV helped to do but now it’s computers.

IMO If a company like M$ wanted to do something good for humanity while reshaping what the history books will say about them, they would go 100% open source and free and sell support/services, not code.

We could learn a lesson from Argentine ants who work together rather than squabble over ownership of land and crumbs. Humanity should work together with free and open source tools both in computing and beyond, but instead we let the big coporations, which act as a bunch of tribes, attacking with lawyers and holding back humanity from true innovation.

Instead of thinking, they’ll call such talk “tin foil hat talk”, “ramblings”, “flames” or something else.

^^ All the text in this post is in my opinion for entertainment purposes only ^^

Mystere August 31, 2005 2:17 PM

I really don’t undestand the line of reasoning on this. Conformance to the document is voluntary. Microsoft doesn’t need to ‘stall’ or ‘delay’ the document at all. They can easily, and validly say “Well, Vista’s design was set years ago, before these documents were finalized, and thus Vista was never designed to meet them.

That’s valid because Vista was designed 4+ years ago (they usually start working on it before the previous release even ships). They’re not going to change their design mid-cycle because some group publishes a paper, nor should they be expected to.

In my opinion, they don’t NEED to manufacture any reasons, they have valid ones already. This makes me suspicious of arguments such as these.

Davi Ottenheimer August 31, 2005 2:36 PM

This goes to the heart of the debate about rights management, since if you find a decrypted portion of the stream you can dump and duplicate it…that was the original motive and my guess is that this is still a bigger driver than protecting consumer data. Or, in other words, Anderson and others suggest that this is a case where corporate interests trump consumer interests.

“tomorrow we could have ‘winmotherboards'”

Funny you should mention that. The latest nVidia nForce4 chipset, which is on some of the most popular new gaming motherboards is unsupported by Windows XP media. You literally have to recompile the installation media, similar to the work required in 1994 to build linux installation media, in order to install Microsoft’s OS on these boards. Vista might support them, but by then nForce5 will be out, etc. and companies based outside the US might continue to exercise their freedom to serve consumer interests.

“The best practices document doesn’t apply to TNC, because Microsoft (as a member of the TCG board of directors) blocked it.”

Sounds just like the US blocking UN resolutions, and then appointing a reviled critic of the UN as the US Ambassador. Bully-pulpit politics…

Wes Felter August 31, 2005 3:37 PM

The document has no teeth, so who cares?

TNC is not a software implementation of the TCG architecture. Based on my reading of the TNC docs, TNC is effectively an application that uses a TPM.

Chris August 31, 2005 3:59 PM

When I think that Microsoft has failed to convince the majority of their user base to upgrade to their latest products, I’m actually not very worried about this news. Less than 50% of Windows users have upgraded to 5-year-old Windows XP; the figure is even worse for upgrades to the latest version of Microsoft Office.

The status quo is good enough.

And I’m an early-adopter with enough disposable income to have the latest toys.

When the early adopters really don’t want your product, you’ve got problems.

Microsoft is scrambling to find a new market to insert themselves into, and they’ve decided that home entertainment is their bet. That’s why they’re giving Hollywood everything they could want in the next version of Windows. They’re betting that the computer will be the hub of their in-home entertainment system. And that everyone’s going to want high-definition pre-recorded content playing on that computer.

But I don’t want a personal computer as the heart of my in-home entertainment. Neither do any of my friends. I don’t know of a single person that has a Windows Media-Edition PC.

I’ve not heard anything about Vista, or the coming HD-DVD/Blue-Ray Disk players that make me at all willing to trash my hardware investment for either. All I’ve heard is what they won’t let me do and how they won’t work with everything I already have. Hi-Def players won’t display full resolution on my 3 year old HDTV (it has analog and firewire inputs not HDMI-DVI). If a new hi-def player is just going to down-rez all the HD content to the same quality I already have today with my DVD player…why do I need to spend any money on one? Why can’t I just continue to buy DVDs since I won’t be able to tell the different between them and HD-DVD?

DVD was a hit and spawned a boom in home theatre because it was demonstrably better than the old, entrenched standard. So far, consumers don’t think HDTV is impressive enough to convert to; hence, we now have DTV (NTSC delivered digitally).

Intel tried to force everyone to use RDRAM; that didn’t work and Intel now sells DDR chipsets like everyone else.. Circuit City tried to force a DRM’d rental disc model on consumers — “DIVX” — it failed and they now sell DVDs. When Vista fails to sell, Microsoft will back off on it, too.

jammit August 31, 2005 4:04 PM

I thought MS was a degenerative disease (Sorry, target of opportunity again). I remember reading something somewhere (I believe it was somewhere in http://www.eschew.net) where this guys laptop wouldn’t take an aftermarket mini PCI wifi card. He finally found out the bios wouldn’t allow different cards to be installed by hacking the bios and changing it where it looked for the card. It seems that we already are getting some sort of trusted computing action going on. Of everything I’ve read about Palladium (sp? too lazy to check) was about protecting MS, RIAA, etc, not for protecting computer systems. Basically screw the little guy, or in market speak “trust us”. Now I see it evolving into “this is how we can help the little guy” but still keeping its draconian base. This isn’t about making sure I don’t get a virus or prevents theft from Microsoft, but it attempts to make everybody to keep paying. I do believe the RIAA and MS should be paid for their stuff, just don’t make me guilty before I’m proven innocent. I run Linux myself, yet I have paid and registered copies of Dos6.22, Win3.11, Win95a, Win95b, Win98, Win98se, Win2kserver, and NT4.0 that I use to fix other machines. And yes, I do have backup copies.

Bruce Schneier August 31, 2005 4:15 PM

“The document has no teeth, so who cares?”

The point of the document is not to have teeth, but to be a technical resource for other documents with teeth. If the U.S.government were serious about computer security, for example, they could require all the computers they buy be compliant with this document.

That would do an enormous amount of good in the world.

David Thomas August 31, 2005 4:22 PM

My guess is that MS is thinking, “We can’t get this into Vista, so let’s make sure no one else can get started on it yet, either, so no one has a head start.”

They’d just love for the next version of OS X to be so strongly preferred by media companies, while they sit around coding their next version of Windows, to come out in another 4 years…

Mr Nobody August 31, 2005 5:30 PM

Its funny really. MS is probably still hoping that this will force places like china to pay for there products. But Cracking hardwear has been going on just as long as softwear. And even if they do push all this “trusted computing” its not going to be illegal I many places to “modChip” it. We are not breaking any laws in NZ when we modchip playstations or Xbox. And we won’t when we modChip our PC.

Of course in china its unlikly to be illegal as well. And i have total faith that any security, even hardwear based, done by MS will be totaly flawed.

Linux anybody….

Bryan August 31, 2005 5:39 PM

Bruce,

Kudos on bringing this story to light. I hope you’ll stay with it and let us know MS’ response (if and when).

TCPA/Palladium/NGSCB/TC have enjoyed a lot of negativity thanks to the incredibly biased opinion of Ross Anderson (which you linked) and the slavering hordes of Slashdotters, none of whom would accept a million dollar no-strings-attached gift from Microsoft – because they distrust MS so much that they’d fear MS would somehow strangle them with it. No amount of contrary evidence could convince them otherwise.

Ross Anderson’s TCPA paper is a grand example of FUD, going on and on about the evils of TC, claiming (as all good Slashdotters do) to know Microsoft’s motivations better than the company itself does. Not a shred of attribution is provided for these nasty allegations. Anderson only mentions the owner’s ability to turn off the TCPA chip in order to dismiss it, but this will be a very powerful way for all consumers to just vote NO if/when they decide TC is bad for them.

The fact is, Anderson is as biased as any Slashdot hater and his paper makes that clear.

TC needs a chance to survive. In the end its success or failure will be a market choice, not the evil machinations of the Big Players bent on our destruction, as Anderson and the /. crowd make it out to be. I welcome open-minded investigation and criticism of it, as exemplified by your writing above, Bruce.

Ralph August 31, 2005 6:47 PM

@Bryan.

This is a very serious rights issue with high potential impacts. We should question, with vigour, the details of how it is being designed, targeting and implemented on the products vendors intend us to buy. If our concerns are swept aside, our questions ignored and the technical issues obscured with complexity how will the market make informed choice?

I am interested in clear communications and transparent implementations from vendors.

Rebuttal papers are not a way to assure me corporate america has my interests at heart or is growing a conscience.

Bryan August 31, 2005 6:56 PM

Ralph –

My post and the paper are not, repeat not designed to reassure you about Corporate America’s conscience! They’re designed /only/ to show you the less-than-true statements made by anti-TC factions.

TC is a tool like any other. Like any kitchen knife it can be used for good or bad. My feeling is that TC could be a huge force for good, especially if consumers reject the bad uses. And I have little doubt they will, as they have rejected every copy-protection scheme so far. As a human being you deserve truth, not authoritative-sounding lies and fabrications.

Peter Mogensen September 1, 2005 5:58 AM

@Brian
The IBM rebuttal paper doesn’t really confront the issues raised. It points aout a lot of “speculation”, which in effect is the same as saying that “You must not warn about the future, because it doesn’t exist (yet), so you cannot know it”.

Also, it basicly suggests, that if you don’t like it, you should just disable it (or the endorsement key). … but that’s not a decision ordinary customers are goind to spend a lot of time thinking about. Society doesn’t work like that if the only way to participate in digital infrastructure is to have it turned on.

Bryan September 1, 2005 4:56 PM

Peter –

I disagree heartily! End-users (on the home front) and administrators (on the organizational computing front) making individual decisions … that’s the best decision making process there is. It’s the old law of supply of demand, basically. The market /will/ sort itself out.

Right now the discussion is very theoretical, with various people projecting doomsday or paradise scenarios. As always, ‘the street finds its own uses for things’, to quote Gibson. Users will enable or disable the system based on what it does for them in concrete, discrete situations. Is it cutting down spam or malware? Leave it on. Is it blocking my ability to rip and play a CD/DVD I just bought? Turn it off. Big Music Company selling the latest hit in TCPA-only format? Buy it or not – my call.

I’ve read quite a lot of the original TCPA specs (I do admit that reading was a year or more ago). The system as designed would allow for total enable/disable decisions, or selective ones (turn off music TC functions whilst keeping malware protections) … but this will depend greatly on how OS and app people build their software.

So we have a variable on/off switch. And don’t forget, society is working fine right now, with no TC infrastructure. TC is an attempt to make it work better … but us citzen consumers will be the final judges. One person at a time, society will decide.

So essentially, I flatly reject these conspiracy-like theories that TC is all a plot designed in an evil back room where all the bigwigs are laughing as they plan our digital slavery. Because I beleive in their higher natures? Nope. Because I beleive in their /lower/ natures … the second the market sends a signal that it’d rather not go TC, someone will offer a non-TC product, even if that’s considered a knife in the back by the other occupants of that mythical back room. Corps go where the money is – and the market /always/ decides that.

All I want is the chance to decide for myself. The doomsday theorists seem bent on simply blocking the tech before I get that chance.

Exodus September 1, 2005 5:19 PM

This is the beginning of the end of free markets.

With Vista and especially the later hardware version, the supplier will be able to dictate post-sales changes to the product and even enforce installng spyware, you are not able to detect as it is encrypted on the harddisk and the OS protects you from inspecting the running code.

Its the typical MS stunt – to abuse any change for further empire-building.

This is not about security, this is about control and large-scale feudalism.

Davi Ottenheimer September 1, 2005 6:03 PM

Hot off the press. Some early predictions of how the hardware-based DRM features will impact you:

http://software.silicon.com/security/0,39024655,39151823,00.htm

Microsoft “is establishing digital security checks which could even shut off a computer’s connections to some monitors or televisions if anti-piracy procedures that stop high-quality video copying aren’t in place.

In short, the company is bending over backwards – and investing considerable technological resources – to make sure Hollywood studios are happy with the next version of Windows”

[…]

Marcus Matthias, product manager for Microsoft’s digital media division, said: ‘The table is already set. We can come in and eat at the buffet, or we can stand outside and wash cars.'”

Hmmm, so Microsoft says they will sit proudly at the DRM buffet while all of us consumers are still stuck outside washing cars. Now that’s an interesting marketing campaign strategy for these new security features:

“Watch us stuff our face while you suffer. Microsoft.”

Richard Braakman September 1, 2005 6:16 PM

I wouldn’t read too much into this.

Microsoft has a simple motivation for delaying this document: Vista is already years overdue, and the last thing they need is to have new requirements imposed on it before release.

Davi Ottenheimer September 1, 2005 6:47 PM

“Vista is already years overdue, and the last thing they need is to have new requirements imposed on it before release.”

Mystere covered this above.

It seems to me that Microsoft wants to be able to negotiate terms directly with Hollywood et al. and not be beholden to other tech companies.

Bryan September 1, 2005 8:35 PM

Davi, Exodus – you guys aren’t getting it yet.

MS will provide this enabling technology. You’ll then go to the store (online or brick&mortar) and you’ll see DRM’d content sitting in a box on the shelf. Next to that shelf will be another shelf with non-DRM content.

Which one you buy it is up to you. If you buy the DRM content, you’ll be able to bring it home and play it on your MS operating system. Or maybe other OS’s – it’s their choice to include DRM tech or not. If DRM content doesn’t sell well, pretty soon the DRM shelf will disappear.

Or do you guys really beleive MS is powerful enough to /make/ you buy things you do not want?

To be honest I really don’t care what happens with DRM. I want the chance to try TC’s other benefits. But a sizable crowd can’t seem to see past the DRM issue. I wonder why?

Davi Ottenheimer September 1, 2005 8:56 PM

“If DRM content doesn’t sell well, pretty soon the DRM shelf will disappear.”

Yeah, I’m the one who doesn’t “get it”. I have been using the Trusted Platform Module (TPM) for a couple years now. And so far I can say it pretty much screws things up more than helps, although I enjoy the concept of a chip for cryptographic operations using unique (private) stored keys stored in the chip that cannot easily be extracted. In fact, I was hoping to use this technology to help solve some issues with building an Enterprise Key Infrastructure without deploying tokens or smartcards, but I do not think that is what Bruce was pointing to in this log entry.

Note his comment “I believe the reason is Microsoft and Vista, but clearly there’s some investigative reporting to be done.”

I have just one word to say to people who tell me that the average American consumer is clever enough to vote (with their pocketbook, if you will) for technology advances that can provide immediate benefits instead of voting for some sort of well-marketed box of empty promises from an overly litigious corporation: Amiga.

“Or do you guys really beleive MS is powerful enough to /make/ you buy things you do not want?”

Admit it Bryan, you’re using a stolen copy of MS right now aren’t you, and that’s what you really mean when you say they aren’t powerful enough to force you to buy things…yet.

Davi Ottenheimer September 1, 2005 9:20 PM

Here’s another look at this topic, from the EFF:
http://www.eff.org/Infrastructure/trusted_computing/20031001_tc.php

“Examples of abuses of remote attestation

Let’s consider a few concrete examples of how TCG’s attestation approach can harm interoperability or be used against computer owners.

  1. On the Web
    […]
  2. Software interoperability and lock-in
    […]
  3. DRM, tethering, forced upgrades, and forced downgrades
    […]
  4. Computer owner as adversary?
    […]

A solution: Owner Override”

I thought this was also an interesting site:
http://www.againsttcpa.com/

Bruce, is it just a coincidence that your book is advertised on the Against-TCPA site? Random association?

“Whom can you trust? Try Bruce Schneier, whose rare gift for common sense makes his book Secrets and Lies: Digital Security in a Networked World both enlightening and practical.”

Davi Ottenheimer September 1, 2005 9:44 PM

Another interesting link on the subject, although the bill died…

http://en.wikipedia.org/wiki/Consumer_Broadband_and_Digital_Television_Promotion_Act

“The CBDTPA was proposed by South Carolina Senator Fritz Hollings, who is noted for his longstanding support for legislation that is in the interests of the established media distribution industry. He has been described by opponents as the ‘Senator from Disney’.
[…]
Many have pointed out the remarkable resemblance of some of the proposed features of the law to a patented technology owned by Microsoft which would mandate the use of only closed-source and possibly Microsoft-controlled technologies.”

http://www.linuxandmain.com/news/cbdtpa.html

“Microsoft’s method involves assigning a public-key encryption pair to each microprocessor, which would refuse to run software that did not properly authenticate itself.”

Peter Mogensen September 2, 2005 5:30 AM

@Bryan,

Maybe some want to block the tech before I get a chance. I don’t. But I believe this technology can be abused and I think people and politicians needs to be aware of that in order to avoid it.
There’s plenty of good used for “trusted computing”. If I was a sys-admin, I’d love to be able to remotely ensure that all my machines was actually running the exact software I wanted. But I can do that even if I know the endorsement key.

You have to understand the criticism and that not all critics wants to ban the technology. But I think the use of such techonology should be carefully considered and thought into privacy, anti-trust and consumer-protection laws.

I agree that it is not the TC spec in it self, which can cause problems, but rather the software build on top of it. However, I don’t agree with you that the market will “sort it out”. True, it’s the market which decides, but that doesn’t mean that the market takes the best decisions. Especially not when network effects dominate.

Peter Mogensen September 2, 2005 6:18 AM

Argh 🙂 … It should of course have read:
“Maybe some want to block the tech before IT gets a chance.”

PGC September 2, 2005 1:35 PM

What does all this mean?

The implications are endless; I will give you just a few…

The long term result will be that it will be impossible to use hardware and software that’s not approved by the TCG Presumably there will be high costs to get this certification and that these would be too much for little and mid-range companies. Therefore open-source and freeware would be condemned to die, because without such a certification the software will simply not work. In the long term only the big companies would survive and could control the market as they would like.

Some specific industry sectors may be hard hit. Smartcard vendors, for example, face the prospect that many of the applications they had dreamt of colonizing with their products will instead run on TC platforms in people’s PCs, PDAs and mobile phones. The information security industry in general faces disruption as many products are migrated to TC or abandoned. The overall economic effects are likely to include a shift of the playing field against small companies and in favor of large ones; a shift against market entrants in favor of incumbents; and greater costs and risks associated with new business startups. One way of looking at this is that the computer and communications industries will become more like traditional industry sectors.

The rights and licenses would be central managed by the TCG. And as soon a violation is noticed, they will get notified.

It would not surprise me if law enforcement officials were granted a back door onto the entire TCG infrastructure. The ultimate in “Big Brother” tools! They could (in theory) access, read, modify, delete any file on any TCG compliant computer!

http://www.digitalretreat.us

B September 2, 2005 1:58 PM

It seems that what Bruce was really pointing at was missed in all of these follow-up posts and that for some reason does not suprise me very much.

Microsuck, like it or not, is a player. The other Big Guys can rely on them to deliver and they will continue to do so. Now that groups like the Warner Bros Gang can own Cable, Net, Television and any other Media form that they choose… ummm… the doors are closed.

There is now a functional Cartel and they want it to stay that way. The thought for so long was so cute: “I can make the net into anything that “I” want it to be and if it gets scarry I’ll just use a Linux OS on my own hardware”. That is screaming funny. The other side of the coin says this: “Let them do what they want, we’ll own all the DNS’s, ISP’s, Server Software and the majority of the Content anyway… so let them connect with a modified toaster. As long as they continue to connect AT ALL… we’ll still be in controll”.

Most of what I’ve read in the posts above so far sounds more like a conversation somewhere out in the Cali desert between a group of bare-foot peeps smoking pot and listening to Crosby Stills and Nash’s greatest hits. But, it’s now “Welcome to THE MAN’s Revolution, baby”. I think that’s close to what’s been on Bruce’s mind lately.

Exodus September 2, 2005 6:11 PM

@Bryan

First of all an increasing amoung of new stuff will be reserved to be published only under DRM control. The content providers will see to that. If you were right then the same resistance could have been seen with XBOX, settop-boxes etc. It didnt because the came is not about the individual product but about controlling the entire household.

DRM is really the least issue. The biggest issue is the feudalistic process, where external parties control your system while you have no choice as to use it.

Sorry, Bryan, I am not a conspiracy thinker and normally I prefer to leave stuff to the market. But the present developments both in the public sector and private technology arena has some pretty dark angles over it.

The big bunch is fighting and the prize is control and lock-in for profits. The sacrifice is freedom, privacy and security. Just as we saw with Choicepoint etc., but just escallating into much worse scenarios.

The cartels of today is not about price-control, but about standards control. The wolves are ensuring the sheep have nowhere to hide.

Davi Ottenheimer September 2, 2005 7:00 PM

The Economist also had some interesting notes on the topic back in 2003, when the US Senate was talking about legislating compliance:

http://economist.com/printedition/displayStory.cfm?Story_ID=1549398

“Computer-makers worry that they may have a government-mandated technology imposed upon them, increasing costs and stifling innovation. To the music industry, this reluctance is akin to condoning piracy.
[…]
The Recording Industry Association of America, which represents the world’s largest record companies, agreed on seven ‘policy principles’ with the Business Software Alliance, a software-industry trade group, and the Computer Systems Policy Project, which represents leading hardware manufacturers including Dell, HP and IBM.”

And for a good laugh, here’s the transcript of a real RIAA lawsuit:

http://riaalawsuits.us/elektra_santangelo/transcript050506.txt

On the one hand, the judge is right to stand up to the RIAA’s rediculous harassment techniques. They should focus on real criminals. On the other hand, you kind of have to wonder if a TCG-enabled system would have spared the unwitting defendant the displeasure of her system becoming infested with P2P agents and spyware.

Davi Ottenheimer September 2, 2005 7:03 PM

Sorry, should have included this amusing quote from the Economist:

“Les Vadasz of Intel, the world’s largest chip-maker, characterised the entertainment industry’s relationship to the far larger computer industry as ‘like a pimple on the elephant’s rear end’.”

Lynda Marmaduke September 3, 2005 7:19 AM

Listen up Microsoft Bill,

If this silly and corrupt “security feature” ever shows up in microsoft vista, that will be the signal for mass exodus to Linux.

Bruce Schneier September 3, 2005 10:58 AM

“If this silly and corrupt “security feature” ever shows up in microsoft vista, that will be the signal for mass exodus to Linux.”

Sadly, I don’t think that’s true. It will be harder than that to break the Microsoft monopoly.

Goldie September 4, 2005 8:54 AM

“The devil is buried in details” as always.
.
1. Turn-on or turn-off
“You can always disable it” is currently more all-or-nothing approach. Look how much time it took for fine-grain tuning of cookies in browsers. Initially it was “cookies enable/disable”-only and it took some time to get privacy settings to be per-site, session/long-term, this/other site, etc.
Now compare a web browser to a complete operating system to understand how many on/off switches we need to have this under owner’s control! And then multiply it again because we need not only the OS but a complete ecosystem of applications.
.
2. Who will guard the guards?
How can we be sure that each piece of code under my fingers will behave properly?
Bruce pointed that there are various types of security. So is my privacy or vendor’s profits more important for security? How can I draw the line between my self-written “good” application and some vendor’s “not-so-good” application?
Even now we have some sort of technologies already in place. There is code-signing and dllcache. I personally tend to believe that to sign “myApp.exe” M$ is not just covering the expenses but is considering shareholders interest.
We have already seen that even CA root certificate can be compromised thus compromising the “root of trust” entirely! So if a piece of malware gets endorsed the impact will much worse. I had some bad experience in the past removing a virus protected by Windows, and it took a lot of hacking.
.
3. Pocketbook voting
I don’t think Bryan’s approach will work at all as it has two big flaws:
– “there is DRM and non-DRM shelf” …
How do you think the vote will go if there are only twenty-year-old hits on the non-DRM shelf and all new stuff goes to DRM-only shelf? Or even if the non-DRM shelf does not exist in that shop?
– “the wallet will vote” …
It implicitly contains that consumers are going to make an informed decision. But will be the information available? How many geeks KNOW what happens under the covers of their current Windoze (I do not but am still forced to use Windows)? So what to discuss about next, even more complex one.
How many ordinary consumers will seek advice from the computer geek next door, and how many will get “educated” by the vendor’s commercials? I’ll say not too many.
.
4. exodus to Linux
Keep dreaming, babe!
What is necessary to certify Linux for Single UNIX Specification and who has the will to pay it? Similarly what will be necessary to certify that Linux conforms t TCG?
Remember also how many hardware vendors are making their products with Windows in mind and how many are regarding Linux as a factor. Finally consider how many labels will agree with Linux freedom (maybe RIAA will pay for Linux certification after some lawsuit ;-))
.
So far many questions and not too many answers to them. It wouldn’t be like breaking the atom but the effects might be devastating to nearly the same scale. The difference will be that the impact will be not physical but psychical.

David September 5, 2005 3:50 AM

How can a foreign government trust MS to sign anything on a security critical pc?
How about the allegations that the US goverment was feeding information on Airbus to Boeing.
Trusting a signing authority ourside of your jurisdiction is a non starter

Cyphrpunk September 5, 2005 6:51 PM

See http://invisiblog.com/1c801df4aee49232/article/b8d4198c44af778cc8833ea3710111b9 for some analysis and rebuttal of the EFF proposal for “owner override” of trusted computing features. This essay is two years old and a little dated but the basic points still apply.

Another post by the same author lists a number of “good” uses of trusted computing technology that go beyond the standard emphasis on DRM, http://invisiblog.com/1c801df4aee49232/article/0df117d5d9b32aea8bc23194ecc270ec

Bryan September 7, 2005 1:29 PM

@Davi:

While I have disagreed with you in the past, at least we’ve managed not to sling mud at one another.

“Admit it Bryan, you’re using a stolen copy of MS right now aren’t you, and that’s what you really mean when you say they aren’t powerful enough to force you to buy things…yet.”

Oops. There’s the mud. Well, I can unequivocally say you’re wrong. I’m using a paid-up copy of Windows on this system, and have several more of them around the house. I also have several linux distributions up and running. The right tool for the job, y’know.

I pay for Windows because it makes me productive in certain situations – moreso than the competitors do. In other situations, I use linux and I pay for that in a different currency: time. I view these costs as money/time well spent though, because they get me to goal in the most cost-effective manner I can see.

No, MS never forced me to buy Windows, or Office, or the other MS software I use. Still I paid, for the same reason I don’t want others to stiff me on the bill for my own services.

Re: Amiga. Different times, different marketing strategies, different customer bases. I recall those times – MS’s product didn’t really measure up back then. I had an Atari 1020 ST system and it handled my college work pretty well; Amiga was sexy but well out of my price range. When it was time to choose another system, Commodore had pretty much ceded the market to MS and Apple; I chose Apple. Amiga was still around (but fading fast) with its color screens and awesome VideoToaster, but Apple had Excel. And my choice was made. Remember, all this was going on long before the average home or business user even wanted a computer.

So no, I don’t think Amiga is a great measuring tool for the public’s ability to make its own choices. That battle began, was fought, and concluded during a time when most people considered personal computing a mere hobby.

Bryan September 7, 2005 1:57 PM

@Cyphrpunk

Excellent links! Thanks for bringing a less biased viewpoint to the discussion.

Those of you suggesting this is all an evil plot leading to ‘all your base are belong to Microsoft’ – take note of the fact that IBM are busily engaged in bringing these completely open TC standards to Linux.

The market is still strong and the consumer will decide. Consumers aren’t the pitiful bleating sheep you imagine them to be: they’ve beaten back every copy protection scheme brought to market so far.

Davi Ottenheimer September 7, 2005 2:51 PM

“we’ve managed not to sling mud at one another”

Sorry, a poor attempt at humor on my part. But just to be clear I wasn’t really suggesting that you implicate yourself publically; I was just trying to make the point that many people end up supporting Microsoft products because they can find they are “free” and therefore irresistable…

“Amiga was sexy but well out of my price range”

Interesting point. If I remember correctly the Amiga was about $1200, which is a steal for a top-end system even by today’s standards.

Bryan September 7, 2005 6:51 PM

Davi –

I don’t remember the exact pricing of the time. I do recall getting the Atari system through some mega-discount dealer in the back pages of Computer Shopper for a good deal less than an Amiga would cost, and also getting a typewriter-quality printer in the deal. I could be wrong but the number $800 seems to ring a bell. Not sure if Amiga had one of those in any competetive price range. And while I could afford the Atari (barely!) I was your typical college student paying his own way and metering pennies out VERY carefully. So, $1200 or no, I do attest that the Atari was the best deal for my money and purposes at the time. I hope you weren’t insinuating something else …

Later, when I was employed fulltime and starting to see an easing of the cashflow, I bought the more expensive Macintosh. OK?

As to people using pirated MS products – well it certainly happens. To my way of thinking, it’s a strange and sad phenomenon, given that Linux and a great many programs for it are legitimately free of cost.

Mark B. November 17, 2005 4:13 PM

@bryan

Blah Blah TC Blah, Bryan.

The only party M$ has ever protected, by any means, has been M$. The people who pay (us) have no guarantees of any kind whatsoever. M$ wrote a sloppy, ill-conceived, easlily corrupted Operating System and seems incapable of thinking in terms of protecting my investment ( time and money ). Now, they want to impose another layer of proprietary cosmetics, which will serve themselves, not me, and make it even more difficult for me to choose alternative ‘market choices’.

No matter how you spin it, M$ is and will remain the masters of after-thought.

Mark September 4, 2006 3:00 AM

@bryan,

Thanks for being a sane voice in the chorus of doomsday. The ideologically brainwashed will try to shout you down, but a few of us are still listening.

GPLv3 is going to be a set back to OSS and computing in general. It’s going to slow adoption and further fragment development.

I’m also pretty disappointed in the tactics of the FSF jackboot squad (you guys know who you are), that are willing to engage in fear tactics to push their agenda.Not to mention underhanded smears against those that would disagree (Linus) with them or their leader.

Can’t say I’m surprised, though. We’ve seen this in other social movements in the past, where the ideologues sell us slavery, but call it freedom, etc. They used the same tactics to crush dissent and gave us such things as the Soviet GULAGs.

curb June 29, 2007 9:57 AM

Linux and MAC don’t support binary signing schemes that allow you to make process spawn decisions at runtime. Don’t both these solutions need to add this to support the initiative?

The ‘here is the source’ compile it model of open source makes it a bit difficult to protect the binaries doesn’t it?

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.