Trusted Computing And You

sebFlyte writes "There's an interesting look at the Trusted computing initiative running over on ZDNet UK, written by security guru Bruce Schneier. He looks at the suggestions for best practice made in a recent policy document, and Microsoft's 'Machiavellian manoeuvring' to stall said document. He posits their moves are to avoid having to enforce such best-practice when it comes to Vista's DRM and other copy-restriction technology." From the article: "This sounds great, but it's a double-edged sword. The same system that prevents worms and viruses from running on your computer might also stop you from using any legitimate software that your hardware or operating system vendor simply doesn't like. The same system that protects spyware from accessing your data files might also stop you from copying audio and video files. The same system that ensures that all the patches you download are legitimate might also prevent you from, well, doing pretty much anything."

Love those dups

http://it.slashdot.org/article.pl?sid=05/08/31/154 6252&tid=172&tid=109 [slashdot.org]

Thanks again!

Well, because the "staff" ignored my duplicate notification, as usual, here's [slashdot.org] a link to the previous story and here's [slashdot.org] my comment there.

Please note, just because the domain of a news site is different and someone included Schneier's URL [slashdot.org] this time doesn't mean that the story isn't a duplicate.

Thanks for helping to make Slashdot a better place.

Re:Thanks again!

Well let's hope Zonk doesn't ignore the duplicate notice I just sent for the upcoming story.

Creative MP3 Players Ship With Virus is linked to: http://it.slashdot.org/article.pl?sid=05/09/01/131 2233&tid=220&tid=218 [slashdot.org] but it's duped at http://hardware.slashdot.org/article.pl?sid=05/08/ 30/0118252&tid=184&tid=220 [slashdot.org]

Let me be the first

To say I don't trust "Trusted Computing".

Re:Let me be the first

And this is true everywhere, not just Soviet Russia.

Re:Let me be the first

To say I don't trust "Trusted Computing".

You don't have to trust it. I don't trust the government but I have to put up w/it. Sadly, that's what we have allowed the corporations to become.

Another layer of governance over us.

Interestingly enough ...

In security speech Trusted != Trustworthy. If you say that X is "Trusted", it simply means that the security of the system depends axiomatically on X being secure. So if X is secure, everything is ok, but if it is insecure, it breaks the whole system. "Trusted" doesn't actually say whether X is secure or not (that's what "Trustworthy" is for), it just makes a statement about the security of the whole system depending on the security of X.

Having learned that, a few companies (I believe M$ was one of them) changed from "trusted" to "trustworthy"

Ethics

Well, trusted computing should start with a trustworthy company. That means good, consistant company ethics and ethical people working and representing the company.

Re:Ethics

No, it means that *I* control my computer and content -- not someone or something else that isn't under my direct control.

They need to stop fucking twisting words around because it's good marketing doublespeak.

Call it what it is. A fucking privacy and ethics violation.

Re:Ethics

Yep, and the problem is in the free market you should be able to exercise your dollar votes and not buy their products. However, all the companies who have anything to do with this are all rolling out new hardware at *exactly* the same time so there simply will be no alternative. Longhorn, the new dvd format(s), TCPM compliant motherboards, chipsets, and software, all will be deployed at once. How do you like your omelets now Denver?

Re:Ethics

switch ($decade) {
case "the 50's":
   s/the Boogyman/Communist agitators/g;
   break;
case "the 60's":
   s/the Boogyman/acid-eating hippies/g;
   break;
case "the 70's":
   s/the Boogyman/disco/g;
   break;
case "the 80's":
   s/the Boogyman/mutual assured destruction (and Grenada!)/g;
   break;
case "the 90's":
   s/the Boogyman/evil hackers and George Michael/g;
   break;
case "the 00's":
   s/the Boogyman/terrorists/g;
   break;
}

Will people realize in time?

I'm seriously wondering this. Will people realize the things that Trusted Computing and DRM can do to them? I'm not talking about the slippery slope of "restricting" anti-government documents or mobsters using Trusted Computing to commit crimes. I'm talking about the loss of rights to use media and information THAT YOU BOUGHT, NOT rented, or licensed.

We, as computer users see it coming, just like a satellite sees the storm. We just have to keep broadcasting.

Re:Will people realize in time?

Will people realize the things that Trusted Computing and DRM can do to them?

No, because it's a fucking calculated descision on the parts of hardware and software manufacturers, see here [slashdot.org] for my comments on this yesterday.

They have known all along that if they do it slowly and under the guise of it being "for your benefit" then people will accept it.

It's really fucking sad that people are willing to put control of everything into someone else's hands. I'm seriously waiting for the day when a corporation will inseminate a woman for you because it's "easier".

You think it's funny or tinfoilish now? Just wait, people will undoubtably get lazy enough that they won't even fuck.

Think of how funny it would have been to you 20 years ago if someone told you that you wouldn't be able to open a document or run a program on your computer because Microsoft didn't give you a code to do so.

Exactly.

The problem with "trusted" computing

Is that YOU, the computer OWNER is not trusted. This is the first step towards taking actual ownership away from the owner and handing it over to the manufacturer after the fact.

Which is why I do not support Digital Restrictions Management.

Trust...

You only trust someone if you have good experiences with it again and again.

Like this story, for example.

Zonk Does it Again

The people over here [anti-slash.org] really have it in for Zonk and his dupes.

I didn't really get the role of editors in making these mistakes. The jihad folks figure Zonk is one of the worst offenders.

I'm agnostic in all this, of course. This is just for informational purposes.

Hmm, which evil is lesser

Would I rather have too much security in IT or too little? I vote for too much. The first day my firm makes the news because of some breach that results in piles of data being released is also the first day that I'm looking for a new job. No thanks. Users are pretty forgiving when they understand why we do things the way we do. Nobody ever got id-thefted by this way.

Nice...

It's nice to see some of the media actually speak up in an informative way about "Trusted" computing. I think awareness is the way to beat this thing from biting the Free Software/"Open Source" world in the proverbial ass.. Anyway, great article.

Browse this discussion at -1

Set your comment threshold to -1 and browse the comments on this thread. It's a wasted thread anyway, yet another dupe story. There's some good stuff at -1 on this thread.

Who The Fuck Is This Moron Zonk?

Is that his name or his mental condition?

Look, morons, if you can't find an editor that can see a dupe from the previous day, get the fuck out of the business.

Aside from offering me the chance to insult morons, /. is becoming a fucking waste of time.

because of lock in.

As bruce pointed [schneier.com] out MS might have an own agenda.

I think this is a reason:

TC faq [cam.ac.uk]

The second, and most important, benefit for Microsoft is that TC will dramatically increase the costs of switching away from Microsoft products (such as Office) to rival products (such as OpenOffice). For example, a law firm that wants to change from Office to OpenOffice right now merely has to install the software, train the staff and convert their existing files. In five years' time, once they have received TC-protected documents from perhaps a thousand different clients, they would have to get permission (in the form of signed digital certificates) from each of these clients in order to migrate their files to a new platform. The law firm won't in practice want to do this, so they will be much more tightly locked in, which will enable Microsoft to hike its prices.

Will it stop malware?

Any system that is powerful and flexible enough to be useful is also powerful and flexible enough to run viruses/worms.

Why Trusted Computing Will Fail

Trusted Computing will be DOA. It's a pipe dream, and it will never work.

Not because it's technically unfeasible, but because the market won't stand for it. Let's say that Microsoft declares that Word 2006 will only open "trusted" documents. Total lock-in. Would any sane business buy in?

Absolutely not. My company still uses Word 2000 - and many of Microsoft's problems stem from the fact that they have to bend over backwards not to break legacy APIs and file formats. If Joe and Jane Sixpack find that they can't play their old DVDs on their new PeeCee, they're taking the thing back. If their old MP3s don't play, they'll take it back.

Look at the failure of Divx (the self-destructing DVD format). It had some major studio support, and yet it was practically stillborn. Users drive technology, and users don't like to have to deal with jumping through hoops. The only reason XP's Product Activation crap didn't result in a backlash is because 99% of users never had to deal with it since they got XP with their new PC - preinstalled and pre-activated.

That's why Trusted Computing will fail, even though parts of it are a good idea. Microsoft can't force people to accept it. The real world of economics doesn't work that way. They can't force people to upgrade, and as long as they have to support legacy data, they can't totally lock down the system.

I dislike Microsoft as much as anyone, and for all the clout they have in the market, they can't do everything. Trusted Computing will either be full of holes (likely) or a major flop depending on how much security they apply.

Flawed Argument

Your whole argument is based on the assumption that Windows would only allow use of locked formats.

Of course it won't work that way, it'd be corporate/product suicide.

However, only Windows will be able to use these locked formats. Which means that once locked formats come into circulation, you will always forever after have to use the Microsoft-mandated access method. Your old DVDs will still play on your new PC, and your new DVDs will still play on your new PC, but they won't play on your Linux box or your OS X box and so on.

Locked formats will be rare for years to come. It has to wait for market uptake. You won't see locked DVDs released right away, because that means that all existing electronics will be broken, which again would be corporate/product suicide. It'll be years after DRM is already integrated into those electronics, when a large quantity of the user base has those DRM-capable electronics, that you'll see locked formats released on a large scale. Years after people have seen no detriment form DRM and have already accepted their DRM-capable electronics has standard. Years after, for the vast majority of the populace, the DRM actually doesn't hurt them in any way, because it only stops the real thieves and the Free Software nerds.

Re:Why Trusted Computing Will Fail

While I certianly hope there is a public backlash against Trusted Computing, almost everything you said is wrong. Unfortunately the "common understanding" of Trusted Computing is completely wrong.

Let's say that Microsoft declares that Word 2006 will only open "trusted" documents.

Wrong. It will be able to open both Trusted and Untrusted documents. It will be able to save both Trusted and Untrusted documents. An Untrusted loads can become Trusted saves, but Trusted loads can never become Trusted saves. It has a tendancy to encourage a movement from Untrusted to Trusted and prohibits any movement from Trusted to Untrusted.

The new software can open and save anything. If you have the new software then eveything "just works".

Any normal wordprocessor can only read and save Untrusted documents. A normal word processor cannot touch Trusted documents at all. A normal word processor doesn't work when anyone gives you a Trusted document.

If you have Trusted software it always works, and tends to move more things into the Trust zone. If you have Untrusted software then sometimes it spits out error messages at you.

If Joe and Jane Sixpack find that they can't play their old DVDs on their new PeeCee, they're taking the thing back. If their old MP3s don't play, they'll take it back.

You have it backwards. Old stuff always works on the new computers. The new Trusted Computers "just work". Old DVDs and old MP3s play just fine on the new DRM lockdown computers.

What will happen is that Joe and Jane Sixpack find that they can't play the NEW DVDs and NEW CDs on their OLD PeeCee. Joe and Jane Sixpack will take little Tyffani and Tyler through the McDonalds drive through and get a pair of McHappymeals. And in the pair of McHappyMeals will be a pair of FREE CDs! One CD will be free Britteny Spears Trusted music and the other one will be a Trusted Spongebob Squarepants game. When they get home they will find that the new trusted CDs DON'T WORK in their old obsolete Untrusted computer. Litte Tyffani will yell and scream that she can't play her Britteny Spears CD and ask what's wrong with their crappy old computer... that the CD works just fine on the shiny new computer at her friend's house. Little Tyler will yell and scream that his Spongebob Square pants game doesn't work on their crappy old broken computer... that it works just fine on the shiny new computer at his friend's house. The kids will be whine city: What's wrong with our compyuooooter? Why doesn't it work on our compyuooooter? Why do we have such an old crappy compyuooooter? We need a new compyuooooter!

Joe and Jane Sixpack will go out and buy a new Trusted Enhanced computer just to get the bloody FREE CDs to work and shut the brats up.

Mark my words, there will be all sorts of free crap givaways that only work on the new Trusted Enhanced computers.

Old stuff works on the new computers. New stuff does NOT work on the old computers. If you do not but a Trusted compliant DRM lockdown computer then you're screwed and none of the new stuff works. You get locked out of everything new.

as long as they have to support legacy data, they can't totally lock down the system

Wrong. They *DO* support legacy data. It is all of the NEW data that gets totally locked down. It is all of the NEW software that gets totally locked down, but it can still real old unlocked data. It's the NEW websites that will be totally locked down, unviewable unless you have a Trusted Browser. A Trusted webbrowser can see all of the websites, it is normal old webbrowsers that get locked out of the new websites.

Yes, at first very few websites will be willing to lockout everyone with a nonTrusted browser, but there are MANY reasons for them to do so and the number of such sites will only increase as more of the public is handed Trusted compliant machines. One of the primary reasons for websites to do this is to lock out anyone from using pop-up blockers or ad-blocke

this will help linux

nobody wants his computer using up most resources to double and triple encrypt userspace data instead of using this very computing power for the productivity applications. in the last years the processing power rapidely grew but the Windows OS always catched up by using up more and more power for relatively useless tasks. so the theoretical computing power in every single ones hands grew, but the output stagnated.

the problem is Microsofts OS design, not hardware

This effort to put hardware in front of the OS to protect the OS is mostly because Microsoft won't fix their OS to limit its crackability.

There are some cases where you absolutely must have physical security, but for the most part, this whole thing is about forcing new hardware changes, new upgrades, new $$ for Microsoft, and new restrictions on what users can do on Windows.

They, Microsoft, also get to restrict what OS/filesystem gets installed on the system too. So while the number of GNU/Linux users is still ONLY in the 10-20 Million, their voices need to be pretty loud on this one. IMO.

LoB

Mac

The same system that ensures that all the patches you download are legitimate might also prevent you from, well, doing pretty much anything

Which is why I'm looking forward to getting a Intel based Mac which can happily dual boot XP and OSX until a certain point when I'm fine with formatting the XP bit entirely off.

(assuming, of course, that Apple doesn't go into this too, in which case I'm stuffed)

On the pros of Trusted Computing

If anything will
put a stop to incessant
dupes, then sign me up!

Response to "Dupe!!!one111" posts

I'm going to apologize in advance for this slightly off-topic metapost, but here goes:

Look, I understand that you don't want to waste your time reading something you already have formulated an opinion about, and that you might have some knowledge about.

But just because there has been one article published about a certain topic, does not mean that there is not valuable information and/or insight in another article covering the same topic.

You don't want to spend the time to review a related story? Fine, then don't.

But don't waste your time posting "It's a dupe" posts or "Editor sucks" posts just because you read something similar yesterday -- then you're just compounding your own problems.

Plus, you're wasting my time by posting duplicate posts to a duplicate article.

Have nothing valuable to say about an article, dupe or not? Then don't say anything. Just move on.

Knowledge of a subject is not a boolean variable. I, for one, welcome the opportunity to learn more about topics that interest me.

Features of Vista

Vista allows you to:

• Play Minesweeper.
• Download trusted security updates for Minesweeper.

"Trusted" platforms can't be open

If a platform is closed to the user (for example, it uses secret private keys to decrypt entertainment multimedia content), it can't be extensible in any manner the user likes... and people like their computers to be extensible. Control should *always* remain with the owner unless voluntarily delegated.

Now, that does not have to apply to specific-purpose devices, like TV sets, or set-top boxes, even though they might permit some degree of user estensibility (the downloading to authorized code-signed new firmware, for example, where the user can select what, out of a limited selection, firmware enhancements they want).

Let the general purpose computer manage the users' data as users see fit, and let the specific purpose devices decrypt the data when it is not owned by the user. There is nothing illogical or incompatible in having different webs of trust for special and general purpose devices, so long as the user can limit the information they provide to devices that don't trust them.

Solution: Owner Override

The Electronic Frontier Foundation (EFF) has posted numerous articles concerning the subject of DRM and trusted computing which carefully and thoroughly explain to the user the promises and potential problems with these technologies. There is one article in particular which suggests "Owner Override" as a solution to the problem of policies being enforced against the owner of the computer as if the owner was an adversary. The article is linked below:

Trusted Computing: Promise and Risk [eff.org]

DRM uneconomic

For all the noise made, nothing will happen. There is no content compelling enough to force a whole new generation of hardware. Mostly, people are happy with CDs & DVDs.

Without this hardware changeover, the content sellers are stuck. They might make offerings only in some new format, but it will limit their market terribly. Their cost of sales lots to illicit copying is much smaller than the sales lost because customers don't have hardware.

We need Roosevelt!

Where's the "Trust buster" when you need him?

Where's the Problem?

It never ceases to amaze me how utterly offended ./'ers get when yet another story runs about DRM.

1. Microsoft OS users don't -own- their operating system. They bought a license to USE it according to Microsoft's terms. Crying about it now because they are monetizing content just reflects indifference nearly everyone (including /.'ers) has towards their OS.

2. All consumers, I'm guessing most /.'ers included, have been buying DVD's under the similar draconian conditions. It doesn't seem to bother anyone too much because DVD sales are the Studio's 600 lb. cash cow these days.

3. In exchange for still more entertainment, nearly all consumers are more than happy to give away some priveledge that was theirs.

4. If a corporation can't be assured they remain in total ownership/control of their (now) digital product, then they aren't going to distribute it to you. This benefits entertainment corporations, so it's a good thing. Please remember that the most important role of American government is to make it safe to collect profits.

5. "Freedom" is only allowed inside a system where the choices are privatized/owned by others. So if it didn't come from a corporation, it's not okay to run on your new improved PC. Americans like it that way. So how is what Microsoft is doing so bad?

I'm glad that Mr. Schneir(sp?) is bringing up the issue, but the DRM horse left the barn a long time ago.

Re:What, about twenty posts...

Learn to post at -1. It's enlightening, hilarious and sickening all at once.

Re:OS Revoke

Microsoft could use it to revoke people's OS, forcing the people to upgrade.

To Linux.

Re: What, about twenty posts...

and noone screaming DUPE!!!
Dupe!!!
DUPE!!!
Dupe!!!
DUPE!!!
Dupe!!!

There's something subtly funny about that post being moderated "Redundant".

Re:trusted computing is dead

If it only were true. People are going to eat what they're fed, and Vista + Digital Restrictions Mangement are going to ship on every new PC, whether anyone wants it or not. Such is the nature of monopoly. And Apple has also embraced DRM, so they will be no savior.

Re:OS Revoke

Yes. Your orignal Windows 2000 EULA is revoked!

To have a secure computer, you must download the latest patches. Therefore, you must upgrade to SP4, and therefore, you must accept the EULA that requires you to agree with Microsoft's proprietary DRM.

The end is near. Security patches will soon require your body to be injected with RFID. Surely, we are all doomed.