Does Trusted Computing provide security for users or from them?

By Scott M. Fulton, III
TG Daily
October 6, 2005

Mountain View (CA) - Throughout the past two decades, Bruce Schneier has provided one of the most well-reasoned, clear, and unbiased perspectives regarding the broad and complex topic of implementing security and trust in computer systems and networks. Schneier co-developed the widely used Twofish encryption algorithm, authored 1995's ground-breaking Applied Cryptography - which defined how crypto could be used reliably for authentication and communication - and founded network security provider Counterpane, where he currently serves as CTO. But his life's mission of late has been to cast a skeptical eye upon any and every measure that purports to solve the overall problem of security, even from a personal vantage point.

So when Schneier proclaims there's something he actually fears, alarm bells should sound. Three years ago, for his Crypto-Gram Newsletter, he wrote the following about the Trusted Computing Platform, which was then championed by Microsoft, and was then referred to by its code-name, "Palladium," or "Pd" for short:

My fear is that Pd will lead us down a road where our computers are no longer our computers, but are instead owned by a variety of factions and companies all looking for a piece of our wallet. To the extent that Pd facilitates that reality, it's bad for society. I don't mind companies selling, renting, or licensing things to me, but the loss of the power, reach, and flexibility of the computer is too great a price to pay.

Last week, the Trusted Computing Group which currently leads the development of the platform, announced its extension into the realm of cell phones and mobile devices, where broadband content will eventually be delivered. In the wake of this development, I called Bruce to discuss the current state of his fear, and whether individuals have open to them the kind of sensible, practical solutions that he generally advocates. I didn't hear what I wanted to hear, but it was a fruitful conversation, nonetheless. Be advised: The opinions you'll read in this transcript - of which there are many - are not necessarily those of our respective benefactors.

TG Daily: It's easy to say that the basis of Mobile Trusted Computing is to serve the interests of users, essentially by putting security features on a secure base, getting them off of something that can be overwritten. I think that's something you've advocated, going back years and years. But whenever we pry more deeply into who's behind this movement...

Bruce Schneier: That's the problem with Trusted Computing. Is it security for the users, or security from the users? Unfortunately, the spec works both ways. It depends on how it's implemented. So my big fear of Trusted Computing is being sold as security for the users, but will turn into security from the users.

TG Daily: Who would be most responsible for turning it into security from the users, if that were to happen?

Schneier: Software companies, media companies. This isn't a hard question. Those who care. Those who feel like they have something to fear from the users.

TG Daily: Well, what are they fearing besides piracy?

Schneier: What else is there besides piracy?

TG Daily: Is that the only thing?

Schneier: Yeah. Piracy, and maybe any of the pay-to-use models that they might want to implement.

It's very much a baby/bathwater thing going on: In their zeal to stamp out piracy, the media companies might actually stamp out computing. They don't want you to have computers; they want you to have Internet entertainment platforms. To the extent that you have a fully programmable computer, that's a danger, because you could do things that are unauthorized by whoever wants to start giving out authorization...It's not like a television, where you do what we tell you to do. So there's very much a clash of philosophies going on.

TG Daily: I'm not exactly a Luddite here, but I don't particularly want my computer to become an entertainment platform.

Schneier: I don't, either.

TG Daily: So what's wrong with me and you being able to tell 20th Century-Fox, in essence, "Hands off, guys?"

Schneier: Nothing's wrong with it; question is, will it work? I told the Republicans, "Hands off, guys"; that didn't work. We live in a capitalist democratic society. I tell my cell phone company I want better reception all the time; it doesn't work. Telling someone only has value if you can actually back it up. If you're dealing with a monopoly or oligopoly situation, you don't have the choice. The way we tell companies is with our buying dollars. But the cell phone companies are all alike, and nobody's competing on quality of service, then it doesn't matter that I don't like the service.

Market failure in a "capitalist democratic society"

TG Daily: You say that we're living in a "capitalist democratic society." Now, I would think that if we were more capitalist, we wouldn't have any choice; suddenly, we'd find these AACS-type measures inside our computers and our set-top boxes. If we were more democratic than capitalist, we would have the right to be able to unplug those things, or not to let those things enter our homes and offices to start with.

Schneier: You have the right. The question is, do you have the ability? In a capitalist democratic society, you only have the options that are presented to you. The market failure is the monopoly/oligopoly market failure, where the option to turn it off, or the option not to have it, isn't presented to you. Cell phones is a good example...I don't have the option to go with - even if it's more expensive - a better quality service provider. There isn't one. They all suck. They all suck, because they realize that competing on service doesn't make sense, and they're better off hiring Catherine Zeta-Jones to be in ads. That's the unfortunate truth.

You have a monopoly in operating systems, basically. If Microsoft and, I guess, Macintosh go along with saying, "Only these sorts of things will happen," by cutting out Linux - because who cares? - that's your only option. But the fear is, I have no choice but to buy a DRM-enabled computer, because there isn't anything else available, because it's all the market will give me. That's the fear.

This is a market failure. I'm always amazed at people who are big fans of the market, who don't understand what it looks like when a market fails, and what systems don't work in a market. This is an example of it. If there were hundreds of operating systems, and you could pick the best one, sure, there'd be one that didn't do DRM, and we'd all use it, and DRM would die. But all you need is Sony and the big media companies [working with] the two big operating system companies, and you're done. The choice is no longer there.

TG Daily: Okay, let's assume a worst-case scenario. Besides writing our congressman, how is the consumer going to react to this? What's the alternatives available?

Schneier: Well, Congress reacts to money. So I don't believe that petitioning government for redress really is going to work here. The alternative is what I do: to fight at every turn, try to keep it out.

TG Daily: How does one accomplish this? At least the way it's phrased in the press sometimes, it's phrased as a David-and-Goliath type battle. If this is a capitalist democratic society, then it's supposed to be a Goliath-and-Goliath [battle].

Schneier: Have you been following politics recently? Unfortunately, it's less about reasoned people making decisions on the issues, and more about, who has the money. Money fuels politics too much to have it be like it should be. I think politics is failing us. It's producing results that aren't in line with what people want, because the power structure [goes with] the money.

People don't want DRM. If somebody were to say, "Here, we're going to give you something for your computer that will make you use it less," no one would say yes.

TG Daily: Is there any possibility, then, that somebody could derive an alternative to this? In other words, the basic notion of having cryptography solutions in hardware is not, in and of itself, a bad thing....What if we could sell the original purpose again?

Schneier: That'd be fine. I think it's a really good security tool against bad things on your computer. Done right, it's a smart idea.

TG Daily: So could a small industry consortium mount a concerted effort to help swing TCM over to its original objective?

Schneier: Don't know. It isn't a technology problem. It's a political problem. I'm not sure what the solutions are...Computer security is bad, and no one wants to fix it. And fixing it is hard.

TG Daily: Suppose somebody were smart enough to bring this up. "You realize, guys, we're creating a system that, frankly, the consumers don't want, where a constant battlefield takes place inside our set-top boxes and PCs." Would you expect the representatives from the technology companies, Intel and Microsoft, the studios, the manufacturers, to stand up and say, "Yea, the consumers don't want it, but you know, [to heck with] 'em?"

Schneier: No, they're not going to say that. They're going to say, "This helps security." This is the same as my fear on all this Trusted Computing technology, that it's being sold stealthily as it will help you consumers, while in reality, it's not. That's why I think we have some subterfuge going on.

TG Daily: Will consumers not want this thing enough, in their cell phones or their set-top boxes or PCs, to not purchase it?

Schneier: Nope. TiVo just came out and said, in violation of every thing that's normal, that if you tape a show on your TiVo, and at some later time, the [content provider] company says, "We don't want that out there any more," the company will reach into your TiVo and delete it. This just, like, blows "fair use" completely to hell. Where's the outcry?

TG Daily: It's "fair use," but somebody else is doing the using.

Schneier: Right.

earlier story: On the Record
later story: Bruce Schneier: Questions & Answers
back to News and Interviews

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..