Ross's TCPA paper

Nomen Nescio nobody at dizum.com
Sun Jun 23 18:20:08 EDT 2002 

Lucky Green writes regarding Ross Anderson's paper at:
http://www.ftp.cl.cam.ac.uk/ftp/users/rja14/toulouse.pdf

> I must confess that after reading the paper I am quite relieved to
> finally have solid confirmation that at least one other person has
> realized (outside the authors and proponents of the bill) that the
> Hollings bill, while failing to mention TCPA anywhere in the text of the
> bill, was written with the specific technology provided by the TCPA in
> mind for the purpose of mandating the inclusion of this technology in
> all future general-purpose computing platforms, now that the technology
> has been tested, is ready to ship, and the BIOS vendors are on side.

It's an interesting claim, but there is only one small problem.
Neither Ross Anderson nor Lucky Green offers any evidence that the TCPA
(http://www.trustedcomputing.org) is being designed for the support of
digital rights management (DRM) applications.

In fact if you look at the documents on the TCPA web site you see much
discussion of applications such as platform-based ecommerce (so that
even if a user's keys get stolen they can't be used on another PC),
securing corporate networks (assuring that each workstation is running
an IT-approved configuration), detecting viruses, and enhancing the
security of VPNs.

DRM is not mentioned.

Is the claim by Ross and Lucky that the TCPA is a fraud, secretly designed
for the purpose of supporting DRM while using the applications above
merely as a cover to hide their true purposes?  If so, shouldn't we expect
to see the media content companies as supporters of this effort?  But the
membership list at http://www.trustedcomputing.org/tcpaasp4/members.asp
shows none of the usual suspects.  Disney's not there.  Sony's not there.
No Viacom, no AOL/Time/Warner, no News Corp.  The members are all
technology companies, including crypto companies like RSA, Verisign
and nCipher.

Contrast this for example with the Brodcast Protection Discussion
Group whose ongoing efforts are being monitored by the EFF at
http://www.eff.org/IP/Video/HDTV/.  There you do find the big media
companies.  That effort is plainly aimed at protecting information and
supporting DRM, so it makes sense that the companies most interested in
those goals are involved.

But with the TCPA, the players are completely different.  And unlike
with the BPDG, the rationale being offered is not based on DRM but on
improving the trustworthiness of software for many applications.

Ross and Lucky should justify their claims to the community in general
and to the members of the TCPA in particular.  If you're going to make
accusations, you are obliged to offer evidence.  Is the TCPA really, as
they claim, a secretive effort to get DRM hardware into consumer PCs?
Or is it, as the documents on the web site claim, a general effort to
improve the security in systems and to provide new capabilities for
improving the trustworthiness of computing platforms?

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list