Seagate: The Hard Drive, Reconsidered
The Beat of a Different DRM
Authentication by way of cryptographic certificates has been a feasibility since the early 1990s, and an actively explored concept for at least a decade prior. It could have enjoyed widespread implementation today, but due to what has generally been explained as a lack of public interest, it doesn't.
There has consistently been a high degree of skepticism among some of the most intelligent and most well-placed individuals in the IT community -- people you'd trust to cry "Fire!" only when there's a fire -- over how authentication would be implemented, and which organizations should be "trusted" with that responsibility.
Last year, I interviewed security expert and Counterpane CTO Bruce Schneier about Trusted Computing for another publication. He has a long-standing distrust of the TCG concept, not because of what he concedes are its noble objectives, but because of the parties that stand to benefit from certain little side benefits, such as "greater opportunities" for "permanent storage areas that are restricted to particular host applications."
While you may be thinking of Microsoft, people like Schneier are hearing instead the sound of a much more familiar fanfare.
"In their zeal to stamp out piracy," Schneier told me last year, "the media companies might actually stamp out computing. They don't want you to have computers; they want you to have Internet entertainment platforms. To the extent that you have a fully programmable computer, that's a danger, because you could do things that are unauthorized by whoever wants to start giving out authorization."
Seagate's Michael Willett has a completely different take. "If I elect that I want [content] that I'm not going to get otherwise, I'm not going to get it free unless I steal something," he told us. "If a content provider like a studio is willing to provide me, under some DRM scheme, content that I can view as a privilege...then they deserve to have certain protections against theft. So it's a tradeoff. But all the way through, the user has end control over that function. I can't crack the system. I didn't steal something...but if I don't want it to run on my system, I can delete it."
Nothing in the Trusted Computing platform lends itself to any particular digital rights management scheme. It would be foolish for TCG if it did, Dr. Willett told us, because it has documented at least 49 major schemes currently in active use, and there's no guarantee that any one of them will be the one that survives the shakeout.
But DriveTrust was designed to give DRM providers "building blocks" they would need to implement more trustworthy rights management schemes. One potential payoff from this, the benefits of which are indisputably worth considering, is that such building blocks could effectively relocate some of the most critical features of DRM away from the less trusted clutches of the operating system.
Another possibility, which Seagate is actively exploring, Dr. Willett told us, is the enablement of a more open DRM platform that could be leveraged not just by institutions and movie studios but by individuals. Under such a system, for example, independently made videos uploaded to sharing services such as YouTube could be encoded with DRM provisions -- perhaps under an open-source model -- that would protect their independent creators from being exploited by other services, or from having their work be distributed in any way other than what they intended.
Under such a system, independent artists could bypass movie studios altogether, Dr. Willett suggested, making their material available for sale through an active, independent, open market made feasible by the very technology that raises Bruce Schneier's red flags.
"What a lot of people reject is the business model of the future," Dr. Willett stated to BetaNews. "Right now, the music studios are lamenting the fact that the artists aren't getting their fair due, that people are stealing songs and there's revenues being lost, and the artists are getting the shaft. But the model of the future is the artist as content provider, the artist as publisher. There are a lot of amateurs now that are putting out movies free. With a little bit of DRM, content protection and a little charge-back system on top of that, the artist can become a publisher, because the distribution vehicle is so easy...That's the model that we'll largely move to."
To make this system feasible, Dr. Willett suggested, DriveTrust-enabled storage devices would need to include features where DRM providers -- along with security software providers, and producers of other classes of applications (I can think of one right now) -- literally lease parcels of real estate inside the protected memory of hard drives, the term of which is perpetual even after the drives are purchased.
"We have divided that memory into what are called secure partitions," Dr. Willett explained, "so it's like a couple of hundred security partitions, sitting across that hidden memory space. If an application on a laptop wants to use the security functions on the drive, the application is assigned one of those security partitions. Through that security partition, using Trusted Send/Receive and the credentials and the secrets that the application is given, it gets all that security function: crypto, storing of credentials, all that stuff that's on the drive. And then you can have multiple applications hooking into different security partitions."
It is here where the cryptography scheme transforms into a business model. Rather than consumers paying for premium features, those features instead literally become subsidized by the companies that would utilize them. As a result -- moreover, as incentive -- those features become ubiquitous.
One example of this business model in current practice concerns enterprise-level key management applications, which DriveTrust-enabled drives use today. "The full-drive encryption works for you right out of the box," Dr. Willett told us, "but if you want enterprise-level key management, which all the enterprises do, you buy this piece of software...and [it] pays us a few pennies every time somebody activates that application.
"The beauty of this is," Dr. Willett continued, "a year after I sell you that drive, those [used] ex-keys are laying there dormant, unused on the drive. And along comes an application that has an arrangement with Seagate, and has already licensed one of those secure partitions. When the end user buys that application, it invokes that added key under the covers, and the applications guy pays us a few pennies. So with this model, we've got an annuity built into the hard drive, because those security partitions can be activated by an application for years after the drive has been sold."
Dr. Willett compared this business model to that of the modern cell phone, where premium services to which users subscribe for less-than-break-even prices, are partly subsidized by service providers. His suggestion: If Trusted Computing is explored to its full extent, it could drive consumer and business costs for computer systems down.
"Seagate is pledged to put DriveTrust on every drive in our family in the future," he pronounced, "so you're going to see it everywhere, we hope. I'm just rooting for the day when we have it ubiquitous."
By "ubiquitous," he means far beyond the boundaries of Seagate alone: "In the face-to-face storage meetings that we're having hot-and-heavy every week...we have every major hard drive manufacturer [who] has sent their best and brightest design engineers to the standard. We just bought Maxtor, [and] we have Western Digital, Fujitsu, Hitachi, Samsung, and we have two or three flash drive storage people, and then we've got the tape drive people...Microsoft's on the board with us, as is AMD and Intel. They all are promoting strategically this idea that you put in hardware, ultimately, the sensitive functionalities, and then you call into it for sensitive computation. And then you have the rest of the operating system do its thing."
"There's always a need for an operating system, but I think you're going to see more of the sensitive functions moved to hardware," Seagate's Willett concluded. "That's what we trust: We trust hardware."
It could be a dramatically different personal computer environment over the next five years, than we're accustomed to today. Software services and content providers, conceivably, could partly subsidize the distribution of computers, whose growth rate as an industry has been acknowledged to be slowing down, and whose business model could very well be overdue for an upgrade.
While the success of this concept is uncertain, what we do know is that it will be attempted, on a major scale. It could uproot the very underpinnings of the computer security industry, as the definition of "virus" will change as certification and signing become more prevalent, and authentication of all processes and streams more commonplace.
What would prevent such a system from coming into full fruition is distrust - not of the individuals responsible for malware, but of the institutions interested in leasing space in the new scheme, some with the intention of combating that malware. It's almost impossible not to imagine DriveTrust doling out secure partitions like property titles in a game of Monopoly. It's the negative connotations that DRM carries with it, the track record of privacy violation and integrity compromises, that prevents people from accepting it as the potential foundation for a legitimate business model.
It is the perfect irony: The potential for widespread exploitation could dissuade people from adopting a system that could effectively correct and make right what has already proven to be the most easily and broadly exploited technology in human history. The questions we must ask ourselves, if we are serious about our role as information professionals, are these: First, are we willing to make the tradeoff? And next, if the answer is no, are we prepared to comfort ourselves with the consequences of our choice for the remainder of our careers?