From: Dan Fabulich (dfabulich@warpmail.net)
Date: Wed Apr 09 2003 - 17:50:30 MDT
Hal Finney wrote:
> you will have heard about TCPA/Palladium/NGSCB elsewhere on the net.
> I can't really account for that discrepancy. I don't understand why my
> reading of the technology's properties and capabilities is so different
> from everyone else's. It's possible that there are non-public documents
> which paint a much more sinister picture. All I can say is that based
> on the public information, TC works as I have described it here.
I assume anyone following this thread will have read Ross Anderson's
TCPA/Palladium FAQ. http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html
Of course, you're both right... in particular, you're right about the
benign uses of TCPA, and Ross is right about the POTENTIAL for serious
rights violations. In particular, when Ross says
[Under Palladium] pirate software can be detected and deleted
remotely. It will also make it easier for people to rent software
rather than buying it; and if you stop paying the rent, then not
only does the software stop working but so may the files it created.
he'd be seriously wrong to think that having TCPA installed will
automatically make this possible. TCPA is necessary, but not
sufficient, to bring about a world in which Microsoft "owns" your PC.
In particular, you're right that it needn't be the case that
submitting your upload to a TCPA-enabled machine will make your upload
owned by MS... but that's a misleading analogy.
In the case where you're deciding whether or not to distribute your
data to a TC machine, you yourself are in the role of Microsoft, not
in the role of an average user. You want to ensure that anyone to
whom you transfer your software only has the right to do with it what
YOU want.
[It's interesting to note that this Prudent Upload case, in which an
upload tries to ensure that it runs on a machine that obeys common
moral codes, turns on its head a very natural libertarian idea about
data/information: that, once you've acquired data in a legitimate way,
you're free to do whatever you want with that data on your own system,
in much the same way that you have the right to your own thoughts and
to your own speech/property. In the Prudent Upload case, we may
acknowledge that *the data itself has rights*, so the libertarian
ideal of ensuring that data is as free as free speech is inappropriate
in this case. Uploads want all the same sorts of powers that dirty
people currently want to use to control your machine: they want to
ensure that you don't do anything "immoral" to data that is
transferred to you. (As for my take, I think that the jury is still
out on the question of whether is it can be moral to use your own
hardware to run cruel simulations, in which your software entities are
made to suffer, assuming that these simulations are "victimless" to
anyone else on your metaphysical level.)]
"Ah," you may say, "but it only gives people the power to prove to
you, the upload, that they're going to agree to your terms... it
doesn't actually *force* them to do what you say." But it *does* if
they're in some way forced to run the TCPA architecture of your
choosing. In particular, if the government forces us to run
centrally-signed OSes on TCPA-enabled machines, the game is over.
"So what?" you may argue. "The government could force me to run
Windows with BigBrother Inside! (tm) tomorrow, couldn't it?" No,
probably not, or at least, not that easily. In particular, there'd be
nothing they could reasonably do to prevent you from hacking up your
own OS and running it on your own machine; they could pass the law,
but they couldn't (at present) enforce it. TCPA thus represents the
possibility of an enforcement mechanism for bad laws like the CBDTPA.
http://www.salon.com/tech/feature/2002/03/29/hollings_bill/
So, to trace this back to the upload analogy: if you, the upload, are
in charge of the federal TC administration, then there's no worry that
your uploaded code would be "owned" by somebody else. In that case,
YOU'RE the very entity we're afraid of... you needn't be worried under
the Palladium architecture. (Indeed, you can rest easy, knowing that
others will be forced to use your data in whatever way you think to be
right.)
If, on the other hand, you are not in charge of the FTCA, then,
clearly, you and your code would be "owned" by the central signatory.
If that code did something that you didn't like, then there's nothing
you could ever do about it. You couldn't make a contract with someone
with a TCPA machine for them to do what you wanted unless that agreed
with what the central signatory required.
Now, there is a somewhat more benign case than the one in which the
government forces you to run signed code: there's the one in which the
software being offered by Microsoft and friends is enticing, but to
get use of it, you have to hand MS the keys to your machine. If an OS
like this simply becomes the de facto standard, then the freedom of
ordinary users will be greatly diminished, probably without their
noticing or realizing it. (In much the same way that users' rights to
privacy are often assaulted today without their knowledge... but
perhaps this is because they simply don't care.)
One perfectly plausible consequence of the TCPA is that TC itself
could be one of the value-added features that you only get *if* you
hand over the keys to your machine to MS at install time. Then, under
TCPA, you could at least arrange contracts with other machine owners
to accept and use your upload data in whatever way you required, so
long as that didn't disagree with what MS wanted. If you wanted to
arrange a contract which MS did not wish to allow, your partners would
have to turn off TCPA altogether in order to follow through with your
request, vitiating their (admittedly valuable) capacity to prove their
trustworthiness to you.
Perhaps, in principle, this outcome is morally acceptable: people in a
free market would be trading off a few of their rights (rights that
they maybe wouldn't even notice missing, that's how much they care
about them!) in exchange for cool features.
It seems bad to me, though.
-Dan
-unless you love someone-
-nothing else makes any sense-
e.e. cummings
This archive was generated by hypermail 2.1.5 : Wed Apr 09 2003 - 17:53:43 MDT