The Economics of Trusted Computing

radiographerfictionΔιαχείριση Δεδομένων

31 Οκτ 2013 (πριν από 3 χρόνια και 9 μήνες)

74 εμφανίσεις

The Economics of

Trusted Computing

Ross Anderson

Cambridge University and FIPR

Outline of Talk


Economics of networks


Economics of information security


Why information security seemed to be
awful


What may be changing


Issues for business


Public policy issues


Basic Economics

Demand Curve
D(p)

Price p

Quantity

Supply Curve
S(p)

p*

Cost Curves

Price p

Quantity

Price p

Quantity

“General Motors”

“”Microsoft”

Price Competition


If the marginal cost is zero, why doesn’t
price competition drive the price down to
nothing?


Example: CD Phone books


1986 Nynex $10,000 per disk


1990 Digital Directory Assistance $300/disk


Now $19.95 or free on the Web


“Information wants to be free” (FSF)


Monopoly


IPR: Copyright, patent


Lock
-
in


Buying a product often commits you to
buying more


Services


Complementary products


Examples:


MS vs Mac (or now Linux)


Phone companies
-

switchgear


Fundamental theorem of network
economics: Net Present Value of your
customer base = total cost of switching

Lock
-
in 2


Example:


Suppose you are an ISP, and it costs £25 to set up a
new customer; suppose it costs a customer £50 in
hassle to switch


If the NPV of a customer is £100, offer them £60 cash
back to switch; they are £10 ahead, you are £40
-
£25=£15 ahead.


Asymmetric switching costs make things
more complex


e.g. switching from cable to satellite is expensive, as
it means supplying a set
-
top box


However, the incumbent can bribe cheaply, for
example by supplying free channels

Lock
-
in 3


Incumbent tries to maximise switching
cost; competitor to minimise it


Loyalty programs


Hassle: e.g. email address change


Promote complementary goods and services, and
find ways to lock customers into them


Accessory control mechanisms that lock
customers into complements


Sony game cartridges


Printer toner cartridges


Phone batteries


Network Externalities


The more users, the valuable the network
is to each user


Examples: Telephone late 19
th

Century



Fax 1985
-
8



Email 1995
-
9


“Metcalfe’s Law”: The value of a network
is proportional to the square of the
number of users


An approximation, as the value to each
user is non
-
linear, but good heuristic

Network Effects

Utility

Users

Almost
nobody uses
it

Almost
everybody
uses it who
ever will

Virtual Networks


Example: PC and Software


Virtuous circle:


People buy PCs because lots of software available


Developers write software because lots of customers


Many other examples


Credit cards and merchants


VCR/DVD standards and media content


`Winner takes all’


Network effects and security



“Combination of high fixed costs/low
marginal costs, high switching costs and
network externalities, leads to a
dominant firm model”


One sentence summary of information economics


Huge first
-
mover advantages


Hence Microsoft’s traditional philosophy
of `We ship it Tuesday and get it right by
version 3’

Network effects and security
(continued)


While building and entrenching a
monopoly, you need to create a
bandwagon effect with makers of
complementary products


Hence philosophy of making security easy
for developers to ignore or bypass


Hence also attraction of technologies like
PKI that dump maintenance costs,
complexity, configuration effort on user


Economics and security
(more)


Controlling the API is valuable


remember value = switching costs. So
keep API proprietary, obscure and
extensible (i.e., buggy)


Remember the `market for lemons’


when
customers can’t tell the difference, bad
products will drive out good ones


Expect lots of scaremongering


most of
the people who talk about security talk
up the threats

Security for whom?


Security tends to benefit the principal
who pays for it


Example


GSM security, designed by the
phone companies, enabled them to cut
phone cloning but at expense of mobiles
bought with stolen credit cards or stolen
in street robberies


Costs of fraud shifted from phone
companies to banks and customers


Phone companies keep half the loot

TCPA / Palladium


Intel project started 1996 to build crypto
in main processor for DRM


After P3 serial number row, TCPA set up
with MS, IBM, Compaq, HP


Bill: `we started with music, then realised
that email etc was much more interesting’


Subsidiary goals: fix the software theft
problem, deal with free software, and
satisfy NSA/FBI


Economic logic: control compatibility

Original TCPA design


`Fritz’ chip secures boot process, ensures
a valid operating system, checks
hardware control list


Approved operating system them checks
that applications are approved (and paid
for)


Applications enforce policies such as
DRM under control of policy servers


No `break once run anywhere’ attacks
(stolen/illegal content can be blacklisted)

`Nirvana’


Sell/rent music/videos/software online


Ensure that company emails evaporate
after 30 days, and are not printable


Hunt down and kill pirated movies and
leaked emails


Prevent people exporting files to
unauthorised applications (e.g., your
competitors’ applications)


Various details need attention, e.g. can a
secretary who downloads a pirate movie
cause your data center to crash?


Policy issues


Will the Fishman affidavit go on the
Office 2004 blacklist? If so, will this cost
us the Gutenberg inheritance?


Will the government of China allow TCPA
/ Palladium into the country?


What about the GPL


if you need a
machine
-
specific cert to run TCPA/Linux,
does it matter if the software itself is
free?


Will lockdown of data by incumbent
application vendors freeze out innovation
and harm small firms?

A big question for business


How will application data lockdown
affect the business environment?


In the past, software vendors locked in
customers using breakable mechanisms
such as proprietary file formats


If future mechanisms are unbreakable
(due to combination of Palladium and
EUCD ), what happens to prices?


If switching costs double, so should
prices!

Summary


why Bill didn’t
care about security


In winner
-
takes
-
all markets, security gets
in the way


especially when building a
monopoly by appealing to complementers


So make it easy to circumvent (let all apps
run as administrator)


Use mechanisms that dump support costs
on the end users


End users can’t identify good security
products anyway so won’t pay for them


Security as built by application vendors
will often screw the end users anyway

And now … why Bill may be
changing his mind


Switching costs are critical to a platform
owner


company value should be NPV of
future customer revenue = total switching
costs


Crypto and tamper resistance can really
lock down the application interfaces
(experience of Sony, Motorola, … )


Security is an escape hatch in anti
-
trust
(see US DoJ decree)


laws like DMCA,
EUCD help the monopolist


`Hollywood made us do it’

Political effects


During the 1990s, Hollywood pushed for
tighter controls on the Internet


So did police, spooks


Computer industry plus liberties groups
pushed back


Realignment destroys the equilibrium


we find Microsoft too pushing for greater
criminalization of copyright offences


Where will the new equilibrium lie, and
what will the side
-
effects be?

`Trusted Platform’?

Be very glad that your PC is insecure


it
means that after you buy it, you can break
into it and install whatever software you
want. What YOU want, not what Sony or
Warner or AOL wants.



-

John Gilmore

Implications for EU (1)


Clash between anti
-
circumvention rule in
EUCD and competition policy


Monopoly granted to copyright extends to
trade, e.g. via accessory control


Remedies may vary widely according to
national law


More specific tension with software
directive


Situation will need close monitoring,
review with EUCD in 2004

Implications for EU (2)


TCPA / Palladium poses existential threat
to EU smartcard industry


Microsoft view: `If a technology’s useful, it
eventually finds its way into the platform’


Fritz chip, trusted apps will take over
many of the functions targeted by card
vendors


Main card industry players have recently
joined TCPA
-

as a defensive move


Control still vested in four founders

Implications for EU (3)


Main threat to personal privacy is now
the drive for monopolies and oligopolies
to charge differentiated prices


TCPA / Palladium facilitates the creation
of monopolies in information goods and
services markets


TCPA claim that privacy is protected by
pseudonym mechanism is specious on
both technical and business grounds


Will create privacy
-
unfriendly infosphere
under largely US jurisdiction

Implications for EU (4)


TCPA undermines the General Public
Licence (GPL)


If free / open source software can be made
into property, the incentive to work on it
is cut


GNU/Linux is an essential part of the
information ecology, especially for the
public sector; Apache is important


Implications not just for software costs
but for education

Implications for EU (5)


DRM applications will introduce
document revocation functions


Idea: `pirate’ content can be blacklisted
everywhere


Side
-
effect: so can documents like the
Fishman affidavit (contraband in the
USA, legal in the Netherlands)


Whose law will prevail?


And what about the ability to revoke
machines, software packages … ?

Implications for EU (6)


TCPA / Palladium will increase market
entry costs, so it will favour incumbents
over market entrants


It will tend to favour big firms over small
and hinder employment growth


It will accelerate the process whereby the
IT sector becomes a `normal’ industry


But in the process it will favour US firms
over European ones, locking in the US
lead and setting the scene for US firms to
leverage this into other sectors

Summary


TCPA / Palladium appears to promise a
revolution in security


But: security for whom?


Very wide range of policy issues raised!


More: see the Economics and Security
Resource Page and the TCPA / Palladium
FAQ


http://www.ross
-
anderson.com