Re: TCPA / Palladium FAQ (was: Re: Ross's TCPA paper)
Interesting QA paper and list comments. Three additional comments: 1. DRM and privacy look like apple and speedboats. Privacy includes the option of not telling, which DRM does not have. 2. Palladium looks like just another vaporware from Microsoft, to preempt a market like when MS promised Windows and killed IBM's OS/2 in the process. 3. Embedding keys in mass-produced chips has great sales potential. Now we may have to upgrade processors also because the key is compromised ;-) Cheers, Ed Gerck PS: We would be much better off with OS/2, IMO. Ross Anderson wrote: http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html Ross - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Giuliani: ID cards won't curb freedoms
http://news.com.com/2102-1017-939499.html Giuliani: ID cards won't curb freedoms By Margaret Kane Staff Writer, CNET News.com June 26, 2002, 9:00 AM PT http://news.com.com/2100-1017-939499.html WASHINGTON--U.S. citizens may need to carry national identification cards someday, but that doesn't need to translate into a loss of fundamental freedoms in the name of safety, former New York Mayor Rudolph Giuliani said Wednesday. We need a better way to properly ID people that's more effective (than current means). There's a trade-off we have to make between privacy and the protection of everybody...in society, said Giuliani, following a keynote speech at the E-Gov 2002 conference here. More than 10,000 people are attending the four-day conference, which concludes Thursday. A national ID system has become a hot-button issue within the tech industry and nationally. Technology experts and privacy advocates have been debating the merits of national ID cards and other identification systems and trying to figure out how to make sure they wouldn't be abused. Giuliani said ID cards do not necessarily equal a loss of freedom, adding that other democratic countries require citizens to carry ID cards. We have to separate fundamental freedoms...from those things that we had the luxury to do in the past, he said. Giuliani's speech was met with standing ovations and flag waving from the crowd at the show, which included employees of federal, state and local governments. The conference here is being run jointly with one on homeland security, reflecting a new focus from the technology world and the government of using IT for defense. Giuliani discussed ways that technology aided him as mayor, including helping him handle the terrorist attacks of Sept. 11. Before those attacks, Giuliani's best-known achievement had been lowering the city's crime rate, a feat he said was greatly helped by the use of technology to conduct daily monitoring of crime. The city had previously analyzed crime statistics on a yearly basis, but he initiated a program that helped track crime at the precinct level on a daily basis and plotted that data on geographic and time bases to more efficiently deploy police officers. Similar programs were used in the city's correctional facilities to help reduce violence at Riker's Island by 80 percent, he said. Technology also helped open up the city to citizens, he said, making their lives easier. For instance, New York has put in place ways for citizens to use the Internet to pay parking tickets and apply for permits for everything from opening a restaurant to tackling new construction. One of the great complaints about government, certainly in New York City, was that it was unusable...and unmanageable, he said. E-government is a way to change that. Giuliani's Emergency Management System, created in 1996, used technological simulations to train for emergencies including terrorist attacks, fires and other crises, Giuliani said. I can't emphasize more how important that it is to prepare for the worst thing you can imagine, he said. Using technology to try and play games for what might happen, even if they're not exactly right when the emergencies occur, is an important way to prepare. Giuliani cautioned attendees to prepare for the unexpected but to remember that life goes on. At home, we have to do everything we can to be better prepared, he said. At the same time, we have to get people to relax and go about their daily lives. Giuliani disagreed with the notion that the world is now a more dangerous place. It was as if a curtain was in front of us; we saw the world the way we wanted to see it. Now the curtain has been lifted, and we can see the world the way it really is, he said. Having said that, and recognized that, even before doing anything about it we're safer. Asked if he would be interested in becoming secretary of the proposed Department of Homeland Security, Giuliani said that he hadn't decided on his future but that the job that he really wanted was to become general manager of the (New York) Yankees. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Two additional TCPA/Palladium plays
[Minor plug: I am scheduled to give a talk on TCPA at this year's DEF CON security conference. I promise it will be an interesting talk. http://www.defcon.org ] Below are two more additional TCPA plays that I am in a position to mention: 1) Permanently lock out competitors from your file formats. From Steven Levy's article: A more interesting possibility is that Palladium could help introduce DRM to business and just plain people. It's a funny thing, says Bill Gates. We came at this thinking about music, but then we realized that e-mail and documents were far more interesting domains. Here it is why it is a more interesting possibility to Microsoft for Palladium to help introduce DRM to business and just plain people than to solely utilize DRM to prevent copying of digital entertainment content: It is true that Microsoft, Intel, and other key TCPA members consider DRM an enabler of the PC as the hub of the future home entertainment network. As Ross pointed out, by adding DRM to the platform, Microsoft and Intel, are able to grow the market for the platform. However, this alone does little to enhance Microsoft's already sizable existing core business. As Bill Gates stated, Microsoft plans to wrap their entire set of file formats with DRM. How does this help Microsoft's core business? Very simple: enabling DRM for MS Word documents makes it illegal under the DMCA to create competing software that can read or otherwise process the application's file format without the application vendor's permission. Future maintainers of open source office suites will be faced with a very simple choice: don't enable the software to read Microsoft's file formats or go to jail. Anyone who doubts that such a thing could happen is encouraged to familiarize themselves with the case of Dmitry Skylarov, who was arrested after last year's DEF CON conference for creating software that permitted processing of a DRM-wrapped document file format. Permanently locking out competition is a feature that of course does not just appeal to Microsoft alone. A great many dominant application vendors are looking forward to locking out their competition. The beauty of this play is that the application vendors themselves never need to make that call to the FBI themselves and incur the resultant backlash from the public that Adobe experienced in the Skylarov case. The content providers or some of those utilizing the ubiquitously supported DRM features will eagerly make that call instead. In one fell swoop, application vendors, such as Microsoft and many others, create a situation in which the full force of the U.S. judicial system can be brought to bear on anyone attempting to compete with a dominant application vendor. This is one of the several ways in which TCPA enables stifling competition. The above is one of the near to medium objectives the TCPA helps meet. [The short-term core application objective is of course to ensure payment for any and all copies of your application out there]. Below is a mid to long term objective: 2) Lock documents to application licensing As the Levy article mentions, Palladium will permit the creation of documents with a given lifetime. This feature by necessity requires a secure clock, not just at the desktop of the creator of the document, but also on the desktops of all parties that might in the future read such documents. Since PC's do not ship with secure clocks that the owner of the PC is unable to alter and since the TCPA's specs do not mandate such an expensive hardware solution, any implementation of limited lifetime documents must by necessity obtain the time elsewhere. The obvious source for secure time is a TPM authenticated time server that distributes the time over the Internet. In other words, Palladium and other TCPA-based applications will require at least occasional Internet access to operate. It is during such mandatory Internet access that licensing-related information will be pushed to the desktop. One such set of information would be blacklists of widely-distributed pirated copies of application software (you don't need TCPA for this feature if the user downloads and installs periodic software updates, but the user may choose to live with application bugs that are fixed in the update rather than see her unpaid software disabled). With TCPA and DRM on all documents, the application vendor's powers increase vastly: the application vendor can now not just invalidate copies of applications for failure to pay ongoing licensing fees, but can invalidate all documents that were ever created with the help of this application. Regardless how widely the documents may have been distributed or on who's computer the documents may reside at present. Furthermore, this feature enables world-wide remote invalidation of a document file for reasons other than failure to pay ongoing licensing fees to the application vendor. To give just one example, documents can be remotely invalidated pursuant
RE: Revenge of the WAVEoids: Palladium Clues May Lie In AMD Motherboard Design
Bob wrote quoting Mark Hachman: The whitepaper can not be considered a roadmap to the design of a Palladium-enabled PC, although it is one practical solution. The whitepaper was written at around the time the Trusted Computing Platform Association (TCPA) was formed in the fall of 2000; both Wave and AMD belong to the TCPA. And, while Palladium uses some form of CPU-level processing of security algorithms, the AMD-Wave whitepaper's example seems wholly tied to an off-chip security processor, the EMBASSY. An EMBASSY-like CPU security co-processor would have seriously blown the part cost design constraint on the TPM by an order of magnitude or two. I am not asserting that security solutions that require special-purpose CPU functionality are not in the queue, they very much are, but not in the first phase. This level of functionality has been deferred to a second phase in which security processing functionality can be moved into the core CPU, since a second CPU-like part is unjustifiable from a cost perspective. Given the length of CPU design cycles and the massive cost of architecting new functionality into a processor as complex as a modern CPU, we may or may not see this functionality shipping. Much depends on how well phase 1 of the TCPA effort fares. --Lucky - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: DRMs vs internet privacy (Re: Ross's TCPA paper)
Adam Back wrote: I don't mean that you would necessarily have to correlate your viewing habits with your TrueName for DRM systems. Though that is mostly (exclusively?) the case for current deployed (or at least implemented with a view of attempting commercial deployment) copy-mark (fingerprint) systems, there are a number of approaches which have been suggested, or could be used to have viewing privacy. The TCPA specs were carefully designed to permit the user to obtain multiple certificates from multiple CA's and thus, if, and that's a big if, the CA's don't collude and furthermore indeed discard the true name identities of the customer, utilize multiple separate identities for various online applications. I.e., the user could have one cert for their True Name, one used to enable Microsoft Office, and one to authenticate the user to other online services. It is very much the intent of the TCPA to permit the use of pseudonymous credentials for many, if not most, applications. Otherwise, the TCPA's carefully planned attempts at winning over the online liberty groups would have been doomed from the start. --Lucky Green - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Ross's TCPA paper
David wrote: It's not clear that enabling anti-competitive behavior is good for society. After all, there's a reason we have anti-trust law. Ross Anderson's point -- and it seems to me it's one worth considering -- is that, if there are potentially harmful effects that come with the beneficial effects, maybe we should think about them in advance. I fully agree that the TCPA's efforts offer potentially beneficial effects. Assuming the TPM has not been compromised, the TPM should enable to detect if interested parties have replaced you NIC with the rarer, but not unheard of, variant that ships out the contents of your operating RAM via DMA and IP padding outside the abilities of your OS to detect. However, enabling platform security, as much as might be stressed otherwise by the stakeholders, has never been the motive behind the TCPA. The motive has been DRM. Does this mean that one should ignore the benefits that TCPA might bring? Of course not. But it does mean that one should carefully weigh the benefits against the risks. --Lucky Green - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Ross's TCPA paper
From: [EMAIL PROTECTED] As a side note, it seems that a corporation would actually have to demonstrate that I had seen and agreed to the thing and clicked acceptance. Prior to that point, I could reverse engineer, since there is no statement that I cannot reverse engineer agreed to. So what would happen if I reverse engineered the installation so that the agreement that was display stated that I could do what I liked with the software? Ok, so there would be no mutual intent, but on the other hand, there would also be no agreement on the click-through agreement either. I have an application that replaces the caption on the I agree button to your liking; I wrote it exactly because of this reasoning. http://picosoft.freeservers.com/NoLicense.htm Of course, it's a stupid little program, I'm sure anyone can come up with something better in no time... BTW, for any lawyers around here - shouldn't the mere existence of this program be enough to blow up the idea that you agreed to the click-through stuff? Mark - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Revenge of the WAVEoids: Palladium Clues May Lie In AMD Motherboard Design
R. A. Hettinga [EMAIL PROTECTED] writes: WAVE, some of you might remember, was started by a former NatSemi Chairman back before the internet got popular. It was going to be a dial-up book-entry- to-the-screen content control system with special boards and chips patented to down to it's socks. Think of it as DIVX for PCs, with a similar chance of success (see my earlier post about TCPA being a dumping ground for failed crypto hardware initiatives from various vendors). Its only real contribution is that the WAVEoid board on Ragingbull (alongside the Rambus one) is occasionally amusing to read, mostly because it shows that the dot-com sharemarket situation would be better investigated by the DEA than the FTC. Peter. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Stefek Zaba's rebuttal
Stefek says that TCPA is a purely protective technical measure, and that my claims about it are `far-fetched imagining'. He denies that it was started as a DRM play. Yet the DRM aim was admitted to me in April by a serior Intel person, and has since been confirmed by Bill Gates himself in the Palladium release. I've known Stefek for years, and despite his inaccurate and abusive post I am not claiming that he deliberately lied to us - merely that if HP sees this as a pure technical security play, you'd better sell their stock, as they are amazingly less sophisticated about information goods and services markets than other consortium members. (The other HP labs person to whom I talked in the course of my investigations was similarly uninformed about basic economics.) Sometimes it may suit managers to keep technical staff in the dark about the business plays behind technical initiatives. However, it is not in the interest of technical staff to allow themselves to work on projects with whose goals, once revealed, they and their friends may have a moral objection. It can damage relationships and impair CVs. Starting in November, I'm going to be teaching a course in economics and law to second year comp sci undergraduates at Cambridge. That's how important I think an understanding of these issues is - it should be a mandatory part of the undergraduate curriculum. If you need a quick introduction to the subject as it relates to things like software and compatibility, I'd recommend Shapiro and Varian, `Information Rules' Ross - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]