OK, hands up, who at work has MP3's....
Stash those headphones and trash that file-swapping software: Companies are cracking down on employees who use streaming media and swap MP3s at work.
Companies increasingly are blocking access to Internet music and video at firewalls and are issuing sweeping initiatives that ban workplace media usage. The trend is a result of two developments: media usage hogging enormous amounts of corporate bandwidth and threats of legal liability from the RIAA as the entertainment industry aggressively pursues copyright scofflaws.
In the past few months, one major corporation (Integrated Information Systems [ISS]) agreed to settle a case brought by the RIAA for $1 million, because it found that the Arizona company allegedly let employees trade MP3 files over an internal network. Oops....
Typically, the RIAA receives tips about alleged illegal file swapping through its anonymous tip line. It then threatens legal action and asks companies to stop. So far, the tactics may be working.
News source: CNet News
Stash those headphones and trash that file-swapping software: Companies are cracking down on employees who use streaming media and swap MP3s at work.
Companies increasingly are blocking access to Internet music and video at firewalls and are issuing sweeping initiatives that ban workplace media usage. The trend is a result of two developments: media usage hogging enormous amounts of corporate bandwidth and threats of legal liability from the RIAA as the entertainment industry aggressively pursues copyright scofflaws.
In the past few months, one major corporation (Integrated Information Systems [ISS]) agreed to settle a case brought by the RIAA for $1 million, because it found that the Arizona company allegedly let employees trade MP3 files over an internal network. Oops....
Typically, the RIAA receives tips about alleged illegal file swapping through its anonymous tip line. It then threatens legal action and asks companies to stop. So far, the tactics may be working.
News source: CNet News
Anderson refers to the chip as the "Fritz" chip, after senator Fritz Hollings who has been "working tirelessly" to make TCPA compulsory. On boot, Fritz "checks that the boot ROM is as expected, executes it, measures the state of the machine; then checks the first part of the operating system, loads and executes it, checks the state of the machine; and so on. The trust boundary, of hardware and software considered to be known and verified, is steadily expanded. A table is maintained of the hardware (audio card, video card etc) and the software (O/S, drivers, etc); if there are significant changes, the machine must be re- certified. The result is a PC booted into a known state with an approved combination of hardware and software. Control is then handed over to enforcement software in the operating system - this is presumably Palladium if your operating system in Windows."
Note the similarities here to what Xbox is doing already.
"Once the machine is in this state, Fritz can certify it to third parties: for example, he will do an authentication protocol with Disney to prove that his machine is a suitable recipient of 'Snow White'. The Disney server then sends encrypted data, with a key that Fritz will use to unseal it. Fritz makes the key available only so long as the environment remains 'trustworthy'. For this purpose, 'trustworthy' means that the media player application won't make any unauthorised copies of content."
That's an example of the sort of procedure you'd encounter when the system is applied to the entertainment business. However, TCPA-enabled applications will likely have their security policies administered by remote servers, and this has other implications. What you're allowed to read could be censored for reasons other than copyright, so for example the scientologists might "convince a court that a certain document should be banned [and] get an order against a policy server." So to what extent could unpalatable and leaked documents be banned or disappeared?
It will be possible to turn TCPA off, but if it achieves critical mass then this will mean you don't have access to TCPA-enabled applications, which may isolate you a tad. "If the applications that use TCPA / Palladium are more attractive to the majority of people, you may end up simply having to use them - just as many people have to use Microsoft Word because all their friends and colleagues send them documents in Microsoft Word."
Anderson elaborates this, based on how this control has been used in the past:
"TCPA appears designed to maximise the effect, and thus the economic power, of such plays. Given Microsoft's record of competitive strategic plays, I expect that Palladium will support them. So if you control a TCPA-enabled application, then your policy server can enforce your choice of rules about which other applications will be allowed to use the files your code creates. These files can be protected using strong cryptography, with keys controlled by the Fritz chips on everybody's machines. What this means is that a successful TCPA-enabled application will be worth much more money to the software company that controls it, as they can rent out access to their interfaces for whatever the market will bear. So there will be huge pressures on software developers to enable their applications for TCPA; and if Palladium is the first operating system to support TCPA, this will give it a competitive advantage over GNU/Linux and MacOS with the developer community."
The most significant beneficiaries, he argues, will not be the content industries, but the incumbents in the IT business. "I expect the most significant economic effect will be to strengthen the position of incumbents in information goods and services markets at the expense of new entrants. This may mean a rise in the market cap of firms like Intel, Microsoft and IBM - but at the expense of innovation and growth generally. The majority of the innovations that spur economic growth are not anticipated by the manufacturers of the platforms on which they are based; and technological change in the IT goods and services markets is usually cumulative. Giving incumbents new ways to make life harder for people trying to develop novel uses for their products will create all sorts of traps and perverse incentives."
TCPA could also, as argued here the other day, undermine the GPL. Modified code would still be covered under the GPL, but " it will not make full use of the TCPA features unless you have it signed, and have a certificate that enables you to use the TCPA Public Key Infrastructure (PKI). That is what will cost you money (if not at first, then eventually).
"Even if a philanthropist does a not-for-profit secure linux, the resulting product would not really be a GPL version of a TCPA operating system, but a proprietary operating system that the philanthropist could give away free. (There are still issues about who would pay for use of the PKI that hands out user certs.)"
"People believed that the GPL made it impossible for a company to come along and steal code that was the result of community effort. That may have been the case so long as the processor was open, and anyone could access supervisor mode. But TCPA changes that. Once the majority of PCs on the market are TCPA-enabled, the GPL won't work as intended."
He concludes: "TCPA and Palladium do not so much provide security for the user, but for the PC vendor, the software supplier, and the content industry. They do not add value for the user. Rather, they destroy it, by constraining what you can do with your PC - in order to enable application and service vendors to extract more money from you."
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.