The amazing thing about this discussion is that there are two pieces of conventional wisdom which people in the cypherpunk/EFF/"freedom" communities adhere to, and they are completely contradictory. The first is that protection of copyright is ultimately impossible. See the analysis in Schneier and Kelsey's "Street Performer Protocol" paper, http://www.counterpane.com/street_performer.pdf. Or EFF columnist Cory Doctorow's recent recitation of the conventional wisdom at http://boingboing.net/2002_06_01_archive.html#85167215: "providing an untrusted party with the key, the ciphertext and the cleartext but asking that party not to make a copy of your message is just silly, and can't possibly work in a world of Turing-complete computing." The second is that evil companies are going to take over our computers and turn us into helpless slaves who can only sit slack-jawed as they force-feed us whatever content they desire, charging whatever they wish. The recent outcry over TCPA falls into this category. Cypherpunks alternate between smug assertions of the first claim and panicked wailing about the second. The important point about both of them, from the average cypherpunk's perspective, is that neither leaves any room for action. Both views are completely fatalistic in tone. In one, we are assured victory; in the other, defeat. Neither allows for human choice. Let's apply a little common sense for a change, and analyze the situation in the context of a competitive market economy. Suppose there is no law forcing people to use DRM-compliant systems, and everyone can decide freely whether to use one or not. This is plausible because, if we take the doom-sayers at their word, the Hollings bill or equivalent is completely redundant and unnecessary. Intel and Microsoft are already going forward. The BIOS makers are on board; TPM chips are being installed. In a few years there will be plenty of TCPA compliant systems in use and most new systems will include this functionality. Furthermore, inherent to the TCPA concept is that the chip can in effect be turned off. No one proposes to forbid you from booting a non-compliant OS or including non-compliant drivers. However the TPM chip, in conjunction with a trusted OS, will be able to know that you have done so. And because the chip includes an embedded, certified key, it will be impossible to falsely claim that your system is running in a "trusted" mode - only the TPM chip can convincingly make that claim. This means that whether the Hollings bill passes or not, the situation will be exactly the same. People running in "trusted" mode can prove it; but anyone can run untrusted. Even with the Hollings bill there will still be people using untrusted mode. The legislation would not change that. Therefore the Hollings bill would not increase the effectiveness of the TCPA model. And it follows, then, that Lucky and Ross are wrong to claim that this bill is intended to legislate use of the TCPA. The TCPA does not require legislation. Actually the Hollings bill is clearly targeted at the "analog hole", such as the video cable that runs from your PC to the display, or the audio cable to your speakers. Obviously the TCPA does no good in protecting content if you can easily hook an A/D converter into those connections and digitize high quality signals. The only way to remove this capability is by legislation, and that is clearly what the Hollings bill targets. So much for the claim that this bill is intended to enforce the TCPA. That claim is ultimately a red herring. It doesn't matter if the bill exists, what matters is that TCPA technology exists. Let us imagine a world in which most new PCs have TCPA built-in, Microsoft OS's have been adapted to support it, maybe some other OS's have been converted as well. The ultimate goal, according to the doom-sayers, is that digital content will only be made available to people who are running in "trusted" mode as determined by the TPM chip built into their system. This will guarantee that only an approved OS is loaded, and only approved drivers are running. It will not be possible to patch the OS or insert a custom driver to intercept the audio/video stream. You won't be able to run the OS in a virtual mode and provide an emulated environment where you can tap the data. Your system will display the data for you, and you will have no way to capture it in digital form. Now there are some obvious loopholes here. Microsoft software has a track record of bugs, and let's face it, Linux does, too. Despite the claims, the TCPA by itself does nothing to reduce the threat of viruses, worms, and other bug-exploiting software. At best it includes a set of checksums of key system components, but you can get software that does that already. Bugs in the OS and drivers may be exploitable and allow for grabbing DRM protected content. And once acquired, the data can be made widely available. No doubt the OS will be built to allow for frequent updates, similar to antivirus software, so that as an exploit becomes publicized, it will be closed. There will be an ongoing war between the hackers and the software companies, just as we see today. Presumably this will see-saw back and forth for quite a while. Hardware hacking will be another line of attack. The TPM chip isn't exactly omniscient. It's a pretty simple gadget; its only view of the world is through a few tiny wires. Of course it will be surface-mount soldered to the motherboard, but for a price you will probably be able to get yours unsoldered and mounted in a socket which gives the chip a "sanitized" view of your hardware configuration before boot, and switches over to your real, hacked, system once things get running. This will allow you to run your supposedly "secure" OS in virtual mode and still grab the protected data. But it's probably an expensive hack. Clearly no system can be perfect, and the same is true of the TCPA. There will be ongoing leakage of digitally protected data. Perhaps watermarking technologies will be brought into play for another layer of protection, but by and large those have been defeated as well. The goal of these systems is to reduce the quantity of piracy and to raise the price, so that we move away from the system today where do-it-yourself piracy is the norm. Let us suppose that this is the world ten years from now: you can run a secure OS in "trusted" mode and be eligible to download movies and music for a price; or you can run in untrusted mode and no one will let you download other than bootleg copies. This is the horror, the nightmare vision which the doom-sayers frantically wave before us. The important thing to note is this: you are no worse off than today! You are already in the second state today: you run untrusted, and none of the content companies will let you download their data. But boolegs are widely available. All the TCPA "threatens" to do is to provide new options to the world. You will still be able to use your system in exactly the same ways that you use it today; you will be able to run all of the software that you run today. The TPM chip can be disabled or ignored if you don't run in "trusted" mode, and you get the same effect you have today with no TPM chip. You have lost nothing. Ironically, if we lived in a world of honest people, the TCPA would not be necessary. You would be able to buy DRM protected data already, agreeing to the restrictions in exchange for the content, and you would follow the rules. We would have a thriving market in digital content. But we don't live in that world. People can make all the promises they like and the vendors know there is no way to hold them to what they have said. There is not even social opprobrium; look at how eager everyone was to look the other way on the question of whether the DeCSS reverse engineering violated the click-through agreement. The TCPA allows you to do something that you can't do today: run your system in a way which convinces the other guy that you will honor your promises, that you will guard his content as he requires in exchange for his providing it to you. It allows you to be honest. It doesn't force it; you can still do everything you can do today. But it allows it. It gives you the chance to present an honest face even across the anonymizing medium of the net. Lucky, Ross and others who view this as a catastrophe should look at the larger picture and reconsider their perspective. Realize that the "trusted" mode of the TCPA will always be only an option, and there is no technological, political or economic reason for that to change. The TCPA gives people new capabilities without removing any old ones. It makes possible a new kind of information processing that cannot be accomplished in today's world. It lets people make binding promises that are impossible today. It makes the world a more flexible place, with more opportunities and options. Somehow that doesn't sound all that bad. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com