Dell to Add Security Chip to PCs

Anonymous cripto at ecn.org
Thu Feb 3 13:25:28 PST 2005 

I spent considerable time a couple years ago on these lists arguing
that people should have the right to use this technology if they want.
I also believe that it has potential good uses.  But let's be accurate.

> Please stop relaying FUD. You have full control over your PC, even if this
> one is equiped with a TCPA chip. See the TCPA chip as a hardware security
> module integrated into your PC. An API exists to use it, and one if the
> functions of this API is 'take ownership', which has the effect of
> erasing it and regenerating new internal keys.

It is not true that the TPM_TakeOwnership command erases and regenerates
the internal keys.  It does generate a new Storage Root Key, which is
used for encrypting local data.  But the main controversy around TC is
the Remote Attestation feature.  That uses a key called the Endorsement
Key, EK.  It is an RSA public key generated on chip at manufacture
time, before it comes into the user's hands.  The manufacturer issues a
certificate on the public part of the EK, called the PUBEK.  This key is
then used (in a somewhat roundabout manner) to issue signed statements
which attest to the software state of the machine.  These attestations
are what allow a remote server to know if you are running a client
software configuration which the server finds acceptable, allowing the
server to refuse service to you if it doesn't like what you're running.
And this is the foundation for DRM.

The point is that the user can't change the PUBEK.  Only one is generated
per chip, and that is the only one which gets a certificate from the
manufacturer.  The private part of this key never leaves the chip and no
one, not the user and not the manufacturer, ever learns the private key.

Now, my personal perspective on this is that this is no real threat.
It allows people who choose to use the capability to issue reasonably
credible and convincing statements about their software configuration.
Basically it allows people to tell the truth about their software in a
convincing way.  Anyone who is threatened by the ability of other people
to tell the truth should take a hard look at his own ethical standards.
Honesty is no threat to the world!

The only people endangered by this capability are those who want to be
able to lie.  They want to agree to contracts and user agreements that,
for example, require them to observe DRM restrictions and copyright
laws, but then they want the power to go back on their word, to dishonor
their commitment, and to lie about their promises.  An honest man is
not affected by Trusted Computing; it would not change his behavior in
any way, because he would be as bound by his word as by the TC software
restrictions.

But I guess Cypherpunks are rogues, theives and liars, if my earlier
interactions with them are any guide.  It's an ironic and unfortunate
turn for an organization originally devoted to empowering end users
to use new cryptographic technologies in favor of what was once called
crypto anarchy.  TC is the ultimate manifestation of anarchic behavior,
a technology which is purely voluntary and threatens no one, which
allows people to make new kinds of contracts and commitments that no one
else should have the right to oppose.  And yet Cypherpunks are now arch
collectivists, fighting the right of private individuals and companies
to make their own choices about what technologies to use.  How the worm
has turned.

Another poster writes:
> Please stop relaying pro-DRM pabulum. The only reason for Nagscab is
> restricting the user's rights to his own files.
> Of course there are other reasons for having crypto compartments in your
> machine, but the reason Dell/IBM is rolling them out is not that.

A sad illustration of the paranoia and blinkered groupthink so prevalant
on this mailing list today.  Imagine, Dell is providing this chip as part
of a vast conspiracy to restrict the user's rights to his own files.
Anyone whose grasp on reality is so poor as to believe this deserves
what he gets.

The truth is, frankly, that Dell is providing this chip on their laptops
simply because laptop owners like the idea of having a security chip,
most other laptop companies offer them, and the TCG is the main player
in this space.  Dell is neither seeking to advance my liberatarian goals
nor promoting the conspiracy-theorist vision of taking away people's
control over their computers.  The truth is far more mundane.

More information about the cypherpunks-legacy mailing list