Soenke Zehle [c] on Wed, 1 Mar 2006 13:52:42 +0100 (CET)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

<nettime> Gehring on Lenovo's Move to Combine TC and Biometrics

Update from Indicare on the Lenovo move to combine TC and biometrics, Soenke

Trusted computing for digital rights management
By: Robert A. Gehring, Computers and Society, TU Berlin, Germany on:
01/03/06 [10:52] (6 reads)

Abstract: The relationship between trusted computing (TC) systems and
digital rights management (DRM) systems is discussed. Trusted systems
technology was developed in the 1960s, while the modern concept of DRM
is a brainchild of the Internet era of the 1990s. While TC technology
can be used to build DRM systems, both belong to different categories
and should not be confused. TC technology may as well be deployed to
protect "darknets" (Biddle et al. 2003) for sharing data. Making
TC-based "copyright boxes" (Stefik 1999) is by no means a guarantee for
business success in marketing digital content where consumer demand is

Keywords: technical analysis consumer expectations, copyright boxes,
darknets, DRMS, trusted computing, trusted systems
(19403 bytes) 	Print Translation


First things first. No, trusted computing (TC) is not the same as
digital rights management (DRM). DRM technology has been built, and will
be built in the future, entirely without relying on TC support. And yes,
DRM can be based on TC technology, as Chinese PC maker Lenovo has just
demonstrated (cf. Dornan 2006).

According to Information Week, Lenovo's latest ThinkPad model uses a
fingerprint sensor in combination with a trusted platform module chip
(TPM) and software support from Microsoft and Adobe for controlling
access to, and distribution of, PDF documents (Dornan 2006). Lenovo's
DRM approach ties biometrics, content (i.e., documents), and TPM
support, in order to enforce usage rights and monitor actual use of the
content. Accessing a "controlled" PDF document first requires
authentication through fingerprint identification; without
authentication, access is denied. The creator of the document is the one
who determines who subsequently may access the PDF. The Lenovo system is
also prepared to track acts of accessing and reading the document, and
reporting this information. Whether the TPM plays a key role in the
scenario is unclear as of now.

Depending on your standpoint, Lenovo's innovation may be "particularly
frightening" (Dornan 2006) or a good thing. And that exemplifies the
crux of trusted computing in general: What is good use or evil use
depends on purpose and positioning. In itself, trusted computing is
merely a tool, as recently pointed out by Linux kernel developer Alan
Cox: "There's a lot of political debate, that it's really evil or good.
But it's only a tool" (Marson 2006). Those who use this tool with
intention will decide on its meaning.

Although TC technology has primarily been propagated for security
improvement of networked end systems, multiple observers were quick to
point out that some of its basic features were similar to mechanisms
that allow supporting DRM. In some extreme cases, TC has literally been
equated with DRM; this is, as a thinly veiled attempt to introduce
ubiquitous control mechanisms on formerly open PC architectures.

As a tool for making the behaviour of computer systems more predictable,
by enforcing rules on users and processes (i.e., mandatory access
control), trusted computing creates ample opportunity for ruling out
undesirable effects of software -- and software users. At the same time
it empowers parties controlling access to the rule-making process to
forcing users to comply with their private interests, and to cut out
competitors, when attempting to access, and use, system resources.
Whether any such attempt will be successful in the long run is
contingent on economical and political factors as well.

As the latest Sony-BMG debacle with the XCP and MediaMax? copy
protection software has shown, misjudgements of consumer expectations
can easily lead to costly backlashes, and even to legal and legislative
action (Helberger 2006; Leyden 2006; and see the documentation at
Groklaw 2006). Hence, the price of using digital rights management be it
based on trusted computing technology or not may be higher than the
price of foregoing access control in the first place. And as David
Pakman, CEO of, emphasised, the logic of DRM is not
necessarily good business logic, too: "If it were possible to
demonstrate that non-DRM'ed music encourages more sales, wouldn't it
make sense for the industry to offer portions of its catalog as
unrestricted MP3 files? It seems like bad business to bind every
category of customer and every category of product with the same sales
offering" (Pakman 2005).

While TC technology may be helpful in "hardening" DRM systems, it is in
no way helpful for selling music beyond demand. And if systems are
almost impossible to crack, and that it is what TC promises to do,
governments are highly concerned (Stone-Lee 2006). And from a
content-owners point of view, trusted systems built on TC technology, in
fact may well turn out as a nightmare. A network of trusted systems
could be used to establish a technically impenetrable file sharing
community, a TC-protected darknet (for darknets see Biddle et al. 2003).

So when discussing the relationship between DRM and trusted computing,
one has to keep in mind that not everything that is technologically
feasible is economically viable or politically acceptable at the same tim=

This article discusses in short the relationship between DRM and trusted
computing, and what makes TC technology useful for implementing DRM. For
practical reasons, it is not possible here to delve into details of TC
technology. Instead, the interested reader is referred to (Pearson et
al. 2003; Smith 2005).

"Trusted computing is DRM": Dispelling a myth
Learning some facts about the history of trusted computing and DRM might
be helpful in distinguishing the relative merits of either concept.

Historically, trusted computing has its roots in the concept of trusted
systems (Kuhlmann and Gehring 2003). Trusted systems are neither new nor
invented by the Trusted Computing Group (TCG), the body behind the most
important TC architecture. Actually, research on trusted systems dates
back to the 1960s. Efforts were driven by government and military needs
for effective protection of information in the cold war era. Two
research approaches proved particularly influential:

     * The reference monitor (RM) concept introduced in 1973 by James
Anderson (Anderson 2001, p.140); and

     * The Bell=96LaPadula? (BLP) model as introduced in the same year by=

D. Elliott Bell and Leonard J. LaPadula (Anderson, Stajano and Lee 2001,

While Anderson's reference monitor has been conceived as a proposal for=

governmental establishments, BLP was developed for a military
environment with well-defined security requirements.

BLP was primarily designed to deal with restricting the information flow
between formally distinguished security levels and compartments. The RM
concept, on the other hand, models a system architecture suitable to
enforce arbitrary access control policies. It can be regarded as a
container to be filled with a rule set of choice. As such it is pretty
generic and flexible "an abstract machine that mediates all accesses to
objects by subjects" (Bishop 2003, p.502).

Once filled with an access control policy, i.e. specific rules for
access control, a reference monitor will enforce that policy. A
validated, tamper-resistant implementation of a RM forms the policy-core
of a trusted system, its so called trusted computing base (TCB), and
"consists of all protection mechanisms within a computer system
including hardware, firmware, and software that are responsible for
enforcing a security policy" (Bishop 2003, p.502).

Note the interplay of =93hardware, firmware, and software=94 making the
trusted system work. One important but often overlooked property of the
trusted system concept is its policy-neutrality; it was not designed as
a DRM concept (see below). In practice, however, concrete trusted
systems will enforce specific policies. It depends on all three factors
=96 =93hardware, firmware, and software=94 =96 which access control rules=
be enforced. In other words, hardware vendor, firmware vendor, and those
who provide and configure the system's software stock, will set the
rules. Conceptually, trusted systems are as able to enforce DRM policies
as they are to enforce =93mandatory open-access=94 (think of a system tha=
refuses to create files with access control attributes).

TCG (former TCPA) and trusted systems

Founded in 1999 by Compaq, HP, IBM, Intel, and Microsoft, the Trusted
Platform Computing Alliance (TCPA) was relaunched in 2003 as the Trusted
Computing Group (TCG). As of January 2006, the TCG had more than 120

The TCG's mission is to "develop and promote open, vendor-neutral,
industry standard specifications for trusted computing building blocks
and software interfaces across multiple platforms" (Trusted Computing
Group 2006). It does not provide hardware or operating system software.

TCG specifications exist so far for:

     * Infrastructure Specifications
     * PC Client Specifications
     * Trusted Platform Module (TPM) Specifications
     * Trusted Network Connect (TNC) Specifications
     * TPM Software Stack (TSS) Specifications
     * Server Specific Specifications

The one outstanding advantage the industry-wide approach of the Trusted
Computing Group has to offer for building trusted systems is that it
standardises components. TC enables mass-production of hardware
components and reuse of software components, thus making it
comparatively cheap to build trusted systems.

 From trusted systems to DRM

Digital rights management (DRM) is a relatively new development going
back to the 1990s. Mark Stefik, researcher at Xerox's Palo Alto Researc=
Center, promoted the idea of "usage rights management" (Stefik 1996a,
p.221) =96 a term much more appropriate to describe what DRM does =96 for=

digitally distributing intellectual property. He located the root of the
problem of selling content in the architecture of modern personal
computer systems: "Fortunately, computers need not be blind instruments
of copyright infringement. Properly designed digital systems can be more
powerful and flexible instruments of trade in publications than any
other medium. The seeming conflict between digital publishing and
commerce is merely a consequence of the way computer systems have been
designed to date." To overcome this =93design flaw,=94 he suggested using=

"techniques for commerce in what we call digital property rights or
usage rights=85several kinds of rights besides copying" (Stefik 1996a,
p.221). That comes close to what DRM systems do today.

What is a DRM system?

Although, there is no single one definition for what constitutes a DRM
system, the modern conception regards three elements as crucial (Rump 200=

     * Technology;
     * Law; and
     * Business Model.

The business model is this: keeping supply of certain binary data short
and charging for metered access to this artificially =93scarce resource=94=
Technology is applied to protect this business model for marketing
binary data by controlling access to, and usage of, while legal
protection for technological measures discourages circumventing
technological barriers to otherwise free access to data. Due to very
liberal laws, there is no need for the data to represent =93works of
authorship=94 under copyright protection, and it is not hard to find an
old movie, the copyright of which has expired, to be nevertheless
distributed on DVD with CSS copy-protection.

The only perfect DRM system is one that can neither be broken nor
avoided. And while this article focuses on the technology side, that
statement refers to all three elements of DRM: If one of the three
elements can be broken or avoided, the DRM system is doomed to fail.

Different approaches for implementing DRM have been broken and the
content they guarded leaked onto the Internet. Thus, people had
alternative ways of access to content and could avoid using DRM systems.
Legal threats were no real show-stopper (IFPI 2006).

What makes TC technology especially attractive for implementing DRM is
their ability to enforce usage policies. Once their security conditions
are broken, TC systems stop working. Since their security conditions are
built as a =93chain of trust=94 containing hardware-locked keys and
certificates from trusted third parties, they are hard to tamper with,
at least much harder than software-only systems. Being able to rely on a
trusted system, it is a fairly simple thing to implement a hard-to-break
=93usage rights management=94 as the platform of choice for content owner=

Coming DRM-enabled operating systems, such as Microsoft's Windows Vista=

flavours, are aimed at providing "casual, honest users with guidelines
for using and consuming content based on the usage rights that were
acquired" (Dan Glickman, President of the Motion Picture Association of
America, in BBC 2006). That is necessary, because "[w]ithout the use of
DRMs, honest consumers would have no guidelines and might eventually
come to totally disregard copyright and therefore become a pirate"
(ibid.). To reinforce the guidelines, trusted computing features are
deployed (see the Lenovo example in the introduction), all the more
appealing if components are cheap (see above).

Selling copyright boxes
Rather than modifying their age-old control-based model of making money
from copyrighted works, the content industries pursued DRM as their one
and only salvation from having to suffer "the fate of the buffalo"
(Bronfman 2000, quoted in Fridman 2000).

The idea of using concepts developed for trusted systems as blueprints
for =93usage rights management=94 systems was widely promoted by Stefik. =
argued that "the first key to commerce in digital works is to use
trusted systems" (Stefik 1996a, p.228) =96 and apparently he was quite
persuasive. Turning general-purpose computers, or special-purpose
devices, into "vending machines" thus enabling potential customers "to
order digital works any time of the day and get immediate delivery"
(Stefik 1996a, p.228), sounded like a huge business opportunity.
Transforming computers hitherto under the control of their users (often
being their owners, too) into "copyright boxes" (Stefik 1999, p.55) more
like radios, TV-sets, and CD-players =96 this idea really took off with
content industries seeking to commercialise the internet after the ban
on commercial activities was lifted in the middle of the 1990s.

But a DRM system is almost useless, that is from a content owner's
perspective, until it is deployed broadly. Putting together cheap TC
components with a market-dominating operating system =93enriched=94 with =
functionality is the most economic way to provide the majority of users
with "copyright boxes." Microsoft is doing just that (Microsoft 2006).

Bottom line

TC technology is neither necessary nor sufficient to implement DRM but
it can make implementing DRM easier and cheaper. TC components are tools
=96 neither good nor bad. It's the way the tools are used, the interplay
of "hardware, firmware, and software," that gives them meaning. And
predictably, software will have the biggest part in the play, defining
most of the functionality. People are using trusted systems to do
things. One way to use trusted systems is to build DRM systems. But
there is no way to guarantee success for DRM systems. DRM may well turn
out to be "[m]edia companies' next flop" (CNET 2006) if consumer
expectations are not met. And consumers want to get what, when, where,
and how, they like it, without the hassle of incompatible devices. Just
like in the file sharing networks.


     * Anderson, R.J. (2001): Security engineering: A guide to building
dependable distributed systems. New York: Wiley.

     * Anderson, R.J., Stajano, F., Lee, J. (2001): Security policies.
In: Advances in Computers, Vol. 55, pp 185-235

     * BBC (2006): Digital film: Industry answers. In: BBC
Entertainment, 09 February 2006,

     * Becker, E., Buhse, W., G=FCnnewig, D., and Rump, N., eds. (2003):
Digital rights management: Technological, economic, legal and political
aspects, Lecture Notes in Computer Science, Vol. 2770, Berlin,
Heidelberg, New York: Springer.

     * Biddle, P., England, P., Peinado, M., and Willman, B. (2003): The
darknet and the future of content protection. In: Becker et al. (2003),
pp. 344-365

     * Bishop, M. (2003): Computer security: Art and science. Boston,
MA: Addison-Wesley

     * Bronfman, Jr., E. (2000): Remarks as prepared for delivery by
Edgar Bronfman, Jr. Real Conference 2000, San Jose, CA, May 26, 2000 (a
copy of the text of the speech can be found at

     * CNET 2006: DRM: Media companies' next flop? In: CNET, 30
January 2006,

     * Dornan, A. (2006): Yes, trusted computing is used f or DRM;
Information Week, 17 February 2006,

     * Fridman, S. (2000): Firm thinks it can solve music-pirating
problem. ComputerUser?.com, 31 May 2000,

     * Groklaw (2006): Sony DRM;

     * Helberger, N. (2006): The Sony BMG rootkit scandal; INDICARE
Monitor, Vol.2, Numer 9, January 2006,

     * IFPI (2006): Digital Music Report 2006.

     * Kuhlmann, D. and Gehring, R.A. (2003): Trusted platforms, DRM,
and beyond. In: Becker et al. (2003), pp 178-205

     * Leyden, J. (2006): Homeland security urges DRM rootkit ban; The
Register, 17 February 2006,

     * Marson, Ingrid (2006): Trusted computing comes under attack;
ZDNet UK, 27 January 2006,,39020375,39249368,00.htm

     * Northrup, T. (2006): Windows Vista security and data protection
improvements. Microsoft, 01 June 2005,

     * Pearson, S., Balacheff, B, Chen, L., Plaquin, D., and Proudler,
G. (2003): Trusted computing platforms: TCPA technology in context.
Upper Saddle River, NJ: Prentice Hall.

     * Pakman, D. (2005): Why DRM everything? A sensible approach to
satisfying customers and selling more music in the digital age; Groklaw,
31 December 2005,

     * Rump, N. (2003): Digital rights management: Technological
aspects. In: Becker et al. (2003), pp 3-15

     * Smith, S.W. (2005): Trusted computing platforms: Design and
applications. Berlin, Heidelberg, New York: Springer.

     * Stefik, M., ed. (1996): Internet dreams: Archetypes, myths, and
metaphors. 3rd Printing 2001, Cambridge, MA: The MIT Press.

     * Stefik, M. (1996a): Letting loose the light: Igniting commerce in
electronic publication. In: Stefik (1996), pp 219-253.

     * Stefik, M. (1999): The internet edge: Social, technical, and
legal challenges for a networked world. Cambridge, MA: The MIT Press.

     * Stone-Lee, O. (2006): UK holds microsoft security talks. BBC, 16
February 2006,

     * Trusted Computing Group,

About the author: Robert A. Gehring is a computer scientist specialising
in issues of open source, intellectual property, and information
security. He is an associate researcher with the research group for
Computers & Society at the Technical University of Berlin and editor of
the consumer information website. He is co-editor of the
German open source annual Open Source Jahrbuch and can be contacted via
rag[insert at sign here]

Status: first posted 01/03/06; licensed under Creative Commons; included
in the INDICARE Monitor of February 2006

#  distributed via <nettime>: no commercial use without permission
#  <nettime> is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: and "info nettime-l" in the msg body
#  archive: contact: