The Economics of Trusted Computing

radiographerfictionΔιαχείριση Δεδομένων

31 Οκτ 2013 (πριν από 3 χρόνια και 9 μήνες)

74 εμφανίσεις

The Economics of

Trusted Computing

Ross Anderson

Cambridge University and FIPR

Outline of Talk

Economics of networks

Economics of information security

Why information security seemed to be

What may be changing

Issues for business

Public policy issues

Basic Economics

Demand Curve

Price p


Supply Curve


Cost Curves

Price p


Price p


“General Motors”


Price Competition

If the marginal cost is zero, why doesn’t
price competition drive the price down to

Example: CD Phone books

1986 Nynex $10,000 per disk

1990 Digital Directory Assistance $300/disk

Now $19.95 or free on the Web

“Information wants to be free” (FSF)


IPR: Copyright, patent


Buying a product often commits you to
buying more


Complementary products


MS vs Mac (or now Linux)

Phone companies


Fundamental theorem of network
economics: Net Present Value of your
customer base = total cost of switching

in 2


Suppose you are an ISP, and it costs £25 to set up a
new customer; suppose it costs a customer £50 in
hassle to switch

If the NPV of a customer is £100, offer them £60 cash
back to switch; they are £10 ahead, you are £40
£25=£15 ahead.

Asymmetric switching costs make things
more complex

e.g. switching from cable to satellite is expensive, as
it means supplying a set
top box

However, the incumbent can bribe cheaply, for
example by supplying free channels

in 3

Incumbent tries to maximise switching
cost; competitor to minimise it

Loyalty programs

Hassle: e.g. email address change

Promote complementary goods and services, and
find ways to lock customers into them

Accessory control mechanisms that lock
customers into complements

Sony game cartridges

Printer toner cartridges

Phone batteries

Network Externalities

The more users, the valuable the network
is to each user

Examples: Telephone late 19


Fax 1985

Email 1995

“Metcalfe’s Law”: The value of a network
is proportional to the square of the
number of users

An approximation, as the value to each
user is non
linear, but good heuristic

Network Effects



nobody uses

uses it who
ever will

Virtual Networks

Example: PC and Software

Virtuous circle:

People buy PCs because lots of software available

Developers write software because lots of customers

Many other examples

Credit cards and merchants

VCR/DVD standards and media content

`Winner takes all’

Network effects and security

“Combination of high fixed costs/low
marginal costs, high switching costs and
network externalities, leads to a
dominant firm model”

One sentence summary of information economics

Huge first
mover advantages

Hence Microsoft’s traditional philosophy
of `We ship it Tuesday and get it right by
version 3’

Network effects and security

While building and entrenching a
monopoly, you need to create a
bandwagon effect with makers of
complementary products

Hence philosophy of making security easy
for developers to ignore or bypass

Hence also attraction of technologies like
PKI that dump maintenance costs,
complexity, configuration effort on user

Economics and security

Controlling the API is valuable

remember value = switching costs. So
keep API proprietary, obscure and
extensible (i.e., buggy)

Remember the `market for lemons’

customers can’t tell the difference, bad
products will drive out good ones

Expect lots of scaremongering

most of
the people who talk about security talk
up the threats

Security for whom?

Security tends to benefit the principal
who pays for it


GSM security, designed by the
phone companies, enabled them to cut
phone cloning but at expense of mobiles
bought with stolen credit cards or stolen
in street robberies

Costs of fraud shifted from phone
companies to banks and customers

Phone companies keep half the loot

TCPA / Palladium

Intel project started 1996 to build crypto
in main processor for DRM

After P3 serial number row, TCPA set up
with MS, IBM, Compaq, HP

Bill: `we started with music, then realised
that email etc was much more interesting’

Subsidiary goals: fix the software theft
problem, deal with free software, and
satisfy NSA/FBI

Economic logic: control compatibility

Original TCPA design

`Fritz’ chip secures boot process, ensures
a valid operating system, checks
hardware control list

Approved operating system them checks
that applications are approved (and paid

Applications enforce policies such as
DRM under control of policy servers

No `break once run anywhere’ attacks
(stolen/illegal content can be blacklisted)


Sell/rent music/videos/software online

Ensure that company emails evaporate
after 30 days, and are not printable

Hunt down and kill pirated movies and
leaked emails

Prevent people exporting files to
unauthorised applications (e.g., your
competitors’ applications)

Various details need attention, e.g. can a
secretary who downloads a pirate movie
cause your data center to crash?

Policy issues

Will the Fishman affidavit go on the
Office 2004 blacklist? If so, will this cost
us the Gutenberg inheritance?

Will the government of China allow TCPA
/ Palladium into the country?

What about the GPL

if you need a
specific cert to run TCPA/Linux,
does it matter if the software itself is

Will lockdown of data by incumbent
application vendors freeze out innovation
and harm small firms?

A big question for business

How will application data lockdown
affect the business environment?

In the past, software vendors locked in
customers using breakable mechanisms
such as proprietary file formats

If future mechanisms are unbreakable
(due to combination of Palladium and
EUCD ), what happens to prices?

If switching costs double, so should


why Bill didn’t
care about security

In winner
all markets, security gets
in the way

especially when building a
monopoly by appealing to complementers

So make it easy to circumvent (let all apps
run as administrator)

Use mechanisms that dump support costs
on the end users

End users can’t identify good security
products anyway so won’t pay for them

Security as built by application vendors
will often screw the end users anyway

And now … why Bill may be
changing his mind

Switching costs are critical to a platform

company value should be NPV of
future customer revenue = total switching

Crypto and tamper resistance can really
lock down the application interfaces
(experience of Sony, Motorola, … )

Security is an escape hatch in anti
(see US DoJ decree)

laws like DMCA,
EUCD help the monopolist

`Hollywood made us do it’

Political effects

During the 1990s, Hollywood pushed for
tighter controls on the Internet

So did police, spooks

Computer industry plus liberties groups
pushed back

Realignment destroys the equilibrium

we find Microsoft too pushing for greater
criminalization of copyright offences

Where will the new equilibrium lie, and
what will the side
effects be?

`Trusted Platform’?

Be very glad that your PC is insecure

means that after you buy it, you can break
into it and install whatever software you
want. What YOU want, not what Sony or
Warner or AOL wants.


John Gilmore

Implications for EU (1)

Clash between anti
circumvention rule in
EUCD and competition policy

Monopoly granted to copyright extends to
trade, e.g. via accessory control

Remedies may vary widely according to
national law

More specific tension with software

Situation will need close monitoring,
review with EUCD in 2004

Implications for EU (2)

TCPA / Palladium poses existential threat
to EU smartcard industry

Microsoft view: `If a technology’s useful, it
eventually finds its way into the platform’

Fritz chip, trusted apps will take over
many of the functions targeted by card

Main card industry players have recently
joined TCPA

as a defensive move

Control still vested in four founders

Implications for EU (3)

Main threat to personal privacy is now
the drive for monopolies and oligopolies
to charge differentiated prices

TCPA / Palladium facilitates the creation
of monopolies in information goods and
services markets

TCPA claim that privacy is protected by
pseudonym mechanism is specious on
both technical and business grounds

Will create privacy
unfriendly infosphere
under largely US jurisdiction

Implications for EU (4)

TCPA undermines the General Public
Licence (GPL)

If free / open source software can be made
into property, the incentive to work on it
is cut

GNU/Linux is an essential part of the
information ecology, especially for the
public sector; Apache is important

Implications not just for software costs
but for education

Implications for EU (5)

DRM applications will introduce
document revocation functions

Idea: `pirate’ content can be blacklisted

effect: so can documents like the
Fishman affidavit (contraband in the
USA, legal in the Netherlands)

Whose law will prevail?

And what about the ability to revoke
machines, software packages … ?

Implications for EU (6)

TCPA / Palladium will increase market
entry costs, so it will favour incumbents
over market entrants

It will tend to favour big firms over small
and hinder employment growth

It will accelerate the process whereby the
IT sector becomes a `normal’ industry

But in the process it will favour US firms
over European ones, locking in the US
lead and setting the scene for US firms to
leverage this into other sectors


TCPA / Palladium appears to promise a
revolution in security

But: security for whom?

Very wide range of policy issues raised!

More: see the Economics and Security
Resource Page and the TCPA / Palladium