[Reader-list] Palladium/TCPA Consequences

Pankaj Kaushal pankaj at sarai.net
Sat Dec 21 00:48:51 IST 2002


	In June 2002, Microsoft released information regarding its new
	"Palladium" initiative. Palladium is a system that combines 
	software and hardware controls to create a "trusted" computing

	TCPA stands for the Trusted Computing Platform Alliance. it is 
	an initiative led by Intel teaming up with fellow founders 
	Microsoft, Compaq, HP and IBM. Now there are 180 member companies
	of the TCPA, including AMD, Novell, Nvidia, Infineon, and just 
	about every significant IT security vendor. 

	The main points here are security and DRM. lets take them one by
	Palladium OS will stop viruses by preventing the running of 
	malicious programs, will store personal data within an encrypted
	folder, will depend on hardware that has either a digital signature
	or a tracking number, will filter spam. just what everyone wanted
	but all these features are already avaliable as third party tools.

	We have had most of these capabilities in software for years, but 
	haven't bothered to exercise them. 
	The system will incorporate Digital Rights Management technologies
	for media files of all types (music, documents, e-mail communications).
	Additionally, the system purports to transmit data within the computer
	via encrypted paths.
	This is the more intresting part, what this means is that it is up to an
	application to set the security policy for its files, using an "online
	policy server." So Media Player will determine what sort of conditions get
	attached to protected titles, Disney will be able to sell you DVDs that will
	decrypt and run on a Palladium platform, but which you won't be able to copy.
	The music industry will be able to sell you music downloads that you won't 
	be able to swap. They will be able to sell you CDs that you'll only be able
	to play three times, or only on your birthday. All sorts of new marketing
	possibilities will open up.

	TCPA / Palladium will also make it much harder for you to run unlicensed 
	software. Pirate software can be detected and deleted remotely. 

	There are many other possibilities. Governments will be able to arrange things
	so that all Word documents created on civil servants' PCs are `born classified'
	and can't be leaked electronically to journalists. 

	There will be remote censorship: the mechanisms designed to delete pirated 
	music under remote control may be used to delete documents that a court (or
	a software company) has decided are offensive - this could be anything from 
	pornography to writings that criticise political leaders.
	Software companies can also make it harder for you to switch to their competitors'
	products; for example, Word could encrypt all your documents using keys that only
	Microsoft products have access to; this would mean that you could only read them
	using Microsoft products, not with any competing word processor like OpenOffice. 

	The known elements of the Microsoft DRM system will control users and limit 
	the abilities of computers. Microsoft has obtained approval for two patents 
	in December 2001 that contained many of the basic elements of a trusted 
	operating system.
	Lets see how this works. TCPA provides for a monitoring and reporting component
	to be mounted in future PCs. The preferred implementation in the first phase of
	TCPA is a `Fritz' chip - a smartcard chip or dongle soldered to the motherboard.
	The early versions might be vulnerable to anyone with the tools and patience to
	crack the hardware e.g., get data on the bus between the CPU and the Fritz chip.
	However, from phase 2, the Fritz chip will disappear inside the main processor
	and things will get a lot harder.
	When you boot up your PC, Fritz takes charge. checks that the boot ROM is as 
	expected, executes it, measures the state of the machine; then checks the first
	part of the operating system, loads and executes it, checks the state of the 
	machine; and so on. The trust boundary, of hardware and software considered to
	be known and verified, is steadily expanded. A table is maintained of the hardware
	(audio card, video card etc) and the software (O/S, drivers, etc); Fritz checks 
	that the hardware components are on the TCPA approved list, that the software 
	components have been signed, and that none of them has a serial number that has
	been revoked. If there are significant changes to the PC's configuration, 
	the machine must go online to be re-certified. The result is a PC booted into a 
	known state with an approved combination of hardware and software (whose licences
	have not expired). Control is then handed over to enforcement software in the o
	perating system - this will be Palladium if your operating system is Windows. 

	There is another problem TCPA will undermine the General Public License (GPL),
	At least two companies have started work on a TCPA-enhanced version of GNU/linux.
	This will involve tidying up the code and removing a number of features. To get 
	a certificate from the TCPA corsortium, the sponsor will then have to submit the
	pruned code to an evaluation lab, together with a mass of documentation showing 
	why various known attacks on the code don't work. (The evaluation is at level E3
	- expensive enough to keep out the free software community, yet lax enough for
	most commercial software vendors to have a chance to get their lousy code through.
	Although the modified program will be covered by the GPL, and the source code will
	be free to everyone, it will not make full use of the TCPA features unless you have
	a certificate for it that is specific to the Fritz chip on your own machine. That
	is what will cost you money (if not at first, then eventually).
	TCPA appears designed to maximise the effect, and thus the economic power, of such
	behaviour. Given Microsoft's record of competitive strategic plays, I expect that
	Palladium will support them. So if you control a TCPA-enabled application, then
	your policy server can enforce your choice of rules about which other applications
	will be allowed to use the files your code creates. These files can be protected
	using strong cryptography, with keys controlled by the Fritz chips on everybody's
	machines. What this means is that a successful TCPA-enabled application will be
	worth much more money to the software company that controls it, as they can rent 
	out access to their interfaces for whatever the market will bear. So there will be
	huge pressures on software developers to enable their applications for TCPA; and if 
	Palladium is the first operating system to support TCPA, this will give it a 
	competitive advantage over GNU/Linux and MacOS with the developer community. 
	On a TCPA-enhanced Linux system you will still be free to make modifications to 
	the modified code, but you won't be able to get a certificate that gets you into
	the TCPA system. Something similar happens with the linux supplied by Sony for 
	the Playstation 2; the console's copy protection mechanisms prevent you from 
	running an altered binary, and from using a number of the hardware features.

	Once the majority of PCs on the market are TCPA-enabled, the GPL won't work
	as intended. The benefit for Microsoft is not that this will destroy free software
	directly. The point is this: once people realise that even GPL'led software can be
	hijacked for commercial purposes, idealistic young programmers will be much less 
	motivated to write free software.

More Reading.



$you = new YOU;
honk() if $you->love(perl);

More information about the reader-list mailing list