From: Hal Finney (hal@finney.org)
Date: Wed Apr 09 2003 - 16:54:26 MDT
Lee Crocker writes:
> Today, David Rocci was convicted and sentenced to five months in
> jail and a hefty fine for selling Xbox mod chips, which are used to
> circumvent the encryption technology that makes them only run
> approved games. You need such a chip to install Linux on your
> Xbox, for example. This is exactly the kind of world I fear, where
> laws intended "to promote the progress of science and the useful
> arts" are in fact used to physically seize and imprison prople for
> inventing and selling a device that makes the hardware you paid for
> more useful. This action, and others like it (such as the arrest of
> Dmitri Sklyarov) are utterly unconcionable in a free society, and
> will ultimately retard the very progress they claim to promote.
This is a big topic and I don't have room to go into it now. I agree
that the current intellectual property laws are highly problematic.
Nevertheless I see many unanswered questions in how things would work
if we get to where there is no IP protection.
> My question is simple: how will TC technology fit into a world
> alongside what I consider to be basic, fundamental human rights:
> namely, the right to use, modify, combine, destroy, and otherwise
> tinker with anything you own and any knowledge in your head for
> any purpose you desire?
I agree that these are desirable capabilities. But I see other rights as
superceding them: the right to self-ownership; the right to contract; the
right to make agreements and bind yourself to them. You have the right
to promise to keep secrets! Whether it is holding private a confidence
revealed by your lover, or agreeing not to make copies of a downloaded
Disney movie, you have the right to promise to limit what you will do
with information. Trusted Computing can be an integral part of those
kind of promises (well, the downloads, anyway).
> In the examples you've given, trusted machines send encrypted IDs
> and hashes of code back to servers. What would prevent someone
> from building a machine to falsify those reports so that he could
> run something the third party didn't want him to (but presumably
> legally acquired)? Nothing technical that I can see; even if they
> took the strongest precautions (which it doesn't appear they are),
> it might still involve only cracking some encryption, which is
> certainly feasible. The only thing to prevent this, then, is law.
> Force. TC will be utterly useless without laws to enforce the idea
> that a creator of content has the right to control what you can do
> with /your/ legally-purchased machine and /your/ legally-acquired
> information, just because he's the one who found or created that
> information first.
Nothing prevents anyone from doing it in theory, least of all the law,
because you can hack your own machine in the privacy of your home.
The only thing that would prevent it in practice is that it might be a
lot of work, and future versions will make it even more work. There is a
cryptographic key generated in the secure hardware that is designed never
to leave the chip. There are techniques to pull data out of chips, but
they require expensive laboratories. And there are some other possible
hacks I've seen mentioned, like substituting dual-ported RAM so you can
peek at memory, or maybe trying to induce faults in the secure hardware
and get it to leak some data. No doubt we will see an ongoing battle
between hackers and "data hiders" just like in the satellite TV market.
The initial goal of the TC technology isn't to stop all hacking, but
to get away from the situation we are in today, of point-and-click
unauthorized file sharing. Then down the line, it's possible that
security can be improved. I go back to Drexler's sealed assembler lab
as a model for how to put something in a black box where nobody can poke
at it.
> Sure, there are probably some useful things enabled by TC. But if
> they require abandoning basic human rights, they're not worth it.
> As they say, Mussolini made the trains run on time. OK, so TCPA
> might get me more music or movies than I might otherwise. But if
> the price is paying tribute to Disney for the privilege to show
> my movie on my machine only on /their/ terms, I'll pass.
Even if TC had nothing that I considered useful, I would still support
marketing efforts to try out the technology. Maybe other people will
find it useful. And if not, it will fail in the marketplace. What I
object to is the preemptive judgement that TCPA/Palladium are evil and
should be opposed.
Hal
This archive was generated by hypermail 2.1.5 : Wed Apr 09 2003 - 17:04:35 MDT