TPCA vs DMCA

[Canadian Lover]

It seems like a lot of people have been asking the difference between DMCA and TCPA. So, one and for all, Here's the definions:

TCPA

The Trusted Computing Group (TCG), successor to the Trusted Computing Platform Alliance (TCPA), is a controversial initiative led by AMD, Hewlett-Packard, IBM, Intel, Microsoft, Sony, and Sun Microsystems to implement trusted computing.

TCG's original major goal was the development of a Trusted Platform Module (TPM), a hardware intellectual property block or integrated circuit that conforms to the trusted platform module specification put forward by the Trusted Computing Group and is to be included with computers to enable trusted computing features. TCG-compliant functionality has since been integrated directly into certain mass-market chipsets.

The Trusted Computing Group (TCG) is an alliance of Microsoft, Intel, IBM, HP and AMD which promotes a standard for a `more secure' PC. Their definition of `security' is controversial; machines built according to their specification will be more trustworthy from the point of view of software vendors and the content industry, but will be less trustworthy from the point of view of their owners. In effect, the TCG specification will transfer the ultimate control of your PC from you to whoever wrote the software it happens to be running. (Yes, even more so than at present.)

Can you trust your computer?
Trusted Computing Group official site
AgainstTCPA
Ross Anderson's TCPA FAQ

DMCA

The Digital Millennium Copyright Act (DMCA) is a controversial United States copyright law. The act criminalizes production and dissemination of technology that can circumvent measures taken to protect copyright, not merely infringement of copyright itself, and heightens the penalties for copyright infringement on the Internet. Passed on May 14, 1998 by a unanimous vote in the United States Senate and signed into law by President Bill Clinton on October 28, 1998, the DMCA amended title 17 of the US Code to extend the reach of copyright, while limiting the liability of Online Providers from copyright infringement by their users.

Wikipedia DMCA article
Electronic Frontier Foundation's DMCA Archive
US Copyright Office's summary of the DMCA

Hops this helps newbies

[muzzy]

Oh dear god NO at the definition of trusted computing there! That FAQ is also crap. The real problem isn't the technology, the problem is completely different from TCPA. TCPA is good stuff, DMCA (and in EU, EUCD) is what makes its applications a bad thing. But that doesn't apply to just implementations using TCPA, these laws make a lot of other things equally uneasy.

[WMD]

TCPA is good stuff, DMCA (and in EU, EUCD) is what makes its applications a bad thing.

So what's an example of "good" TCPA?

[Canadian Lover]

Oh dear god NO at the definition of trusted computing there! That FAQ is also crap. The real problem isn't the technology, the problem is completely different from TCPA. TCPA is good stuff, DMCA (and in EU, EUCD) is what makes its applications a bad thing. But that doesn't apply to just implementations using TCPA, these laws make a lot of other things equally uneasy.

Look, it's an anti-TCPA forum so of course its going to be slanted.

[muzzy]

Sorry for the slow responses, I don't check here often, been busy nowadays. (I suppose you've seen me linked from boingboing, sysinternals, etc)

TCPA would make remote server management securely a lot more fun, as it'd be significantly harder to own the system in a way that can't be noticed. It's common in the linux world for a server to be owned and sshd switched to a version that logs passwords. With TCPA, you could have your linux system where this kind of attack is simply impossible to do, because you could authenticate against isolated code...

[Annorax]

Sorry for the slow responses, I don't check here often, been busy nowadays. (I suppose you've seen me linked from boingboing, sysinternals, etc)

TCPA would make remote server management securely a lot more fun, as it'd be significantly harder to own the system in a way that can't be noticed. It's common in the linux world for a server to be owned and sshd switched to a version that logs passwords. With TCPA, you could have your linux system where this kind of attack is simply impossible to do, because you could authenticate against isolated code...

With TCPA, you can also have your system remotely damaged or destroyed by software providers just on the suspicion that you might have done something they don't like. How would you like it if you bought a crapload of music or software, then someone decided you were a pirate and legally broke into your system to delete it all or just self-destructed your box? While there are potential gains from TCPA, the potential for abuse far outweighs the gains.

[muzzy]

Annorax, not quite so. IMO, that's backwards logic that stems from trying to understand a system based on a description rather than specification. You don't need TCPA to have software providers control your system, if they ship the software they decide what your system does and that's it. This kind of mechanism doesn't need TCPA to be implemented, and I don't see how TCPA is a factor in this at all.

If you want to talk about risks, please mention something that cannot be implemented already or that actually gets worse somehow. TCPA doesn't change what's legal and what isn't, which seems to be something you assume.

[Annorax]

Annorax, not quite so. IMO, that's backwards logic that stems from trying to understand a system based on a description rather than specification. You don't need TCPA to have software providers control your system, if they ship the software they decide what your system does and that's it. This kind of mechanism doesn't need TCPA to be implemented, and I don't see how TCPA is a factor in this at all.

If you want to talk about risks, please mention something that cannot be implemented already or that actually gets worse somehow. TCPA doesn't change what's legal and what isn't, which seems to be something you assume.

You don't need TCPA to be 0wn3d by a software provider or copyright owner. It just makes 0wn3ge a lot easier.

TCPA doesn't change what's legal YET. There's still that minor issue of the bill Microsoft was going to have introduced that would've made sale of non-TCPA computers illegal. Rumor has it they're going to try again.

[Kintaro]

A lot of false notions about the TPM exist, and simply the Trusted Platform Module is a cryptoprocessor. The biggest misunderstanding is that it can stop you from freely running applications, what it really stops is these applications, like OpenOffice, or the SECUROM crack for Grand Theft Auto IV (if they used it, which they didn't) from being able to make the slightest bit of sense of the GTAIV binaries in memory or otherwise. One thing that won't be implemented on a TPM secured game is the good old trainer and this is sad. Yet, I honestly believe it is getting pretty disgusting that everyone from graphic artists to software developers are getting short changed just because they don't believe their software should be free.

Also, one could look at the TPM as an alternative to Statism such as the DMCA being necessary at all. Microsoft and software publishers benefit with the TPM simply because your revenue and being able to protect it simply isn't based on the size of legal teams. There is a valid issue also against software patents that startups simply don't have enough lawyers - and people working in large companies can often be told their great works are untenable because of a multitude of patents. Yet it is the big companies that have defensive patents, you didn't see Apple wipe out Palm's WebOS because they had the patent and they also had a huge growth in market capital on Wall Street over its announcement.

Simply, I believe in human liberty and the TPM is not being forced into computers, and the device itself doesn't force me to run software. The specification allows the user control of things because of the simple economic problems behind central planning. These companies are currently giving people what they want.

I personally like the idea of TPM and a thing called "Free Banking," where you have multitudes of currencies to avoid currency shocks and recessions from spreading as easily. Essentially, it means someone without the apparatus of a specialist printer to create something impossible to counter-fiet is no longer needed. I do believe even in the current shitty economic system where there is no free market for the exchange medium itself, TPM will be used, and in a way, you will be obliged to use it just to access online banking with perfect security.

This means it will probably be tied with RFID chips, that for security purposes could be in your arm. I've thought for my scifi for a kind of "bone code" where raditation burns a code into your bones that a reader accesses. As a dreamer, all of what I write is speculation. I don't think security technology should be feared.