On Fri, Jul 26, 2013 at 03:18:58PM -0700, Steve Weis wrote: > DRM technologies have a flip side as privacy-preserving technology. > It's all a matter of whose data is being protected and who owns the > hardware. > > We generally think of DRM in cases where the data owner is large > company and an individual owns the hardware. In this case, DRM stops > you from copying data you paid for from your own device. > > Now flip the roles. You're the data owner and the large company is the > hardware owner; say a cloud computing provider you lease machines > from. Those same technologies can prevent that service provider from > accessing your private data. > > Cory Doctrow has come around to this view, as he discusses in his talk > "The coming civll war over general purpose computing" [1]. He's now > advocating the use of Trust Platform Modules (TPMs) as a "nub of > stable certainty" which you can use to verify that whatever hardware > you are using is faithfully booting your own software. This is a > significant departure from viewing TPMs as an anti-consumer > technology, which was espoused by groups like Chilling Effects [2]. >
No, this is a slight but consistent refinement of a long-established position about TPMs from EFF when Trusted Platform Modules were first concretely proposed (Chilling Effects isn't a group, its a website run co-operatively by a number of groups -- the piece you're citing is from the Samuelson clinic). The best summary for this position is probably still Seth's paper from 2003 https://www.eff.org/wp/trusted-computing-promise-and-risk The challenge here is with the remote attestation feature of TPMs, and the reason that's problematic is that it effectively informs others of your software environment, therefore effectively allowing others to prohibit interoperability without you concretely testifying that you're running their approved set of tools. This is also the criteria by which TPMs are judged as being suitable for DRM *and* for a range of "privacy-preserving" technologies -- only in this case, the theory would be that you would be receiving a testament that only the promised software is looking at your data in Google's server nests, or that only authorised programs in the State Departments are peering at the diplomatic cables. Of course, such remote attestation/control works as well for privacy-preservation as it does for DRM -- not very. If you *have* the data, you can do whatever you want with it. My computer can attest all it want, but if I want that video or that cable, I'll get it. Indeed, I already *have it*. all you're doing is determining the process by which I'll obtain a reproducible copy. It's not even that quantifiable as a cost, because we're already assuming I have physical access and time enough. The position that EFF and others, including Cory, have argued for a decade now is that TPMs are useful as a nub of certainty -- but only for users (actually they work well enough for owners *and* users, and Cory's paper is a useful discrimination for both of those classes). The hope that they might be something like that for data control by remote parties, like the government or the entertainment industry or you posting to Facebook is both a pipe dream, and a rather dangerous ceding of control of our most important personal technologies to unknown third parties. d. > As Doctrow puts it "a victory for the "freedom side" in the war on > general purpose computing would result in computers that let their > owners know what was running on them". Some of the very same > technologies that enable DRM could help us verify that computers are > running what they should be. > > [1] http://boingboing.net/2012/08/23/civilwar.html > [2] http://chillingeffects.org/anticircumvention/weather.cgi?WeatherID=534 > > On Fri, Jul 26, 2013 at 2:22 PM, Richard Brooks <[email protected]> wrote: > > Obviously, these issues have been very thoroughly discussed > > by Corey Doctorow and Larry Lessig. DRM has not proved to be > > effective at safeguarding intellectual property. It seems > > to be most effective as a tool in maintaining limited > > monopolies, since it stops other companies from investing > > in creating products compatible with existing products. > > > -- > Too many emails? Unsubscribe, change to digest, or change password by > emailing moderator at [email protected] or changing your settings at > https://mailman.stanford.edu/mailman/listinfo/liberationtech > -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
