The Doomsday Chip
Note - I give anyone and everyone my express permission to mirror or otherwise repost this article, anywhere in the world and for all time.
Dedication - To two wonderful friends I have abroad, each of whom has helped me greatly in his and her own way. My best wishes to both of you -- and keep safe!
IntroductionBack in the 1950's, the Egyptian ( Read more... )
http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html
The Cambridge cryptographer Ross Anderson has great concerns that "TC can support remote censorship [...] In general, digital objects created using TC systems remain under the control of their creators, rather than under the control of the person who owns the machine on which they happen to be stored (as at present) [...] So someone who writes a paper that a court decides is defamatory can be compelled to censor it - and the software company that wrote the word processor could be ordered to do the deletion if she refuses. Given such possibilities, we can expect TC to be used to suppress everything from pornography to writings that criticize political leaders."[8] He goes on to state that:
[...] software suppliers can make it much harder for you to switch to their competitors' products. At a simple level, Word could encrypt all your documents using keys that only Microsoft products have access to; this would mean that you could only read them using Microsoft products, not with any competing word processor. [...]
The [...] most important benefit for Microsoft is that TC will dramatically increase the costs of switching away from Microsoft products (such as Office) to rival products (such as OpenOffice). For example, a law firm that wants to change from Office to OpenOffice right now merely has to install the software, train the staff and convert their existing files. In five years' time, once they have received TC-protected documents from perhaps a thousand different clients, they would have to get permission (in the form of signed digital certificates) from each of these clients in order to migrate their files to a new platform. The law firm won't in practice want to do this, so they will be much more tightly locked in, which will enable Microsoft to hike its prices.[8]
Anderson summarizes the case by saying "The fundamental issue is that whoever controls the TC infrastructure will acquire a huge amount of power. Having this single point of control is like making everyone use the same bank, or the same accountant, or the same lawyer. There are many ways in which this power could be abused."[8]
summary.
Actually, this is another problem which I think most people don't think of, and probably won't be too concerned with until it bites them in the ass:
Shutting out of competing products
People have voiced concerns that trusted computing could be used to keep or discourage users from running software created by companies outside of a small industry group. Microsoft has received a great deal of bad press surrounding their Palladium software architecture, evoking comments such as "Few pieces of vaporware have evoked a higher level of fear and uncertainty than Microsoft's Palladium", "Palladium is a plot to take over cyberspace", and "Palladium will keep us from running any software not personally approved by Bill Gates".[31] The concerns about trusted computing being used to shut out competition exist within a broader framework of consumers being concerned about using bundling of products to obscure prices of products and to engage in anti-competitive practices.[3] Trusted Computing is seen as harmful or problematic to independent and open source software developers.[32]
Reply
Because a Trusted Computing equipped computer is able to uniquely attest to its own identity, it will be possible for vendors and others who possess the ability to use the attestation feature to zero in on the identity of the user of TC-enabled software with a high degree of certainty.
Such a capability is contingent on the reasonable chance that the user at some time provides user-identifying information, whether voluntarily, indirectly, or simply through inference of many seemingly benign pieces of data. (e.g. search records, as shown through simple study of the AOL search records leak[25]). One common way that information can be obtained and linked is when a user registers a computer just after purchase. Another common way is when a user provides identifying information to the website of an affiliate of the vendor.
While proponents of TC point out that online purchases and credit transactions could potentially be more secure as a result of the remote attestation capability, this may cause the computer user to lose expectations of anonymity when using the Internet.
Critics point out that this could have a chilling effect on political free speech, the ability of journalists to use anonymous sources, whistle blowing, political blogging and other areas where the public needs protection from retaliation through anonymity.
I know Jordan's blogged about SWATing; imagine that being made easier.
Reply
It could be worse because one could SWAT an opponent and simultaneously FRAME him. This might not be detectable: the target could wind up falsely imprisoned, and the frame might never be provable. This is a consequence of the vulnerability which the TPM chip would create in all security schemes, including those both of the target and of the LAW ENFORCEMENT AGENCIES.
This could also make the SWATing far more likely to produce violent consequences. Suppose the attacker not only falsely accuses the target, but also inserts disinformation about the target being a "known terrorist, presumed armed and dangerous, and an expert crack pistol shot" ...? This could create a situation where a stray hand motion might easily be interpreted by the arresting officers as a deadly threat, resulting in the death of the victim (and horrible emotional consequences to the police officers involved, especially if they eventually realized they'd been tricked).
This is just one of the potentially-dangerous scenarios possible given this level of systems vulnerability. You may envision a tyrannical government doing this as part of a coup-from-above, but it doesn't have to be -- any attacker (including criminals, terrorists and foreign Powers) might do this as part of a plan of destablizatation, damage and terror.
That's what can happen when you don't compartmentalize security.
Reply
Leave a comment