LOCAL Mountain View, California, USA: events this week

Anonymous nobody at nox.lemuria.org
Sat Oct 18 01:50:22 PDT 2003 

Seth Schoen writes:
> Intel has posted its Policy Statement on LaGrande Technology:
>
> ftp://download.intel.com/technology/security/downloads/LT_policy_statement_0_
> 8.pdf
>
> LaGrande is in the interstices between TCG and NGSCB.

Rather, it seems that LaGrande is the hardware component of NGSCB, and
that TCG is evolving to be more like NGSCB.

> Anyway, Intel wants your comments on the LT policy.  The thing that
> jumps out at me (as the author of "Trusted Computing: Promise and
> Risk") is that Intel thinks that opt-out or opt-in can solve the
> problems of attestation.  This is the official view of a lot of
> trusted computing proponents.  The defects of this view are difficult
> to describe and are complicated by the fact that some trusted
> computing critics don't believe that LT (or TCG or NGSCB) will
> actually provide an opt-out.  (I do believe this.)

It is indeed difficult to discuss these issues dispassionately in the
current atmosphere of distrust and suspicion.  You and the EFF are doing
a good job overall of remaining objective, although as a result some
are accusing you of being shills for Microsoft and DRM.

> The root of the difficulty is that, in the nature of attestation, you
> can be _punished_ for opting out (beyond the scope of simply not
> enjoying particular features to which what you opted out of is
> technically necessary).

The real issue is this.  Attestation will allow a service provider to
withhold his services unless you are using TC technology and running a
particular software program of his choice.  Thus you may need to opt in
in order to use his services.

Now, some people characterize this as a loss of choice, or as you put it,
as allowing you to be punished for opting out.  Suppose the service being
offered is extremely valuable, like cheap movie downloads.  And suppose
almost everyone opts in to use these services, enabling TC and running the
approved clients.  Now you can opt out, but only at the expense of cutting
yourself off from the flow of information that everyone else is enjoying.

The same effect can occur in a decentralized network.  If there is some
P2P program which uses TC to make sure that people are running kosher
clients, and you opt out of TC, you can't participate in the network.
This makes it seem that you are being punished for your decision.

There are two problems with this analysis.  The first is that it overlooks
that some of these services will only be provided if TC exists to assure
that the data will be handled properly.  Without TC there may be no
such service.  Characterizing TC as limiting choice or punishing those
who opt out overlooks the advantages being provided to those who opt in
by allowing them access to a service which might not otherwise exist.

The more popular a service is, and the more people who opt in as a result,
the harder it is to justify opposing the technology that made the service
possible and allowed all those people to get access to an information
flow which is important to them.  By focusing on those who wish to opt
out, the analysis overlooks the larger group who benefits by opting in.

And second, your analysis overlooks the fact that any economic transaction
has two sides: producer and consumer.  Both have economic power in a
competitive market.  Producers are not able to simply set the terms and
require consumers to accept them.  Rather, there is a constant flow,
a give and take, between all sides, evolving to a mutually acceptable
condition.

Look at what is happening with digital music stores today.  Some, like
Apple's service, offer music with relatively weak DRM restrictions.
Others have offered more limitations and harsher rules.  Consumers will
soon have a wide range of choices, and this will allow the market to
select the best mix of limitations and prices.  We are evolving to a
state of "DRM lite" which offers mild restrictions that allow people
to use their music in the ways they want, but makes it hard to share it
with millions of their best friends on the net.

Similarly, even though TC in principle allows service providers to
impose Draconian restrictions, the marketplace won't just stand by and
let it happen.  Consumers are not passive sheep; they are active and
intelligent, and they usually have a better idea of what is in their
own best interests than those of us who are policy activists.

We could do a lot worse than to stand aside and let the market decide
which technologies solve people's problems.  If TC is so bad for
consumers, it will fail.  (Some cypherpunk types have predicted that
TC will be mandated by law, such as the CBDTPA, and certainly I would
agree that any such measures should be opposed.)

> In the nature of attestation and its effect on interoperability,
> though, opting out of attestation might be ruinous for your hopes of
> communicating with others.  If they can be induced to use proprietary
> protocols or file formats, opting out may lead to a permanent
> inability to exchange data with them.

Of course, we see this already to some extent, with any software program
that uses proprietary data formats.  Programs using open formats compete
with programs that use closed formats, and users can choose which ones
to use.  You speak of users being "induced" to use proprietary formats,
but that disparages their abilities to make choices that reflect their
own best interests.

It's also not clear how attestation applies to this case.  As has been
noted elsewhere [1], the protection of proprietary data formats is more
due to sealed storage than attestation.

The bottom line is that if the person you want to communicate with is
using a program that relies on proprietary data formats (one which won't
save or present the data in an open format), you either need to run
the same program, or else you need to persuade the other guy to switch.
That's true today and it will be true tomorrow.

The only thing TC adds is to make it more difficult and expensive to
reverse engineer the data format, but I believe that even without TC,
formats can be designed and software can be written which is extremely
expensive to reverse engineer, especially in conjunction with existing
legal restrictions.  TC will only raise an already very high bar a little
higher, as far as this issue goes.  It doesn't make any fundamental
changes.

I believe that open formats are superior and that programs which rely on
them will ultimately come to succeed in the marketplace.  Consumers want
open formats because it saves them from being locked into a single vendor
and left orphaned if that company fails.  These kinds of pressures will
save us from the worst excesses you fear, with or without TC.

> Opting in, by the same token,
> could lead to a permanent loss of software choice (and the effective
> inability to reverse engineer or repair your software) at least during
> the particular periods of time when you want to communicate with other
> people or manipulate what they sent you.

It's somewhat contradictory to speak of a "permanent" loss of choice
only during "particular periods of time".  Permanent normally connotes
a property that applies all the time.

But again, what this comes down to is that if everyone else is using
a proprietary format, you have to use the same program that they do.
I don't think people are going to continue to put up with this
indefinitely.

>    [T]rusted computing systems fundamentally alter trust relationships.
>    Legitimate concerns about trusted computing are not limited to one
>    area, such as consumer privacy or copyright issues.

Trusted computing systems allow for new forms of trust relationships that
are not possible today.

===

[1] http://invisiblog.com/1c801df4aee49232/

More information about the cypherpunks-legacy mailing list