24 June 2002


From: Nomen Nescio <nobody@dizum.com>
To: cryptography@wasabisystems.com, cypherpunks@lne.com,
shamrock@cypherpunks.to, Ross.Anderson@cl.cam.ac.uk
Subject: Re: Ross's TCPA paper

Lucky Green writes [http://cryptome.org/tcpa-fritz.htm] regarding Ross Anderson's paper at:

http://www.ftp.cl.cam.ac.uk/ftp/users/rja14/toulouse.pdf

> I must confess that after reading the paper I am quite relieved to
> finally have solid confirmation that at least one other person has
> realized (outside the authors and proponents of the bill) that the
> Hollings bill, while failing to mention TCPA anywhere in the text of the
> bill, was written with the specific technology provided by the TCPA in
> mind for the purpose of mandating the inclusion of this technology in
> all future general-purpose computing platforms, now that the technology
> has been tested, is ready to ship, and the BIOS vendors are on side.

It's an interesting claim, but there is only one small problem.Neither Ross Anderson nor Lucky Green offers any evidence that the TCPA (http://www.trustedcomputing.org) is being designed for the support of digital rights management (DRM) applications.

In fact if you look at the documents on the TCPA web site you see much discussion of applications such as platform-based ecommerce (so that even if a user's keys get stolen they can't be used on another PC), securing corporate networks (assuring that each workstation is running an IT-approved configuration), detecting viruses, and enhancing the security of VPNs.

DRM is not mentioned.

Is the claim by Ross and Lucky that the TCPA is a fraud, secretly designed for the purpose of supporting DRM while using the applications above merely as a cover to hide their true purposes?  If so, shouldn't we expect to see the media content companies as supporters of this effort?  But the membership list at http://www.trustedcomputing.org/tcpaasp4/members.asp shows none of the usual suspects.  Disney's not there.  Sony's not there. No Viacom, no AOL/Time/Warner, no News Corp.  The members are all technology companies, including crypto companies like RSA, Verisign and nCipher.

Contrast this for example with the Brodcast Protection Discussion Group whose ongoing efforts are being monitored by the EFF at http://www.eff.org/IP/Video/HDTV/.  There you do find the big media companies.  That effort is plainly aimed at protecting information and supporting DRM, so it makes sense that the companies most interested in those goals are involved.

But with the TCPA, the players are completely different.  And unlike with the BPDG, the rationale being offered is not based on DRM but on improving the trustworthiness of software for many applications.

Ross and Lucky should justify their claims to the community in general and to the members of the TCPA in particular.  If you're going to make accusations, you are obliged to offer evidence.  Is the TCPA really, as they claim, a secretive effort to get DRM hardware into consumer PCs? Or is it, as the documents on the web site claim, a general effort to improve the security in systems and to provide new capabilities for improving the trustworthiness of computing platforms?


To: cypherpunks@lne.com, shamrock@cypherpunks.to, Ross.Anderson@cl.cam.ac.uk
Subject: Re: Ross's TCPA paper
Date: Mon, 24 Jun 2002 05:49:42 +0100
From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk>

> It's an interesting claim, but there is only one small problem.
> Neither Ross Anderson nor Lucky Green offers any evidence that the TCPA
> (http://www.trustedcomputing.org) is being designed for the support of
> digital rights management (DRM) applications.

Microsoft admits it:

http://www.msnbc.com/news/770511.asp

Intel admitted it to me to. They said that the reason for TCPA was that their company makes most of its money from the PC microprocessor; they have most of the market; so to grow the company they need to grow the overall market for PCs; that means making sure the PC is the hub of the future home network; and if entertainment's the killer app, and DRM is the key technology for entertainment, then the PC must do DRM.

Now here's another aspect of TCPA. You can use it to defeat the GPL.

During my investigations into TCPA, I learned that HP has started a development program to produce a TCPA-compliant version of GNU/linux. I couldn't figure out how they planned to make money out of this. On Thursday, at the Open Source Software Economics conference, I figured out how they might.

Making a TCPA-compliant version of GNU/linux (or Apache, or whatever) will mean tidying up the code and removing whatever features conflict with the TCPA security policy. The company will then submit the pruned code to an evaluator, together with a mass of documentation for the work that's been done, including a whole lot of analyses showing, for example, that you can't get root by a buffer overflow.

The business model, I believe, is this. HP will not dispute that the resulting `pruned code' is covered by the GPL. You will be able to download it, compile it, check it against the binary, and do what you like with it. However, to make it into TCPA-linux, to run it on a TCPA-enabled machine in privileged mode, you need more than the code. You need a valid signature on the binary, plus a cert to use the TCPA PKI. That will cost you money (if not at first, then eventually).

Anyone will be free to make modifications to the pruned code, but in the absence of a signature the resulting O/S won't enable users to access TCPA features. It will of course be open to competitors to try to re-do the evaluation effort for enhanced versions of the pruned code, but that will cost money; six figures at least. There will likely be little motive for commercial competitors to do it, as HP will have the first mover advantages and will be able to undercut them on price. There will also be little incentive for philanthropists to do it, as the resulting product would not really be a GPL version of a TCPA operating system, but a proprietary operating system that the philanthropist could give away free. (There are still issues about who would pay for use of the PKI that hands out user certs.) The need to go through evaluation with each change is completely incompatible with the business model of free and open source software.

People believed that the GPL made it impossible for a company to come along and steal code that was the result of community effort. That  may have been the case so long as the processor was open, and anyone could access supervisor mode. But TCPA changes that completely. Once the majority of PCs on the market are TCPA-enabled, the GPL won't work as intended any more. There has never been anything to stop people selling complementary products and services to GPL'ed code; once the functioning of these products can be tied to a signature on the binary, the model breaks.

Can anyone from HP comment on whether this is actually their plan?

Ross