Privacy means different things in different contexts. In some cases you have to share data with someone else that you don't want them passing on widely. Medical data is an obvious example. So are credit card numbers. If you order books from Amazon, you have to give them your street address, and you don't necessarily want that shared. This kind of private data, which has to be shared with others, is what can be protected with a DRM system. Let us consider how a TCPA compliant version of Amazon.com can enhance protection of your private data. When you make your first order from Amazon, you have to supply personal data such as credit card and address that you don't want them sharing. Of course they have a privacy policy promising not to do that, but with TCPA we can do better. Suppose Amazon is running TCPA compliant software for their OS and database. Further suppose it is open source. We will see that open source software works even better with TCPA than closed source. Keep in mind that only Amazon is running a TCPA system in this example, the customers are not. But the customers do have TCPA-aware software that they can use to check that Amazon is doing what it claims. Your TCPA-aware software which will upload your personal data to Amazon first requires Amazon to prove that it is running in trusted mode. The TPM chip provides a signed statement showing that Amazon booted into HP's Trusted Linux. This is signed by a key which never leaves the TPM module; the key is certified by a TCPA root key so you know it is a valid TPM key. The signed data includes a hash of the BIOS which was computed by the TPM before booting; a hash of the OS loader module which was computed by the BIOS before transferring control to that module; and a hash of relevant parts of the Trusted Linux OS which was computed by the OS loader before transferring control. Your software can check these hashes against published values which represent known good builds of these software modules. In this way you can know that the remote system is running an unhacked version of Trusted Linux. The Linux software then similarly sends you a certification that it is running the TCPA compliant database application, again including a hash of the application before it was loaded. This open source software has its own published hash of valid builds. This assures you that you are talking to this particular program and no other. The TCPA compliant database program is special in that it has suppressed the large-scale database export features, and it saves the data in encrypted form. No other program will be able to access the data once it is stored because of the encryption. And this program with its missing export feature can only work on records one by one (as well as providing appropriate summary and accounting features). It will not be possible to export the database en masse for importing into an insecure program. Of course, nothing can stop Amazon from entering your credit card data and/or address into another program. They need to see this data in order to perform their normal business functions, and anyone can read it off the screen and type it into another computer. But the point is, they can't do it to the entire database. Amazon has millions of customers. Your data is a needle in that haystack. Business-wise, it makes no sense for Amazon to try to sell your data or illicitly pass it to business partners if they have to do it one record at a time. The important feature to prevent is large-scale export, and the TCPA compliant software is designed so that is impossible. Note how important the open-source element is in this security analysis. With closed source software, we have to trust Microsoft and the database vendor that their software performs as claimed. If the database guys had a secret feature to allow for export, there would be no way for third parties to detect it. But with open source, we have the source code, and we have a guarantee that a program built from that code is being run (we have a hash over the binary file). We can know exactly what the capabilities are of that remote software. The kind of guarantees provided by TCPA are much stronger and more convincing when the source code of the trusted software is publicly available. Surprisingly, TCPA may therefore provide a boost to open source. Note that, as with the earlier DRM analysis, the TCPA in this example exists to help Amazon prove to people that they are behaving honestly. They already have a privacy policy which restricts what they will do with their database. The TCPA lets them provide technical evidence that they are running software which will enforce those same restrictions. It makes it possible for customers to trust Amazon to follow through on their promises with much greater reliability than is possible today.