Seth Schoen writes:
Intel has posted its Policy Statement on LaGrande Technology:
ftp://download.intel.com/technology/security/downloads/LT_policy_statement_0_ 8.pdf
LaGrande is in the interstices between TCG and NGSCB.
Rather, it seems that LaGrande is the hardware component of NGSCB, and that TCG is evolving to be more like NGSCB.
Anyway, Intel wants your comments on the LT policy. The thing that jumps out at me (as the author of "Trusted Computing: Promise and Risk") is that Intel thinks that opt-out or opt-in can solve the problems of attestation. This is the official view of a lot of trusted computing proponents. The defects of this view are difficult to describe and are complicated by the fact that some trusted computing critics don't believe that LT (or TCG or NGSCB) will actually provide an opt-out. (I do believe this.)
It is indeed difficult to discuss these issues dispassionately in the current atmosphere of distrust and suspicion. You and the EFF are doing a good job overall of remaining objective, although as a result some are accusing you of being shills for Microsoft and DRM.
The root of the difficulty is that, in the nature of attestation, you can be _punished_ for opting out (beyond the scope of simply not enjoying particular features to which what you opted out of is technically necessary).
The real issue is this. Attestation will allow a service provider to withhold his services unless you are using TC technology and running a particular software program of his choice. Thus you may need to opt in in order to use his services. Now, some people characterize this as a loss of choice, or as you put it, as allowing you to be punished for opting out. Suppose the service being offered is extremely valuable, like cheap movie downloads. And suppose almost everyone opts in to use these services, enabling TC and running the approved clients. Now you can opt out, but only at the expense of cutting yourself off from the flow of information that everyone else is enjoying. The same effect can occur in a decentralized network. If there is some P2P program which uses TC to make sure that people are running kosher clients, and you opt out of TC, you can't participate in the network. This makes it seem that you are being punished for your decision. There are two problems with this analysis. The first is that it overlooks that some of these services will only be provided if TC exists to assure that the data will be handled properly. Without TC there may be no such service. Characterizing TC as limiting choice or punishing those who opt out overlooks the advantages being provided to those who opt in by allowing them access to a service which might not otherwise exist. The more popular a service is, and the more people who opt in as a result, the harder it is to justify opposing the technology that made the service possible and allowed all those people to get access to an information flow which is important to them. By focusing on those who wish to opt out, the analysis overlooks the larger group who benefits by opting in. And second, your analysis overlooks the fact that any economic transaction has two sides: producer and consumer. Both have economic power in a competitive market. Producers are not able to simply set the terms and require consumers to accept them. Rather, there is a constant flow, a give and take, between all sides, evolving to a mutually acceptable condition. Look at what is happening with digital music stores today. Some, like Apple's service, offer music with relatively weak DRM restrictions. Others have offered more limitations and harsher rules. Consumers will soon have a wide range of choices, and this will allow the market to select the best mix of limitations and prices. We are evolving to a state of "DRM lite" which offers mild restrictions that allow people to use their music in the ways they want, but makes it hard to share it with millions of their best friends on the net. Similarly, even though TC in principle allows service providers to impose Draconian restrictions, the marketplace won't just stand by and let it happen. Consumers are not passive sheep; they are active and intelligent, and they usually have a better idea of what is in their own best interests than those of us who are policy activists. We could do a lot worse than to stand aside and let the market decide which technologies solve people's problems. If TC is so bad for consumers, it will fail. (Some cypherpunk types have predicted that TC will be mandated by law, such as the CBDTPA, and certainly I would agree that any such measures should be opposed.)
In the nature of attestation and its effect on interoperability, though, opting out of attestation might be ruinous for your hopes of communicating with others. If they can be induced to use proprietary protocols or file formats, opting out may lead to a permanent inability to exchange data with them.
Of course, we see this already to some extent, with any software program that uses proprietary data formats. Programs using open formats compete with programs that use closed formats, and users can choose which ones to use. You speak of users being "induced" to use proprietary formats, but that disparages their abilities to make choices that reflect their own best interests. It's also not clear how attestation applies to this case. As has been noted elsewhere [1], the protection of proprietary data formats is more due to sealed storage than attestation. The bottom line is that if the person you want to communicate with is using a program that relies on proprietary data formats (one which won't save or present the data in an open format), you either need to run the same program, or else you need to persuade the other guy to switch. That's true today and it will be true tomorrow. The only thing TC adds is to make it more difficult and expensive to reverse engineer the data format, but I believe that even without TC, formats can be designed and software can be written which is extremely expensive to reverse engineer, especially in conjunction with existing legal restrictions. TC will only raise an already very high bar a little higher, as far as this issue goes. It doesn't make any fundamental changes. I believe that open formats are superior and that programs which rely on them will ultimately come to succeed in the marketplace. Consumers want open formats because it saves them from being locked into a single vendor and left orphaned if that company fails. These kinds of pressures will save us from the worst excesses you fear, with or without TC.
Opting in, by the same token, could lead to a permanent loss of software choice (and the effective inability to reverse engineer or repair your software) at least during the particular periods of time when you want to communicate with other people or manipulate what they sent you.
It's somewhat contradictory to speak of a "permanent" loss of choice only during "particular periods of time". Permanent normally connotes a property that applies all the time. But again, what this comes down to is that if everyone else is using a proprietary format, you have to use the same program that they do. I don't think people are going to continue to put up with this indefinitely.
[T]rusted computing systems fundamentally alter trust relationships. Legitimate concerns about trusted computing are not limited to one area, such as consumer privacy or copyright issues.
Trusted computing systems allow for new forms of trust relationships that are not possible today. === [1] http://invisiblog.com/1c801df4aee49232/