Well it has becoming increasingly clear that one of the last major IT companies that has not joined the TCPA might even become the first one to make a TPM a major part of their product strategy. I am talking about Apple. But then again at least they are not yet an official member of the TCPA.
Anyways this blog post is not about Apple. This blog post is about the TCPA in general. I am quite surprised that whenever I start ranting off about the TCPA on IRC there are still a fair number of people who do not seem to have ever heard of it nor the severe implications this organization is trying to levy onto our information society.
It seems like the major outcry, which was never major enough imho, has now settled down and the only people still aware are the few people that actually spend time on investigating the issue at hand. I researched the TCPA for about a year actively as part of a project done withing the the "Computers & Society" department at the TU Berlin. Since then I try to stay current on the latest developments.
On a shallow level there is little wrong with the TCPA or their aims. TCPA standards for "Trusted Computing Platform Alliance". Note that nowadays its actually the TCG, “Trusted Computing Group”, who however have adopted the specifications of the TCPA. They have come up with a standard for a thing called TPM which is supposed to be integrated into computers (actually the bulk of all laptops sold today include a TPM chip and apparently the new Intel based Apple hardware does as well) to give them a number of features. Among them are hardware supported encryption, a safe data store, trusted booting where you build up a trust chain of all pieces of hardware and software that are being loaded. Finally it also defines something called remote attestation.
Now you can argue about technical details about if this or that is secure or not in their standard. Their aim is to make software based attacks impossible and to make hardware based attacks hard. How hard depends on the actual implementation chosen. In the early days the TPM chip was just a chip you stuck on the motherboard. In the future the TPM will likely become more integrated (like inside the chipset or CPU). But that is also not the topic of this blog post.
I have nothing against hardware aided encryption. Neither against getting nice safe data store or the ability to build up a secure boot chain. What I do have an issue with is the remote attestation feature. This feature allows a remote party to examine your computing environment in order to be able to determine if it wants to do business with you.
For example you are joining an online computer gaming tournament and they want to make sure you have not loaded any cheat codes. Or you are doing grid computing and what to make sure you are loading your code and data into a safe environment.
Now the problem comes when Disney also wants to check if you are only loading Disney approved hardware and software when you want to watch a Disney movie. Now you say: heck its my choice to view a Disney movie, then obviously you are right. However think of another situation: home banking or online shopping. Today consumers are usually protected from any fraud in these areas. However in the TCPA future the picture might change. Suddenly lawmakers and insurance might determine that not using a TPM secured session means you have been negligent!
Another question is how feasible remote attestation is for everyday use. The computer gaming and grid computing example I can see the person running very few applications in parallel. But even there things become tricky. The process of remote attestation needs to take into account what applications are currently loaded as well as those that were loaded and shutdown since the last reboot (since any evil application might have done evil things).
Without going into the technical details it becomes obvious that as people reboot their systems less and less due to improvements in reliability and stuff like suspend to disc this could be a huge list of potential evil doers. It will be impossible to actually know all of these applications without requiring every software manufacturer to get all of their applications certified by some trustworthy (note I am using the word trustworthy and not trusted .. a double agent may be trusted but he is obviously not trustworthy) entity. Now this would spell disaster for small innovative software companies. It could severely slow down the rate of innovation. The adverse effects for open source and freeware are also obvious. Even if some companies would shell out the cash to get some open source software certified they would always just get a specific binary certified not all harmless modifications including simple changes in compiler settings.
So it becomes obvious that remote attestation is useful for two scenarios:
- When you are willing to reboot into a minimal system for one specific task
- When you are willing to reduce your software choice to the likings of content providers
The first scenario might become more feasible as we get hardware aided virtualization which would allow us to start independent virtual instances of our operating system with less overhead. Essentially we would need to setup multiple console like configurations for each task (play game xyz, online banking etc.) Even then its obvious that in these instances I will be limited in choice of software (I have to use that voice communication from that big software vendor instead of that novel free tool). I am unwilling to accept scenario number two. However this would effectively mean that I shut myself out of all main stream content.
There are more issues as well. Mainly privacy issues. Some of these can be worked around by having third parties doing the actual remote attestation. But even then it seems like I will have to expose a lot of information to someone.
I guess the final point to consider is if "they" (you know "the man") have the power to make it happen? Like I mentioned before most laptops sold today (Thinkpads, Samsung, Acer etc.) all have TPM chips. However the TCPA specifies that the TPM be turned off by default and that you can deactivate it whenever you please. Apparently Apple does not follow this in their use, but they are not a member of the TCPA. IBM recently send out a software update for my t42p laptop that allows me to enable several of the "good" TPM uses. I presume most of the finger print scanners that are getting more popular in laptops are also supported by TPM chips. Anyways it will slowly creep in. Fact of the matter is that most TPM chips sold today serve no purpose. So why are they being shipped? And who is paying for this? The idea is to get the critical mass in place so that one by one services can be created that require a TPM. And then just wait for the first lawsuit where someone is deemed negligent for not having done his purchase with prior remote attestation.
Update I made some typo fixes and small clarifications to the text.
