HTW des Saarlandes - Prof. Dr.-Ing. Damian Weber - Fakultät IngWi HTW




Trusted Computing

NGSCB/Palladium/TCPA und DRM

Big Brother Everywhere?



English version

Was bedeuten NGSCB, Palladium, TCPA und DRM?

Mit Hilfe von NGSCB (next generation secure computing base), bisher Palladium genannt, möchte die Software- und Hollywood-Industrie unter dem Vorwand von Urheberrecht und Kopierschutz gerne jeden PC auf der Welt online kontrollieren. Die erste Version der entsprechenden Windows-Erweiterung ist für 2005 geplant. Es geht uns alle etwas an.

Die Hardware-Voraussetzung für NGSCB ist TCPA (=Trusted Computing Platform Alliance), ein Design, das unter Leitung von Intel von rund 200 Hardware-Herstellern unterstützt wird.

Damit wird Windows zu einem DRM-OS = "Digital Rights Management Operating System", das zugehörige Konzept ist schon patentiert. Weitreichende Konsequenzen sind bereits absehbar. Kommentierte Auszüge des Patentes finden sich in der Kryptographie-Mailingliste cryptography@wasabisystems.com.

Eine recht frühe Beschreibung von Sinn und Nutzen eines solchen Designs bzw. der dahinterstehenden Motive wurde von Ross Anderson in seiner TCPA/Pd-FAQ zusammengefaßt.

Was sagen die Hersteller?

Lassen wir zunächst Intel zu Wort kommen:

"This is a new focus for the security community, [...] 
 The actual user of the PC - someone who can do anything they want 
 - is the enemy."

 David Aucsmith, security architect for Intel, 
 as quoted in an article by Robert Lemos of ZD Network News, 
 Feburary 25, 1999

aus Trusted Computing: Trusted by Whom? von  Eric Smith


Und wie preist Microsoft sein neues Kind? Siehe hier.

Was ist daran beunruhigend?

Fragen wir Richard Stallman, den Gründer des GNU Projekts zur Entwicklung und Verbreitung freier Software.
Microsoft presents Palladium as a security measure, and claims
that it will protect against viruses, but this claim is evidently
false. A presentation by Microsoft Research in October 2002 stated
that one of the specifications of Palladium is that existing
operating systems and applications will continue to run; therefore,
viruses will continue to be able to do all the things that they
can do today.

When Microsoft speaks of "security" in connection with Palladium,
they do not mean what we normally mean by that word: protecting your
machine from things you do not want. They mean protecting your copies
of data on your machine from access by you in ways others do not
want. A slide in the presentation listed several types of secrets
Palladium could be used to keep, including "third party secrets"
and "user secrets" -- but it put "user secrets" in quotation marks,
recognizing that this is not what Palladium is really designed for.

The presentation made frequent use of other terms that we frequently
associate with the context of security, such as "attack," "malicious
code," "spoofing," as well as "trusted." None of them means what it
normally means. "Attack" doesn't mean someone trying to hurt you,
it means you trying to copy music. "Malicious code" means code
installed by you to do what someone else doesn't want your machine
to do. "Spoofing" doesn't mean someone fooling you, it means you
fooling Palladium. And so on.

aus Can you trust your computer? von Richard Stallman




NGSCB/Palladium/TCPA Links

Überblick

Kommentare

Digital Rights Management (DRM)

Kopierschutz

Technik

Freie Anwendungssoftware

Gesetzeslage

Auszeichnungen

Zitate

"1984" -- just another high-tech product plan with an over-optimistic 
ship date. But it's finally in beta. -- Arnold Reinhold

Weitere Links





page updated Oct 3, 2009