The english TCPA/Palladium FAQ
1. What are TCPA and Palladium?
2. What does TCPA / Palladium do, in ordinary English?
3. So I won't be able to play MP3s on my PC any more?
4. How does it work?
5. What else can TCPA and Palladium be used for?
6. OK, so there will be winners and losers - Disney might win big, and smartcard makers might go bust. But surely Microsoft and propose to make money out of it?
7. Where did the idea come from?
8. How is this related to the Pentium 3 serial number?
9. Why call the monitor chip a `Fritz' chip?
10. OK, so TCPA stops kids ripping off music and will help companies keep data confidential. It may help the Mafia too, unless it?
11. How can TCPA be abused?
12. Scary stuff. But can't you just turn it off?
13. So economics are going to be significant here?
14. But hang on, doesn't the law give people a right to
reverse engineer interfaces for compatibility?
15. Can't TCPA be broken?
16. What's the overall economic effect likely to be?
17. Who else will lose?
18. Ugh. What else?
19. I can see that some people will get upset about this.
20. But hang on, isn't TCPA illegal under antitrust law?
21. When is this going to hit the streets?
22. What's TORA BORA?
23. But isn't PC security a good thing?
24. So why is this called `Trusted Computing'? I don't see
why I should trust it at all!
25. So a `Trusted Computer' is one that can break my security?
1. What are TCPA and Palladium?
TCPA stands for the Trusted
Computing Platform Alliance, an initiative led by Intel. Their
stated goal is `a new computing platform for the next century that
will provide for improved trust in the PC platform.' Palladium
is software that Microsoft says it plans to incorporate in future
versions of Windows; it will build on the TCPA hardware, and will add
features2. What does TCPA / Palladium do, in ordinary English?
It provides a computing platform on which you can't tamper with the
applications, and where these applications can communicate securely
with the vendor. The obvious application is digital
rights management (DRM): Disney will be able to sell you DVDs that
will decrypt and run on a Palladium platform, but which you won't be
able to copy. The music industry will be able to sell you music
downloads that you won't be able to swap. They will be able to sell
you CDs that you'll only be able to play three times, or only on your
birthday. All sorts of new marketing possibilities will open up.
TCPA / Palladium will also make it much harder for you to run
unlicensed software. Pirate software can be detected and deleted
remotely. It will also make it easier for people to rent software
rather than buying it; and if you stop paying the rent, then not only
does the software stop working but so may the files it created. For
years, Bill Gates has dreamed of finding a way to make the Chinese
pay for software: Palladium could be the answer to his prayer.
There are many other possibilities. Governments will be able to
arrange things so that all Word documents created on civil servants'
PCs are `born classified' and can't be leaked electronically to
journalists. Auction sites might insist that you use trusted proxy
software for bidding, so that you can't bid tactically at the
auction. Cheating at computer games could be made more difficult.
There is a downside too. There will be remote censorship: the
mechanisms designed to delete pirated music under remote control may
be used to delete documents that a court (or a software company) has
decided are offensive - this could be anything from pornography to
writings that criticise political leaders. Software companies can also
make it harder for you to switch to their competitors' products; for
example, Word could encrypt all your documents using keys that only
Microsoft products have access to; this would mean that you could only
read them using Microsoft products, not with any competing word
processor.3. So I won't be able to play MP3s on my PC any more?
With existing MP3s, you may be all right for some time. Microsoft says
that Palladium won't make anything suddenly stop working. But a recent
software update for Windows Media Player has caused controversy
by insisting that users agree to future anti-piracy measures, which
may include measures that delete pirated content found on your
computer. Also, some programs that give people more control over their
PCs, such as VMware and Total Recorder, are unlikely
to work under TCPA. So you may have to use a different player - and if
your player will play pirate MP3s, then it seems unlikely to be
authorised to play the new, protected, titles.
It is up to an application to set the security policy for its
files, using an online policy server. So Media Player will determine
what sort of conditions get attached to protected titles, and I expect
Microsoft will do all sorts of deals with the content providers, who
will experiment with all sorts of business models. You might get CDs
that are a third of the price but which you can only play three times;
if you pay the other two-thirds, you'd get full rights. You might be
allowed to lend your copy of some digital music to a friend, but then
your own backup copy won't be playable until your friend gives you the
main copy back. More likely, you will not be able to lend music at
all. These policies will make life inconvenient for some people; for
example, regional coding might stop you watching the Polish version of
a movie if your PC was bought outside Europe.
This could all be done today - Microsoft would just have to
download a patch into your player - but once TCPA / Palladium makes it
hard for people to tamper with the player software, and easier for
Microsoft to control upgrades and patches, it will be harder for you
to escape, and will therefore be a more attractive way of doing
business.4. How does it work?
TCPA provides for a monitoring and reporting component to be mounted
in future PCs. The preferred implementation in the first phase of
TCPA is a `Fritz' chip - a smartcard chip or dongle soldered to the
When you boot up your PC, Fritz takes charge. He checks that the boot
ROM is as expected, executes it, measures the state of the machine;
then checks the first part of the operating system, loads and executes
it, checks the state of the machine; and so on. The trust boundary, of
hardware and software considered to be known and verified, is steadily
expanded. A table is maintained of the hardware (audio card, video
card etc) and the software (O/S, drivers, etc); Fritz checks that the
hardware components are on the TCPA approved list, that the software
components have been signed, and that none of them has a serial number
that has been revoked. If there are significant changes to the PC's
configuration, the machine must go online to be re-certified. The
result is a PC booted into a known state with an approved combination
of hardware and software (whose licences have not expired). Control is
then handed over to enforcement software in the operating system -
this will be Palladium if your operating system is Windows.
Once the machine is in this state, Fritz can certify it to third
parties: for example, he will do an authentication protocol with
Disney to prove that his machine is a suitable recipient of `Snow
White'. This will mean certifying that the PC is currently running an
authorised application program - MediaPlayer, DisneyPlayer, whatever.
The Disney server then sends encrypted data, with a key that Fritz
will use to unseal it. Fritz makes the key available only to the
authorised application and only so long as the environment remains
`trustworthy'. For this purpose, `trustworthy' is defined by the
security policy downloaded from a server under the control of the
application owner. This means that Disney can decide to release its
premium content to a given media player application in return for a
contract that the application will not make any unauthorised copies of
content, will impose a certain set of conditions (including what level
of security has to be set in TCPA). This can involve payment: Disney
might insist, for example, that the application collect a dollar every
time you view the movie. In fact, the application itself can be rented
too, and this is of great interest to software companies. The
possibilities seem to be limited only by the marketers' imagination.5. What else can TCPA and Palladium be used for?
TCPA can also be used to implement much stronger access controls on
confidential documents. For example, an army might arrange that its
soldiers can only create Word documents marked at `Confidential' or
above, and that only a TCPA PC with a certificate issued by its own
security agency can read such a document. This is called `mandatory
access control', and governments are keen on it. The Palladium
announcement implies that the Microsoft product will support this: you
will be able to configure Word so that it will encrypt all documents
generated in a given compartment on your machine, and share it only
with other users in a defined group.
Corporations will be able to do this too, to make life harder for
whistleblowers. They can arrange that company documents can only be
read on company PCs, unless a suitably authorised person clears them
for export. They can also implement timelocks: they can arrange, for
example, that all emails evaporate after 90 days unless someone makes
a positive effort to preserve them. (Think of how useful that would
have been for Enron, or Arthur Andersen, or for Microsoft itself
during the antitrust case.) The Mafia might use the same facilities:
they could arrange that the spreadhseet with the latest drug shipments
can only be read on accredited Mafia PCs, and will vanish at the end
of the month. This might make life harder for the FBI - though
Microsoft is in discussions with governments about whether policemen
and spies will get some kind of access to master keys. But, in any
case, a whistleblower who emails a document to a journalist will
achieve little, as the journalist's Fritz chip won't give him the key
to decipher it.
TCPA / Palladium also seems destined for use in electronic payment
systems. One of the Microsoft visions appears to be that much of the
functionality now built on top of bank cards may move into software
once the applications can be made tamper-resistant. This is needed if
we are to have a future in which we pay for books that we read, and
music we listen to, at the rate of so many pennies per page or per
minute. Even if this doesn't work out as a business model - and there
arguments why it won't - there is clearly a competitive issue for
a number of online payment systems, and there may be spillover effects
for the user. If, in ten years' time, it's inconvenient to shop online
with a credit card unless you use a TCPA or Palladium platform, then
this could move a lot of people over to the system.6. OK, so there will be winners and losers - Disney might win big, and smartcard makers might go bust. But surely Microsoft and propose to make money out of it?
My spies at Intel tell me that it was a defensive play. As they make
most of their money from PC microprocessors, and have most of the
market, they can only grow their company by increasing the size of the
market. They are determined that the PC will be the hub of the future
home network. If entertainment is the killer application, and DRM is
going to be the critical enabling technology, then the PC has to do
DRM or risk being displaced in the home market.
Microsoft were also motivated by the desire to bring all of
entertainment within their empire. But they also stand to win big if
either TCPA or Palladium becomes widespread, as they will be able to
use it to cut down dramatically on software copying. `Making the
Chinese pay for software' has been a big thing for Bill; with
Palladium, he can tie each PC to its individual licenced copy of
Office, and with TCPA he can tie each motherboard to its individual
licenced copy of Windows. TCPA will also have a worldwide blacklist
for the serial numbers of any copies of Office that get pirated.
Finally, Microsoft would like to make it more expensive for people to
switch away from their products (such as Office) to rival products
(such as OpenOffice). This
will enable them to charge more for upgrades without making their
users jump ship.7. Where did the idea come from?
It first appeared in a paper by Bill Arbaugh, Dave Farber and Jonathan
Smith, ``A Secure and
Reliable Bootstrap Architecture'', in the proceedings of the IEEE
Symposium on Security and Privacy (1997) pp 65-71. It led to a US
patent: ``Secure and Reliable Bootstrap Architecture'', U.S. Patent
No. 6,185,678, February 6th, 2001. Bill's thinking developed from
work he did while working for the NSA on code signing in 1994. The
Microsoft folk have also applied for patent
protection on the operating
system aspects. (The patent texts are here.)
There may be quite a lot of prior art. Markus Kuhn wrote about the TrustNo1
Processor years ago, and the basic idea - a specially trusted
`reference monitor' that supervises a computer's access control
functions - goes back at least to a
paper written by James Anderson for the USAF in 1972. It has been
a feature of US military secure systems thinking since then.8. How is this related to the Pentium 3 serial number?
Intel started an earlier program in the mid-1990s that would have put
the functionality of the Fritz chip inside the main PC processor, or
the cache controller chip, by 2000. The Pentium serial number was a
first step on the way. The adverse public reaction seems to have
caused them to pause, set up a consortium with Microsoft and others,
and seek safety in numbers.9. Why call the monitor chip a `Fritz' chip?
In honour of Senator Fritz Hollings of South Carolina, who is working
tirelessly in Congress to make TCPA a mandatory part of all consumer
electronics.10. OK, so TCPA stops kids ripping off music and will help companies keep data confidential. It may help the Mafia too, unless it?
A lot of companies stand to lose out. For example, the European
smartcard industry looks likely to be hurt, as the functions now
provided by their products migrate into the Fritz chips in peoples'
laptops, PDAs and third generation mobile phones. In fact, much of the
information security industry may be upset if TCPA takes off.
Microsoft claims that Palladium will stop spam, viruses and just about
every other bad thing in cyberspace - if so, then the antivirus
companies, the spammers, the spam-filter vendors, the firewall firms
and the intrusion detection folk could all have their lunch stolen.
There are serious concerns about the effects on the information
goods and services industries, and in particular on innovation, on the
rate at which new businesses are formed and on the likelihood that
incumbent companies will be able to hang on to their monopolies. The
problems for innovation are well explained in a recent
New York Times column by the distinguished economist Hal Varian.
But there are much deeper problems. The fundamental issue is that
whoever controls the Fritz chips will acquire a huge amount of power.
Having this single point of control is like making everyone use the
same bank, or the same accountant, or the same lawyer. There are many
ways in which this power could be abused.11. How can TCPA be abused?
One of the worries is censorship. TCPA was designed from the start to
support the centralised revocation of pirate bits. Pirate software
will be spotted and disabled by Fritz when you try to load it, but
what about pirated songs or videos? And how could you transfer a
song or video that you own from one PC to another, unless you can
revoke it on the first machine? The proposed solution is that an
application enabled for TCPA, such as a media player or word
processor, will have its security policy administered remotely by a
server, which will maintain a hot list of bad files. This will be
downloaded from time to time and used to screen all files that the
application opens. Files can be revoked by content, by the serial
number of the application that created them, and by a number of other
criteria. The proposed use for this is that if everyone in China uses
the same copy of Office, you do not just stop this copy running on any
machine that is TCPA-compliant; that would just motivate the Chinese
to use normal PCs instead of TCPA PCs in order to escape revocation.
So you also cause every TCPA-compliant PC in the world to refuse to
read files that have been created using this pirate program.
This is bad enough, but the potential for abuse extends far beyond
commercial bullying and economic warfare into political censorship. I
expect that it will proceed a step at a time. First, some
well-intentioned police force will get an order against a pornographic
picture of a child, or a manual on how to sabotage railroad signals.
All TCPA-compliant PCs will delete, or perhaps report, these bad
documents. Then a litigant in a libel or copyright case will get a
civil court order against an offending document; perhaps the
Scientologists will seek to blacklist the famous Fishman Affidavit.
Once lawyers and government censors realise the potential, the trickle
will become a flood.
Now the modern age only started when Gutenberg invented movable
type printing in Europe, which enabled information to be preserved and
disseminated even if princes and bishops wanted to ban it. For
example, when Wycliffe translated the Bible into English in 1380-1,
the Lollard movement he started was suppressed easily; but when
Tyndale translated the New Testament in 1524-5, he was able to print
over 50,000 copies before they caught him and burned him at the stake.
The old order in Europe collapsed, and the modern age began. Societies
that tried to control information became uncompetitive, and with the
collapse of the Soviet Union it seemed that democratic liberal
capitalism had won. But now, TCPA and Palladium have placed at risk
the priceless inheritance that Gutenberg left us. Electronic books,
once published, will be vulnerable; the courts can order them to be
unpublished and the TCPA infrastructure will do the dirty work.
So after the Soviet Union's attempts to register and control all
typewriters and fax machines, TCPA attempts to register and control
all computers. The implications for liberty, democracy and justice are
worrying. 12. Scary stuff. But can't you just turn it off?
Sure - unless your system administrator configures your machine in
such a way that TCPA is mandatory, you can always turn it off. You can
then run your PC with administrator privileges, and use insecure
There is one respect, though, in which you can't turn Fritz off.
You can't make him ignore pirated software. Even if he's been informed
that the PC is booting in untrusted mode, he still checks that the
operating system isn't on the serial number revocation list. This has
implications for national sovereignty. If Saddam is stupid enough to
upgrade his PCs to use TCPA, then the American government will be able
to hot-list his Windows licences, and thus shut down his PCs, next
time there's a war. Booting in untrusted mode won't help. He'd have to
dig out old copies of Windows 2000, change to GNU/linux, or find a
way to isolate the Fritz chips from his motherboards without breaking
If you aren't someone the US President hates personally, this may
not be an issue. But if you turn TCPA off, then your TCPA-enabled
applications won't work, or won't work as well. It will be like
switching from Windows to Linux nowadays; you may have more freedom,
but end up having less choice. If the applications that use TCPA /
Palladium are more attractive to the majority of people, you may end
up simply having to use them - just as many people have to use
Microsoft Word because all their friends and colleagues send them
documents in Microsoft Word. Microsoft says that Palladium, unlike
vanilla TCPA, will be able to run trusted and untrusted applications
at the same time in different windows; this will presumably make it
easier for people to start using it.13. So economics are going to be significant here?
Exactly. The biggest profits in IT goods and services markets tend to
go to companies that can establish platforms (such as Windows, or
Word) and control compatibility with them, so as to manage the markets
in complementary products. For example, some
mobile phone vendors use challenge-response authentication to
check that the phone battery is a genuine part rather than a clone -
in which case, the phone will refuse to recharge it, and may even
drain it as quickly as possible. Some printers authenticate their
toner cartridges electronically; if you use a cheap substitute, the
printer silently downgrades from 1200 dpi to 300 dpi. The Sony
Playstation 2 uses similar authentication to ensure that memory
cartridges were made by Sony rather than by a low-price competitor.
TCPA appears designed to maximise the effect, and thus the economic
power, of such behaviour. Given Microsoft's record of competitive
strategic plays, I expect that Palladium will support them. So if you
control a TCPA-enabled application, then your policy server can
enforce your choice of rules about which other applications will be
allowed to use the files your code creates. These files can be
protected using strong cryptography, with keys controlled by the Fritz
chips on everybody's machines. What this means is that a successful
TCPA-enabled application will be worth much more money to the software
company that controls it, as they can rent out access to their
interfaces for whatever the market will bear. So there will be huge
pressures on software developers to enable their applications for
TCPA; and if Palladium is the first operating system to support TCPA,
this will give it a competitive advantage over GNU/Linux and MacOS
with the developer community.14. But hang on, doesn't the law give people a right to
reverse engineer interfaces for compatibility?
Yes, and this is very important to the functioning of IT goods and
services markets; see Samuelson and Scotchmer, ``The Law and Economics
of Reverse Engineering'', Yale Law Journal, May 2002, 1575-1663. But
the law in most cases just gives you the right to try, not to succeed. Back
when compatibility meant messing around with file formats, there was a
real contest - when Word and Word Perfect were fighting for dominance,
each tried to read the other's files and make it hard for the other to
read its own. However, with TCPA that game is over; without access to
the keys, or some means of breaking into the chips, you've had it.
Locking competitors out of application file formats was one of the
motivations for TCPA: see a post by Lucky
Green, and go to his talk at Def Con to hear
more. It's a tactic that's spreading beyond the computer world.
Congress is getting upset
at carmakers using data format lockout to stop their customers getting
repairs done at independent dealers. And the Microsoft folk say they
want Palladium everywhere, even in your watch. The economic
consequences for independent businesses everywhere could be
significant.15. Can't TCPA be broken?
The early versions will be vulnerable to anyone with the tools and
patience to crack the hardware (e.g., get clear data on the bus
between the CPU and the Fritz chip). However, from phase 2, the Fritz
chip will disappear inside the main processor - let's call it the
`Hexium' - and things will get a lot harder. Really serious, well
funded opponents will still be able to crack it. However, it's likely
to go on getting more difficult and expensive.
Also, in many countries, cracking Fritz will be illegal. In the USA
the Digital Millennium Copyright Act already does this, while in the
EU the situation may vary from one country to another, depending on
the way national regulations implement the EU Copyright Directive.
Also, in many products, compatibility control is already being mixed
quite deliberately with copyright control. The Sony Playstation's
authentication chips also contain the encryption algorithm for DVD, so
that reverse engineers can be accused of circumventing a copyright
protection mechanism and hounded under the Digital Millennium
Copyright Act. The situation is likely to be messy - and that will
favour large firms with big legal budgets.16. What's the overall economic effect likely to be?
The content industries may gain a bit from cutting music copying -
expect Sir Michael Jagger to get very slightly richer. But I expect
the most significant economic effect will be to strengthen the
position of incumbents in information goods and services markets at
the expense of new entrants. This may mean a rise in the market cap of
firms like Intel, Microsoft and IBM - but at the expense of innovation
and growth generally. Eric von Hippel documents
how most of the innovations that spur economic growth are not
anticipated by the manufacturers of the platforms on which they are
based; and technological change in the IT goods and services markets
is usually cumulative. Giving incumbents new ways to make life harder
for people trying to develop novel uses for their products will create
all sorts of traps and perverse incentives.
The huge centralisation of economic power that TCPA / Palladium
represents will favour large companies over small ones; there will be
similar effects as Palladium applications enable large companies to
capture more of the spillover from their economic activities, as with
the car companies forcing car-owners to have their maintenance done at
authorised dealerships. As most employment growth occurs in the small
to medium business sector, this could have consequences for jobs.
There may also be distinct regional effects. For example, many years
of government sponsorship have made Europe's smartcard industry
strong, at the cost of crowding out other technological innovation in
the region. Senior industry people to whom I have spoken anticipate
that once the second phase of TCPA puts the Fritz functionality in the
main processor, this will hammer smartcard sales. A number of TCPA
company insiders have admitted to me that displacing smartcards from
the authentication token market is one of their business goals. Many
of the functions that smartcard makers want you to do with a card will
instead be done in the Fritz chips of your laptop, your PDA and your
mobile phone. If this industry is killed off by TCPA, Europe could be
a significant net loser. Other large sections of the information
security industry may also become casualties.17. Who else will lose?
There will be many places where existing business processes break down
in ways that allow copyright owners to extract new rents. For example,
I recently applied for planning permission to turn some agricultural
land that we own into garden; to do this, we needed to supply our
local government with six copies of a 1:1250 map of the field. In the
old days, everyone just got a map from the local library and
photocopied it. Now, the maps are on a server in the library, with
copyright control, and you can get a maximum of four copies of any one
sheet. For an individual, that's easy enough to circumvent: buy four
copies today and send a friend along tomorrow for the extra two. But
businesses that use a lot of maps will end up paying more money to the
map companies. This may be a small problem; mutiply it a thousandfold
to get some idea of the effect on the overall economy. The net
transfers of income and wealth are likely, once more, to be from small
firms to large and from new firms to old.
This may hopefully cause political resistance. One well-known UK
that copyright law is only tolerated because it is not enforced
against the vast majority of petty infringers. And there will be some
particularly high-profile hard-luck cases. I understand that copyright
regulations due out later this year in Britain will deprive the blind
of the fair-use right to use their screen scraper software to read
e-books. Normally, a bureaucratic stupidity like this might not
matter much, as people would just ignore it, and the police would not
be idiotic enough to prosecute anybody. But if the copyright
regulations are enforced by hardware protection mechanisms that are
impractical to break, then the blind may lose out seriously. (There
are many other marginal groups under similar threat.)18. Ugh. What else?
TCPA will undermine the General Public License (GPL), under which many
free and open source software products are distributed. The GPL is
designed to prevent the fruits of communal voluntary labour being
hijacked by private companies for profit. Anyone can use and modify
software distributed under this licence, but if you distribute a
modified copy, you must make it available to the world, together with
the source code so that other people can make subsequent modifications
of their own.
At least two companies have started work on a TCPA-enhanced version of
GNU/linux. This will involve tidying up the code and removing a
number of features. To get a certificate from the TCPA corsortium, the
sponsor will then have to submit the pruned code to an evaluation lab,
together with a mass of documentation showing why various known
attacks on the code don't work. (The evaluation is at level E3 -
expensive enough to keep out the free software community, yet lax
enough for most commercial software vendors to have a chance to get
their lousy code through.) Although the modified program will be
covered by the GPL, and the source code will be free to everyone, it
will not make full use of the TCPA features unless you have a
certificate for it that is specific to the Fritz chip on your own
machine. That is what will cost you money (if not at first, then
You will still be free to make modifications to the modified code, but
you won't be able to get a certificate that gets you into the TCPA
system. Something similar happens with the linux supplied by
Sony for the Playstation 2; the console's copy protection
mechanisms prevent you from running an altered binary, and from using
a number of the hardware features. Even if a philanthropist does a
not-for-profit secure GNU/linux, the resulting product would not
really be a GPL version of a TCPA operating system, but a proprietary
operating system that the philanthropist could give away free. (There
is still the question of who would pay for the user certificates.)
People believed that the GPL made it impossible for a company to come
along and steal code that was the result of community effort. This
helped make people willing to give up their spare time to write free
software for the communal benefit. But TCPA changes that. Once the
majority of PCs on the market are TCPA-enabled, the GPL won't work as
intended. The benefit for Microsoft is not that this will destroy free
software directly. The point is this: once people realise that even
GPL'led software can be hijacked for commercial purposes, idealistic
young programmers will be much less motivated to write free software.19. I can see that some people will get upset about this.
And there are many other political issues - the transparency of
processing of personal data enshrined in the EU data protection
directive; the sovereignty issue, of whether copyright regulations
will be written by national governments, as at present, or an
application developer in Portland or Redmond; whether TCPA will be
used by Microsoft as a means of killing off Apache; and whether people
will be comfortable about the idea of having their PCs operated, in
effect, under remote control -- control that could be usurped by
courts or government agencies without their knowledge.20. But hang on, isn't TCPA illegal under antitrust law?
Intel has honed a `platform leadership' strategy, in which they lead
industry efforts to develop technologies that will make the PC more
useful, such as the PCI bus and USB. Their modus operandi is described
in a book
by Gawer and Cusumano. Intel sets up a consortium to share the
development of the technology, has the founder members put some
patents into the pot, publishes a standard, gets some momentum behind
it, then licenses it to the industry on the condition that licensees
in turn cross-license any interfering patents of their own, at zero
cost, to all consortium members.
The positive view of this strategy was that Intel grew the overall
market for PCs; the dark side was that they prevented any competitor
achieving a dominant position in any technology that might have
threatened their dominance of the PC hardware. Thus, Intel could not
afford for IBM's microchannel bus to prevail, not just as a competing
nexus of the PC platform but also because IBM had no interest in
providing the bandwidth needed for the PC to compete with high-end
systems. The effect in strategic terms is somewhat similar to the old
Roman practice of demolishing all dwellings and cutting down all trees
close to their roads or their castles. No competing structure may be
allowed near Intel's platform; it must all be levelled into a
commons. But a nice, orderly, well-regulated commons: interfaces
should be `open but not free'.
The consortium approach has evolved into a highly effective way of
skirting antitrust law. So far, the authories do not seem to have been
worried about such consortia - so long as the standards are open and
accessible to all companies. They may need to become slightly more
Of course, if Fritz Hollings manages to get his bill through Congress,
then TCPA will become compulsory and the antitrust issue will fall
away, at least in America. One may hope that European regulators will
have more backbone.21. When is this going to hit the streets?
It has. The specification was
published in 2000. Atmel is already selling a Fritz chip,
and although you need to sign a non-disclosure agreement to get a data
sheet, you have been able to buy it installed in the IBM
Thinkpad series of laptops since May 2002. Some of the existing
features in Windows XP and the X-Box are
TCPA features: for example, if you change your PC configuration more
than a little, you have to reregister all your software with
Redmond. Also, since Windows 2000, Microsoft has been working on
certifying all device drivers: if you try to load an unsigned driver,
XP will complain. There is also growing US
government interest in the technical standardisation process. The
train is rolling.
The timing of Palladium is less certain. There appears to be a power
struggle going on between Microsoft and Intel; Palladium will also run
on competing hardware from suppliers such as Wave Systems, and applications written
to run on top of vanilla TCPA will need to be rewritten to run on
Palladium. This seems a play to ensure that the secure computing
platform of the future is controlled by Microsoft alone. It might also
be a tactic to deter other companies from trying to develop software
platforms based on TCPA. Intel and AMD appear to plan for the second
generation of TCPA functionality to be provided in the main processor
for free. This might provide higher security, but would enable them to
control developments rather than Microsoft.
I do know that the Palladium announcement was brought forward by over
a month after I presented a
paper at a conference on Open Source Software
Economics on the 20th June. This paper criticised TCPA as
anticompetitive, as amply confirmed by new revelations since.22. What's TORA BORA?
This seems to have been an internal Microsoft joke: see the Palladium
announcement. The idea is that `Trusted Operating Root
Architecture' (Palladium) will stop the `Break Once Run Anywhere'
attack, by which they mean that pirated content, once unprotected, can
be posted to the net and used by anyone.
They seem to have realised since that this joke might be thought to be
in bad taste. At a talk I attended on the 10th July at Microsoft
Research, the slogan had changed to `BORE-resistance', where BORE
standards for `Break Once Run Everywhere'. (By the way, the speaker
there described copyright watermarking as `content screening', a term
that used to refer to stopping minors seeing pornography: the PR
machine is obviously twitching! He also told us that it would not work
unless everyone used a trusted operating system. When I asked him
whether this meant getting rid of linux he replied that linux users
would have to be made to use content screening.)23. But isn't PC security a good thing?
The question is: security for whom? You might prefer not to have to
worry about viruses, but neither TCPA nor Palladium will fix that:
viruses exploit the way software applications (such as Microsoft
Office and Outlook) use scripting. You might get annoyed by spam, but
that won't get fixed either. (Microsoft implies that it will be fixed,
by filtering out all unsigned messages - but the spammers will just
buy TCPA PCs. You'd be better off using your existing mail client to
filter out mail from people you don't know and putting it in a folder
you scan briefly once a day.) You might be worried about privacy, but
neither TCPA nor Palladium will fix that; almost all privacy
violations result from the abuse of authorised access, often obtained
by coercing consent. The medical insurance company that requires you
to consent to your data being shared with your employer and with
anyone else they can sell it to, isn't going to stop just because
their PCs are now officially `secure'. On the contrary, they are
likely to sell it even more widely, because computers are now
Economists have noted that when a manufacturer makes a `green'
product available, it often increases pollution, as people buy green
rather than buying less; we may see a security equivalent of this
`social choice trap', as it's called. In addition, by entrenching and
expanding monopolies, TCPA will increase the incentives to price
discriminate and thus to harvest personal data for profiling.
The most charitable view of TCPA is put forward by a Microsoft
researcher: there are some applications in which you want to constrain
the user's actions. For example, you want to stop people fiddling with
the odometer on a car before they sell it. Similarly, if you want to
do DRM on a PC then you need to treat the user as the enemy.
Seen in these terms, TCPA and Palladium do not so much provide
security for the user as for the PC vendor, the software supplier, and
the content industry. They do not add value for the user, but destroy
it. They constrain what you can do with your PC in order to enable
application and service vendors to extract more money from you. This
is the classic definition of an exploitative cartel - an industry
agreement that changes the terms of trade so as to diminish consumer
No doubt Palladium will be bundled with new features so that the
package as a whole appears to add value in the short term, but the
long-term economic, social and legal implications require serious
thought.24. So why is this called `Trusted Computing'? I don't see
why I should trust it at all!
It's almost an in-joke. In the US Department of Defense, a `trusted
system or component' is defined as `one which can break the security
policy'. This might seem counter-intuitive at first, but just stop to
think about it. The mail guard or firewall that stands between a
Secret and a Top Secret system can - if it fails - break the security
policy that mail should only ever flow from Secret to Top Secret, but
never in the other direction. It is therefore trusted to enforce the
information flow policy.
Or take a civilian example: suppose you trust your doctor to keep
your medical records private. This means that he has access to your
records, so he could leak them to the press if he were careless or
malicious. You don't trust me to keep your medical records, because I
don't have them; regardless of whether I like you or hate you, I can't
do anything to affect your policy that your medical records should be
confidential. Your doctor can, though; and the fact that he is in a
position to harm you is really what is meant (at a system level) when
you say that you trust him. You may have a warm feeling about him, or
you may just have to trust him because he is the only doctor on the
island where you live; no matter, the DoD definition strips away these
fuzzy, emotional aspects of `trust' (that can confuse people).
Remember during the late 1990s, as people debated government
control over cryptography, Al Gore proposed a `Trusted Third Party' -
a service that would keep a copy of your decryption key safe, just in
case you (or the FBI, or the NSA) ever needed it. The name was derided
as the sort of marketing exercise that saw the Russian colony of East
Germany called a `Democratic Republic'. But it really does chime with
DoD thinking. A Trusted Third Party is a third party that can break
your security policy.25. So a `Trusted Computer' is one that can break my security?
Now you've got it.
This FAQ is GPLed, taken from http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html.