One way to think about trusted computing
I was talking to several people about my claim (which Felten linked to) that trusted computing systems don't diminish your computer's usefulness as a "general purpose computer". I said that a Palladium machine or a TCPA machine or whatever is definitely still in every sense a general-purpose programmable computer. (In fact, it's usually still a general-purpose computer even when it's running in a trusted mode -- although the argument is made even easier by the fact that these systems all are supposed to allow you to use the computer in a traditional mode with the trust features disabled.)
If you want to focus on DRM applications built on trusted computing, and see the technology as a conspiracy against users, I have an analogy which shows how you still keep general-purpose computing. This analogy makes a lot of sense to me, and maybe it will make a lot of sense to you. The analogy is partly metaphorical because it's not a technical description of the implementation of a trusted computing system; it's just a description of one outcome which is attainable.
Right now, you might have several different electronic devices at home; maybe one of them is a computer and another is a stereo, or a DVD player, or a VCR (preferably one which was manufactured some years ago and does not conform to the requirements of 17 USC 1201(k)). Each of these devices is shipped in its own separate box.
But, in the future, instead of having just "a computer" in one box and "a proprietary media player" in another box (like a DVD CCA-licensed DVD Video player, or DiscoVision), you can imagine that you get a computer as one component and a proprietary media player as a second component. These components are then bundled together in one box. You could implement this in such a way that the two components are entirely unaware of one another, but we'll assume instead that the components know of one another's existence. They can communicate via some kind of open standard interface, which we could imagine is PCI or FireWire. (That's not how this is actually implemented, but this is a metaphor, remember?)
In that case, when you want to use computer features, you just flip a switch or type a command or otherwise perform some action on some user interface so that you're talking to the "computer" component. And you can tell the "computer" component what you want it to do, and it will do it for you, just the way it does now. When you want to use some proprietary media, you flip the switch or perform the action so that you're talking to the "proprietary media player" component. Now you can ask it to play proprietary media, and it will do that, but you can't ask it to do certain other things for you, because that component isn't the computer component, and it doesn't understand how to do those things, or it isn't willing to do them. You can also use the two components together in certain ways. For example, you could use the computer component to download encrypted documents over the Internet. The computer component doesn't understand how to read these documents, because it doesn't have the decryption key, but you can ask the computer component to send these documents over to the proprietary media player, which may possibly have the appropriate decryption key and may be able to decrypt and display the contents of those documents, subject to various arbitrary and irritating restrictions.
The proprietary media player can thus make use of the computer to get certain (untrusted) network and communications services, and possibly certain (untrusted) storage services, and possibly certain user interface services, and so on. But the computer component in general doesn't trust the proprietary player component, and the proprietary player component in general doesn't trust the computer component. They are separate in design and separate in functionality, and neither one can see inside of the other and neither one can control the operations of the other. They can communicate only over a precisely-defined communications interface which doesn't put either device in control of the other device.
If you want, you can choose never to use the proprietary player, and only use the computer component. The computer component will continue to function normally as though the proprietary player weren't there at all; of course, it will continue to play non-proprietary media. If you get a copy of a suitable decryption key, or you run suitable decryption software, you can even use the computer component to decrypt and play proprietary, encrypted media. The proprietary player can't stop this -- it can't even tell that you're doing this, because it can't look inside the computer. And there's a corresponding limitation: the computer can't look inside the proprietary player to try to extract keys or to try to extract decrypted information. If you want to try to break an encryption system, using the computer component, you will be on your own; the proprietary player won't give you any additional information you didn't already have.
The point of this metaphor is that it's possible to have general-purpose computing functionality, which is under your control, packaged in the same box with some additional functionality which is not general-purpose and which is not under your control. And if you do this, you might get something which it is possible to see both as a benefit and as a disadvantage. The most obvious disadvantage is that, if the combination became widespread, publishers might eschew open standard formats which the computer component could read, in favor of proprietary formats which only the proprietary player component could read. (They wouldn't be able to get away with that if nobody had the proprietary player component in the first place!) This outcome would tend to give you less flexibility, power, and control, and diminish the benefits which you would otherwise have achieved with general-purpose computing. But you would still have general-purpose computing capability and the ability to write and run competing software.
As I argued a few days ago, you still have Turing-completeness (but for that little detail about needing an infinite amount of RAM) -- you can build a Turing machine and you can paint it blue, and it's still a Turing machine, or you can build a Turing machine and put it in a box with some other kind of machine, and it's still a Turing machine. Maybe the other kind of machine is something you find very distasteful, and maybe the other machine will be used for something you consider quite nefarious, but the Turing machine is still a Turing machine.
