Trusted Computing—Threat, Menace, or Joke?

Is anybody paying attention to this latest set of industry initiatives?

There is a growing buzz about the initiative known as Trusted Computing, as outlined at the Trusted Computing Platform Alliance (TCPA) Web site. The TCPA is a group of vendors founded by AMD, HP Compaq, IBM, Intel, and Microsoft. Now the list of companies supposedly involved is over 200. According to the rationale on the Web site, the whole thing was developed "to work on creating a new computing platform for the next century that will provide for improved trust in the PC platform." The problem is, all this makes no sense. How does a "new" platform improve trust in the PC platform that now exists unless it replaces it? Anyway, thats what the group says, and it immediately arouses suspicions, especially in the open source community, which sees it as a plot. Is it a plot? Or is it a joke? Im thinking its not just a joke, but a wheel-spinning, dead-end, money-wasting laugh-riot fiasco of a joke. Do I make myself clear on this?

Having said that, there is a remote possibility that this initiative is a smoke screen to keep the digital rights management (DRM) mavens in Hollywood and Washington, DC happy knowing the industry is doing something about DRM. After all, much of the wheel-spinning in the TCPA is DRM-related. And every time we turn around, we hear some ghastly rumor about Microsoft adding more and more DRM protection in the soon-to-be-released, in-beta-soon media player. Somehow Microsoft will prevent (with the code in Longhorn or whatever comes after Longhorn) any non-media-player software from working at all on its OS, since the OS itself will be DRM-enabled. Oh, puh-leeze.

Lets start with the basics. This whole idea goes back to Intels 1999 attempt to put a serial number into microprocessors. The company should have done this in 1978 if it was going to try at all. The precedent for no serial number is now set in stone. The TCPA initiative is a second attempt to do serial numbers. Old wine in new bottles, as it were. Intel is believed to be behind the whole TCPA idea and Im convinced thats because the company has bought into the wacky notion of an entertainment-centric world with everyone sitting around watching HDTV. Well all be doodling on our wireless pad computers while robots massage our feet and peel grapes for us. Intel sure doesnt want to be cut out of that action if this stupid vision of the future requires DRM to work, does it?

Now use Goofys voice: "You know, gosh, there will be a lot of microprocessors sold that play them Blu-ray DVDs and network the entertainment all over the house, you know. Golly, gee whiz. He-yulk."

Now it gets better. Apparently, TCPA would work so that, for example, Microsofts Palladium software running on a TCPA machine could create a Word document that could not be read by any non-TCPA system, no matter what you might try! And to make the idea even more ridiculous, there would be no way—because of the Digital Millennium Copyright Act—you could even try to make the document readable. This paranoid concept and many others are fully explored ad nauseam at this so-called Trusted Computing FAQ, which is actually a maniacal rant by Ross Anderson and not a FAQ at all. I do recommend reading it in its entirety, though. It is a great rant.

Whats overlooked in all this is the simple fact that the public at large is not going to even consider whats being proposed. This is just not going to happen. Its going to cost money. Its going to be inconvenient, because of the millions of legacy machines out there. Its a support nightmare. And every hacker in the world is going to try to crack it within five minutes of its introduction. And as for the DMCA and its provisions against reverse engineering and all that—gosh, like a hacker in Venezuela is going to care.

This is what makes the FAQ so interesting. If any of you can recall the fuss from long ago that was made when Intel suggested using serial numbers in CPUs, can you imagine the reaction to this idea? Right now, nobody is paying much attention. The topic is just under the radar, since TCPA does look more like a drinking club than a real standards-setting group. And the only concrete thing thats been announced is the vaporware called Palladium. Nobody could figure out what that was about, or cared. After all, whatever happened to Hailstorm? That was Microsofts other big scheme. Microsoft, in fact, has renamed Palladium to Next Generation Secure Computing Base (NGSCB). When the shorthand for these organizations goes over four letters, they are always doomed to failure. To further confuse matters, on April 8, AMD, IBM, Intel, and Microsoft formed the Trusted Computing Group to "advance the adoption of trusted computing technologies." Exactly why the TCPA couldnt do that is mystifying and ridiculous. Does anyone sense a Keystone Kops kind of thing happening here? What next? The Trusted Computing Consortium? Then the Trusted Computing Union? Give me a break. How about Secure Universal Computing and Key Standards—SUCKS, for short. That would be apt.

Discuss this article in the forums.

More articles from John Dvorak: