On Saturday, January 24, 2004, I attended an all-day class on Trusted Computing hosted by the Freedom Technology Center in Mountain View, CA. The class was taught by the Electronic Frontier Foundation's Staff Technologist, Seth Schoen.
You could get the basic flavor of the class by reading Seth's articles, Trusted Computing: Promise and Risk and Give TCPA an Owner Override. He is writing a book on Trusted Computing, and spent the day taking us through his outline in detail.
This was an excellent class because of Seth. He is able to explain extremely technical hardware specifications to someone who is not an electrical engineer or even a computer scientist. He also has a balanced view of Trusted Computing, and took the time to point out the possible benefits of this technology along with the potential abuses.
We began with a discussion of some of the basic problems of computer security. Example: Presently, it is difficult, if not impossible, to know with certainty whether your computer is doing what you think it is doing and only what you think it is doing. That is, if you've ever left your computer physically unattended on your desk, or if you've ever been on the internet or a network without a completely patched system, or even if the manufacturer of your computer installed your O/S for you, then for all you know you could right now be infected with a boot sector virus that starts prior to your O/S, takes control of key features of the O/S and systematically fools any anti-virus software (or other security tool) that subsequently runs. The problem is probably worse if you need to know with certainty that a remote computer you wish to communicate with has not been compromised.
We also discussed the security problem that Roman poet and satirist, Juvenal, noted as long ago as the first century A.D. "Who will watch the watchers?" Your anti-virus program and indeed, any other security tool, can be compromised just like a regular application can and then cheerily report that all is well. The basic upshot of this preliminary background was that current computer security poses some fairly intractable problems.
Enter Trusted Computing. The amazing thing about these chips is that, if implemented as planned, I think they would actually do something to solve some of these very hard security problems discussed above.
The next four hours or so were spent detailing the four different initiatives out there that fall under the heading of Trusted computing. They are TCPA (now known as TCG), Intel's LaGrande, AMD's SEM, and Microsoft's Palladium (now known as NGSCB). This was probably the most valuable part of the day, because understanding how this stuff works and why one might be motivated to design it in this way is necessary in order to begin to think of alternative methods of design that might achieve similar ends with less potential for abuse or to discuss it intelligently at all.
We spent a lot of time looking at the four main features of trusted computing which are:
Of course, lots of things are "opt-in" in name, but in practice, given other considerations, you can be left with little real choice. This is a big problem I will save for later. The point is that the story is not as simple as many Slashdot posters frame it. It's not "Microsoft wants to crush Linux and so they are going to force a chip down consumer's throats that will make it impossible to install a non-MS O/S." In fact, the only TPM that you can buy right now comes in an IBM laptop that runs Linux! You can read a fairly technical article about this.
But there is the potential for abuse. Since that's what everyone wants to hear about, here's the scoop on that. This architecture makes problems that we have now, which can be worked around (sometimes only through extreme measures by super-geeks) truly insurmountable.
I think our best defense temporarily is that IBM and Sun are members of the TCG, and given their interests in operating systems other than Windows, they are not going to do something that would allow for in principle or in practice O/S lock-in. The fact that so many internet servers run on other O/Ss also make it difficult to imagine that non-MS O/Ss could be kicked off the internet, for instance. (This could happen if your ISP's router had a TPM chip and a policy requiring all connecting computers to prove they were running the latest Windows OS with all patches applied.)
Personally, I think the fact that such an architecture makes reverse engineering of software in principle impossible is enough reason to scrap the whole thing. I doubt most people care so much about reverse engineering though. The only avenue I see for motivating wide-spread consumer concern is to hammer on the very real possibility of undetectable spyware. Sadly, many people don't even care about their privacy, so this may not work either.
When our audience is the industry and not consumers, then Seth's proposal of an owner override to attestation becomes a pretty great idea. It defeats some of the benefits of the architecture, but also prevents some of the abuses.
Overall, I think framing the question this way might be best: Do we want to continue to have computers over which the individual has total control or do we want to have computers where we give up part of our control to the hardware itself/a third party? The thing about total individual control is that individuals are sometimes up to no good or are too lazy/uninformed to keep their systems secure and so some harm comes from giving them total control over their computers. But, the best argument here might be: That's OK. We simply prefer to live in a world where we control our computers. Even if ceding some of that control brought us better security in some instances, we might simply say: So what?
Law geeks will enjoy this immensely. Is there an enforceable contract between The Dark Lord, Sauron, and Dain, King of the Dwarves, regarding the finding of The Ring? The passage in question:
"As a small token of your friendship Sauron asks this," he said: "that you should find this thief," such was his word, "and get from him, willing or no, a little ring, the least of rings, that once he stole. It is but a trifle that Sauron fancies, and an earnest of your good will. Find it, and three rings that the Dwarf-sires possessed of old shall be returned to you, and the realm of Moria shall be yours for ever. Find only news of the thief, whether he still lives and where, and you shall have great reward and lasting friendship from the Lord. Refuse, and things will not seem so well. Do you refuse?"The further analysis by commenters is nearly as good as the original analysis. [See the link above!] As Dain's attorney though, I'd like to mention that we have another defense we intend to present to the claims of breach of contract brought by Sauron and his heirs. If the many other issues of offer and acceptance, the Statute of Frauds, etc. are resolved favorably to Sauron, then it is still my client's claim that this "contract" should not be enforced because it is clearly unconscionable.
--The Fellowship of the Ring, in "The Council of Elrond"
There are both procedural and substantive aspects of unconscionability, and both are present in the instant case. Procedural unconscionability involves either oppression or unfair surprise. Both procedural flaws exist here.
Oppression is present in the form of an inequality of bargaining power. One might argue that no one has the bargaining power of the Dark Lord Sauron and hence that any purported contracts he enters are thereby unconscionable. But this proves too much. Rather, we argue that Sauron's failure to disclose the true nature of the "trifle", the failure to disclose the presence of a balrog in Moria, and the implied threat for non-acceptance all contributed to an inequality of bargaining power.
Further unfair surprise exists here because the undisclosed terms of this agreement were not merely hidden in a prolix form contract, but were absent altogether from the oral negotiations. Nowhere does Sauron disclose that a term of the contract will be the subsequent enslavement of the wills of all formerly free people to the power of the One Ring. In such a context, it is unclear that the promise of "lasting friendship" could amount to consideration at all. For friends must be freely chosen, and enslaved minds make no free choices about their friends. And the three rings that would be returned, as mere tools of the aforementioned enslavement, also fail to constitute the bargained-for consideration. Further, since plaintiff himself admits that the three rings were possessed by the Dwarf-sires of whom my client is heir, he cannot be expected to bargain for what is already rightfully his.
Finally, substantive unconscionability is also present. Given the now-disclosed power of the One Ring bargained for, its value is incalculably great. Sauron's representatives argue that the three rings, the land of Moria, and his lasting friendship are of significant value. However, as has already been explained, these items are of dubious value. The three rings are mere tools of enslavement, the land of Moria is inhabited by a Balrog and infested with orcs, either of which decimate its market value, and Sauron's lasting friendship is a hoax, as what he really provides is mind-controlling enslavement, rather than beneficial friendship. So on one side, my client is expected to provide an item of infinite value in exchange for items whose sum value is essentially zero. No more substantively unconscionable transaction could be imagined.
Striking the unconscionable terms of this contract leave nothing to enforce, therefore my client humbly requests this "contract" be vacated.
An e-mail I just sent...
--
Hello Professor McWilliams,
I read your recent Chronicle article. Then, after much google-searching, I found your Bush editorial. I thought I'd write to say that I think you are on to something in that editorial and that you've put it in a way that more clearly nails it than anything else I've read. So, start a new folder. Next to Angry Letters, name one Fan Letters, and drop this one in it.
I wonder if the point you make helps Democrats choose between Dean and Clark. My first impulse was to say, yes, because Clark, as a general, might be the only yeoman who could wield the sledgehammer that would get enough people's attention. But, then, Dean has somehow developed this reputation for being "angry" and so perhaps that fiesty nature will be just the thing Americans will respond to best.
You seem persuaded that none of the above are up to the task. Why is that? It seems to me that one of the reasons is that another truth about Americans is that they tire quickly of (yet are often swayed by) attack-politics, and so the Democrat that yields a hammer against Bush plays a dangerous game.
You're right that Americans will not suffer detailed argumentation. But, to the extent your editorial pinpoints a truth about Americans, it is one that deeply saddens me. It seems the further questions that must be asked are WHY is it that Americans have no patience for principled arguments and HOW can that be changed, if it can.
The recent gap in posting was due to my 17-day belated honeymoon in Italy. Very nice trip.
Here's a thought I had over there while hearing some news about the head-scarf ban in France's public schools. If I were in France, and if I had a daughter, then despite my not being muslim, I would organize as many of the fellow parents whose children were willing to all wear head scarfs. Not a sit-in, but a "scarf-in." It would be my child's decision ultimately, but I'd encourage her to refuse to remove the head-scarf and force the school to send her home. If a significant portion of the children in the school were sent home, perhaps we'd get some traction here. Oh, and I'd send the kids back to school, every day, still wearing the scarfs, to make this a problem the school has to deal with every single day.
This ban is outrageous. I'm a staunch supporter of the separation of church and state, but this ban is idiotic. State-sponsored or state-coerced displays of religion are problematic, not voluntary, freely chosen modes of dress. If the mode of dress were somehow clearly disruptive to the purposes of classroom instruction, that would be different. But, head-scarfs, skull-caps, normal-sized crosses and the like do not strike me as disruptive to the classroom. Consequently, it's hard not to see this as simply discrimination fueled by drummed-up fear of terrorism, which has been erroneously equated with any display of Islamic beliefs.
I expected better from the French.