This article is more than 1 year old

MS Palladium protects IT vendors, not you – paper

Anderson gives us the FAQs

Ross Anderson of Cambridge University has published a lengthy and informative paper/FAQ on Palladium, the Trusted Computing Platform Alliance (TCPA), their relationship and their implications. His take is that Microsoft's Palladium, soft-announced by the company earlier this week, will be built on TCPA hardware, adding some extra features as it goes along. Some of these features, he notes, will the there in order to make the package look more attractive, while some of the components of Palladium are already shipping in Xbox and WinXP.

TCPA itself provides for a monitoring component to be included in future PCs. In phase one Anderson expects it to be an add-on chip on the motherboard, but further down the line it will be in the CPU. It's more crackable as an add-on, as you could conceivably get around it by monitoring bus traffic, but once it's in the CPU this becomes a lot harder, and he speculates about the likely effects in the event of TCPA/Palladium being to all intents and purposes uncrackable.

Aside from providing the music business with workable DRM, it would also allow software companies to lock in their users. The more Palladium/TCPA-enabled apps there are, the more this will be the case, and it will also have the tendency to favour existing players while locking out new entrants.

Anderson refers to the chip as the "Fritz" chip, after senator Fritz Hollings who has been "working tirelessly" to make TCPA compulsory. On boot, Fritz "checks that the boot ROM is as expected, executes it, measures the state of the machine; then checks the first part of the operating system, loads and executes it, checks the state of the machine; and so on. The trust boundary, of hardware and software considered to be known and verified, is steadily expanded. A table is maintained of the hardware (audio card, video card etc) and the software (O/S, drivers, etc); if there are significant changes, the machine must be re- certified. The result is a PC booted into a known state with an approved combination of hardware and software. Control is then handed over to enforcement software in the operating system - this is presumably Palladium if your operating system in Windows."

Note the similarities here to what Xbox is doing already.

"Once the machine is in this state, Fritz can certify it to third parties: for example, he will do an authentication protocol with Disney to prove that his machine is a suitable recipient of 'Snow White'. The Disney server then sends encrypted data, with a key that Fritz will use to unseal it. Fritz makes the key available only so long as the environment remains 'trustworthy'. For this purpose, 'trustworthy' means that the media player application won't make any unauthorised copies of content."

That's an example of the sort of procedure you'd encounter when the system is applied to the entertainment business. However, TCPA-enabled applications will likely have their security policies administered by remote servers, and this has other implications. What you're allowed to read could be censored for reasons other than copyright, so for example the scientologists might "convince a court that a certain document should be banned [and] get an order against a policy server." So to what extent could unpalatable and leaked documents be banned or disappeared?

It will be possible to turn TCPA off, but if it achieves critical mass then this will mean you don't have access to TCPA-enabled applications, which may isolate you a tad. "If the applications that use TCPA / Palladium are more attractive to the majority of people, you may end up simply having to use them - just as many people have to use Microsoft Word because all their friends and colleagues send them documents in Microsoft Word."

Anderson elaborates this, based on how this control has been used in the past:

"TCPA appears designed to maximise the effect, and thus the economic power, of such plays. Given Microsoft's record of competitive strategic plays, I expect that Palladium will support them. So if you control a TCPA-enabled application, then your policy server can enforce your choice of rules about which other applications will be allowed to use the files your code creates. These files can be protected using strong cryptography, with keys controlled by the Fritz chips on everybody's machines. What this means is that a successful TCPA-enabled application will be worth much more money to the software company that controls it, as they can rent out access to their interfaces for whatever the market will bear. So there will be huge pressures on software developers to enable their applications for TCPA; and if Palladium is the first operating system to support TCPA, this will give it a competitive advantage over GNU/Linux and MacOS with the developer community."

The most significant beneficiaries, he argues, will not be the content industries, but the incumbents in the IT business. "I expect the most significant economic effect will be to strengthen the position of incumbents in information goods and services markets at the expense of new entrants. This may mean a rise in the market cap of firms like Intel, Microsoft and IBM - but at the expense of innovation and growth generally. The majority of the innovations that spur economic growth are not anticipated by the manufacturers of the platforms on which they are based; and technological change in the IT goods and services markets is usually cumulative. Giving incumbents new ways to make life harder for people trying to develop novel uses for their products will create all sorts of traps and perverse incentives."

TCPA could also, as argued here the other day, undermine the GPL. Modified code would still be covered under the GPL, but " it will not make full use of the TCPA features unless you have it signed, and have a certificate that enables you to use the TCPA Public Key Infrastructure (PKI). That is what will cost you money (if not at first, then eventually).

"Even if a philanthropist does a not-for-profit secure linux, the resulting product would not really be a GPL version of a TCPA operating system, but a proprietary operating system that the philanthropist could give away free. (There are still issues about who would pay for use of the PKI that hands out user certs.)"

"People believed that the GPL made it impossible for a company to come along and steal code that was the result of community effort. That may have been the case so long as the processor was open, and anyone could access supervisor mode. But TCPA changes that. Once the majority of PCs on the market are TCPA-enabled, the GPL won't work as intended."

He concludes: "TCPA and Palladium do not so much provide security for the user, but for the PC vendor, the software supplier, and the content industry. They do not add value for the user. Rather, they destroy it, by constraining what you can do with your PC - in order to enable application and service vendors to extract more money from you."

You have been warned. The full document, which you should read several times a week until further notice, is available here. ®

More about


Send us news

Other stories you might like