What are Palladium, TCPA and DRM?

Using Palladium, a Windows-Extension to be delivered in 2005, the software and Hollywood industry wants to control the actions of every PC on the planet. The reason is digital rights management (DRM), allegedly used to protect the rights of artists.

The Palladium-enabling hardware is called TCPA (=Trusted Computing Platform Alliance), which is currently supported by about 200 manufacturers lead by Intel.

Evidently, Windows becomes a DRM-OS = "Digital Rights Management Operating System", the concept of which is already patented. This has enormous consequences. Within the cryptography mailing list there are commented excerpts from the patent.

An early description of the rationale and the motives behind all this is to be found in Ross Anderson's TCPA/Pd-FAQ.

Motive of the Hardware and Software Companies?

Let Intel speak:

"This is a new focus for the security community, [...] 
 The actual user of the PC - someone who can do anything they want 
 - is the enemy."

 David Aucsmith, security architect for Intel, 
 as quoted in an article by Robert Lemos of ZD Network News, 
 Feburary 25, 1999

from Trusted Computing: Trusted by Whom? 
by  Eric Smith

Microsoft praising its new baby: here.

Why is this worrying?

Richard Stallman, Founder of the GNU project which already has developed and distributed a lot of free software:

Microsoft presents Palladium as a security measure, and claims
that it will protect against viruses, but this claim is evidently
false. A presentation by Microsoft Research in October 2002 stated
that one of the specifications of Palladium is that existing
operating systems and applications will continue to run; therefore,
viruses will continue to be able to do all the things that they
can do today.

When Microsoft speaks of "security" in connection with Palladium,
they do not mean what we normally mean by that word: protecting your
machine from things you do not want. They mean protecting your copies
of data on your machine from access by you in ways others do not
want. A slide in the presentation listed several types of secrets
Palladium could be used to keep, including "third party secrets"
and "user secrets" -- but it put "user secrets" in quotation marks,
recognizing that this is not what Palladium is really designed for.

The presentation made frequent use of other terms that we frequently
associate with the context of security, such as "attack," "malicious
code," "spoofing," as well as "trusted." None of them means what it
normally means. "Attack" doesn't mean someone trying to hurt you,
it means you trying to copy music. "Malicious code" means code
installed by you to do what someone else doesn't want your machine
to do. "Spoofing" doesn't mean someone fooling you, it means you
fooling Palladium. And so on.

from Can you trust your computer? by Richard Stallman

Palladium/TCPA Links

Overview

TCPA/Palladium is the subject of CRYPTO-GRAM: Bruce Schneier. CRYPTO-GRAM Aug. 2002.
Ross Andersons TCPA/Pd-FAQ.
TCPA slides: Lucky Green. Trusted computing platform alliance: The mother(board) of all big brothers. Folien [PDF]
Heise Newsticker. Microsoft verrät neue Details zu Palladium.
Microsoft renames Palladium to "next generation trusted computing base" : ZDNet. What's in a Name? Not Palladium.
TCPA renamed to TCG (Trusted Computing Group)
Ross Anderson Trusted Computing and Competition Policy - Issues for Computing Professionals

Comments

What does trust mean in the context of Palladium: Richard Stallman. Can you trust your computer?
Comment to Ross Anderson's TCPA-FAQ: Lucky Green. Ross's tcpa paper.
What about a TCPA compliant Linux: http://cryptome.org/tcpa-rja2.htm
What is the driving force behind Palladium: software- or CD/DVD copy protection? Robert X. Cringely: A hollywood ending - does Microsoft really care about protecting the entertainment industry?
Viewpoint of Palladium developers: Peter N. Biddle. Posting on cryptography newsgroup.
How free software remains free software: the GNU license of the Free Software Foundation.
The concerns of the German ministry of economy.
Microsoft's answer:
```
Germany has little to worry about.
```
Comments from leading cryptographers Diffie and Rivest

Copy Protection

CBDTPA: Consumer Broadband and Digital Television Promotion Act What is At Stake for Content Creators, Purveyors and Users?.
Book: Litman, Digital Copyright: Protecting Intellectual Property on the Internet

Does the Digital Millenium Copyright Act constrain scientific research? Yes, see The DMCA and the Regulation of Scientific Research and Super-DMCA fears suppress security research

[...] the DMCA will have a non-trivial impact on the conditions under
which such research takes place. Specifically, the DMCA will:
impose additional hurdles, which researchers must overcome before
engaging in and publishing their research; limit the universe of
individuals with whom researchers can freely communicate about
their research; require disclosure of the intention to engage in
research and the fruits of such research to third-parties; affect
the content of academic research papers; and limit avenues for
publication of the results of such research. Thus, even if academic
encryption researchers can continue to conduct and publish their
research under the DMCA without significant practical risk of
criminal or civil liability, the DMCA will significantly affect
the manner in which such research is conducted. [...]

RIAA vs. college students lawsuit concerning alleged damages of $97.800.000.000 (Apr 3, 2003). Settlement: $17.000 per student (01.05.2003).
the music industry struggles to make it difficult to copy CDs: Jim Peters. Corrupt audio discs, aka "copy-protected CDs".
FAQ on copy protection, DVDs, law, DeCSS
CNN. Developer of DeCSS acquitted Teen cleared in landmark DVD case.
Heise-Newsticker: the music industry damages itself Die Musikindustrie schadet sich selbst.
The viewpoint of artists: Janis Ian. The internet debacle - an alternative view.
Fallout - a follow up to the internet debacle
A patent to prevent Palladium based software copy protection: Lucky Green. FAQ: How will Microsoft respond to Lucky's patent application?
On the collapse of Intel's processor ID concept : Daniel Rubin. Intel backs off, disables pentium ID feature.
Apple not member of TCPA: Daniel H. Steinberg. The near future of digital rights management.

Technical Aspects

The TCPA Specifikation
Palladium developers talk about their project: Seth Schoen. Palladium details.
The advertised security can be achieved with existing hardware: Niels Ferguson. Palladium. In Crypto-Gram 09/2002.
VMWARE, a product separating operating systems from each other
Virtual machines on the Intel platform: John S. Robin and Cynthia E. Irvine. Analysis of the intel pentium's ability to support a secure virtual machine monitor.
Market share of Open Source Software: Berlecon. Free/libre open source software: Survey and study.
security of open vs. closed software: Ross Anderson. Security in open versus closed systems - the dance of Boltzmann, Coase and Moore. http://www.ftp.cl.cam.ac.uk/ftp/users/rja14/toulouse.pdf
BIOS Chip, which could enable to circumvent TCPA: IOSS. RD1 BIOS savior.
A security concept for BSD-Unix: Jails. P.-H. Kamp and R. N. M. Watson. Jails: Confining the omnipotent root.

Free Applications

Office packages: OpenOffice. http://www.openoffice.org, und KOffice. http://www.koffice.org
OpenSSH (Secure Shell), secure login over the Internet
OpenSSL (Secure Socket Layer), secure web server connections

Law

Europe. The EU Copyright Directive. EUCD
Germany to realize the European Copyright Directive. Entwurf eines Gesetzes zur Regelung des Urheberrechts in der Informationsgesellschaft.
Microsoft's U.S. antitrust case: U.S. Department of Justice. United States v. Microsoft current case.
Situation of L. Green's patent: Peter Rojas. Can a hacker outfox Microsoft?
In the meantime Microsoft uses the patent law to prevent compatibility.

Awards

Big Brother Award 2002 the award for companies which are good at violating user privacy

Further Links

Windows1984.com
The Right to Read by Richard Stallman

page updated Oct 3, 2009