Re: Confinement (even with TPMs) and DRM are not mutually exclusive

[Jonathan S. Shapiro]

On Wed, 2006-06-07 at 14:10 +0200, Marcus Brinkmann wrote:
> At Wed, 07 Jun 2006 01:43:03 -0400,
> "Jonathan S. Shapiro" <address@hidden> wrote:
> > The problem here is liability and lawsuits: if something goes wrong,
> > there is no evidence to decide later whether the program was executing
> > legitimately or not. Neither the developer nor the user is adequately
> > assured that a robust determination of whether liability might exist
> > under contract is possible.
> 
> Liability is a legal subject matter, not a technical.  In this case,
> it is not the developer who needs the attest that the developers
> software has been run, but the user.

Correct. What the developer wants to be able to do is eliminate
*possibility* that their software was improperly executed. It eliminates
a very large nuisance factor.

> Thus, I think you got the
> benefits backwards.  The developer can only be hurt by an attestation,
> because it potentially increases the developers liability.

This is untrue. In the absence of attestation, liability will be based
on what a jury *believes*. The jury will almost always act in favor of
an injured plaintiff.

> However, if TC technology
> were to be used, a user should desparately try not to have the
> developer receive the attestation, but a third agent whose interests
> side with the user.

But an even better approach -- and the one that I am arguing for -- is
that the software simply shouldn't run at all in an improper
environment. This doesn't require disclosing anything to the developer.

shap