dangers of TCPA/palladium

Mike Rosing eresrch at eskimo.com
Mon Aug 5 20:34:22 PDT 2002 

On Mon, 5 Aug 2002, AARG! Anonymous wrote:

> Well, he can choose who he buys the TPM chip from, I suppose.
> But upgrades are basically new firmware for the TPM chip, so they will
> probably always come from the manufacturer.

Or who ever steals the master key.

> Why exactly is this so much more of a threat than, say, flash BIOS
> upgrades?  The BIOS has a lot more power over your machine than the
> TPM does.

The difference is fundamental: I can change every bit of flash in my BIOS.
I can not change *anything* in the TPM.  *I* control my BIOS.  IF, and
only IF, I can control the TPM will I trust it to extend my trust to
others.  The purpose of TCPA as spec'ed is to remove my control and
make the platform "trusted" to one entity.  That entity has the master
key to the TPM.

Now, if the spec says I can install my own key into the TPM, then yes,
it is a very useful tool.  It would be fantastic in all the portables
that have been stolen from the FBI for example.  Assuming they use a
password at turn on, and the TPM is used to send data over the net,
then they'd know where all their units are and know they weren't
compromised (or how badly compromised anyway).

But as spec'ed, it is very seriously flawed.

>
> > - big brotherish policies for regimes interested in censoring and
> > imposing policies on users such as China, Iraq etc
>
> Again, what specific TCPA features will they exploit to accomplish this?

The untouchable code zone.  That's fine for an embedded application,
but for a general purpose computing platform it's great for dictators.

> That's already the case.  Face it: if government decided to enforce
> mandatory key escrow, most users would not object and would be unable
> to help themselves if they did, whether TCPA existed or not.

Yes, dictatorships are stable governments for the short run.  Most people
are willing to put up with slavery as long as they get food and sleep.
But there are enough people who read history (and who have escaped
dictatorships) to prevent really bad things from being forced down
everyone's throats.  TCPM seems like clipper and it also seems like
it'd be pretty easy to sell as evil (whether it is or not).  I don't
think it's going to be an easy fight for the RIAA folks.

> I just don't see that TCPA is of that much use to them, given that they
> already have essentially unlimited power.  Ultimately, in the West,
> governments are the responsibility of the populace.
>
> If the Chinese government were to do a TCPA-like system, I doubt that
> it would look much like this one.

What makes you think TCPA isn't being designed with the Chinese in mind?
They don't believe in copyright to begin with, and they are a huge market.
As it's been described so far, it sure seems useful to the master key
holder.

Patience, persistence, truth,
Dr. mike

More information about the cypherpunks-legacy mailing list