8. Growth and Exit routes

Download Report

Transcript 8. Growth and Exit routes

The Economics of
Trusted Computing
Ross Anderson
Cambridge University and FIPR
Outline of Talk






Economics of networks
Economics of information security
Why information security seemed to be
awful
What may be changing
Issues for business
Public policy issues
Basic Economics
Price p
Demand Curve
D(p)
Supply Curve
S(p)
p*
Quantity
Cost Curves
Price p
Price p
Quantity
“General Motors”
Quantity
“”Microsoft”
Price Competition

If the marginal cost is zero, why doesn’t
price competition drive the price down to
nothing?
– Example: CD Phone books
• 1986 Nynex $10,000 per disk
• 1990 Digital Directory Assistance $300/disk
• Now $19.95 or free on the Web


“Information wants to be free” (FSF)
Monopoly
– IPR: Copyright, patent
Lock-in

Buying a product often commits you to
buying more
– Services
– Complementary products

Examples:
– MS vs Mac (or now Linux)
– Phone companies - switchgear

Fundamental theorem of network
economics: Net Present Value of your
customer base = total cost of switching
Lock-in 2

Example:
– Suppose you are an ISP, and it costs £25 to set up a
new customer; suppose it costs a customer £50 in
hassle to switch
– If the NPV of a customer is £100, offer them £60 cash
back to switch; they are £10 ahead, you are £40£25=£15 ahead.

Asymmetric switching costs make things
more complex
– e.g. switching from cable to satellite is expensive, as
it means supplying a set-top box
– However, the incumbent can bribe cheaply, for
example by supplying free channels
Lock-in 3

Incumbent tries to maximise switching
cost; competitor to minimise it
– Loyalty programs
– Hassle: e.g. email address change
– Promote complementary goods and services, and
find ways to lock customers into them

Accessory control mechanisms that lock
customers into complements
– Sony game cartridges
– Printer toner cartridges
– Phone batteries
Network Externalities

The more users, the valuable the network
is to each user
– Examples: Telephone late 19th Century
–
Fax 1985-8
–
Email 1995-9


“Metcalfe’s Law”: The value of a network
is proportional to the square of the
number of users
An approximation, as the value to each
user is non-linear, but good heuristic
Network Effects
Utility
Users
Almost
nobody uses
it
Almost
everybody
uses it who
ever will
Virtual Networks

Example: PC and Software
– Virtuous circle:
– People buy PCs because lots of software available
– Developers write software because lots of customers

Many other examples
– Credit cards and merchants
– VCR/DVD standards and media content

`Winner takes all’
Network effects and security

“Combination of high fixed costs/low
marginal costs, high switching costs and
network externalities, leads to a
dominant firm model”
– One sentence summary of information economics


Huge first-mover advantages
Hence Microsoft’s traditional philosophy
of `We ship it Tuesday and get it right by
version 3’
Network effects and security
(continued)



While building and entrenching a
monopoly, you need to create a
bandwagon effect with makers of
complementary products
Hence philosophy of making security easy
for developers to ignore or bypass
Hence also attraction of technologies like
PKI that dump maintenance costs,
complexity, configuration effort on user
Economics and security
(more)



Controlling the API is valuable –
remember value = switching costs. So
keep API proprietary, obscure and
extensible (i.e., buggy)
Remember the `market for lemons’ – when
customers can’t tell the difference, bad
products will drive out good ones
Expect lots of scaremongering – most of
the people who talk about security talk
up the threats
Security for whom?




Security tends to benefit the principal
who pays for it
Example – GSM security, designed by the
phone companies, enabled them to cut
phone cloning but at expense of mobiles
bought with stolen credit cards or stolen
in street robberies
Costs of fraud shifted from phone
companies to banks and customers
Phone companies keep half the loot
TCPA / Palladium





Intel project started 1996 to build crypto
in main processor for DRM
After P3 serial number row, TCPA set up
with MS, IBM, Compaq, HP
Bill: `we started with music, then realised
that email etc was much more interesting’
Subsidiary goals: fix the software theft
problem, deal with free software, and
satisfy NSA/FBI
Economic logic: control compatibility
Original TCPA design




`Fritz’ chip secures boot process, ensures
a valid operating system, checks
hardware control list
Approved operating system them checks
that applications are approved (and paid
for)
Applications enforce policies such as
DRM under control of policy servers
No `break once run anywhere’ attacks
(stolen/illegal content can be blacklisted)
`Nirvana’





Sell/rent music/videos/software online
Ensure that company emails evaporate
after 30 days, and are not printable
Hunt down and kill pirated movies and
leaked emails
Prevent people exporting files to
unauthorised applications (e.g., your
competitors’ applications)
Various details need attention, e.g. can a
secretary who downloads a pirate movie
cause your data center to crash?
Policy issues




Will the Fishman affidavit go on the
Office 2004 blacklist? If so, will this cost
us the Gutenberg inheritance?
Will the government of China allow TCPA
/ Palladium into the country?
What about the GPL – if you need a
machine-specific cert to run TCPA/Linux,
does it matter if the software itself is
free?
Will lockdown of data by incumbent
application vendors freeze out innovation
and harm small firms?
A big question for business




How will application data lockdown
affect the business environment?
In the past, software vendors locked in
customers using breakable mechanisms
such as proprietary file formats
If future mechanisms are unbreakable
(due to combination of Palladium and
EUCD ), what happens to prices?
If switching costs double, so should
prices!
Summary – why Bill didn’t
care about security





In winner-takes-all markets, security gets
in the way – especially when building a
monopoly by appealing to complementers
So make it easy to circumvent (let all apps
run as administrator)
Use mechanisms that dump support costs
on the end users
End users can’t identify good security
products anyway so won’t pay for them
Security as built by application vendors
will often screw the end users anyway
And now … why Bill may be
changing his mind




Switching costs are critical to a platform
owner – company value should be NPV of
future customer revenue = total switching
costs
Crypto and tamper resistance can really
lock down the application interfaces
(experience of Sony, Motorola, … )
Security is an escape hatch in anti-trust
(see US DoJ decree) – laws like DMCA,
EUCD help the monopolist
`Hollywood made us do it’
Political effects





During the 1990s, Hollywood pushed for
tighter controls on the Internet
So did police, spooks
Computer industry plus liberties groups
pushed back
Realignment destroys the equilibrium –
we find Microsoft too pushing for greater
criminalization of copyright offences
Where will the new equilibrium lie, and
what will the side-effects be?
`Trusted Platform’?
Be very glad that your PC is insecure – it
means that after you buy it, you can break
into it and install whatever software you
want. What YOU want, not what Sony or
Warner or AOL wants.
- John Gilmore
Implications for EU (1)





Clash between anti-circumvention rule in
EUCD and competition policy
Monopoly granted to copyright extends to
trade, e.g. via accessory control
Remedies may vary widely according to
national law
More specific tension with software
directive
Situation will need close monitoring,
review with EUCD in 2004
Implications for EU (2)





TCPA / Palladium poses existential threat
to EU smartcard industry
Microsoft view: `If a technology’s useful, it
eventually finds its way into the platform’
Fritz chip, trusted apps will take over
many of the functions targeted by card
vendors
Main card industry players have recently
joined TCPA - as a defensive move
Control still vested in four founders
Implications for EU (3)




Main threat to personal privacy is now
the drive for monopolies and oligopolies
to charge differentiated prices
TCPA / Palladium facilitates the creation
of monopolies in information goods and
services markets
TCPA claim that privacy is protected by
pseudonym mechanism is specious on
both technical and business grounds
Will create privacy-unfriendly infosphere
under largely US jurisdiction
Implications for EU (4)




TCPA undermines the General Public
Licence (GPL)
If free / open source software can be made
into property, the incentive to work on it
is cut
GNU/Linux is an essential part of the
information ecology, especially for the
public sector; Apache is important
Implications not just for software costs
but for education
Implications for EU (5)





DRM applications will introduce
document revocation functions
Idea: `pirate’ content can be blacklisted
everywhere
Side-effect: so can documents like the
Fishman affidavit (contraband in the
USA, legal in the Netherlands)
Whose law will prevail?
And what about the ability to revoke
machines, software packages … ?
Implications for EU (6)




TCPA / Palladium will increase market
entry costs, so it will favour incumbents
over market entrants
It will tend to favour big firms over small
and hinder employment growth
It will accelerate the process whereby the
IT sector becomes a `normal’ industry
But in the process it will favour US firms
over European ones, locking in the US
lead and setting the scene for US firms to
leverage this into other sectors
Summary




TCPA / Palladium appears to promise a
revolution in security
But: security for whom?
Very wide range of policy issues raised!
More: see the Economics and Security
Resource Page and the TCPA / Palladium
FAQ
http://www.ross-anderson.com