Re: Trusted Computing (was Bad ideas...)

From: Hal Finney (hal@finney.org)
Date: Wed Apr 09 2003 - 16:54:26 MDT

  • Next message: Dan Fabulich: "Uploads and Palladium (was: Bad ideas from Microsoft et al...)"

    Lee Crocker writes:

    > Today, David Rocci was convicted and sentenced to five months in
    > jail and a hefty fine for selling Xbox mod chips, which are used to
    > circumvent the encryption technology that makes them only run
    > approved games. You need such a chip to install Linux on your
    > Xbox, for example. This is exactly the kind of world I fear, where
    > laws intended "to promote the progress of science and the useful
    > arts" are in fact used to physically seize and imprison prople for
    > inventing and selling a device that makes the hardware you paid for
    > more useful. This action, and others like it (such as the arrest of
    > Dmitri Sklyarov) are utterly unconcionable in a free society, and
    > will ultimately retard the very progress they claim to promote.

    This is a big topic and I don't have room to go into it now. I agree
    that the current intellectual property laws are highly problematic.
    Nevertheless I see many unanswered questions in how things would work
    if we get to where there is no IP protection.

    > My question is simple: how will TC technology fit into a world
    > alongside what I consider to be basic, fundamental human rights:
    > namely, the right to use, modify, combine, destroy, and otherwise
    > tinker with anything you own and any knowledge in your head for
    > any purpose you desire?

    I agree that these are desirable capabilities. But I see other rights as
    superceding them: the right to self-ownership; the right to contract; the
    right to make agreements and bind yourself to them. You have the right
    to promise to keep secrets! Whether it is holding private a confidence
    revealed by your lover, or agreeing not to make copies of a downloaded
    Disney movie, you have the right to promise to limit what you will do
    with information. Trusted Computing can be an integral part of those
    kind of promises (well, the downloads, anyway).

    > In the examples you've given, trusted machines send encrypted IDs
    > and hashes of code back to servers. What would prevent someone
    > from building a machine to falsify those reports so that he could
    > run something the third party didn't want him to (but presumably
    > legally acquired)? Nothing technical that I can see; even if they
    > took the strongest precautions (which it doesn't appear they are),
    > it might still involve only cracking some encryption, which is
    > certainly feasible. The only thing to prevent this, then, is law.
    > Force. TC will be utterly useless without laws to enforce the idea
    > that a creator of content has the right to control what you can do
    > with /your/ legally-purchased machine and /your/ legally-acquired
    > information, just because he's the one who found or created that
    > information first.

    Nothing prevents anyone from doing it in theory, least of all the law,
    because you can hack your own machine in the privacy of your home.
    The only thing that would prevent it in practice is that it might be a
    lot of work, and future versions will make it even more work. There is a
    cryptographic key generated in the secure hardware that is designed never
    to leave the chip. There are techniques to pull data out of chips, but
    they require expensive laboratories. And there are some other possible
    hacks I've seen mentioned, like substituting dual-ported RAM so you can
    peek at memory, or maybe trying to induce faults in the secure hardware
    and get it to leak some data. No doubt we will see an ongoing battle
    between hackers and "data hiders" just like in the satellite TV market.

    The initial goal of the TC technology isn't to stop all hacking, but
    to get away from the situation we are in today, of point-and-click
    unauthorized file sharing. Then down the line, it's possible that
    security can be improved. I go back to Drexler's sealed assembler lab
    as a model for how to put something in a black box where nobody can poke
    at it.

    > Sure, there are probably some useful things enabled by TC. But if
    > they require abandoning basic human rights, they're not worth it.
    > As they say, Mussolini made the trains run on time. OK, so TCPA
    > might get me more music or movies than I might otherwise. But if
    > the price is paying tribute to Disney for the privilege to show
    > my movie on my machine only on /their/ terms, I'll pass.

    Even if TC had nothing that I considered useful, I would still support
    marketing efforts to try out the technology. Maybe other people will
    find it useful. And if not, it will fail in the marketplace. What I
    object to is the preemptive judgement that TCPA/Palladium are evil and
    should be opposed.

    Hal



    This archive was generated by hypermail 2.1.5 : Wed Apr 09 2003 - 17:04:35 MDT