Critique of TC Analysis

The Electronic Frontier Foundation has posted a worthwhile discussion of Trusted Computing on its site. Some time ago I noticed that the Unlimited Freedom blog had posted a critique of EFF's analysis. I read the critique and noticed a few claims with which I strongly disagreed, and decided to post brief rebuttals here. Bear in mind that I am not an expert in TC or PC security technology; I would be interested to know if anyone who is has similar reservations about the blog critique of EFF's analysis.

The following rebuttal is in no particular order; I have just given quotes from the blog with my comments following.

But let us begin with some positive elements of the EFF report. This is perhaps the first public, critical analysis of TC which fails to include two of the worst lies about the technology, lies promulgated primarily by Ross Anderson and Lucky Green: that only authorized programs can run "trusted", and that unauthorized or illegal programs and data will be deleted from computers or prevented from running. The EFF appears to recognize the key feature of TC, which gives it its name: that trust is in the eye of the truster. Anyone can create code which benefits from TC features, and it is up to the user of a computer to decide which local and remote software he will trust.

Ross Anderson does realize this--it's just that he also realizes it's irrelevant. If TC becomes widespread, the fact that you, the user, may be able to turn it off on your computer means nothing if turning it off guarantees that you can't do the things you want to do. If choosing to turn off TC means choosing not to do online banking, not to do online shopping, not to download any content (because free content is a thing of the past), and so on, it's not much of a choice. Anderson's paper recognizes this perfectly well, and it's a far more important point than the minor one about the owner being able to "decide" how to use the TC on his own computer. (By the way, even this small freedom is not necessarily guaranteed with TC--a number of proposed TC schemes hide the encryption keys from the PC user, meaning that it would not be up to the user to decide what software to trust.)

Software choice limitation may occur if a remote system provides some service conditional on the software being used to access it. But that's not really a limitation of choice, because the user could always elect not to receive the offered service.

The implicit assumption here seems to be that if TC did not exist, the service would be offered without any limitations. Then it makes it appear that TC adds limitations which are not currently present. But what this analysis overlooks is that TC will allow the creation of new services which are not economically possible today. By allowing for more protection of data, a whole host of new applications may become possible. So the proper comparison is not with a hypothetical state where you'd have all the same services without TC as with; but rather, comparing a TC world that is relatively rich in services with a service-poor non-TC world.

If getting all these great new services in a TC world comes along with intolerable strings attached to the ones we have now, then it's no bargain at all. However, this point is moot because the current non-TC world is not service-poor. I fail to see how TC will enable any new services that aren't already enabled by public-key encryption and SSL. What TC will enable is monopoly lock-in of services that today have to be provided on a more equitable basis (because public-key encryption and SSL are open technologies).

Going from the basic technological definitions of TC to the massive infrastructure of keys and revocations needed for a secure, commercial DRM system and other licensing schemes is going to take quite a while.

Huh? The infrastructure already exists--it's called the Internet and signature authorities like VeriSign that authenticate SSL certificates.

It should be clear that a technology that allows new kinds of voluntary arrangements, without eliminating any old ones, cannot be entirely evil.

But it will eliminate the old ones if Microsoft and other key TC proponents have their way, because they want to make it the law that you have to use TC to get key services. Why do they want to do this? Because they know that without such legal coercion, no one in their right mind is going to buy the services on their terms when they can get them now on much better terms without TC.

If the new possibilities enabled by TC are truly so horrible for consumers, and if it is possible (as TC opponents implicitly assume) to provide these functionalities without the nightmarish limitations that the report is so afraid of, then some companies can still offer their goods under those more-favorable terms, and reap massive rewards as consumers triumphantly reject the horrific license terms of the TC-based software.

They already are. My credit union provides reliable, secure access to my data over the Internet; it's just one of many reasons why I stick with them, but it's a reason. lets me go online and shop with no other precautions than SSL; if they tried to impose TC to do it they'd lose my business, which is not insignificant (I buy a fair number of things for myself but also tend to do a lot of my gift shopping there). Musicians sell CDs over the Internet cheaper than the record companies, plus they get to keep all of the profits instead of just a pittance. What the TC folks don't like is not that they can't provide all their great services without TC, but that other companies are providing great services without TC, and it worries them because they can't seem to break out of their myopic business models. So if you can't beat 'em--get Congress to outlaw 'em. The fact is, people are voting with their wallets, and they're voting for not putting up with TC. So the TC people, unable to get in through the front door, are trying the back door of legislation. Sound like free and open competition to you?

Make no mistake about it: TC is coming. All the rhetoric, all the protests and objections, are doing nothing to alter the apparently unstoppable momentum of this new technology.

If anything smacks of cheerleading for Microsoft, this is it. The fact is, the technology only has momentum because nobody realizes the potential downsides--yet. Many will when it's too late, of course; but that would still be recoverable if the law wasn't hijacked, so that someone who bought Windows TC and discovered what a raw deal it really was could go out and get Linux. But the TC folks want the law to make that illegal. That is the possibility that needs to be fought.