Computación traidora

Ross Anderson posteó este artículo en agosto de 2003. Lo pegué acá con el fin de que nuestros traductores puedan pasarlo a idiomas que no están disponibles en la página de Ross.

Computación de Confianza' Pregunta Frecuentes Version 1.1 (August 2003) Por Ross Anderson

Este documento está cubierto por la Licencia de Documentación Libre GNU . Acá se encuentran enlaces hacia traducciones en Noruego, Sueco, Finés, Húngaro, Griego, Rumano, Polaco, Lituano y Francés. Véase también la página de recursos de Economía y Seguridad que ofrece una cantidad de ideas sobrelos temas tratados acá.

1. Cuál es este negocio del `trusted computing' (TC)?

El Grupo de Computación de Confianza, Trusted Computing Group (TCG) es una alianza de Microsoft, Intel, IBM, HP y AMD que promueven un computador estándar `más seguro' PC. Su definición de `seguridad' es controversial: máquinas construidas de acuerdo con sus especificaciones serán más confiables desde el punto de vista de los vendedore de software y la industria de contenidos, pero será menos confiable desde el punto de vista de sus propietarios. En efecto, las especificaciones del TCG transferirán el control final de su computador de usted a cualquiera que escriba el software (Sí, incluso más que en el presente.)

El proyecto TCG se conoce por varios nombres. Computación de confianza ('Trusted computing') fue el original y se usa aún por IBM, mientras que Microsoft lo llama 'computación confiable' (`trustworthy computing') y la Free Software Foundation le llama `computación traidora'. De aquí en adelante la llamaré solo CT, que usted podrá pronunciar según su gusto. Otros nombres que usted podría ver incluyen TCPA (el nombre antes de que TCG fuera), Palladium (el antiguo nombre de Microsoft para la versión en 2004) y NGSCB (el nuevo nombre de Microsoft). Intel acaba de comenzar a llamarlo 'computación segura'. Muchos observadores creen que esta confusión es deliberada (los romotores quieren desviar la atención de lo que realmente hace la CT).

2. ¿Qué hace la CT en pocas palabras?

La TC proporciona una plataforma de computación sobre la cual usted no puede alterar el software y donde ese software se pueden comunicar de manera segura con sus autores y entre sí. La motivación original fue la manejo de derechos digitales, digital rights management (DRM): Disney será capaz de venderle DVDs que serán descifrados y correrán en una plataforma TC platform, pero que no será posible copiar. La industria de la música será capaz de vender música que usted no podrá intercambiar. Serán capaces de venderle CDs que usted solo será capaz de oir tres veces o solo en su cumpleaños. Se abrirá una amplia gama de posibilidades de mercadeo.

La CT también hará mucho más difícil para usted ejecutar software sin licencia. En la primera versión de la CT, el software pirata podría detectarse y borrado de manera remota. Desde entonces, Microsoft ha negado algunas veces que haya planeado hacer que la CT permitiera eso, pero WEIS 2003 un gerente senior de Microsoft reusó negar que luchar contra la piratería era una meta: `Ayudar a la gente a correr software robado simplemente no es nuestro objetivo en la vida ', dijo. No obstante, el mecanismo propuesto ahora es más sutil. La CT protegerá el mecanismo de registro de software, de manera que el software sin licencia se bloqueará dejándolo fuera de la nueva ecología. Además, las aplicaciones CT trabajarán mejor con otras aplicaciones CT, de forma que la gente tendrá menos valor de las antiguas aplicaciones no CT apps (incluyendo las aplicaciones piratas). También, algunas aplicaciones CT podrian rechazar datos de aplicaciones antiguas cuyos números de serie han sido incluidos en una lista negra. Si Microsoft cree que su copia de Office es una copia pirata, y su gobierno local acepta la CT, entonces los documentos que usted archive con ella podrían quedar inservibles. La CT también hará más fácil para la gente alquilar software en vez de comprarlo; y si usted deja de pagar la renta, entonces no solo el software dejará de funcionar, sino que también podrían dejar de hacerlo los archivos que creó con él. Así, si usted deja de pagar por las actualizaciones de Media Player, podría perder el acceso a todas las canciones que usted compró con él.

Por años, Bill Gates ha soñado con encontrar la manera de hacer que los Chinos paguen por el software: la CT parece ser la respuesta a sus plegarias.

Hay muchas otras posibilidades. Los gobiernos serán capaces de acomodar las cosas para que todos los documentos de Word hechos en computadores de servidores públicos `sean clasificados' y no puedan ser filtrados electrónicamente a los periodistas. Los sitios de subastas podrían insistir que utilice software con proxy de confianza para la oferta, por lo que no podrá hacer una oferta tácticamente en el subasta. Hacer trampa en los juegos de ordenador podría ser más difícil.

Hay algunas otras perlas. Por ejemplo, la CT puede soportar la censura remota. En su forma más simple, los programas serían diseñaos para borrar a control remoto música pirateada. Por ejemplo, si una canción protegida se extrae de una plataforma CT hackeada y se pone a disposición en internet como un archivo MP3, el reproductor multimedia que sea conforme a la CT podría detectarla usando una marca de agua, reportarla y ser instruido remotamente para borrarla (así como también todos los demás materiales que llegan a través de esa plataforma). Este modelo de negocios, llamado trazado traidor, ha sido investigado extensivamente por Microsoft (y otros). En general, los objetos digitales creados usando sistemas CT permanecen bajo el control de sus creadores, antes que bajo el control de la persona que posee la máquina en la cual esos objetos están almacenados (como en el presente). Así, alguien que escriba un artículo que una corte considere que es difamatorio puede ser obligado a cesurarlo - y se le podría ordenar a la compañía de software que escribió el procesador de texto que lo borre si la persona se niega. Dadas tales posibilidades, podemos esperar que la CT se use para suprimir todo desde pornografía hasta escritos que critiquen a los líderes políticos.

El gancho de los negocios es que sus proveedores de software pueden hacer mucho más difícil para usted cambiarse a los productos de la competencia. En un nivel simple, Word podría cifrar sus documentos usando claves a las que solo tienen acceso los productos de Microsoft; esto significaría que usted solo podría leerlos usando productos de Microsoft, no con cualquier procesador de texto de la competencia. Tan descarado monopolio se podría prohibir por parte de las autoridades correspondientes, pero hay estrategias de monopolio más sutiles que son mucho más difíciles de regular. (Explicaré algunas de ellas más adelante.)

3. Entonces, ¿ya no voy a poder reproducir archivos MP3 en mi computador?

Con los archivos MP3 existentes, usted podría no tener problemas por algún tiempo. Microsoft dice que la CT no hará que nada deje de funcionar de repente. Pero una reciente actualización para Windows Media Player ha causdo controversia al insistir en que los usuarios acepten futuras medidas anti-piratería, que podrían incluir medidas que borren contenido pirateado hallado en su computador. De igual forma, algunos programas que dan a la gente más control sobre sus computadores, tales como VMware y Total Recorder, no van a funcionar apropiadamente bajo CT. Así que usted podría tener que usar un reproductor diferente, y si su reproductor reproduce archivos MP3 piratas, entonces podría no tener autorización para reproducir los nuevos títulos, protegidos.

Es una aplicación para establecer la política de seguridad de sus archivos, usando una política de servidor en línea. Así el Reproductor Multimedia determinará qué tipo de condiciones se apegan a los títulos protegidos. Espero que Microsoft va a hacer todo tipo de acuerdos con los proveedores de contenidos, que va a experimentar con todo tipo de modelos de negocio. Usted puede obtener CD a un tercio del precio, pero que sólo se pueden reproducir tres veces; si usted paga los otros dos tercios, obtendrá todos los derechos. Usted podría tener autorización de prestar su copia alguna música digital a un amigo, pero luego su propia copia de seguridad no podrá reproducirse hasta que su amigo le devuelva la copia de seguridad principal. Más probablemente, usted no será capaz de prestar música en absoluto. El bloqueo digital progresivo hará la vida inconveniente en muchas insignificantes maneras; por ejemplo, la codificación regional pueden evitar verla versión en polaco de una película, si su equipo fue comprado fuera de Europa.

Todo esto se podría hacer hoy en día: Microsoft sólo tiene que descargar un parche en su reproductor - pero una vez que el TC haga que sea difícil para las personas alterar el software del reproductor, y fácil para Microsoft y la música la industria controlar lo que los reproductores hacen con todas las nuevas versiones, será más difícil que usted pueda escapar. El control de software del reproductor multimedia es tan importante que las autoridades antimonopolio de la UE están proponiendo penalizar a Microsoft por su comportamiento anticompetitivo obligando a desagregar el Reproductor Multimedia, o incluir reproductores que compitan con Windows. La CT aumentará en gran medida la profundidad y el alcance de los medios de control.

4. ¿Cómo funciona la CT?

TC provides for a monitoring and reporting component to be mounted in future PCs. The preferred implementation in the first phase of TC emphasised the role of a `Fritz' chip - a smartcard chip or dongle soldered to the motherboard. The current version has five components - the Fritz chip, a `curtained memory' feature in the CPU, a security kernel in the operating system (the `Nexus' in Microsoft language), a security kernel in each TC application (the `NCA' in Microsoft-speak) and a back-end infrastructure of online security servers maintained by hardware and software vendors to tie the whole thing together.

The initial version of TC had Fritz supervising the boot process, so that the PC ended up in a predictable state, with known hardware and software. The current version has Fritz as a passive monitoring component that stores the hash of the machine state on start-up. This hash is computed using details of the hardware (audio card, video card etc) and the software (O/S, drivers, etc). If the machine ends up in the approved state, Fritz will make available to the operating system the cryptographic keys needed to decrypt TC applications and data. If it ends up in the wrong state, the hash will be wrong and Fritz won't release the right key. The machine may still be able to run non-TC apps and access non-TC data, but protected material will be unavailable.

The operating system security kernel (the `Nexus') bridges the gap between the Fritz chip and the application security components (the `NCAs'). It checks that the hardware components are on the TCG approved list, that the software components have been signed, and that none of them has a serial number that has been revoked. If there are significant changes to the PC's configuration, the machine must go online to be re-certified: the operating system manages this. The result is a PC booted into a known state with an approved combination of hardware and software (whose licences have not expired). Finally, the Nexus works together with new `curtained memory' features in the CPU to stop any TC app from reading or writing another TC app's data. These new features are called `Lagrande Technology' (LT) for the Intel CPUs and `TrustZone' for the ARM.

Once the machine is in an approved state, with a TC app loaded and shielded from interference by any other software, Fritz will certify this to third parties. For example, he will do an authentication protocol with Disney to prove that his machine is a suitable recipient of `Snow White'. This will mean certifying that the PC is currently running an authorised application program - MediaPlayer, DisneyPlayer, whatever - with its NCA properly loaded and shielded by curtained memory against debuggers or other tools that could be used to rip the content. The Disney server then sends encrypted data, with a key that Fritz will use to unseal it. Fritz makes the key available only to the authorised application and only so long as the environment remains `trustworthy'. For this purpose, `trustworthy' is defined by the security policy downloaded from a server under the control of the application owner. This means that Disney can decide to release its premium content only to a media player whose author agrees to enforce certain conditions. These might include restrictions on what hardware and software you use, or where in the world you're located. They can involve payment: Disney might insist, for example, that the application collect a dollar every time you view the movie. The application itself can be rented too. The possibilities seem to be limited only by the marketers' imagination.

5. What else can TC be used for?

TC can also be used to implement much stronger access controls on confidential documents. These are already available in a primitive form in Windows Server 2003, under the name of `Enterprise rights management' and people are experimenting with them.

One selling point is automatic document destruction. Following embarrassing email disclosures in the recent anti-trust case, Microsoft implemented a policy that all internal emails are destroyed after 6 months. TC will make this easily available to all corporates that use Microsoft platforms. (Think of how useful that would have been for Arthur Andersen during the Enron case.) It can also be used to ensure that company documents can only be read on company PCs, unless a suitably authorised person clears them for export. TC can also implement fancier controls: for example, if you send an email that causes embarrassment to your boss, he can broadcast a cancellation message that will cause it to be deleted wherever it's got to. You can also work across domains: for example, a company might specify that its legal correspondence only be seen by three named partners in its law firm and their secretaries. (A law firm might resist this because the other partners in the firm are jointly liable; there will be many interesting negotiations as people try to reduce traditional trust relationships to programmed rules.)

TC is also aimed at payment systems. One of the Microsoft visions is that much of the functionality now built on top of bank cards may move into software once the applications can be made tamper-resistant. This leads to a future in which we pay for books that we read, and music we listen to, at the rate of so many pennies per page or per minute. The broadband industry is pushing this vision; meanwhile some far-sighted people in the music industry are starting to get scared at the prospect of Microsoft charging a percentage on all their sales. Even if micropayments don't work out as a business model - and there are some persuasive arguments why they won't - there will be some sea-changes in online payment, with spillover effects for the user. If, in ten years' time, it's inconvenient to shop online with a credit card unless you use a TC platform, that will be tough on Mac and GNU/linux users.

The appeal of TC to government systems people is based on ERM being used to implement `mandatory access control' - making access control decisions independent of user wishes but based simply on their status. For example, an army might arrange that its soldiers can only create Word documents marked at `Confidential' or above, and that only a TC PC with a certificate issued by its own security agency can read such a document. That way, soldiers can't send documents to the press (or email home, either). Such rigidity doesn't work very well in large complex organisations like governments, as the access controls get in the way of people doing their work, but governments say they want it, and so no doubt they will have to learn the hard way. (Mandatory access control can be more useful for smaller organisations with more focused missions: for example, a cocaine smuggling ring can arrange that the spreadsheet with this month's shipment details can be read only by five named PCs, and only until the end of the month. Then the keys used to encrypt it will expire, and the Fritz chips on those five machines will never make them available to anybody at all, ever again.)

6. OK, so there will be winners and losers - Disney might win big, and some smartcard makers might go bust. But surely Microsoft and Intel are not investing nine figures just for charity? How will they make money out of it?

For Intel, which started the whole TC thing going, it was a defensive play. As they make most of their money from PC microprocessors, and have most of the market, they can only grow their company by increasing the size of the market. They were determined that the PC will be the hub of the future home network. If entertainment is the killer application, and DRM is going to be the critical enabling technology, then the PC has to do DRM or risk being displaced in the home market.

Microsoft, who are now driving TC, were also motivated by the desire to bring entertainment within their empire. But they also stand to win big if TC becomes widespread. There are two reasons. The first, and less important, is that they will be able to cut down dramatically on software copying. `Making the Chinese pay for software' has been a big thing for Bill; with TC, he can tie each PC to its individual licenced copy of Office and Windows, and lock bad copies of Office out of the shiny new TC universe.

The second, and most important, benefit for Microsoft is that TC will dramatically increase the costs of switching away from Microsoft products (such as Office) to rival products (such as OpenOffice). For example, a law firm that wants to change from Office to OpenOffice right now merely has to install the software, train the staff and convert their existing files. In five years' time, once they have received TC-protected documents from perhaps a thousand different clients, they would have to get permission (in the form of signed digital certificates) from each of these clients in order to migrate their files to a new platform. The law firm won't in practice want to do this, so they will be much more tightly locked in, which will enable Microsoft to hike its prices.

Economists who have studied the software industry concluded that the value of a software business is about equal to the total costs of its customers switching out to the competition; both are equal to the net present value of future payments from the customers to the software vendor. This means that an incumbent in a maturing market, such as Microsoft with its Office product, can grow faster than the market only if it can find ways to lock in its customers more tightly. There are some ifs and buts that hedge this theory around, but the basic idea is well known to software industry executives. This explains Bill G's comment that `We came at this thinking about music, but then we realized that e-mail and documents were far more interesting domains'.

7. Where did the technical ideas come from?

The TC concept of booting a machine into a known state is implicit in early PCs where the BIOS was in ROM and there was no hard drive in which a virus could hide. The idea of a trusted bootstrap mechanism for modern machines seems to have first appeared in a paper by Bill Arbaugh, Dave Farber and Jonathan Smith, ``A Secure and Reliable Bootstrap Architecture, in the proceedings of the IEEE Symposium on Security and Privacy (1997) pp 65-71. It led to a US patent: ``Secure and Reliable Bootstrap Architecture, U.S. Patent No. 6,185,678, February 6th, 2001. Bill's thinking developed from work he did while working for the NSA on code signing in 1994, and originally applied to rebooting ATM switches across a network. The Microsoft folk have also applied for patent protection on the operating system aspects. (The patent texts are here and here.)

There may be quite a lot of prior art. Markus Kuhn wrote about the TrustNo1 Processor years ago, and the basic idea behind a trustworthy operating system - a `reference monitor' that supervises a computer's access control functions - goes back at least to a paper written by James Anderson for the USAF in 1972. It has been a feature of US military secure systems thinking since then.

8. How is this related to the Pentium 3 serial number?

Intel started an earlier program in the mid-1990s that would have put the functionality of the Fritz chip inside the main PC processor, or the cache controller chip, by 2000. The Pentium serial number was a first step on the way. The adverse public reaction seems to have caused them to pause, set up a consortium with Microsoft and others, and seek safety in numbers. The consortium they set up, the Trusted Computer Platform Alliance (TCPA), was eventually incorporated and changed its name to TCG.

9. Why call the monitor chip a `Fritz' chip?

It was named in honour of Senator Fritz Hollings of South Carolina, who worked tirelessly in Congress to make TC a mandatory part of all consumer electronics. (Hollings' bill failed; he lost his chairmanship of the Senate Committee on Commerce, Science and Trasportation, and he's retiring in 2004. But the Empire will be back. For example, Microsoft is spending a fortune in Brussels promoting a draft Directive on IP enforcement which is seriously bad stuff.)

10. OK, so TC stops kids ripping off music and will help companies keep data confidential. It may help the Mafia too, unless the FBI get a back door, which I assume they will. But apart from pirates, industrial spies and activists, who has a problem with it?

A lot of companies stand to lose out directly, such as information security vendors. When it first launched TC as Palladium, Microsoft claimed that Palladium would stop spam, viruses and just about every other bad thing in cyberspace - if so, then the antivirus companies, the spammers, the spam-filter vendors, the firewall firms and the intrusion detection folk could all have their lunch stolen. That's now been toned down, but Bill Gates admits that Microsoft will pursue the computer security market aggressively: "Because it's a growth area, we're not being that coy with them about what we intend to do."

Meanwhile, the concerns about the effects on competition and innovation continue to grow. The problems for innovation are well explained in a recent New York Times column by the distinguished economist Hal Varian.

But there are much deeper problems. The fundamental issue is that whoever controls the TC infrastructure will acquire a huge amount of power. Having this single point of control is like making everyone use the same bank, or the same accountant, or the same lawyer. There are many ways in which this power could be abused.

11. How can TC be abused?

One of the worries is censorship. TC was designed from the start to support the centralised revocation of pirate bits. Pirate software won't run in the TC world as TC will make the registration process tamper-resistant. But what about pirated songs or videos? How do you stop someone recording a track - if necessary by putting microphones next the speakers of a TC machine, and ripping it into an MP3? The proposed solution is that protected content will contain digital watermarks, and lawful media players that detect a watermark won't play that song unless it comes with an appropriate digital certificate for that device. But what if someone hacks a Fritz chip and does a transaction that `lawfully' transfers ownership of the track? In that case, traitor tracing technology will be used to find out which PC the track was ripped from. Then two things will happen. First, the owner of that PC will be prosecuted. (That's the theory, at least; it probably won't work as the pirates will use hacked PCs.) Second, tracks that have been through that machine will be put on a blacklist, which all TC players will download from time to time.

Blacklists have uses beyond music copying. They can be used to screen all files that the application opens - by content, by the serial number of the application that created them, or by any other criteria that you can program. The proposed use for this is that if everyone in China uses the same copy of Office, you do not just stop this copy running on any machine that is TC-compliant; that would just motivate the Chinese to use normal PCs instead of TC PCs. You also cause every TC-compliant PC in the world to refuse to read files that have been created using this pirate program. This will put huge pressure on the Chinese. (The precedent is that when spammers started using Chinese accounts, many US ISPs simply blackholed China, which forced the government to crack down on spam.)

The potential for abuse extends far beyond commercial bullying and economic warfare into political censorship. I expect that it will proceed a step at a time. First, some well-intentioned police force will get an order against a pornographic picture of a child, or a manual on how to sabotage railroad signals. All TC-compliant PCs will delete, or perhaps report, these bad documents. Then a litigant in a libel or copyright case will get a civil court order against an offending document; perhaps the Scientologists will seek to blacklist the famous Fishman Affidavit. A dictator's secret police could punish the author of a dissident leaflet by deleting everything she ever created using that system - her new book, her tax return, even her kids' birthday