Trusted Computing at WEIS2003

Nomen Nescio nobody at dizum.com
Mon May 12 23:40:04 EDT 2003 

The 2nd annual workshop on "Economics and Information Security" will be
held May 29-30 at the University of Maryland.  Unfortunately the website
at http://www.cpppe.umd.edu/rhsmith3/index.html is woefully out of date.

At least two of the papers will focus on Trusted Computing as exemplified
in the TCG (formerly TCPA) and NGSCB (former Palladium) proposals.
Ross Anderson himself, co-chair and founder of the conference, has
a new paper at http://www.ftp.cl.cam.ac.uk/ftp/users/rja14/tcpa.pdf.
Another one, by Stuart Schechter et al, is discussed at an EWeek article,
http://www.eweek.com/article2/0,3959,1053555,00.asp.  The Schechter paper
is online at http://www.eecs.harvard.edu/~stuart/papers/eis03.pdf.

EWeek talks about the role of TC in limiting which applications get access
to protected content: "This kind of protection is seen as central to the
types of advanced digital rights management systems sought by content
owners as a countermeasure against piracy. However, this chain of trust
can be turned around and used by the people doing the illegal copying
and distribution, according to the paper's authors."

The authors are quoted, "Though this technology was envisioned to thwart
pirates, it is exactly what a peer-to-peer system needs to ensure that
no client application can enter the network unless that application, and
the hardware and operating system it is running on, has been certified
by an authority trusted by the existing clients..."

A similar point was made here last summer during our extensive debate
about the potential threat of Trusted Computing.  It would be fair to
say that it was not well received, however.  Perhaps now that the ideas
are being aired in an academic environment, people will take a closer
look at TC and gain a fuller understanding of the technology.

Even Ross Anderson recognizes that TC can help the pirates as well as the
protectors: "There is also a significant risk - that if TC machines become
pervasive, they can be used by the other side just as easily. Users can
create `blacknets' for swapping prohibited material of various kinds,
and it will become easier to create peer-to-peer systems like gnutella
or mojonation but which are very much more resistant to attack by the
music industry - as only genuine clients will be able to participate. The
current methods used to attack such systems, involving service denial
attacks undertaken by Trojanned clients, will not work any more [23]. So
when TC is implemented, the law of unintended consequences could well
make the music industry a victim rather than a beneficiary."

Anderson's paper is a significant improvement on his bizarrely paranoid
and error-filled FAQ.  He's had to back down on a number of his claims.
For example, Windows Server 2003 implements some DRM and document-locking
features which he attributed to Palladium.  He also seems to back away
from claims that Microsoft will censor your data.  He has to squirm to
deal with the work on TC Linux and try to explain how this fits into
his model of the monopolizing influence of these technologies.

Anderson now has to admit that his claims of a software blacklist are
mistaken as well: "Among early TCPA developers, there was an assumption
that blacklist mechanisms would extend as far as disabling all documents
created using a machine whose software licence fees weren't paid. Having
strong mechanisms that embedded machine identifiers in all files they
had created or modified would create huge leverage. Following the initial
public outcry, Microsoft now denies that such blacklist mechanisms will
be introduced - at least at the NGSCB level [18]."

Notice the claim that Microsoft has perhaps removed this feature based
on public outcry - an outcry for which Ross Anderson can no doubt take
credit.  This fulfils a prediction made here last year, that when their
apocalyptic scenarios failed to arrive, the critics would take credit for
having prevented them!  What a racket - if you're right, you're right,
and if you're wrong, you're even more right.

While this newer paper is better than the abysmal FAQ (which unfortunately
is still spreading its lies and misinformation, even though Anderson
now admits that he knows it is wrong), it has significant flaws as well.
All the analysis is presented from the perspective that businesses can
do whatever they like and consumers have no choice but to go along
helplessly.  Not once does he consider that the discipline of the
marketplace applies to sellers as well as buyers.  Any paper claiming
to be relevant to the topic of "Economics and Information Security"
should not be content with such a one-sided view.

All too often the text degenerates into the kind of anti-Microsoft
conspiracy theories which can be found in the sleaziest corners of
the net.  He never really explains why Intel, IBM and HP are going
along with these nefarious schemes.  Intel, we are told is behaving
"strategically".  What is the strategy?  Why will TC help Intel?
Anderson mumbles something about "lock-in" but that doesn't apply to the
hardware vendors.  He doesn't want to admit the obvious, that Intel thinks
this will sell more computers, because people will like their computers
better when they can access more content.  This is what happens when
you ignore the demand side in your analysis.

Anderson also presents a number of scenarios of Microsoft dominance
in the application demain as if they are new.  Why, law firms might
feel obligated to buy Microsoft Office in order to communicate with
their clients!  Imagine that.  Who could conceive of such a twisted,
backwards, upside down world as one in which companies felt stuck with
buying Microsoft for compatibility?  If he really thinks this is a new
threat, I'd suggest Anderson visit the real world occasionally.  I dunno,
maybe things are different over there in the Unreal Kingdom.

Despite these problems, I do want to emphasize that Anderson's paper is
a step forward.  And the paper by Schechter is also encouraging in that
it is willing to reject the anti-TC paranoia and take a clear-eyed look
at the technology.  Still, both of these papers express their results in
somewhat negative terms: look, you guys at the RIAA and MPAA, you better
not push for TC because it might benefit the pirates too.

None of these authors has quite been able to take accept the logical
conclusion of their analysis, which is that this is a technology which
can enable a whole host of powerful new applications, many of which
have probably not even been invented yet.  Then it should be up to the
marketplace to decide which will succeed and which will fail.  Everyone
wants to short-circuit that messy final step and decide for themselves
which are the "good" applications and which are evil.  I suggest that we
not reject out of hand the principle of allowing people to make decisions
for themselves about what they want to do with their computers, and that
includes utilizing TC technology.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list