Challenge to David Wagner on TCPA

[Trei, Peter]

> AARG! Anonymous[SMTP:remailer at aarg.net] writes:
> Declan McCullagh writes at
> http://zdnet.com.com/2100-1107-946890.html:
> 
>    "The world is moving toward closed digital rights management systems
>    where you may need approval to run programs," says David Wagner,
>    an assistant professor of computer science at the University of
>    California at Berkeley.  "Both Palladium and TCPA incorporate features
>    that would restrict what applications you could run."
> 
> But both Palladium and TCPA deny that they are designed to restrict what
> applications you run. 
> 
[...]

> So here is the challenge to David Wagner, a well known and justifiably
> respected computer security expert: find language in the TCPA spec to
> back up your claim above, that TCPA will restrict what applications
> you can run.  
> 
AARG!, our anonymous Pangloss, is strictly correct - Wagner should have
said "could" rather than "would".

However, TCPA and Palladium fall into a class of technologies with a
tremendous potential for abuse. Since the trust model is directed against
the computer's owner (he can't sign code as trusted, or reliably control 
which signing keys are trusted), he has ceded ultimate control of what 
he can and can't do with his computer to another. 

Sure, TCPA can be switched off - until that switch is disabled. It 
could potentially be permenantly disabled by a BIOS update, a 
security patch, a commercial program which carries signed 
disabling code as a Trojan, or over the net through a backdoor or 
vulnerability in any networked software. Or by Congress 
which could make running a TCPA capable machine with TCPA 
turned off illegal.

With TCPA, I now have to trust that a powerful third party, over
which I have no control, and which does not necessarily have
my interests are heart, will not abuse it's power. I don't
want to have to do that.

Peter Trei
Disclaimer: The above represents my personal opinion only. Do
not misconstrue it as representing anyone elses.