Trusted Computing != DRM
Jan. 17th, 2003 11:40 amOkay, so I've been paying vague amounts of attention to the whole Palladium/TCPA and DRM thing (for the acronym-disgusted, the Trusted Computing Platform Alliance, and Digital Rights Management).
The long and the short of this is that a year or so ago now, a bunch of manufacturers got together and said 'Computers aren't secure enough! Whadda we do to fix it?' They looked at eachother and someone piped in, saying 'Hey, encryption sucks cycles like hard vacuum, can you blame people for wanting their computers not to run like molasses in a cold snap?'
They looked in interest at the fellow, and said, 'Good point.' So they're designing what, in the end, comes down to a hardware encryption/decryption module which seems to be very like the Floating Point Units of yesteryear (not that FPUs are gone, just now they're ubiquitous) - it performs a few particular computations, particularly those involved in encryption, very fast, so your CPU doesn't have to. It just hands off the data, says 'gimme back something readable', and you're set.
So what does all this mean? Well, the TCPA, unfortunately, noticed the obvious applications to control your access to data by using the encryption to restrict the operations you can perform on it - thus, they can ship DVDs with their frames encrypted, and then the chip decrypts them solely to be viewed on screen. No easy way to copy them.
Now, this concept is what every Napster-generation geekling latched onto, screaming as if castrated, 'Nooooo, not my MP3s!'. Now, there's nothing suggesting anywhere in the above that you won't be able to make your own MP3s, or even continue sharing pirated MP3s. But people fear.
So here's an alternative use which people aren't considering much. How about securing _your_ communications? In this day and age, somehow a lot of people don't consider the fact that the Internet is a network, where, at certain points, anyone who's paying attention can see what you're doing. Certain allowances have been made, things like SSL on your Web connection so people can't see your credit card number, but really, the consumer's not paying much attention to their privacy.
Enter this lovely encryption chip (called a TPM), where we could up the encryption significantly. Geeks out there? try this on for size: Hardware Accelerated SSH. Connections to your MMORPG could be encrypted, so those damn kids couldn't edit the packets to give them better toys than you have legally. Encrypted Voice over IP.
A bit privacy boost, right? Well... It's a single point of failure if someone backdoors it (conspiracy theories, whee!), and even if noone backdoors it, a bad algorithm on the encryption or the random number generation could make you miserable. So it's not perfect. As for the DRM uses, emulation is the key: people will find ways to reverse engineer the thing and find ways to get the information. It may be difficult, and it will come with the big ugly bully of the legal arena, the DMCA, but the pirates will win eventually. So really, the DRM concerns are overblown, I think.
In any case, some fun possibilities. I really do look forward to having my SSH hardware accelerated.
update: Of course, immediately I get into verbal combat over the possible downsides. I'm aware that there seems to be some possibility that you could cripple open source somehow or a bunch of silly shit like that. It's a valid concern, but at this point, I think it's paranoid overkill to think that's likely in the near future.
The long and the short of this is that a year or so ago now, a bunch of manufacturers got together and said 'Computers aren't secure enough! Whadda we do to fix it?' They looked at eachother and someone piped in, saying 'Hey, encryption sucks cycles like hard vacuum, can you blame people for wanting their computers not to run like molasses in a cold snap?'
They looked in interest at the fellow, and said, 'Good point.' So they're designing what, in the end, comes down to a hardware encryption/decryption module which seems to be very like the Floating Point Units of yesteryear (not that FPUs are gone, just now they're ubiquitous) - it performs a few particular computations, particularly those involved in encryption, very fast, so your CPU doesn't have to. It just hands off the data, says 'gimme back something readable', and you're set.
So what does all this mean? Well, the TCPA, unfortunately, noticed the obvious applications to control your access to data by using the encryption to restrict the operations you can perform on it - thus, they can ship DVDs with their frames encrypted, and then the chip decrypts them solely to be viewed on screen. No easy way to copy them.
Now, this concept is what every Napster-generation geekling latched onto, screaming as if castrated, 'Nooooo, not my MP3s!'. Now, there's nothing suggesting anywhere in the above that you won't be able to make your own MP3s, or even continue sharing pirated MP3s. But people fear.
So here's an alternative use which people aren't considering much. How about securing _your_ communications? In this day and age, somehow a lot of people don't consider the fact that the Internet is a network, where, at certain points, anyone who's paying attention can see what you're doing. Certain allowances have been made, things like SSL on your Web connection so people can't see your credit card number, but really, the consumer's not paying much attention to their privacy.
Enter this lovely encryption chip (called a TPM), where we could up the encryption significantly. Geeks out there? try this on for size: Hardware Accelerated SSH. Connections to your MMORPG could be encrypted, so those damn kids couldn't edit the packets to give them better toys than you have legally. Encrypted Voice over IP.
A bit privacy boost, right? Well... It's a single point of failure if someone backdoors it (conspiracy theories, whee!), and even if noone backdoors it, a bad algorithm on the encryption or the random number generation could make you miserable. So it's not perfect. As for the DRM uses, emulation is the key: people will find ways to reverse engineer the thing and find ways to get the information. It may be difficult, and it will come with the big ugly bully of the legal arena, the DMCA, but the pirates will win eventually. So really, the DRM concerns are overblown, I think.
In any case, some fun possibilities. I really do look forward to having my SSH hardware accelerated.
update: Of course, immediately I get into verbal combat over the possible downsides. I'm aware that there seems to be some possibility that you could cripple open source somehow or a bunch of silly shit like that. It's a valid concern, but at this point, I think it's paranoid overkill to think that's likely in the near future.