Virtual OS/2 International Consumer Education
VOICE Home Page: http://www.os2voice.org
January 2003

[Newsletter Index]
[Previous Page] [Next Page]
[Feature Index]

editor@os2voice.org


»TCPA« and »Palladium«
- another step towards immaturity or a step towards emancipation?

By Eric Baerwaldt© January 2003, Translation: Philhard Ackermann

»Enlightenment is the egression of Man
 from his self-inflicted immaturity.«
Immanuel Kant

Almost unnoticed by the general public are some new mysterious buzzwords around in the world of IT professionals: »TCPA« and »Palladium«. I found them interesting enough to dig a little bit deeper into them, because the very fact that the term »Palladium« in this case, doesn't mean some precious metal as it does in science, but has been established by »Microsoft«, bodes something ill and raised my suspicions.
The much more neutral term »TCPA« (standing for »Trusted Computing Platform Alliance«) on the other hand seems to raise positive or at least neutral emotions at first - but really only at first, because if one becomes aware of the horror scenario imposed by »TCPA« combined with »Palladium« this should be enough to cause nightmares even for the most low-brow users.

So what are these terms really about, what are the intentions behind them and what do the new technical solutions they imply mean for us as IT users?

The »TCPA« is a joint-venture of leading hardware manufacturers like IBM, HP, AMD and Intel which intend to make the PC platform more secure by implementing special new hardware technologies. As all of us are aware the monoculture in the area of operating systems caused by the unbearable monopole of the »Microsoft« company, which, in combination with the bad quality of their software products, has caused a genuine flood of computer virusses, so-called trojan horses, worms and security leaks which can make the use of a computer system quite annoying. Now that's exactly what the companies participating in »TCPA« are trying to deal with. They intend to do so with the help of a so-called »Fritz« chip (from the name of US Senator Fritz Hollings) - a noble pursuit. Under the hood this Fritz chip is nothing but a crypto unit which is planned to be integrated into forthcoming generations of personal computers to improve their overall security. The chip stores a bunch of hardware and user specific keys. The instant the PC gets switched on the Fritz chip starts to work, checking every key it has in store. At first it examines the BIOS, then all BIOS extensions implemented by the plug-in cards found in that particular machine. Then it checks the hard disk, and after that it even examines the boot sector, the boot loader, the OS kernel and every device driver. Since it calculates a checksum on each of these steps and generates a unique 160 bit number by combining the results of it's examination with some special key, Fritz has complete control over the entire computer system at any given time. 

That raises the very first problem for PC users: even a flash update of the PC's BIOS would render the whole system inoperative, because afterwards the numbers calculated by Fritz at boot time would no longer equal the certified values stored inside the chip's tables. At times where BIOS updates are quite common even with consumer products because of sloppily implemented BIOS code the Fritz chip wouldn't really be a blessing for the average user. The same goes for those trying to attach, for instance, a new video card or some larger hard disk - any modification of a hardware which is based on a Fritz chip leads to a, most probably somewhat expensive, re-certification of the entire system to re-achieve »TCPA-compliance«. This re-certification process includes an online verification and readjustment of that machine's internal compliance tables against a hardware certification list (HCL) and a serial number revocation list (SRL).

If Fritz has found everything to be »TCPA compliant« at boot-time, it transfers control to the operating system. That's the point where, as we might have expected, »Microsoft« with their »Palladium« technology joins the game. As soon as the user starts an application, it gets verified against the SRL values of the Fritz chip's internal tables. If the application doesn't use a valid license or serial number or if it's license has been revoked, it simply won't be allowed to run. If the application turns out to be »TCPA compliant« and gets released and is allowed to run, the machine goes online and checks against another list containing revoked documents (DRL), to prevent the user to open files he has no authorization for. 

So, what at first seems to be an effective countermeasure against virusses, trojan horses and worms in fact turns out to incapacitate the user. Of course »Palladium« is fancied by members of the recreational industry, because it might be capable of aiding them in their struggle against unauthorized reproduction and distribution of copyrighted products via the internet, and thus offering the possibility to effectively dry up mp3 file swap networks and similar services, thanks to »Microsoft«. Even the use of a PC to copy some song for private purposes is most effectively prevented; so, thanks to »Microsoft«,  those companies will be able to fill their already cram-full pockets with even more cash!

Of course the user still has the choice whether to install and use an application that lacks »TCPA compliance« on his home machine. When »Palladium« gets aware of such an application, the entire system is declared to be 'compromised' and any compliant application including all their files are shut down.  What use such a system might afterwards be is not too hard to guess. 

But let's step a little further and consider the aftermath of such a kind of technology:

  1. All those SRLs, DRLs und HCLs that are absolutely necessary to confirm a PC's compliance will be stored an accessed from some central spot on the internet. This means that hackers don't need to attack individual PCs any longer, but can instead concentrate their efforts on these servers, and may therefore be able to immobilize millions of machines with a single successful attack. 

  2. It doesn't take much imagination to picture how »Palladium« might deal with unwanted products by some Microsoft competitors: When a certain software product is intended to be certified as 'non-compliant', it may just be put on »Palladium's« »black list«. Then, after such an application gets started, the machine it runs will be »compromised« and thus only of limited use for the owner. That way most people would  rather consider using 3rd class »Microsoft« spyware for the next time...

  3. Certifying software and files means big bucks - there are estimates about the cost for a single application to be in the range of 100000's of dollars. As a result of this licensing scheme the freeware community would quickly vanish from the scene. Thousands of programmers who have spent many hours and much effort to produce quite valuable products given away for free would, thanks to »Microsoft«, a convicted illegal monopolist, no longer have neither the chance nor the motivation to still offer their oftenly most innovative products to the public.

  4. The whole area of GPL-licensed products would simply be wiped off the landscape, because on one hand there would be a large amount to be spent in certification without any income on the other hand. Thus one of the most dangerous »Microsoft« competitors, the community of developers of GPLed software products, who oftenly work for idealistic and ethical reasons, would be gotten rid of with a single blow.  

  5. »Microsoft's« monopoly position in the OS market would be even stronger than before, because competitors' OSes would, if they were to be able to deal with a Fritz chip and a »Palladium« environment, also have to be designed to be »TCPA compliant«. For OS/2 WARP, most of those Linux distributions and systems like FreeBSD, NetBSD or even BeOS and (with some exclusions) QNX the need for »TCPA« and »Palladium« compliance would mean the extinct from the PC market, because without that compliance these often superior OSes would be considered 'insecure'. OS/2 WARP and eComStation would be abandoned and erased by organisations like banks, insurances and other professional customers, in favour of mostly inferior »Windows« systems. The one and only alternative as of today might then be HP-Linux, because HP already work on their Linux product to achieve »TCPA« and »Palladium« compliance.

  6. With the »Palladium« system the open, democratic structure of the internet would be finally buried and replaced by a »Microsoft« owned environment where freedom of choice and opinion would be monopolized and all content censored by a single company. By freely designing their system of certification and licensing fees, »Microsoft« could effectively prevent any distribution of criticism via documents or by distribution of software products. On top of everything, even news services other than those owned by »Microsoft« would be affected - voluntary and creditable initiatives like, for instance, VOICE, who have designated themselves to the enlightenment of the OS/2 community, would have to pay certification fees to »Microsoft« to achieve »Palladium« compliance for each and every article to prevent to be blacklisted on those DRL servers. The internet as a means of distribution of democratic ideals would be destroyed and would degenerate to an organ of »Microsoft«.

  7. Because of the tight interconnection of »Palladium« and the Fritz-Chip with hardware and software the 2nd hand market for software products would be disrupted, since, because of the encryption involved in the process, a software product once certified by the TCPA and »Palladium« would be strictly confied to a particular machine. For »Microsoft« this would mean an old dream to come true: anyone purchasing a new PC would also be forced to newly buy Redmont software, because the software from the old machine could only be transferred by clearance of the old serial numbers - something that is simply not mentioned in the according standardisation guidelines. 

The horror scenarios illustrated in this article don't seem too absurd: Bill Gates has some strong allies within the recreational industry, all of them trying to maximise their profits at any cost, even if that not only means to hollow basic democratic and ethic principles, but even to openly spurn them or lay them aside. The aftermath of his new technology is not yet being discussed in public; until now, Gates has always attached great importance on being a protagonist of the struggle against illegal copying for the sake of the software and recreational industry, and allegedly for the benefit of the end user. With »Palladium« »Microsoft« has, almost hidden from the public and once and for all, crossed a line which, until now, has prevented the alleged protagonist Gates from enforcing his copyrights: now it's all about complete control of the informational society by a company that has repeatedly been convicted of criminal actions - a threat of world domination of mass media by a small clique, backed by a bunch of international mass media corporate groups acting in good faith, which seemingly haven't realised yet that, blinded by their addiction to profit, they are turning themselves over to a man, who others consider to be the most dangerous contemporary since Adolf Hitler.

It's about time that all democratic people among IT professionals and users get up, rub their eyes and start to react, because:

»You must not wait until the snowball has become an avalanche. You have to tread the running snowball. The avalanche can't be held up any more. It will only stop once it has burried everything underneath itself...« Erich Kästner


[Feature Index]
editor@os2voice.org
[Previous Page] [Newsletter Index] [Next Page]
VOICE Home Page: http://www.os2voice.org