Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

DRM Based on Trusted Computing Chips 484

Posted by ScuttleMonkey
from the never-saw-it-coming dept.
An anonymous reader writes "We've always know that Trusted Computing is really about DRM, but computer makers always denied it. Now that their Trusted Computing chips are standard on most new PCs, they've decided to come clean. According to Information Week, Lenovo has demonstrated a Thinkpad with built-in Microsoft and Adobe DRM that uses a Trusted Computing chip with a fingerprint sensor. Even worse: 'The system is also aimed at tracking who reads a document and when, because the chip can report back every access attempt. If you access the file, your fingerprint is recorded.'"
This discussion has been archived. No new comments can be posted.

DRM Based on Trusted Computing Chips

Comments Filter:
  • Sweet (Score:5, Funny)

    by arrrrg (902404) on Sunday February 19, 2006 @06:24AM (#14753994)
    I want one !!!!!!!!
  • Biased article? (Score:3, Insightful)

    by Dibblah (645750) on Sunday February 19, 2006 @06:27AM (#14754001)
    Oh, come on. Drop the bias. This is technology aimed towards businesses. People who have truly sensitive information and need to be able to track who sees it. It's not targetted at warez-kiddies, movie downloaders or porn magnets. Sure, it will be used in that capacity sooner or later, but the hardware manufacturers are responding to a perceived customer requirement.
    • Re:Biased article? (Score:5, Insightful)

      by Roachgod (589171) on Sunday February 19, 2006 @06:34AM (#14754025)
      Its not biased, its true. When trusted computing was announced it was to 'foil malware'. Now it has been switched to 'foil owner's use of own property'. Realistically, every company is going to demand this feature to lock down their software on user PCs and to try and make piracy stop completely. For a while, this will seem reasonable, but then it will inevitably be abused. Forced upgrades and time outs that can't be undone or reset come to mind. And once software demands it, people (like myself) that use older equipment will be forced to upgrade to the new hardware in order to use the new software, even if the old hardware is 'powerful' enough to run said software adequately. Its really just a cash out for the assorted industries at the user's expense.

      So, while the current incarnation may seem ok, things are only a few steps from being really bad and invasive. Couple this with the DMCA, and half the things we take for granted with computers now could be taken away, and it will be illegal to 'break' things to get those abilities back.
      • You're right: this can *eventually* change the way we think about data and the way we interact with computers.

        But not yet. This is just a "chip on a motherboard." So what if the adobe doc requires all this authentication? It's ultimately passing unencypted over a bus in a machine of otherwise conventional design. No core level encryption, no encrypted root level executable. That means all the "security" in the world is just so much appendage waiting to be hacked off by the first experienced coder to come al
        • by jackb_guppy (204733) on Sunday February 19, 2006 @08:07AM (#14754210)
          You must also agree with the police chief. [slashdot.org]

          Change is not always good. Why do I want to pay for equipment that I will not own?

          These "TRUSTED" machines are untrust worthly. You will not be able to control what runs on them. Some one else will decide if you can use your own equipment. Just like the lies with HDTV and HMDI. It is about setting up toll booths deep in your own pockets.

          • Someone else ALREADY decides. If a manufacturer does not make a piece of equipment, you do not run it - period. If a manufacturer does not offer a driver or specifications, in most cases you are locked into windows are a hack that incorporates bits of windows code. If a manufacturer only releases a game for playstation 3 and all you have is an xbox, you're screwed. How is this any different?

            You run whatever software you want. If the terms someone makes you agree to say "we can isntall whatever the hell we w
            • by Antique Geekmeister (740220) on Sunday February 19, 2006 @09:06AM (#14754345)
              You're missing a lot of details about this software. It's closed source, and a violation of the DMCA to reverse engineer it. That means writing an open source version of the encryption/decryption tools is going to be a nightmare.

              Second, running it at the OS level instead of the hardware level of the built-in features of the Intel CPU's is going to really slow it down: that will probably hurt performance a lot of open source versions of the Trusted Computing tools, even if they're legally created.

              Third, the next logical stage of Trusted Computing is hardware locking: motherboards that won't load unsigned boot loaders, or won't access DVD drives or hard drives without being authenticated with Trusted Computing licenses to be held by OS distributions or DVD drive and software vendors. This can be used to block open source operating systems from even booting, or to prevent Trusted Computing managed DVD drives from being able to read DVD's that have Trusted Computing signed DVD's in them without a Trusted Computing signed media player.

              It's very nasty, and it's at the core of why Microsoft and Hollywood are collaborating so well in this project.
              • Third, the next logical stage of Trusted Computing is hardware locking: motherboards that won't load unsigned boot loaders, or won't access DVD drives or hard drives without being authenticated with Trusted Computing licenses to be held by OS distributions or DVD drive and software vendors. This can be used to block open source operating systems from even booting, or to prevent Trusted Computing managed DVD drives from being able to read DVD's that have Trusted Computing signed DVD's in them without a Trust
        • The moving can be done now. Take a course in algebra and a simple one in encryption. There are multiple ways to achieve this, given communication with the server.

          Move some file from A to B :

          A -> Server : I give up on accessing encrypted file x, but I copy the encrypted data to B
          Server -> A : noted, I will no longer send you the decryption key when you ask for it
          Server -> B : you have data from A ?
          B -> Server : Yes, can I have the transformation ? here is my machine ID
          Server -> B : I am not gi
          • bullshit indeed (Score:3, Informative)

            by n3k5 (606163)

            The moving can be done now. Take a course in algebra and a simple one in encryption.

            So you think knowledge of elementary algebra and the very basics of encryption enables you to design secure systems. Your are wrong, it does not. Your childish scheme opens up more questions than it answers: How do A and B know that they are communicating with the correct server, how does the server know it is communicating with the true A and B? If all they have to do to get a decryption key is ask the server, how does t

        • by marcosdumay (620877) <marcosdumay.gmail@com> on Sunday February 19, 2006 @01:40PM (#14755409) Homepage Journal

          You mean that we can create more artificail scarcity, that will create more artificial markets where people trade more virtual goods. All that while adding near to zero worth on the real markets out there.

          We really need to get out of those pyramids. Not create more.

      • My suggestion... (Score:4, Interesting)

        by hummassa (157160) on Sunday February 19, 2006 @07:43AM (#14754166) Homepage Journal
        (it's what I'm doing)
        start sticking with free software and hardware that supports and preferably sponsors free software. change vendors if your vendor goes treacherous-computing direction. import/smuggle hardware is tcpa is mandated by legislation, while writing a letter to your legislator saying that tcpa is a restriction on free trade and outright nazism. because it is.
    • Re:Biased article? (Score:5, Insightful)

      by KitFox (712780) on Sunday February 19, 2006 @06:51AM (#14754059)
      But if you run a business, and made the choice to use WordPerfect, or even a freeware Linux application, would you want to be FORCED to purchase MS Word to read a document that another company sends you? Not only that, but they intend to lock out the capabilityt o export (No Copy/Paste, etc), so you need to buy Word for EVERYBODY who needs to read the document.

      Now comes interesting Tidbit Number two...
      The article mentions "My fingerprint results in Access Denied, but the person who wrote it gets into the [document]." Right... So what if they want ME to be able to get in, but not my coworker? How do they acquire MY credentials to allow me in? How secure is this acquisition? Already things like PK Encryption require chains of custody and KNOWN Public Keys to have the proper security. When you get into the extremely-high levels of security, it gets somewhat complex. But now there is a certificate associated with my fingerprint?

      Overall, while they claim "Makes it easier", from a security standpoint, I actually see a lot of room for complication, error, and massive breaches of security. And as the article points out: Do you REALLY trust Microsoft to not have security holes? One "Oops" and suddenly the document that you need -ME- to be able to read is not at all accessible by me, but who knows who instead.

      And what kind of "Oops" does it take? Gee... Spoofed email of a Public Key maybe? Social Engineering of a phone call to claim to be me, and give them a false cert fingerprint? And of course if I use Linux, I'm {censored} out of luck. If Linux will even RUN on the systems anymore, since Microsoft doesn't sign it to be trusted.

      • The designers of Trusted Computing have thought very hard about how to transfer and manage semi-private keys: I've seen some good presentations on it, and it has a public/private key handling capability, much like PGP. One problem is that to load new keys, those new keys have to be signed by an existing key owner. And to do that, you basically need to buy them from Microsoft, who can and will put in back doors.

        Second, Microsoft seems to be keeping the master keys, and you can be quite certain that the US fe
      • by MickLinux (579158) on Sunday February 19, 2006 @09:29AM (#14754419) Journal
        All a reasonable person needs to do is carve a single finger shape out of wood, complete with finger prints, and then cast rubber in the shape. Then, label it "Anonymous Password".

        Then, tie one to every computer in the building.

        Now, make up another finger, with a different design, and label it "Admin". Distribute it only to admins (note that changing fingers will be required as you hire and fire).

        Then, for each specific user group, manufacture a set of rubber fingers, and label them accordingly. Now distribute the fingers on a keychain...
    • Re:Biased article? (Score:3, Insightful)

      by shmlco (594907)
      Agreed, in that the article epitomizes bias with a capital B. The system is enabling users to --selectively-- lock MS/Adobe documents on notebooks, which after all, have a rather high theft rate.

      And it "records" fingerprints. Oh my. Of course, many systems of this type only record data points and are unable to reconstruct the fingerprint from those points. This could be of that type, though I doubt the author would admit it. Even so, please explain to me how recording the fingerprint of someone who's tryi

      • No system that someone else has physical access to is secure.

        If the laptop is stolen for its data most of the protection effort is in vain. The thief can rip out the harddrive and read it's contents on another machine. Unless the harddrive or the files are well encrypted. And even in that case, the laptop user could yield to rubber hose cryptanalysis.

        If the "trusted" computing chip uses keys to sign/encrypt things, those keys will get leaked/hacked eventually.

        Sensitive data does not belong on a laptop.
    • It's not targetted at warez-kiddies, movie downloaders or porn magnets ...yet

      This is how these things get adopted: they are offered to the businesses and parents, but soon same businesses will demand to control their users because of piracy and infair business tactics.

      And you know it'll get used for privacy invasion and remote control.

      Slowly, carefully, but it's inevitable. Few years from now we won't even know how it happened.

      It's not the gun that kills, the man holding it is. Whether the technolog
    • Re:Biased article? (Score:5, Insightful)

      by mshiltonj (220311) <mshiltonj@gmail. c o m> on Sunday February 19, 2006 @07:24AM (#14754129) Homepage Journal
      the hardware manufacturers are responding to a perceived customer requirement.

      I don't believe that for a second. They are responding to arm-twisting by Microsoft and Adobe (,etc.) and working *against* customer interests. Consumers have no interest in DRM at all. The question on manufactures' minds is how much DRM they can shove down consumers' throats before they balk and stop buying. They are counting on consumers being either too ignorant or too passive or too apathetic -- until it's too late.
  • by thegrassyknowl (762218) on Sunday February 19, 2006 @06:28AM (#14754007)
    This and the plan to put a camera in every house...

    What next?

    I would sell my soul for total control over you. Or something like that. What has come of the world that corporate greed has taken over from the free harmonious society? I would love to say everyone will just scrap computers and move onto other ventures (like going outside) but that is the Utopian view. In reality the Orwellian scenario us coming upon us. It won't be long now people.

    What is sad about this is they are touting the "legitimite" uses of making sure software is unmodified and doesn't contain root kits and protecting sensitive data from attackers. I find it funny that SHA1SUM and gpg --checksig tells me when my download isn't what the author intended. Cryptoloop (and a tonne of other software) keeps my files highly secure and safe from prying eyes even if they do steal my disks.

    There are no legitimite uses for this technology that can't already be accomplished today. There are only evil uses!
    • by Shanep (68243) on Sunday February 19, 2006 @08:29AM (#14754245) Homepage
      What next?

      Open Hardware to go with our Open Source Software?

      I imagine the smaller hardware shops like Soekris [soekris.com] will become more popular and be able to ramp up production, become cheaper and more viable. I realise that Soekris make stuff for embedded and router type hardware, but surely there will always be desktop and laptop machines available without built in DRM?

      Hmm, maybe some motherboards put out with some powerful FPGA's for the CPU and maybe some other parts for controllers and graphics.

      Surely the people can take the power back!
  • by IgD (232964) on Sunday February 19, 2006 @06:30AM (#14754010)
    When Windows 95 came out it was a major improvement in technology. Windows 95 was easy to use and resulted in improved performance. Compared to Win 3.11 you could multi-task apps very well. The jump from Win 98 - Win2K was also significant for the general stability of the OS. As time marches on there has been little innovations and improvement. It's curious that companies are marketing products with decreased functionality for users. It seems almost like a suicidal business plan. At some point you would think people are going to say no. It's almost like companies want to frustrate customers and accelerate the adoption of Linux.
    • When Windows 95 came out it was a major improvement in technology.
      In what way was it better than OS/2, MacOS, Irix, SunOS, the soon to be released WinNT or other OS's with a modern GUI available at the time? It was a peice of garbage with no innovation whatsever, but it was cheap and was better than earlier versions of MSDOS and had a prettier graphical shell.
      • To be fair... on the tech side, Apple's System (renamed Mac OS on version 7.6) was not better than Windows 95. The Mac didn't get memory protection and preemptive multitasking until OS X, which is actually a whole new system with similar looks. Interface-wise, however, System 7 was better, far more intuitive.
  • OBjoke (Score:5, Funny)

    by Xemu (50595) on Sunday February 19, 2006 @06:31AM (#14754011) Homepage
    In Soviet Russia, the documents report back when you read them! Oh, wait...

  • by iso_bars (315413) on Sunday February 19, 2006 @06:31AM (#14754013)
    You can find a list of known Trusted Platform Module (TPM) manufacturers and implementations from the TPM Matrix [tonymcfadden.net]
  • by bennomatic (691188) on Sunday February 19, 2006 @06:33AM (#14754017) Homepage
    Free is as much about the principle as the price. GIMP really isn't a photoshop substitute, but if I had to offer up my thumb every time I was about to use Photoshop, I wouldn't. I refuse to work that way; I'd rather use lesser-quality tools than be monitored and have each use of the software I've licensed be tracked with as much dilligence as a mortgage contract signature...

    • by Rosco P. Coltrane (209368) on Sunday February 19, 2006 @07:21AM (#14754120)
      I'd rather use lesser-quality tools than be monitored and have each use of the software I've licensed be tracked

      You won't even be able to use your OSS tools on a "trusted computing" platform. That's the whole point.

      This new scheme is aimed explicitely at locking out any software from vendors that don't lick the RIAA/MPAA's collective bottoms.
    • by Stan Vassilev (939229) on Sunday February 19, 2006 @07:26AM (#14754138)
      "Free is as much about the principle as the price. GIMP really isn't a photoshop substitute, but if I had to offer up my thumb every time I was about to use Photoshop, I wouldn't. I refuse to work that way"

      Somehow, million of people don't refuse this way and put themselves to authorisation and authentication ("genuine advantage") procedures, product activation and "calling home" on startup.

      So you may not, but the business doesn't care about you, you're a minority.
    • Oh, that's a different matter. The offering up your thumbprint to use, say, Photoshop, is for commercial artwork. Stealing movies before they get released and selling cheap DVD's of them in China is a huge deal to Hollywood, and this is aimed at forcing the artists to really authenticate themselves. Getting them to actually use passwords and use them properly has proven quite difficult.
  • by Statecraftsman (718862) on Sunday February 19, 2006 @06:46AM (#14754043) Homepage
    Wait a minute. I forgot. Or maybe I just never heard it explained right. Exactly how does this benefit the customer? How is nearly perfect DRM coupled with remote reporting of your access something consumers have asked for?

    A while back processor serial numbers were added as a feature but I've yet to see a system where the ability to read the it was enabled. Trusted Computing is potentially 100x more intrusive so I don't think it's going far in cases where the user is the one who decides what system to purchase.

    • by Plunky (929104) on Sunday February 19, 2006 @07:28AM (#14754144)
      Wait a minute. I forgot. Or maybe I just never heard it explained right. Exactly how does this benefit the customer? How is nearly perfect DRM coupled with remote reporting of your access something consumers have asked for?

      Bingo!

      The customers and the consumers are not the same. The customer is the corporation who wants to lock up its data. The consumer is the person to whom the corporation wishes to grant access to that data.

      Yes, lots of consumers are also customers of the hardware manufacturers but the corporations are larger customers and their voice is louder. If you dont want this stuff in a computer that you are buying then you need to let those manufacturers know about it. Buy something else and send them a copy of the receipt with a note explaining why you didnt buy their hardware.

    • At the risk of violating groupthink, it depends on the customer. For the home user, it shouldn't actually make much difference. For the multi-billion dollar company who don't want that internal memo to be leaked, it's invaluable.
    • There are several benefits of Trusted Computing for average users, benefits that are possible by other means but have never gotten the support to be implemented widely and become a standard practice. These include the ability to really authenticate patches for your operating system and software, so when you download your patches you haven't just automatically clicked on some flakey SSL key somewhere and accepted a Windows patch from Rootkits-R-Us.

      Second, it does provide a robust and hopefully well integrate
    • I'm sorry, but I can't trust your post, as its Md5 hash doesn't correspond to the one in your sig.
  • by CAIMLAS (41445) on Sunday February 19, 2006 @06:52AM (#14754060) Homepage
    Is it just me, or is anyone else thinking, "The way the industry is going towards Orwellian dystopian dreams, I might just want to get out of computing"?
    • It's not just you...
    • Nope, not just you! It may be time to invest in a lawn mower.
    • And (Score:3, Informative)

      by themusicgod1 (241799)
      Exactly how would you do this? Everything will be done on computers in the future, taxes, job applications, schooling, you name it.

      If we don't create alternatives now(and not in 10-25 years), the Trusted Computing Group will p3wn us.

      For those keeping score there's only one key peice missing:
      a law requiring the use of this DRM, or making illegal [microshaft.org] non DRM stuff, for the trusted computing group to win.
    • by rbanffy (584143) on Sunday February 19, 2006 @07:28AM (#14754145) Homepage Journal
      We should not run. We should fight back.

      Fortunately, we don't need firearms for this. We can stop using and recomending DRM capable hardware and we can halt software development for it. We must be very vocal in our opposition to this. We may may be few, but I am sure this audience is more influential than the average.
      • by jellomizer (103300) * on Sunday February 19, 2006 @08:16AM (#14754224)
        Or do both,

        have all the techs who feel strongly about this get an MBA become managers, and make non DRM corporate/institutionional policy.
        Why do you think PCs and not Apples are the primary system. It wasn't because of the Joe Smoe consumer. The Management back in the 80s compared PC and Apples and found that PCs (called IBMs and IBM compatibles at the time) were less restricting and allowed easier growth because a bunch of companies make different computers that all work the same. So that is why they went with PCs and not apples, or other platforms wether they were technically superior or not, was not a major issue. When businesses use or don't use a technology then people who want to work from home will use similar technology, then their kids will use it. And people who want the technology see other people using it or not using it and make their decision based off of that. Being the techs in the trenches who scream this is Bad stop. will rarely get up to the higher ups because they just figure you are just worried about having to pay for your pirated software, not any bigger picture. So except for saying how stupid management is and DRM is, do something about it Get into upper management and bring your views with you and work from the top down to fix the problems. If you don't want to do that then expect your voice not to be heard.
      • ... I don't care what you recommend, I want MS Windows on this computer because the Government, with whom I have too many contracts, uses Windows/MS Office.

        And MS will do whatever is necessary to see that the governments use their product, including giving it away free or less than free.
    • Hopefully, I have good enough hardware to last for the next decade or longer. After that, who knows. Something tells me that commodity hardware will be available most everywhere except the industrialized nations. Here in the US, if you don't have the proper credentials you won't be able to write or tinker with software or hardware of any kind. Worse, if your computer fails a trusted handshake, no ISP will be allowed to let you access the Internet. Hopefully, I'm just feeling pessimistic.

      If they out law
  • Pulling the plug (Score:4, Insightful)

    by Ryvar (122400) on Sunday February 19, 2006 @06:55AM (#14754066) Homepage
    Ultimately I think a lot of this DRM technology - specifically remote attestation - is going to result in me changing my habits in one minor regard - I'll be putting the wireless router on top of my desk, rather than under, with the ports facing me so I can easily unplug my computer. In the majority of cases, problem solved.

    --Ryvar
    • by AndyKron (937105)
      What if it saves up all the accesses in flash, or something until you hook your computer back up, and it reports all those accesses while it was unplugged?
  • by edward.virtually@pob (6854) on Sunday February 19, 2006 @06:56AM (#14754069)
    He warned us [gnu.org] long ago. Of course, even now the masses will fail to be alarmed. "It's only a demo." Etc. "Boil 'em slow, they'll never know." Oh well.
  • by Tim Ward (514198) on Sunday February 19, 2006 @06:58AM (#14754072) Homepage
    If you're working somewhere where you have to be positively identified and sign on each occasion when you access particular sensitive documents then the techonology described is a significant improvement in usability.

    You no longer have to travel to the document repository, and you are no longer restricted to the hours that the librarian keeps.
    • You could do that now with current, older hardware. The business, company or organisation using this technology to identify their employees would not be in control of it. The hardware and software companies will be, as well as anyone else they're in league with.
    • No, the repository won't let you have the document because, although you can be authenticated, you're trying to move the document to an uncontrolled electronix device at a non-TEMPEST-shielded location.

      You've acheived autheniation, and arguably need-to-know, but you've failed mandatory access control, trusted path, labelling and covert channel prevention.

      You have nothing like the security of the repository, so you don't get the document.

      --dave (former professional paranoid) c-b

  • by Anonymous Coward on Sunday February 19, 2006 @07:04AM (#14754088)
    How would this sort of thing affect something like VMWare? If the O/S needs to be booted up on a trusted platform surely you won't be able to install it on a virtual machine. If the virtual machine can fool the O/S into thinking it's running on a trusted platform, doesn't that mean that you can get around the trusted component?
    • It's a very good question: I know that the Trusted Computing system is able to check boot loaders for signatures, and prevent or permit them from being used. But I bet that VMware is looking very hard at exactly how to manage this.
    • by Alsee (515537) on Sunday February 19, 2006 @05:25PM (#14756751) Homepage
      How would this sort of thing affect something like VMWare?

      Exellent question.

      The Trust chip spys on exactly what software you run. It watches and logs every piece of software right from the BIOS to the bootloader to the operating system, and then it logs either certain applications or all applications you have run since bootup.

      The Trust chip securely reports on the exact identity of the software. If you attempt to make even the slightest change in the BIOS or Operating System or anywhere else, the Chip logs that difference.

      So the answer is that it is impossible for VMWare to work. VMWare cannot emulate the Trust chip because it does not know the unique crypto key locked inside of the Trust chip, and it cannot emulate the Trust chip by using a substitute key because you cannot forge the Trusted Computing Group's cryptographic signature to activate that key. So the VMWare only has two choices:

      (1) VMWare BLOCKS the Trust chip - meaning the software does not work.

      (2) VMWare BREAKS the emulation mode and passes I/O directly into and out of the Trust chip without filtering, without modification. The trust chip then "knows" and reports that VMWare is running and that the system is virtualized and again the software does not work.

      Trusted Computing defeats/kills virtualization software like VMWare. The very point of Trusted Computing is to prohibit virtualization and to deny people control over their own computers.

      -
  • by layer3switch (783864) on Sunday February 19, 2006 @07:13AM (#14754106)
    Trust goes both ways. Software and hardware industry now keep treating software and hardware for consumers as if it's a privilage to buy, and assumes that none of customers can be trusted as owners of a product.

    I'm just disgusted that companies are putting on a smile and trying to gain consumers' "trust," yet none trusts consumers. However when consumers do not trust companies by removing DRM, consumers quickly become criminals, and are called pirates and thieves. While companies abuse the consumers' trust and play market share or monopoly or pricing/licensing games, companies are just looking out for the economy/artists/share holder's best interest.

    There is no such thing as "trusted" computing. No one trust anyone here. This shouldn't be called "trusted computing." This should be called "Untrustful Consumers Computing."
    • Nobody trusts anyone in this game. Content providers don't trust their customers, since they could (Turing forbid!) copy their stuff. Customers don't trust their Hardware, since it doesn't belong to them anymore and doesn't do what they want anymore. And neither side will let its guard down for the other side would certainly use that edge immediately.

      It's just Cold War again all over. The fun part is, that neither can exist without the other. The content manufacturers can't exist without their customers, be
  • by maillemaker (924053) on Sunday February 19, 2006 @07:19AM (#14754115)
    How long until you can buy a fake thumb with Elvis Presley's print on it? :)

    Steve
    • by lokedhs (672255) on Sunday February 19, 2006 @08:14AM (#14754217)
      I know it was a joke, but if had had mod points I'd given you +1 insightful on that one.

      The problem with fingerprints is that it's inherently a very insecure way of authentication for two reasons:

      Firstly, you can't change it if it leaks out. A password or a credit card number can be easily changed and the damage minimised in case of an information leak. Doing this with a fingerprint is much harder.

      Secondly, the fingerprint is very hard to keep secret. Your body has this annoying ability to leave copies of your identification token all over the place, very easy for anyone to pick up. If you were worried about the ability to scan proximity tags (RFID), then you should be really scared about the use of fingerprints as authentication tokens.

      If you don't believe me how easy it is to pick up, read this [schneier.com] about how to make a copy of ones fingerprint using common household items.

  • I run FreeBSD on my Thinkpad, but I may dual-boot to Solaris. Windows in any shape or form is out of the question, as I actually USE my PC for work, and I cant afford to have viruses, spyware, and other 180 solutions products on my PC.

    If you play GTA on a DRM'd computer, and find Al Quaida or the Mothers of America send the hit squad after you because of your moral degeneracy (or any other reason), its not my fault.

  • by MindPrison (864299) on Sunday February 19, 2006 @07:51AM (#14754185) Journal
    I really hate the way DRM and hardware DRM now gets fully integrated into our own lawfully purchased computers.

    I have the right to use my computer to whatever I feel like and it is of no concern to anyone but me. If the companies disagrees with this they can take a hike for all that I care.

    All this will contribute to - is to further alienate Linux and users of alternate operating systems and demean our hard efforts to get legal DVD-playback software etc. for our chosen platforms. I am so put down by this Ill probably never run anything with DRM on it again just for the opposition of it. I will not purchase DRM enabled mp3-players, I will NOT purchase DRM harddisks or any hardware with DRM on it.

    If I am forced to do it because of the fact that every hardware producer is forced by Microsoft to do so... I will do anything I can in my power to make sure that my system will be rid of such hardware, modding, jacking, compiling - I really dont care. Its my hardware and NO one shall take that right away from me! No one shall control my software or my computers or what I will be doing with them.

    I fully and completely agree with the companies about piracy, I dont support piracy in any way. That said - I also support my own freedom to chose, and past experience shows us that businesses will always do whats best for them FIRST before the customers, the customers are just milking-cows to them - which is fair enough if you give us what we pay for. When you decide to mess with our hardware and deprecate our already paid for services and hardware - then I am putting my foot down and say - Enough already!

    All this will probably further feed a grassroot "linux-like" organization that will form an alternate OS that will NOT conform to DRM - even if by law (god forbid it goes that far). DRM and control of customers hardware is a CRIME against the public!
    • But there is nothing UNlawful about putting DRM into every product.

      I have the right to use my computer to whatever I feel like and it is of no concern to anyone but me. - I beg to differ. There are plenty of things that you are not allowed to do with your computer by the law. You are not allowed to crack into other computers (either with intent to steal or for learning something new.) You are not allowed to say, download child-porn, etc. We know that people cannot be trusted. If people could be trusted
      • by MindPrison (864299) on Sunday February 19, 2006 @10:20AM (#14754597) Journal
        But there is nothing UNlawful about putting DRM into every product.

        You couldnt be more wrong even if you intended to (no offence). If the products are capable of putting outside powers to control your own purchased product - then that in itself is wrong. We create the law, if we find something sinister to what corporate does to us - we protest, such is the way of democracy.

        Take the Recent Sony battle as an example on how good
        intentions (for themselves) could go horribly wrong.

        There are plenty of things that you are not allowed to do with your computer by the law. You are not allowed to crack into other computers (either with intent to steal or for learning something new.) You are not allowed to say, download child-porn, etc.

        I think that kind of goes without saying, I assumed that you - the reader - know how to follow the law. You have knifes to cut your food but you could potentially KILL someone with it, but of course most of us will never do that. So your point falls to the ground with a boom. I do however believe that in order to fight cybercrimes - better investigation software, filters etc. are better tools for protecting each other, and not the very least...better education rather than enforcement.

        You think you have some kind of a natural right, to be sold computer hardware without built in DRM? Nope, you do not.

        Im starting to believe that Im falling victim to a TROLL here...Of course we all have a NATURAL right to be sold any products without whatever we dont want - we are the customers - we have the money. Duh!

        You are going to spend all of your time cracking your hardware and software? It is going to be very time consuming, if at all possible.

        *cough* Linux *cough* GPL...hello, where have you been the last 10 years? Under a rock? We have plenty of free alternatives programmed by ourselves and our GPL friends in our spare time. This is all about the freedom of controlling our own hardware / software. No need for cracking of any kind.

        Companies are going to pay? No. Companies are going to get paid better now.
        How can you be so sure? You are assuming everyone is a pirate. Guess what? There are thousands, if not - millions of alternatives to everything you can buy - largely thanks to the effective communication of the internet. Do I need to buy the latest hit from Madonna? Do I need the collective hits of Michael Jackson? No - At least not me.... I do just fine with thousands of remakes and independent music made by independent artists who have placed their music in the open and free for everyone (LEGALLY mind you) from their own bedroom or garage band, there are more quality alternatives than you might think.

        Same goes for software really... I have made a living out of using Blender 3D software, the Gimp and much more to produce high end advertising, packaging art etc. All free - legal - alternatives. No use being blinded by what someone WANTS you to do, there are other ways.

        And as for Companies getting better paid after DRM? I dont think so. here is why: Remember the radio days? People used to exchange tunes they listen to on the radio on tapes etc. and finally sales boomed because people wanted the real thing on vinyl (or later ...cds). The music industry have NO clue if they could earn less or more with less exchange of MP3s on the net, they just think they could - but there are countless articles FOR and AGAINST this all over - in an endless debate.

        To cut it out in carboard paper why I think Hardware DRM is wrong:

        - The ability of any corporate to control your computer are borderline dictatorship. No corporate in a democracy are allowed to breach your privacy - for ANY reason - period!

        - No company with money as the no.1 priority have the rights
        to decide what you shall read, use, develop, sell, give, share unless its their own product. Initially DRM is made to protect their property which in itself is fair enough - until YOU the CUSTOMER are made to pay for the chip or FORCED to have such a chip installed in YOUR paid for computer, then it all goes wrong!
  • by Opportunist (166417) on Sunday February 19, 2006 @08:12AM (#14754215)
    I konw, I'm a bad citizen, and I certainly don't smile now.

    It's nice to know that the content industry now trusts my computer and lets it play its crappy movies. The problem is, I don't trust it anymore. I won't trust it with my data, I won't trust it with my files, I won't trust it with my time.

    At least until I find a way to make MY computer MINE again.

    Until now, I was a good citizen. I bought my music. I bought my movies. I bought my games. My reward was a rootkit, DVDs that don't play on my equipment and software that crippled my system.

    Sorry, but I don't trust your computers. And I will do whatever it takes to make my computers mine again!
    • Actually, there is an upside to this technology- DRM hardware also permits ensuring that third parties can't modify Microsoft operating system (or Linux for that matter).

      So your system can be more secure.

      That's not otherwise possible right now, because the software to check it can be changed (if there is a security hole to allow it to be, but there nearly always is one).

      But hardware is unchangeable.

      At the end of the day, DRM is a technology, and technologies are amoral. It's the possible uses it can

  • First off, it's already "illegal" to hack current DRM, at least in the US (and about 50 other countries) and the hackers do it anyway. I don't see how TPM makes this any more complicated. You've seen how well it's worked for Apple so far, which isn't very well. Now while it may be used say by the government to tag files used in office, or buisinesses on sensitive documents, I don't see how it will be of any use on DRM items, any more than current code is.

    There will always be cracks, there will always be
  • But if you're an organization seeking to protect sensitive data, the users are your own employees and business partners. Are they really less trustworthy than Microsoft, its employees and its business partners?

    Spend a week in HR and you'll find out how trustworthy your employees are. The stuff that walks out the door or flies out attached to an e-mail, from office supplies to sales data and product plans is astounding.
  • DRM does have legitimate uses - would you like to get on a plane or use a bank whose computer systems had been raked over by HaX0r O'Wally and his pals? But it's hard not to have a gloomy sense of deja vu. The problem with DRM is that it can be used to destroy competition (competitors are literally locked out of the market), fix prices, invade privacy and withold legal entitlements such as fair use or in some cases any use of an encrypted document that just might happen to be your own. Overall, this adds up
  • Sarbox has had a very bad impact on businesses. Aside from the billions its drained out of the economy, it also places regulartory requirements to track data within a business and ensure proper controls are in place. This DRM is a way of accomplishing this. It helps with the audit trails of who accessed and modified the data in a way that non-repudiatable. CEO's, when they sign the financial statments, put their job and freedom on the line that the numbers are correct and traceable. Failure to do that ends
  • by HangingChad (677530) on Sunday February 19, 2006 @08:55AM (#14754310) Homepage
    That's the ultimate end result. Adobe and friends will trumpet that you can install it on as many computers as you wish because only one person can make it work. They started long ago by attacking your right of first sale. If you don't own software, you can't sell it to someone else.

    You don't need this to secure documents. There are already nice products like TrueCrypt available that let you encrypt a volume and even create hidden volumes within. If someone steals your PC or laptop, they get nothing but the hardware.

    It's not entirely about DRM, though. I'd bet there are still more "features" we haven't been told about. If that system can track who reads a document, it can also be used to figure out who visited a web page or who originated an email. Count on it, that's what this is really about. Taking away the remaining shreds of anonimity that's left on the internet. There will likely be some upside to that. Stolen hardware will be easier to locate, as will trojaned spam bots. You'll be able to access software online with reasonable assurance that no one else can get to your stuff. But, overall, we're all going to get dicked.

    And it will keep happening until those companies implement something like this and experience a giant decrease in sales. Like Sony and rootkit follies.

  • And can Microsoft be trusted to develop a system that isn't full of security holes?
    If the drm is as bad as this article makes it seem, I sure hope not, at least for the sake of workarounds.
  • For the most part, as large a community as Slashdot is, the number of people around here that don't like where all this stuff is going (myself included), and the positions most of us are in to influence tech decisions of those around us, my suggestion to defeat this, is simply to not use it. Keep copies of your older software. Keep that old machine in decent shape and on a shelf somewhere. Keep some spare parts around.
    Pretty much anything you can do to create a hardware/software version freeze, so that wh
  • by roman_mir (125474) on Sunday February 19, 2006 @09:25AM (#14754404) Homepage Journal
    finally people won't be able to infringe on copyrights.
  • Seems like this is just in time. This is perfect timing for people who are starting to smell smoke to respond.. whether it is a New York Times article or the man who asked if Google was ashamed. It seems clear that this kind of a chip, built by Lenovo and sold in China, could if used intelligently by the government, be FAR MORE DANGEROUS than whatever Google is doing. Just put a phone home to Beijing into Microsoft Office Chinese edition and force an upgrade to that functionality along with fingertip swi
  • by Kilz (741999) on Sunday February 19, 2006 @11:38AM (#14754908)
    The one thats signed by the creator , that cant be removed, deleted or changed without the fingerprint of the creator. All its going to take is a a hundred or so companies having to buy 50 or so new thinkpads because they cant remove the trusted virus to cause a real big stink and forever doom trusted computing
  • What about me? (Score:3, Insightful)

    by Inda (580031) <slash.20.inda@spamgourmet.com> on Sunday February 19, 2006 @12:08PM (#14755020) Journal
    I find all this 'Trusted Computing' a bit too much to take in. Trust the computer but don't trust me? That sounds like a disaster waiting to happen.

    1) So I create a Word document at work. I use my fingerprint to lock it down so no other can read it (I'll unlock it after the draft stage). My company moves me to another project just before it's finished and I die in a freak car accident the same afternoon.

    What now? It's not like you can brute force the password as you can do now with Word documents. Thousands and thousands of pounds were spent on the document. More than all the chips inside the grey box are worth.

    So what now? Someone please tell me.

    2) I refuse to give my fingerprints over to my employer.

    "Look boss, you can have 40 hours of my time a week at 100% effort but you're not having anything more from me. No blood, no sweat and no tears. That includes my fingerprints."

    Will my employer sack me?

    What about if I want my fingerprints back when I leave the company? Track down every document I've ever written to undo the fingerprint locks? I can imagine a phone call 6 months down the line asking me to pop-in for 5 minutes ($1m an hour for my fingerprint service btw boss).

    3) We currently send documents over the internet that are worth hundreds of thousands of pounds to possible future tenderers. We use email. We might use PDF but there will be no security on it.

    Are we going to change the way we work? No, no way. We don't even use Track Changes or Version Control on SharePoint.

    Someone highup expects people to understand this Trusted Computer lark? It's not going to happen at my company (10,000 employees).

    I see no benefit in any of this.
  • by NZheretic (23872) on Sunday February 19, 2006 @12:20PM (#14755069) Homepage Journal
    Trusted Computing DRM is the perfect plaform for Cryptoviral extortion : What is cryptoviral extortion? [cryptovirology.com]

    4. What is cryptoviral extortion?

    Cryptoviral extortion, which uses public key cryptography, is a denial of resources attack that was introduced in [YY96a]. It is a three-round protocol that is carried out by an attacker against a victim. The attack is carried out via a cryptovirus that uses a hybrid cryptosystem to encrypt host data while deleting or overwriting the original data in the process. The protocol is as follows:

    (protocol setup phase) An asymmetric key pair is generated by the virus author on a smartcard and the public key is placed within the virus. The private key is designated as "non-exportable" so that even the virus author cannot obtain it's bit representation. Thus, the private key is generated, stored, and used on the smartcard. Ideally, the smartcard will implement two-factor security: something the virus author knows (a PIN number) and something the virus writer has (the smartcard that contains the private key). Also, the card will ideally be immune to differential power analysis, timing attacks, etc. to prevent the virus author from ever learning the bits of the private key. A standards-based approach can be used, e.g., the use of an approved FIPS 140-2 level 2 or higher device (e.g., when it is level 4 the private key will be destroyed if the casing is breached). In the U.S. the virus author cannot be forced to bear witness against himself or herself (Fifth Amendment) and so the PIN can remain confidential. The purpose of this setup phase is to limit the effectiveness of seizing and analyzing the smartcard under subpoena or warrant (competent evidence).

    1) (virus author -> victim) The virus author deploys the cryptovirus. At a later time the virus activates on what could be tens or even hundreds of thousands of machines. The remainder of this description will cover the protocol for just one such machine. When the virus activates, it uses a true random bit generator (TRBG) to generate a symmetric key and initialization vector (IV) uniformly at random. It is essential that the TRBG produce truly random bits to prevent the symmetric key and IV from being guessed or otherwise determined by the victim at a later date. The virus then encrypts host data with this random symmetric key and IV (e.g., using cipher-block chaining (CBC) mode). The virus concatenates the IV with the symmetric key and then encrypts the resulting string using the public key of the virus author (e.g., using RSA-OAEP). The encrypted plaintext is then held ransom. The virus notifies the victim that the attack has occured (e.g., via a dialog box on the victim's screen) and states that the asymmetric ciphertext will be needed to restore the data. The virus author states his or her demands in return for the data. The virus author and victim can send asymmetrically encrypted messages to each other via a public bulletin board to try to preserve the attacker's anonymity. Alternatively, digital pseudonyms and mix-networks can be used.

    2) (victim -> virus author) If the victim complies by paying the ransom and transmitting the asymmetric ciphertext to the virus author then the virus author decrypts the ciphertext using the private key that only the virus author has access to (the one on his or her smartcard). This reveals the symmetric key and IV that was used in the attack.

    3) (virus author -> victim) The virus author sends the symmetric key and IV to the victim. These are then used to decrypt the data that was held ransom.

    (security) The attack is ineffective if the data can be recovered from backups. Antiviral experts cannot retrieve the private decryption key by analyzing the virus since only the public key will be found. The importance of using hybrid encryption can be seen from the followi

  • by jhines (82154) <john@jhines.org> on Sunday February 19, 2006 @02:11PM (#14755624) Homepage
    The ability to tell who accessed a document and when would be good for hi security government documents, to tell who did what when to them.

    Maybe for some industries with real sensitive data as well, but of little use to the average person, except to please the *AA's.

Imagination is more important than knowledge. -- Albert Einstein

Working...