[ltp] TCPA on Thinkpads

iriXx linux-thinkpad@linux-thinkpad.org
Thu, 20 Mar 2003 09:24:38 +0000

nb. further to the problems with coding GNU/Linux drivers, it is also 
obvious that there is no means by which GPL licensed software can be 
enforced if it is adopted into proprietary redistribution (something 
which the license is designed to prevent) - as it will become illegal to 
discover whether the source code has become implemented. the whole 
system is designed to remove Free Software from circulation. also you 
cannot code a GPL licensed OS for use on TCPA because it is *already* 
illegal under existing laws in Europe and the US to redistribute the 
source code (think DeCSS).

dont forget that those very TCPA chips on your thinkpads are designed to 
control the bootstrap mechanism, so you will be unable to run GNU/Linux 
on your thinkpad - once its activated, even the CDPA 1988 will rule that 
this is illegal, so we can kiss goodbye to this mailing list.

Can you trust your computer?

By Richard Stallman -
Who should your computer take its orders from? Most people think their 
computers should obey them, not obey someone else. With a plan they call 
"trusted computing," large media corporations (including the movie 
companies and record companies), together with computer companies such 
as Microsoft and Intel, are planning to make your computer obey them 
instead of you. Proprietary programs have included malicious features 
before, but this plan would make it universal.

Proprietary software means, fundamentally, that you don't control what 
it does; you can't study the source code, or change it. It's not 
surprising that clever businessmen find ways to use their control to put 
you at a disadvantage. Microsoft has done this several times: one 
version of Windows was designed to report to Microsoft all the software 
on your hard disk; a recent "security" upgrade in Windows Media Player 
required users to agree to new restrictions. But Microsoft is not alone: 
the KaZaa music-sharing software is designed so that KaZaa's business 
partner can rent out the use of your computer to their clients. These 
malicious features are often secret, but even once you know about them 
it is hard to remove them, since you don't have the source code.

In the past, these were isolated incidents. "Trusted computing" would 
make it pervasive. "Treacherous computing" is a more appropriate name, 
because the plan is designed to make sure your computer will 
systematically disobey you. In fact, it is designed to stop your 
computer from functioning as a general-purpose computer. Every operation 
may require explicit permission.

The technical idea underlying treacherous computing is that the computer 
includes a digital encryption and signature device, and the keys are 
kept secret from you. (Microsoft's version of this is called 
"palladium.") Proprietary programs will use this device to control which 
other programs you can run, which documents or data you can access, and 
what programs you can pass them to. These programs will continually 
download new authorization rules through the Internet, and impose those 
rules automatically on your work. If you don't allow your computer to 
obtain the new rules periodically from the Internet, some capabilities 
will automatically cease to function.

Of course, Hollywood and the record companies plan to use treacherous 
computing for "DRM" (Digital Restrictions Management), so that 
downloaded videos and music can be played only on one specified 
computer. Sharing will be entirely impossible, at least using the 
authorized files that you would get from those companies. You, the 
public, ought to have both the freedom and the ability to share these 
things. (I expect that someone will find a way to produce unencrypted 
versions, and to upload and share them, so DRM will not entirely 
succeed, but that is no excuse for the system.)

Making sharing impossible is bad enough, but it gets worse. There are 
plans to use the same facility for email and documents -- resulting in 
email that disappears in two weeks, or documents that can only be read 
on the computers in one company.

Imagine if you get an email from your boss telling you to do something 
that you think is risky; a month later, when it backfires, you can't use 
the email to show that the decision was not yours. "Getting it in 
writing" doesn't protect you when the order is written in disappearing ink.

Imagine if you get an email from your boss stating a policy that is 
illegal or morally outrageous, such as to shred your company's audit 
documents, or to allow a dangerous threat to your country to move 
forward unchecked. Today you can send this to a reporter and expose the 
activity. With treacherous computing, the reporter won't be able to read 
the document; her computer will refuse to obey her. Treacherous 
computing becomes a paradise for corruption.

Word processors such as Microsoft Word could use treacherous computing 
when they save your documents, to make sure no competing word processors 
can read them. Today we must figure out the secrets of Word format by 
laborious experiments in order to make free word processors read Word 
documents. If Word encrypts documents using treacherous computing when 
saving them, the free software community won't have a chance of 
developing software to read them -- and if we could, such programs might 
even be forbidden by the Digital Millennium Copyright Act.

Programs that use treacherous computing will continually download new 
authorization rules through the Internet, and impose those rules 
automatically on your work. If Microsoft, or the U.S. government, does 
not like what you said in a document you wrote, they could post new 
instructions telling all computers to refuse to let anyone read that 
document. Each computer would obey when it downloads the new 
instructions. Your writing would be subject to 1984-style retroactive 
erasure. You might be unable to read it yourself.

You might think you can find out what nasty things a treacherous 
computing application does, study how painful they are, and decide 
whether to accept them. It would be short-sighted and foolish to accept, 
but the point is that the deal you think you are making won't stand 
still. Once you come depend on using the program, you are hooked and 
they know it; then they can change the deal. Some applications will 
automatically download upgrades that will do something different -- and 
they won't give you a choice about whether to upgrade.

Today you can avoid being restricted by proprietary software by not 
using it. If you run GNU/Linux or another free operating system, and if 
you avoid installing proprietary applications on it, then you are in 
charge of what your computer does. If a free program has a malicious 
feature, other developers in the community will take it out, and you can 
use the corrected version. You can also run free application programs 
and tools on non-free operating systems; this falls short of fully 
giving you freedom, but many users do it.

Treacherous computing puts the existence of free operating systems and 
free applications at risk, because you may not be able to run them at 
all. Some versions of treacherous computing would require the operating 
system to be specifically authorized by a particular company. Free 
operating systems could not be installed. Some versions of treacherous 
computing would require every program to be specifically authorized by 
the operating system developer. You could not run free applications on 
such a system. If you did figure out how, and told someone, that could 
be a crime.

There are proposals already for U.S. laws that would require all 
computers to support treacherous computing, and to prohibit connecting 
old computers to the Internet. The CBDTPA (we call it the Consume But 
Don't Try Programming Act) is one of them. But even if they don't 
legally force you to switch to treacherous computing, the pressure to 
accept it may be enormous. Today people often use Word format for 
communication, although this causes several sorts of problems (see 
http://www.gnu.org/philosophy/no-word-attachments.html). If only a 
treacherous computing machine can read the latest Word documents, many 
people will switch to it, if they view the situation only in terms of 
individual action (take it or leave it). To oppose treacherous 
computing, we must join together and confront the situation as a 
collective choice.

For further information about treacherous computing, see 

To block treacherous computing will require large numbers of citizens to 
organize. We need your help! The Electronic Frontier Foundation 
(www.eff.org) and Public Knowledge (www.publicknowledge.org) are 
campaigning against treacherous computing, and so is the FSF-sponsored 
Digital Speech Project (www.digitalspeech.org). Please visit these Web 
sites so you can sign up to support their work.

You can also help by writing to the public affairs offices of Intel, 
IBM, HP/Compaq, or anyone you have bought a computer from, explaining 
that you don't want to be pressured to buy "trusted" computing systems 
so you don't want them to produce any. This can bring consumer power to 
bear. If you do this on your own, please send copies of your letters to 
the organizations above.


1. The GNU Project distributes the GNU Privacy Guard, a program that 
implements public-key encryption and digital signatures, which you can 
use to send secure and private email. It is useful to explore how GPG 
differs from treacherous computing, and see what makes one helpful and 
the other so dangerous.

When someone uses GPG to send you an encrypted document, and you use GPG 
to decode it, the result is an unencrypted document that you can read, 
forward, copy, and even re-encrypt to send it securely to someone else. 
A treacherous computing application would let you read the words on the 
screen, but would not let you produce an unencrypted document that you 
could use in other ways. GPG, a free software package, makes security 
features available to the users; they use it. Treacherous computing is 
designed to impose restrictions on the users; it uses them.

2. Microsoft presents Palladium as a security measure, and claims that 
it will protect against viruses, but this claim is evidently false. A 
presentation by Microsoft Research in October 2002 stated that one of 
the specifications of Palladium is that existing operating systems and 
applications will continue to run; therefore, viruses will continue to 
be able to do all the things that they can do today.

When Microsoft speaks of "security" in connection with Palladium, they 
do not mean what we normally mean by that word: protecting your machine 
from things you do not want. They mean protecting your copies of data on 
your machine from access by you in ways others do not want. A slide in 
the presentation listed several types of secrets Palladium could be used 
to keep, including "third party secrets" and "user secrets" -- but it 
put "user secrets" in quotation marks, recognizing that this is not what 
Palladium is really designed for.

The presentation made frequent use of other terms that we frequently 
associate with the context of security, such as "attack," "malicious 
code," "spoofing," as well as "trusted." None of them means what it 
normally means. "Attack" doesn't mean someone trying to hurt you, it 
means you trying to copy music. "Malicious code" means code installed by 
you to do what someone else doesn't want your machine to do. "Spoofing" 
doesn't mean someone fooling you, it means you fooling Palladium. And so on.

3. A previous statement by the Palladium developers stated the basic 
premise that whoever developed or collected information should have 
total control of how you use it. This would represent a revolutionary 
overturn of past ideas of ethics and of the legal system, and create an 
unprecedented system of control. The specific problems of these systems 
are no accident; they result from the basic goal. It is the goal we must 

Copyright 2002 Richard Stallman
Verbatim copying and distribution of this entire article is permitted 
without royalty in any medium provided this notice is preserved.

Allen, Michael B (RSCH) wrote:
> Well educated but apparently still irresponsible. Here's a question
> from this so called "FAQ":
>   18. Ugh. What else?
>   TCPA will undermine the General Public License (GPL), under
>   which many free and ...
> Looks like a opinionated rant disguised to be an fact based unbiased
> informational document. That's just irresponsible.
> Mike
>>-----Original Message-----
>>From:	iriXx [SMTP:dev_null@iriXx.org]
>>Sent:	Wednesday, March 19, 2003 7:12 PM
>>To:	linux-thinkpad@linux-thinkpad.org
>>Subject:	Re: [ltp] TCPA on Thinkpads
>>i would think as the UK's leading cryptologist, Cambridge professor Ross 
>>Anderson is already pretty well educated...
>>Allen, Michael B (RSCH) wrote:
>>>That page should be renamed tcpa-fud.html. Hardware supported key management
>>>is a natrual progression in computing and one that I welcome. Do not confuse
>>>TCPA (Trusted Computing Platform Alliance) with CBDTPA (Consumer Broadband
>>>and Digital Television Promotion Act). They are conceptually two completely
>>>different things. Get educated. Don't run with the herd.
>>>>-----Original Message-----
>>>>From:	iriXx [SMTP:dev_null@iriXx.org]
>>>>Sent:	Wednesday, March 19, 2003 5:07 PM
>>>>To:	linux-thinkpad@linux-thinkpad.org
>>>>Subject:	Re: [ltp] TCPA on Thinkpads
>>>>Greg Herlein wrote:
>>>>>>This chip is not intended to "spy" on you. 
>>>>Ross Anderson says different:
>>>>i think what is of concern is not what tcpa is being used for currently 
>>>>but what it *might* be used for.
>>>>im writing a book on the subject (see www.copyleftmedia.org.uk) and have 
>>>>been reading about it for the last year. the further i get into this the 
>>>>more worrying it becomes.
>>>>http://ukcdr.org has some good info too....
>>>> _
>>>>( )  ascii ribbon against html email
>>>> X
>>>>/ \    cat /dev/sda1 > /dev/dsp
>>>>  *** stopping make sense ***
>>>>The linux-thinkpad mailing list home page is at:
>>( )  ascii ribbon against html email
>>  X
>>/ \    cat /dev/sda1 > /dev/dsp
>>   *** stopping make sense ***
>>The linux-thinkpad mailing list home page is at:


( )  ascii ribbon against html email
/ \    cat /dev/sda1 > /dev/dsp

   *** stopping make sense ***