First things first. No, trusted computing (TC) is not the same as digital rights management (DRM). DRM technology has been built, and will be built in the future, entirely without relying on TC support. And yes, DRM can be based on TC technology, as Chinese PC maker Lenovo has just demonstrated (cf. Dornan 2006).

According to Information Week, Lenovo’s latest ThinkPad model uses a fingerprint sensor in combination with a trusted platform module chip (TPM) and software support from Microsoft and Adobe for controlling access to, and distribution of, PDF documents (Dornan 2006). Lenovo’s DRM approach ties biometrics, content (i.e., documents), and TPM support, in order to enforce usage rights and monitor actual use of the content. Accessing a "controlled" PDF document first requires authentication through fingerprint identification; without authentication, access is denied. The creator of the document is the one who determines who subsequently may access the PDF. The Lenovo system is also prepared to track acts of accessing and reading the document, and reporting this information. Whether the TPM plays a key role in the scenario is unclear as of now.

Depending on your standpoint, Lenovo’s innovation may be "particularly frightening" (Dornan 2006) or a good thing. And that exemplifies the crux of trusted computing in general: What is good use or evil use depends on purpose and positioning. In itself, trusted computing is merely a tool, as recently pointed out by Linux kernel developer Alan Cox: "There's a lot of political debate, that it's really evil or good. But it's only a tool" (Marson 2006). Those who use this tool with intention will decide on its meaning.

Although TC technology has primarily been propagated for security improvement of networked end systems, multiple observers were quick to point out that some of its basic features were similar to mechanisms that allow supporting DRM. In some extreme cases, TC has literally been equated with DRM; this is, as a thinly veiled attempt to introduce ubiquitous control mechanisms on formerly open PC architectures.

As a tool for making the behaviour of computer systems more predictable, by enforcing rules on users and processes (i.e., mandatory access control), trusted computing creates ample opportunity for ruling out undesirable effects of software — and software users. At the same time it empowers parties controlling access to the rule-making process to forcing users to comply with their private interests, and to cut out competitors, when attempting to access, and use, system resources. Whether any such attempt will be successful in the long run is contingent on economical and political factors as well.

As the latest Sony-BMG debacle with the XCP and MediaMax copy protection software has shown, misjudgements of consumer expectations can easily lead to costly backlashes, and even to legal and legislative action (Helberger 2006; Leyden 2006; and see the documentation at Groklaw 2006). Hence, the price of using digital rights management be it based on trusted computing technology or not may be higher than the price of foregoing access control in the first place. And as David Pakman, CEO of, emphasised, the logic of DRM is not necessarily good business logic, too: "If it were possible to demonstrate that non-DRM'ed music encourages more sales, wouldn't it make sense for the industry to offer portions of its catalog as unrestricted MP3 files? It seems like bad business to bind every category of customer and every category of product with the same sales offering" (Pakman 2005).

While TC technology may be helpful in "hardening" DRM systems, it is in no way helpful for selling music beyond demand. And if systems are almost impossible to crack, and that it is what TC promises to do, governments are highly concerned (Stone-Lee 2006). And from a content-owners point of view, trusted systems built on TC technology, in fact may well turn out as a nightmare. A network of trusted systems could be used to establish a technically impenetrable file sharing community, a TC-protected darknet (for darknets see Biddle et al. 2003).

So when discussing the relationship between DRM and trusted computing, one has to keep in mind that not everything that is technologically feasible is economically viable or politically acceptable at the same time.

This article discusses in short the relationship between DRM and trusted computing, and what makes TC technology useful for implementing DRM. For practical reasons, it is not possible here to delve into details of TC technology. Instead, the interested reader is referred to (Pearson et al. 2003; Smith 2005).

"Trusted computing is DRM": Dispelling a myth
Learning some facts about the history of trusted computing and DRM might be helpful in distinguishing the relative merits of either concept.

Historically, trusted computing has its roots in the concept of trusted systems (Kuhlmann and Gehring 2003). Trusted systems are neither new nor invented by the Trusted Computing Group (TCG), the body behind the most important TC architecture. Actually, research on trusted systems dates back to the 1960s. Efforts were driven by government and military needs for effective protection of information in the cold war era. Two research approaches proved particularly influential:

  • The reference monitor (RM) concept introduced in 1973 by James Anderson (Anderson 2001, p.140); and
  • The Bell—LaPadula (BLP) model as introduced in the same year by D. Elliott Bell and Leonard J. LaPadula (Anderson, Stajano and Lee 2001, p.189).

While Anderson’s reference monitor has been conceived as a proposal for governmental establishments, BLP was developed for a military environment with well-defined security requirements.

BLP was primarily designed to deal with restricting the information flow between formally distinguished security levels and compartments. The RM concept, on the other hand, models a system architecture suitable to enforce arbitrary access control policies. It can be regarded as a container to be filled with a rule set of choice. As such it is pretty generic and flexible "an abstract machine that mediates all accesses to objects by subjects" (Bishop 2003, p.502).

Once filled with an access control policy, i.e. specific rules for access control, a reference monitor will enforce that policy. A validated, tamper-resistant implementation of a RM forms the policy-core of a trusted system, its so called trusted computing base (TCB), and "consists of all protection mechanisms within a computer system including hardware, firmware, and software that are responsible for enforcing a security policy" (Bishop 2003, p.502).

Note the interplay of "hardware, firmware, and software" making the trusted system work. One important but often overlooked property of the trusted system concept is its policy-neutrality; it was not designed as a DRM concept (see below). In practice, however, concrete trusted systems will enforce specific policies. It depends on all three factors — "hardware, firmware, and software" — which access control rules will be enforced. In other words, hardware vendor, firmware vendor, and those who provide and configure the system’s software stock, will set the rules. Conceptually, trusted systems are as able to enforce DRM policies as they are to enforce "mandatory open-access" (think of a system that refuses to create files with access control attributes).

TCG (former TCPA) and trusted systems
Founded in 1999 by Compaq, HP, IBM, Intel, and Microsoft, the Trusted Platform Computing Alliance (TCPA) was relaunched in 2003 as the Trusted Computing Group (TCG). As of January 2006, the TCG had more than 120 members.

The TCG’s mission is to "develop and promote open, vendor-neutral, industry standard specifications for trusted computing building blocks and software interfaces across multiple platforms" (Trusted Computing Group 2006). It does not provide hardware or operating system software.

TCG specifications exist so far for:

  • Infrastructure Specifications
  • PC Client Specifications
  • Trusted Platform Module (TPM) Specifications
  • Trusted Network Connect (TNC) Specifications
  • TPM Software Stack (TSS) Specifications
  • Server Specific Specifications

The one outstanding advantage the industry-wide approach of the Trusted Computing Group has to offer for building trusted systems is that it standardises components. TC enables mass-production of hardware components and reuse of software components, thus making it comparatively cheap to build trusted systems.

From trusted systems to DRM
Digital rights management (DRM) is a relatively new development going back to the 1990s. Mark Stefik, researcher at Xerox’s Palo Alto Research Center, promoted the idea of "usage rights management" (Stefik 1996a, p.221) — a term much more appropriate to describe what DRM does — for digitally distributing intellectual property. He located the root of the problem of selling content in the architecture of modern personal computer systems: "Fortunately, computers need not be blind instruments of copyright infringement. Properly designed digital systems can be more powerful and flexible instruments of trade in publications than any other medium. The seeming conflict between digital publishing and commerce is merely a consequence of the way computer systems have been designed to date." To overcome this "design flaw," he suggested using "techniques for commerce in what we call digital property rights or usage rights…several kinds of rights besides copying" (Stefik 1996a, p.221). That comes close to what DRM systems do today.

What is a DRM system?
Although, there is no single one definition for what constitutes a DRM system, the modern conception regards three elements as crucial (Rump 2003):

  • Technology;
  • Law; and
  • Business Model.

The business model is this: keeping supply of certain binary data short and charging for metered access to this artificially "scarce resource". Technology is applied to protect this business model for marketing binary data by controlling access to, and usage of, while legal protection for technological measures discourages circumventing technological barriers to otherwise free access to data. Due to very liberal laws, there is no need for the data to represent "works of authorship" under copyright protection, and it is not hard to find an old movie, the copyright of which has expired, to be nevertheless distributed on DVD with CSS copy-protection.

The only perfect DRM system is one that can neither be broken nor avoided. And while this article focuses on the technology side, that statement refers to all three elements of DRM: If one of the three elements can be broken or avoided, the DRM system is doomed to fail.

Different approaches for implementing DRM have been broken and the content they guarded leaked onto the Internet. Thus, people had alternative ways of access to content and could avoid using DRM systems. Legal threats were no real show-stopper (IFPI 2006).

What makes TC technology especially attractive for implementing DRM is their ability to enforce usage policies. Once their security conditions are broken, TC systems stop working. Since their security conditions are built as a "chain of trust" containing hardware-locked keys and certificates from trusted third parties, they are hard to tamper with, at least much harder than software-only systems. Being able to rely on a trusted system, it is a fairly simple thing to implement a hard-to-break "usage rights management" as the platform of choice for content owners.

Coming DRM-enabled operating systems, such as Microsoft’s Windows Vista flavours, are aimed at providing "casual, honest users with guidelines for using and consuming content based on the usage rights that were acquired" (Dan Glickman, President of the Motion Picture Association of America, in BBC 2006). That is necessary, because "[w]ithout the use of DRMs, honest consumers would have no guidelines and might eventually come to totally disregard copyright and therefore become a pirate" (ibid.). To reinforce the guidelines, trusted computing features are deployed (see the Lenovo example in the introduction), all the more appealing if components are cheap (see above).

Selling copyright boxes
Rather than modifying their age-old control-based model of making money from copyrighted works, the content industries pursued DRM as their one and only salvation from having to suffer "the fate of the buffalo" (Bronfman 2000, quoted in Fridman 2000).

The idea of using concepts developed for trusted systems as blueprints for "usage rights management" systems was widely promoted by Stefik. He argued that "the first key to commerce in digital works is to use trusted systems" (Stefik 1996a, p.228) — and apparently he was quite persuasive. Turning general-purpose computers, or special-purpose devices, into "vending machines" thus enabling potential customers "to order digital works any time of the day and get immediate delivery" (Stefik 1996a, p.228), sounded like a huge business opportunity. Transforming computers hitherto under the control of their users (often being their owners, too) into "copyright boxes" (Stefik 1999, p.55) more like radios, TV-sets, and CD-players — this idea really took off with content industries seeking to commercialise the internet after the ban on commercial activities was lifted in the middle of the 1990s.

But a DRM system is almost useless, that is from a content owner’s perspective, until it is deployed broadly. Putting together cheap TC components with a market-dominating operating system "enriched" with DRM functionality is the most economic way to provide the majority of users with "copyright boxes." Microsoft is doing just that (Microsoft 2006).

Bottom line
TC technology is neither necessary nor sufficient to implement DRM but it can make implementing DRM easier and cheaper. TC components are tools — neither good nor bad. It’s the way the tools are used, the interplay of "hardware, firmware, and software," that gives them meaning. And predictably, software will have the biggest part in the play, defining most of the functionality. People are using trusted systems to do things. One way to use trusted systems is to build DRM systems. But there is no way to guarantee success for DRM systems. DRM may well turn out to be "[m]edia companies' next flop" (CNET 2006) if consumer expectations are not met. And consumers want to get what, when, where, and how, they like it, without the hassle of incompatible devices. Just like in the file sharing networks.


About the author: Robert A. Gehring is a computer scientist specialising in issues of open source, intellectual property, and information security. He is an associate researcher with the research group for Computers & Society at the Technical University of Berlin and editor of the consumer information website. He is co-editor of the German open source annual Open Source Jahrbuch and can be contacted via rag[insert at sign here]

Status: first posted 01/03/06; licensed under Creative Commons; included in the INDICARE Monitor of February 2006