The Doomsday Chip

[jordan179]

Note - I give anyone and everyone my express permission to mirror or otherwise repost this article, anywhere in the world and for all time.

Dedication - To two wonderful friends I have abroad, each of whom has helped me greatly in his and her own way.  My best wishes to both of you -- and keep safe!

IntroductionBack in the 1950's, the Egyptian

Comments

[cutelildrow]

As a foreigner I have no interest in letting the NSA or any other US government information collection agency get into my computer - and it really does not matter if there's nothing in my computer other than a massive collection of food recipes, gardening tips, family photos and artwork, with the occasional political essay. As a non-US citizen I also have no interest in being caught up in the US government's blatant violation of its' own laws - whether it's constitutional or antitrust - I'm not beholden to the US nor its' laws and obligations, and from the way that government institutions have been used in America to persecute conservative points of view, I'd have been one of the people likely targeted or victimized by such an approach (see the IRS scandal, which still has yet to be resolved or further reported on - I suspect they need the money to pay off their various welfare programs that aren't welfare programs, eh?TPM and it's actual applied bullshit is part of DRM, and guess what Microsoft? You're not the only company out there

[jordan179]

As a foreigner I have no interest in letting the NSA or any other US government information collection agency get into my computer.

I completely agree with you. Not only that, but to the extent that any foreign government cooperates with such an American information-collection, absent a clear mutual interest (such as putting-down international terrorism), that government would be betraying its own people.

This is the ultimate reason why this mad spy scheme is unlikely to do much good for the United States of America, even if by some miracle we avoid all the threats I mention. While the US government can mandate TPM compliance by American agencies, citizens and corporations, it can neither mandate nor enforce such cooperation by the agencies, citizens and corporations of other countries.

Given that the US government cannot do that, TPM-based espionage will only work to the extent that other countries are willing to use TPM-compliant hardware and software, or at least permit it to be used by personnel and companies in sensitive

[cutelildrow]

This may -- as we once discussed in chat -- lead to the movement of the Silicon Valley companies abroad, especially if the US Administration is insane enough to attempt to forbid the writing of such software.Ah, but what if it becomes illegal for an American company to leave the US, without say, massive fines, or even surrendering all assets? I'm assuming the worst especially as there is such a shortage of industry and jobs there in the US now. Manufacturing is gone (I believe Western Digital has moved their production out of the nation, for example; I don't know what other companies are still in the US); software engineering and data services are one of the few things that seem to continue being available as a viable industry there

[jordan179]

Ah, but what if it becomes illegal for an American company to leave the US, without say, massive fines, or even surrendering all assets?

Then individuals will leave and start-up new companies overseas. Short of refusing to let the actual businessmen and programmers leave the country, there's no way to force them to work in America. And prohibiting them to leave would probably trigger a panicked flight of the better programmers -- who, because of what they know how to do are impossible to hold.

[marmoe]

Unrelated to TPM, but another single point of failure:
http://www.pcworld.com/article/2058000/lavabit-encryption-key-ruling-threatens-internet-privacy-eff-argues.html

[jordan179]

This is a good example both of poor administration of the intelligence agencies and an implicit assumption that Only America Is Real on the part of the United States Government. Both these come from the amateurishness and arrogance of the Obama Administration.

The main strategy for keeping any secret is simple: don't tell it to anyone who will tell other people. This means: tell it to as few people as possible (those who uncover it and the ultimate consumers of the intelligence) and make sure that you don't hire anyone to work with it who seems as if they will be opposed to what one's agency is doing.The Obama Administration assumes itself to be inherently noble and morally-annointed to accomplish its ends, so it has very great difficulty understanding that anyone might honestly disagree with its objectives. What's more, it self-identifies as being of the Left and sees neither flaw nor contradiction in the Left, so it tends to hire and promote Leftists to sensitive positions (to ensure political support for itself in a crisis)

[marmoe]

My point in linking to this article was rather that US courts are just trying to dismantle even basic internet data security. Get the master key from facebook and you can read the diaries of anyone on facebook. Get the ones from google and google mail is in your hand. Don't even think for a moment the ruling would have been any different under Bush.

[jordan179]

Bush had a more realistic sense of his own limitations, both personal and political, than does Obama. Having said that, you're right that the authoritarian trend is bigger than any one President or even Party.

[fervid_dryfire]

This is an amazing work. My hat is off to you for going to what are clearly great lengths in creating it.

[jordan179]

Thank you. I'm a patriotic American and my hope is that by posting this I am doing my part in speeding the rejection of this deeply-flawed system so that it can be the more quickly replaced by something better-compartmented. I fear that the more it is accepted before its failure, the more disastrous the failure and the greater the damage -- economic and otherwise -- that will be done to my country before its failings are so obvious that the groupthink regarding the system is finally broken.

[cutelildrow]

Also related: http://www.news.com.au/technology/online/youre-under-surveillance-almost-every-minute-of-the-day/story-fnjwnfzw-1226746672303

[cutelildrow]

Here's a more comprehensive description by a Cambridge cryptographer.

http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html

The Cambridge cryptographer Ross Anderson has great concerns that "TC can support remote censorship [...] In general, digital objects created using TC systems remain under the control of their creators, rather than under the control of the person who owns the machine on which they happen to be stored (as at present) [...] So someone who writes a paper that a court decides is defamatory can be compelled to censor it - and the software company that wrote the word processor could be ordered to do the deletion if she refuses. Given such possibilities, we can expect TC to be used to suppress everything from pornography to writings that criticize political leaders."[8] He goes on to state that

A Doomsday Chip? Not exactly

[inverarity]

This is just Clipper Chip hysteria redux.

TPM is not remotely new. It's the latest round of "trusted computing" and it's been around for well over 10 years. Here's a very critical article from 2003, and you'll note that most of Ross Anderson's fears remain hypothetical (as do most of the deployments of TPM proposed in that article.)

Bruce Schneier, whose name I assume you are familiar with (and if you're not, you really haven't done much reading in this area you are wading into), has written about TPM for years. Trusted Computing Best Practices (2005), Microsoft's BitLocker (2006), TPM to End Piracy (2008). (The last link has links to even earlier articles

Re: A Doomsday Chip? Not exactly

[inverarity]

tl;dr: no, the TPM does not create a "master key" that some nefarious individual could somehow acquire and thence take over every computer in the world running a TPM

Re: A Doomsday Chip? Not exactly

[jordan179]

no, the TPM does not create a "master key" that some nefarious individual could somehow acquire and thence take over every computer in the world running a TPM.

Actually, half the key is centrally-created and then spawned through random variation. The other half is your personal password. The thing is that if you crack the logic of the TPM chip itself -- any TPM chip -- you have a huge leg up on cracking any TPM password, because you can "deduce" (actually calculate using your own encryption equipment) the fundamental logic by which the firmware part of the key is generated. If you actually have the manufacturing records, you would have all the firmware keys and would then only need the private component to the passwords

Re: A Doomsday Chip? Not exactly

[jordan179]

Lastly, I'm kind of surprised that someone who mistrusts the "Mainstream Media" as much as you do takes everything negative reported about the NSA at face value.

This hasn't BEEN reported in the MSM, and I know for sure that it is being censored on a lot of the Internet (particularly those parts run by companies with investments in TPM) as well. (If certain people would like to publicize their relevant experiences here, I'd appreciate it, but I won't talk about it myself).

And no, I mostly like, respect and admire the NSA. It's just that this technology offers such potential for abuse that I wouldn't feel safe unless the Lensman of E. E. "Doc" Smith's Galactic Patrol were running it.

There are many, many watchers watching the watchmen.Right now, the ultimate "watcher" (the President of the United States of America) is demonstrably an arrogant and corrupt man who acts out of a deep disrespect for the US Constitution. But since one cannot guarantee that any particlar President will be competent or lawful (though admittedly,