Is TCPA really this bad?

Gray Fox

Newbie
Joined
Aug 22, 2004
Messages
6,568
Reaction score
1
Well, I just read this on an anti-TCPA site, and I'm sorry to bother you with this again but still:

Here we will try to untangle the whole subject and concentrate us on the core points. Most it's impossible to understand the network of technologies, companies and laws at a whole.

The technology:
TCPA stands for Trusted Computing Platform Alliance. For the technology we will speak from TCP (The trusted computing platform). This plans that every computer will have a TPM (Trusted Platform Module), also known as Fritz-Chip, built-in. At later development stages, these functions will be directly included into CPUs, graphiccards, harddisks, soundcards, bios and so on. This will secure that the computer is in a TCPA-conform state and that he checks that it's always in this state. This means: On the first level comes the hardware, on the second comes TCPA and then comes the user. The complete communication works with a 2048 bit strong encryption, so it's also secure enough to make it impossible to decrypt this in realtime for a longer time. This secures that the TCPA can prevent any unwanted software and hardware. The long term result will be that it will be impossible to use hardware and software that's not approved by the TCPA. Presumably there will be high costs to get this certification and that these would be too much for little and mid-range companies. Therefore open-source and freeware would be condemned to die, because without such a certification the software will simply not work. In the long term only the big companies would survive and could control the market as they would like.
Some could think that it should be possible to get around this security. But probably they would be proved they're wrong. Until now there're no such hardware-implemented security systems and actual security systems have to work offline. This would be changed with TCP. The rights and licenses would be central managed by the TCPA (USA?). And as soon a violation is noticed, they will get notified. Read the chapter "The bills" to get an overview about the possible resulting consequences.

The companies:
The TCPA was founded 1999 by Compaq, HP, IBM, Intel and Microsoft. But in the meantime around 200 companies joined them. You will find Adobe, AMD, Fujitsu-Siemens, Gateway, Motorola, Samsung, Toshiba and many other well known companies. IBM already sells first desktops and notebooks with integrated TPM.

The bills:
In the USA there's a planed bill, the so called CBDPTA (Consumer Broadband and Digital Television Promotion Act). First it was callen SSSCA (Security Systems Standards and Certification Act). The new name reads much more harmless. Looks like the first name made it too easy to discover the purpose of this bill.
This bill plans to legally force secure (TCPA-conform) systems. So in the USA it would then not be allowed to buy or sell systems that are not TCPA-conform. Passing this law would be punished with up to 5 years of prision and up to $500.000 fine. The same would apply for development of "open" software. Open means that it would work on systems that're not TCPA-conform.
Even if this bill would only valid in the USA it would have catastrophically effects worldwide. Because US companies are not allowed to develop and sell "unsecure" software, others would have to jump onto the TCP-train, so they would give total control over themself to the TCPA (USA?), or they would have to live completely without software and harware from US-companies. No Windows, Solaris, MacOS, Photoshop, Winamp or to say it short: The largest part of all software that's used on this planet would not be usable.

The consequences:
Thus you're able to determine the consequences for your own situation, we kept this section very generell. But it should be easy to determine the resulting restrictions that would apply for you.
# The informational self-determination isn't existing anymore, it's not possible to save, copy, create, program, ..., the data like you want. This applies for privates as for companies
# The free access to the IT/Software market is completely prevented for anyone except the big companies, the market as we know it today will get completely destroyed
# Restrictions in the usage of owned hardware would apply
# The liberty of opinion and the free speech on the internet would finally be eliminated
# The own rights while using IT-technologies are history.
# The national self-determination of the der particular countries would be fully in the hands of the USA
# Probably the world would break into two digital parts (Countries that express against TCPA)

If you now want to read some more in-depth about all this, you should take a look at Ross Andersons detailed FAQ.

Sources:
Lucky Greens Defcon X slides (PDF)
Ross Andersons TCPA/Palladdium-FAQ
Heise Newsticker: Totale Copyright-Kontroller per US-Gesetz (German)
Experten warnen vor massiven Problemen bei TCPA und Palladium (German)

Source: http://www.againsttcpa.com/what-is-tcpa.html
 
Back
Top