Intel to include DRM in new Pentium 4 series processors

[Ross Anderson]

Brian:

> I want a machine with a secure boot sequence and I am happy to be able
> to set my machine up in a way that allows me to specify the OS I want
> to run and check that it has not been modified since I installed it.
> In my view, when implemented in a way that provides public
> accountability for design and operation, these are good features.  In
> consequence I feel that an effort to cast these features in a bad
> light is misguided and is diverting attention form _much_ more
> important problem areas in TCPA.

The tiny minority who really want `secure boot' are better off booting
from a CD.

Palladium cannot assure you that your software has not been modified
since you last installed it. The reason is that the software can
download an overlay from its vendor and patch itself to become
something else entirely. (This was the subject of a big debate a
couple of months ago between MIT faculty and the associated M$ folks.)
Palladium apps are "inspectable" by the user before they run for the
first time (assuming you have the patience and the debugging tools),
but they can then set up a secure channel back home via which they
download the "real" app that is then stored (in encrypted form) on
your hard disk. This is what will be executed when the app is invoked,
and you can never inspect it.

What most people actually want is `no viruses'. TCPA / Palladium will
not fix this, as Office / Outlook will still run visual basic.  The
fact that O/O is signed doesn't help you, the user. Indeed it can harm
you; if you had unwittingly and in good faith bought a dodgy copy of
Office (or a Windows upgrade) from a shop, thanks to Microsoft's poor
supply chain management, you can find that it evaporates. Palladium
looks like making all your files evaporate too. Remember, Palladium is
not security for you; it's security for Microsoft and Disney.

> most owners will not understand these issues and this may mean that
> suppliers will be able to use these facilities in such a way that the
> balance of power in the market will shift away form PC owners to
> suppliers.  And while it is not unreasonable for suppliers to want
> some way of protecting their 'crown jewels', we all know that this
> power will not simply be used for this purpose but also to fragment
> the market and boost profits in the way that DVD suppliers have tried
> to do with region coding.

Exactly. Consent will generally be coerced, and the few choices on
offer will be unsatisfactory. For example, if you turn off ActiveX in
Windows, you can't view pdf files in IE. Expect a lot more of this.
The world of Windows has an underlying all-or-nothing philosophy. MS's
business strategy is for Office to provide such a rich application
environment, with so many proprietary features, that no-one can
duplicate it. This is why Open Office is making little headway - it
may be adequate for home and small business use, but it cannot support
the VB apps that are increasingly the lifeblood of corporations.

> But I also have additional worries.  While it is true that some TCPA
> features can help in a limited way to prevent virii, worms etc., other
> features might well prove to be a hacker's paradise.

I spoke this morning to the 20th International Symposium on Economic
Crime - an annual jolly for the world's top prosecutors. They were
pretty appalled when I explained to them how companies would use
Palladium to enforce the policy - already enforced internally at
Microsoft - that all emails must evaporate after 30 days. (The FBI
delegate thought it an outrage.)

And that's merely the blatant `features' of Palladium. Once we start
to talk about the apps that bad people could write with it - think of
peer-to-peer file-swapping systems that cannot be flooded because of
rate control and load-sharing in the TCB, with full anonymity for
users! I expect that Palladium 2.0 will come with a facility for
zapping `unpleasant' apps like this, however much Microsoft deny that
it will be present in 1.0 (Disney will send Bill a lawyer's letter,
and Bill will put his hands up and say `the DMCA made us do it').

All the old issues that were argued about in the context of the key
escrow debate - the sort of warrants required to zap an app, the
jurisdiction issues (can the UK zap an Islamic app written in Saudi
Arabia and approved by a CA there?), the exponentially increasing
implementation complexity, and the single-point-of-failure for the
whole world, abuse by companies for anticompetitive purposes - will
all come back. Quite a few people may be arguing on different sides
from last time.

> The TCPA way around this is to suggest that the ability to install
> trusted boxes will be controlled by a third party called a 'privacy
> CA'.  This CA will, in effect, say to the PC owner "the remote agent
> who wants to install a trusted box on your machine is a good guy" and
> to the remote agent "the PC on which you want a trusted box can supply
> one".  And I see this as a big problem since I am _very_ sceptical
> about the security value of third party CAs.

Now this is an interesting admission. Until now we'd been told that
the privacy CA would act for us and protect our real identity from
anyone who didn't have a warrant. Now you say that it's acting on
behalf of the application vendor, by vouching for him and helping him
exploit his brand (i.e., suppress small-company competition). That
means I can't trust the CA to protect my privacy, as the conflict of
interest is obvious and severe.

There are huge incentives on suppliers to segment markets so they can
differentiate prices. Online services are like the airlines in this
respect, with high fixed costs but low marginal costs. Setting a
different price for each customer means knowing your customer, which
in turn creates huge pressures for profiling which is the most rapidly
growing threat to privacy. So the vendor's CA won't do to protect my
privacy. No sir.

> At this stage, therefore, I don't have a problem with TCPA features
> that are designed to allow PC owners to exert better control over the
> security of their machines (secure boot, OS signing etc.).  But in
> respect of the DRM features, I am distinctly uneasy about their
> functionality in the hands of the average PC owner and on the way in
> which this may change the balance of power in the market.  I am also
> worried that these features might actually help very powerful forms of
> attack and I am unconvinced about the reliance of key aspects of the
> architecture on third party CA principles.
...

(on the TCPA members:)

> Some are undoubtedly there because they want 'draconian DRM' but I am
> very confident that others are there because they genuinely want to
> offer PC owners machines which are more trustworthy from an owner's
> perspective.

That is shockingly naive. Companies like Baltimore and Infineon
clearly joined TCPA as a defensive move. In the case of Baltimore,
Verisign had alreay joined; in the case of Infineon, TCPA had become a
threat to their smartcard market. These are businessmen, not civil
servants. They maximise shareholder (and executive) utility, not the
utility of other companies' customers.

TCPA and Palladium have been DRM products from the start. The rest is
just spin. For example, when I debated the issue with Craig Mundie at
Toulouse, we both called it `TCPA'. Four days later, out came the
announcement of `Palladium'.  Over the next few weeks, M$ people
started saying louder and louder that Palladium was NOT TCPA. That
claim has now vanished, now that Intel is building a TCPA (that
supports Palladium) into the Hexium. Other disinformation still being
spread includes the claim that the document revocation service will
not be part of Palladium. (It will be part of `Office+', or whatever
it's called, and other Palladium apps.)

> You can criticise Windows as much as you like but the one thing that
> Microsoft cannot afford to do is to displease most of its customers.

This is also naive. Industries whose monopolies are built on the
manipulation of switching costs, like the software industry, have to
walk a knife edge; to maximise their profits they have to set prices
at just below the point at which customers would be so angry that
they'd switch to the competition. So most of their customers are
unhappy most of the time - just not unhappy enough to suffer the huge
disruption of moving to a different platform. This has been studied in
the context of IBM's mainframe monopoly, and the lock-in that phone
companies suffer from their switch vendors. It's nothing new. Believe
me, companies like M$ are highly adept at bullying their customers.
It's what `platform management' is all about,

Ross