[summary: "TCPA is a tool which even if not necessarily always used for DRM applications, and other far more evil applications, is dangerous enough that it must be killed to prevent the introduction of, and legal mandate for, these DRM and other more evil applications. People should be prepared to make some sacrifices to accomplish this goal."] (long rambling exposition follows: overview, possible worlds, possible means of resistance, my suggested integrated course of action) I-I. The current TCPA argument is, I believe, the beginning of a three staged war, with the ultimate potential loss being all freedom. It is much bigger than the issues of security for applications or of copyright. A conspiracy does not need to have conscious participation by all parties; those with knowledge of the entire situation can do enough simply by failing to act at key points, rather than taking affirmative action. Completely valid agendas can be piggybacked in order to get other aims accomplished. I-II. Yet, as much as I hate the idea of TCPA, the concept behind it has a few legitimately useful security applications I can see, and has been something I've thought about for years in a specific area. While there's a good debate about TCPA with respect to general purpose computing, that kind of "the secure hardware module IS the company" computing is a useful model for some specialized tasks. Hardware crypto modules which allow general purpose computation already operate in this mode, and as long as the architecture is open (device certified by one authority, code published and signed, secure and deterministic/duplicable toolchain, certain device functionality like "publish hash of executing program" available, users choose which hardware modules, software vendors, etc. they trust), it can be a tool for good. Admittedly a tool which can be easily perverted for evil. Being able to secure the entire platform on which a given piece of code is executing, and to publish guarantees about that security to users at a distance who will have reason to trust those guarantees, is undeniably useful for a certain class of applications. Ironically, some of these applications themselves are key to liberty. I-III. DRM systems are obviously something a lot of media execs lust after, even out of proportion to the commercial realities, since they inherently like control and hard ownership. I'm sure most content creators at the direct creation level would rather see more users for the same profit; non-creative people in the industry of creation would prefer to see the same revenue from a smaller population, as it leaves a larger potential untapped marketplace. DRM systems embedded in general purpose computers, especially if mandated, especially if implemented in the most secure practical manner (running the system in system-high DRM mode and not allowing raw hardware access to anything at any time on the platform, rather than trying to allow concurrent open and closed operation a la CMW), and in a closed manner for revenue protection purposes (only rich people get to sign the code, or at least only the keys of rich people are widely distributed by default, and anything else requires special operations by the user), are evil. (There's the whole debate about the role of copyright, piracy, content ownership, etc., which I doubt will be resolved any time soon, and I think tying it too closely to the TCPA/DRM/etc. debate is dangerous, as the intermediate results might suck a lot -- hopefully the copyright and general economic restructuring debate will take a lot longer than this particular issue of hardware restrictions) I-IV. Aside from the issues of legitimate security, and DRM, there's a third hidden agenda behind the restriction of general purpose computing hardware -- the removal of a very powerful tool from the public at large. While not stated even by the paranoids :) who claim TCPA is obviously a wedge for DRM, it seems the logical conclusion. Large commercial enterprises, governments, and the like have a fear of everyone in the world having tools of the same power; for the most part, a single laptop computer is effectively the same as the sum of all other machines in the world, for many critical applications. Auto companies would certainly be displeased by a $5 trivially distributed tool to create cars, just add water, at basically zero marginal cost; without means of protecting their franchise from limitless competition, commoditization, and decentralization, companies need to compete based on speed and agility of innovation. There is no economy of scale in that, indeed, massive diseconomies of scale. General purpose computers are the equivalent of "just add water" (or beer, or chemical of choice) and produce products and services. As such, they should rightly terrorize any organization which does not compete purely by being the best, most dynamic, most innovative competitor, any organization which uses its current position in the world to try to maintain control over the future, in a static way. That would seem to be the very definition of a government, or of large commercial or non-commercial organizations. All of the "evil" applications of computers, like anonymous communications, could easily be eliminated by requiring a true-name identity for all code, and optionally only certifying Approved applications at some future date. A more practical way of accomplishing roughly the same thing is requiring that all communications have true names attached, or some kind of potential tracing, built in at the low level, rather than requiring every high-level application to be certified; the key escrow battle of years ago can be retroactively lost in this manner -- just make identity info be included on all transactions, and then have a master key to break the crypto on the processor) II. Five possible worlds II-I. 1. As I see it, the best outcome would be for TCPA to just go away right now, after some kind of mass public rejection, similar in motivation to the marketplace rejection of intel processor serial numbers, etc. However, if it just disappears without being soundly defeated and the territory sown with salt, it will come back in a couple years. 2. A moderately tolerable case would be if TCPA is implemented in a completely open way, and simply not used except by highly specialized applications (not even commercial rights-management, but user-specified actions like operating a "wallet agent" or whatever). If it is simply so crude and annoying to use as to be commercially unviable, but still distributed and used occassionally for a while, that would be this case. This would be TCPA as the HP/etc. people claim it is intended, although there are strong arguments that this is not the real motivation. DivX (old version) would fall somewhere between this and #3; a failure in the marketplace vs. unencumbered technologies. 3. What would suck, but not completely, is if it is used extensively for rights management on commercial content, such that third-party media can be manipulated in compliance with a (possibly broken, but not en masse) DRM scheme, but user-created, or Free content, can also be processed easily, and in parallel. The system can be used with the equivalent of "self signed keys" or whatever fairly easily, without requriing reboots, and a viable distribution strategy exists for such content. Pirated/liberated versions of formerly closed content could be redistributed effectively, and it's up to pricing/market/users/etc. whether to use a pirated copy or a DRM licensed copy. (defense against piracy would be focused solely on preventing legitimate copies from being used illegitimately, not on preventing post-liberation content being distributed/used). This is effectively how DVDs work today, given that CSS and RPC are widely defeated, and DivXes are available. 4. A bit worse would be if TCPA can only be used by rebooting the system, or even requiring completely independent hardware (but still sold through mainstream channels, and not a black market). The inconvenience of this would make using any non-DRM-managed media (either user-created, or products of cracking the DRM system by a few technically elite users, and then distributed to less informed users) basically impractical; it would be an all or nothing, DRM or Open, option. The best case form of this is the DRM system being constrained to a set top box, and the "media convergence" dying; it's really just going back to 1980 and staying there. In this case, DRM is used by default on most systems, and affirmative and complex user action is required to turn it off temporarily. All-or-nothing. Liberated copies of licensed content are enough of a pain to use to force licensed content for most users, but DRM is also applied of necessity to even legitimate-source content, lowering overall functionality. This is "defense in depth" for preventing media piracy; preventing liberated versions of content from being used effectively. This is basically the same as distributing DivX if RPC 2 becomes highly effective in the future. 5. The worst case would be TCPA mandated everywhere, in the most restrictive way, with a fairly impotent resistance to this, and basically no trusted secure computational devices in the wild (#5). There are issues far more important than copyright at stake when the right to own a general purpose computing device fully under the user's control is lost. The DRM can be used to enforce other restrictions later, unrelated to copyright -- only identity-linked document creation is permitted, just like with high quality photocopiers or CD duplication; only those with government licenses can use certain kinds of tools, etc. This is the dystopia of Gibson. People would smuggle in illicit pre-ban CPUs just like they do with firearms today; instead of automatic weapons buried in the back yard, parents could pass on to their children a hermetically sealed case of Intel Pentium IIIs. About the best outcome of this is that criminals would pay for the services of hardware hackers, and hacking on hardware would be as cool as cooking drugs is today, which might over time draw the right kind of people into electrical engineering programs. (and imagine protest songs, 60s style or ghetto gangsta rap style, extolling the virtue of a particular kind of logic gate or op amp) II-II. As I see it, we could put all efforts into maximizing the chances of #1, even though it may increase the odds of (4,5) vs. (1,2,3). Or, we could put all effort into preventing #5, even if that increases the chances of (2,3,4) vs. (1). What I'm genuinely in terror of is #5. I'd be fairly comfortable with (1,2) from philsophical grounds (and actually, some of the uses in #2 are things which interest me). 1,2,3 are probably tolerable even from a wanting-widespread-piracy standpoint, and really, anything but #5 (and to some extent, #4) is tolerable in terms of protecting computers for anti-government use. Also, this is by no means a one-time challenge. If we get #2 to start, it seems likely there will be an eventual slide toward #5, unless there is some kind of great line in the sand beyond which they cannot cross. As we've seen with the continual erosion of explicitly protected liberties over the past century or two, this seems ultimately futile unless there are powerful and commercial interests constantly defending these liberties. (This is why religion, and to a lesser extent press freedoms, have won out over gun rights) Unfortunately the powerful commercial entities may be on the wrong side of this one, unless everyday business views this as a loss of control over critical IT infrastructure. II-III. As for actual approaches which could accomplish various strategies: A) A public protest to "shun" TCPA as evil seems most likely to accomplish 1 or 2, although if it fails, 3, 4, 5 are of unchanged likelyhood (perhaps 5 would be a bit harder). Focusing on the "they want to take certain powers away from the user of the computer" argument is sufficient for individuals, but TCPA could co-opt businesses by claiming some of that power will be put into the hands of MIS; a different argument would need to be made for corporate users. B) Simply making the tools for DRM be inconvenient will mostly confine it to #1 or #2, but UIs improve over time, so this is impermanent. C) Focusing on killing the Hollings bill, etc. would reduce chances of 5, but would seem to leave the other options as unchanged. D) Good DRM technical circumvention measures can make 1, 2, 3 pretty much isomorphic. (analog: the drug war, with draconian regulations circumvented by brave Men of Commerce and Chemistry). This is betting on the difficulty of the DRM problem, and the incompetence of the implementing teams; maybe a good bet for a while, but by the time they get to 3.0, it would be a difficult challenge. E) Good open-source and open-content can make 1, 2, 3, 4 the same as 1, by ensuring users turn off TCPA and simply refuse to use anything protected by TCPA. Truly effective piracy technology can do the same thing for licensed content, but it would need to be so good that all content is created by third parties, not by the licensed owners, much like mp3 and divx today for most users.) A world where #4 is tempered only by the strength of piracy isn't all that satisfying since some people have a moral need to obey the law. F) Some kind of agreement by the majority of users to simply obey basic anti-piracy anti-circumvention anti-encryption etc. practices, in exchange for no technical restrictions. This seems unlikely; ultimately people like getting free media, a lot, and it can become a tragedy of the commons. Also, this battle is initially about security, then about DRM, but then, I believe, ultimately about getting the most powerful weapon in the modern world, general purpose computing hardware, out of the hands of the populace. This would eliminate the demand for DRM on the part of the copyright holders G) Elimination of copyright as a legal concept, obviating the issue of legal protection for copyright. This would eliminate option #5, and make #1-3 highly likely; it becomes a pure technical battle, and that is one the free world can win. However, this does nothing to address the non-DRM reasons for wanting this technology; preventing "evil" applications on general purpose hardware. H) Option 5 is probably so distasteful as to make it impermanent; if it passed, any responsible citizen would resort to the canonical soap, ballot, jury, ammo progression (although, given temperaments, not necessarily in that order.) The mass of distributed hardware and information would make resistance most effective immediately after passage of legislation; once secure hardware is taken away, secure communications will wither, which makes organizing effective resistance difficult. One might question the sanity of being willing to escalate to the barricades to defend one's right to secure, anonymous, private, communications, but I think it is a legal and ethical obligation, once all other avenues are exhausted, of every citizen of a free country. III. III-I. So, I think my take on all of this is that it's worth doing the following: * Trying to kill TCPA/DRM right away, through public protest, shunning everyone involved with to any degree (boycott of all products which include it, at least when viable alternatives exist, products of companies which are involved with it or have other products which implement it, etc. Promotion in the press of all the potential evil of scenario #5, and focusing the debate on #1 vs. #2,3,4,#5 as much as a binary choice as possible) * Promote and publicize failures of TCPA/DRM systems to the extent possible; emphasize any serious losses of security, privacy, control, etc. Try to come up with byzantine failures specifically to shake public confidence in the systems. The WTC-aftermath Windows XP lockouts are a good example. "Why we don't have automobiles with speed governors centrally set to <max speed limit> -- because sometimes there are overriding legitimate reasons to break the law". People have an inherent revulsion to having power taken away from them, even if they never used that power in the past, and would be unlikely to do so in the future; this should be marketed. * Technical circumvention of all DRM mechanisms to render them impotent, and make them as intrustive/annoying as possible to be effective, so as to be commercially unviable. Ideally people wouldn't even watch DRM-protected movies, but I think as long as no revenue is received by the offenders, it should be ok (if there's a war, you don't engage in commerce with the enemy, but stealing all their resources is a good in and of itself) This mitigates the actual harm done if TCPA/DRM are adopted by vendors, without compromising the TCPA vs. no-TCPA debate. This also shakes vendor faith in DRM/TCPA systems. * Shadow distribution networks for original and "liberated" content to the extent possible, such that it is EASIER to get warezed versions of all content, make use of them, etc., than to use the legitimate option. DRM actually helps with this, to the extent that it makes full use of legitimately purchased media as difficult as possible. The risk is of course good circumvention and distribution networks can be used as arguments for TCPA/DRM by the enemy; however, this shifts the argument into #1,2,3,4 vs. #5 space, which is good. * Vigorous protest, with unlimited escalation potential, against the Hollings bill and any future bills, using all required means. Preventing world #5 is my absolute highest goal, so as to keep the battle in the technical arena where better software can solve the problem, and where general purpose hardware is retained as a tool for other, more important wars as well. * A social agreement among all reasonable people to not make use of TCPA or DRM in their applications; to not require links to real-world identity to operate their systems; to allow anonymity, security, privacy, etc. wherever possible. The sacrifice is not using general DRM-capable security technologies even if for non-DRM applications, to make those DRM-capable systems ineffective in the marketplace. This is *WAY* more evil than using MS IE-specific HTML tags, or requiring SSNs for database keys, but the short-term benefits are probably greater...this will be difficult. * Obviously, don't work for companies or organizations which intend to develop TCPA or DRM applications, or which advocate their legal enforcement. * Stockpile effective munitions, cryptographic and otherwise, against the worst case option #5. * Develop ways to do the few good things TCPA could do with technologies not so easily perverted for evil. Distributed, decentralized systems; security-specific coprocessors, simply minimizing the amount of private information required and collected at the original point of interaction, rather than trying to protect it once collected, etc. * The ultimate copyright and intellectual propery debate, which will likely not be resolved for decades. III-II. However, I'm not sure of a few things: * Is it worth making applications actively hostile to TCPA? Doing this risks making your application less widely used, and might make the legitimate TCPA version win. I think the best compromise is to allow the user to do what he wants, but to ensure no revenue or other advantage goes to the TCPA/DRM deploying organization...maybe if the damage is greater than the payment it would be acceptable too. Maybe DRM cds should be playable, but by ripping the DRM cd and distributing unencumbered mp3s at the same time. This is probably an individual question based on the market position of the official vs. resistance application. * To what extent does having a viable technical circumvention system in place both reduce the intensity with which people will fight the imposition of controls (since they don't matter in practice), and support arguments by the enemy for harsher DRM systems and legal mandates * To what extent is the loss of efficiency/security/etc. to large companies not affiliated with DRM/TCPA/restriction of computing by having those technologies deployed outweighed by the advantages to the enemy organizations? A slight improvement for major powerful organizations, at the cost of the destruction of some relatively powerless organizations, is probably going to go ahead; whereas castrating some important but not dominant organizations may not be acceptable, even if it results in a slighr improvement for more powerful organizations. However, I think big companies will all fall into the "use regulation to prevent competition" camp, and thus support the technology, even if they don't benefit from DRM. Plus, political lobbying is non-linear; if people care less than a certain amount, they have no voice at all. * Just how dead do you need to kill this idea to make sure "Never Again"? At a minimum I want the glowing wasteland left to be so bad that people won't even think about going near similar ideas for a long time, and that anything even remotely comparable will have as one of the first debates "why this isn't like TCPA". * Some of the steps suggested can make it impossible for anything like TCPA/DRM/neutered computing from being effective in the future, if implemented. What additional steps can be undertaken to make sure even if a similar thing passes in the future, it will have no effect? This would seem to require removing whatever powers would be used to implement these restrictions; SCOTUS rulings or constitutional ammendments would be sufficient, as would be some kind of "arsenal of democracy" to defend against such things. Clearly the Traditional Cypherpunk Applications are needed now, more than ever, as a check against the powers of evil. -- Ryan Lackey [RL7618 RL5931-RIPE] ryan@havenco.com CTO and Co-founder, HavenCo Ltd. +44 7970 633 277 the free world just milliseconds away http://www.havenco.com/ OpenPGP 4096: B8B8 3D95 F940 9760 C64B DE90 07AD BE07 D2E0 301F