AARG! Anonymous[SMTP:remailer@aarg.net] writes: Declan McCullagh writes at http://zdnet.com.com/2100-1107-946890.html:
"The world is moving toward closed digital rights management systems where you may need approval to run programs," says David Wagner, an assistant professor of computer science at the University of California at Berkeley. "Both Palladium and TCPA incorporate features that would restrict what applications you could run."
But both Palladium and TCPA deny that they are designed to restrict what applications you run.
[...]
So here is the challenge to David Wagner, a well known and justifiably respected computer security expert: find language in the TCPA spec to back up your claim above, that TCPA will restrict what applications you can run.
AARG!, our anonymous Pangloss, is strictly correct - Wagner should have said "could" rather than "would". However, TCPA and Palladium fall into a class of technologies with a tremendous potential for abuse. Since the trust model is directed against the computer's owner (he can't sign code as trusted, or reliably control which signing keys are trusted), he has ceded ultimate control of what he can and can't do with his computer to another. Sure, TCPA can be switched off - until that switch is disabled. It could potentially be permenantly disabled by a BIOS update, a security patch, a commercial program which carries signed disabling code as a Trojan, or over the net through a backdoor or vulnerability in any networked software. Or by Congress which could make running a TCPA capable machine with TCPA turned off illegal. With TCPA, I now have to trust that a powerful third party, over which I have no control, and which does not necessarily have my interests are heart, will not abuse it's power. I don't want to have to do that. Peter Trei Disclaimer: The above represents my personal opinion only. Do not misconstrue it as representing anyone elses.