The new world seems to be the Trusted Computing Group which has presumably taken over where TCPA left off. I will collect my TCG notes among other NGCSB notes.
Here is their slide show on Privacy. I learn here some background on the project and that Carl Ellison has something to do with this.
I find their 300 page Main Specification obscure. It scarcely mentions the very difficult problem of DMA and other bus masters such as PC cards and PCI devices. What if the opponent has installed a CPU card such as this?
I think that they would say that the current spec is intended to be platform neutral and that such hardware issues are dependent on the platform technology. Sun boxes, Intel's Itanium reference platform, and other 64 bit systems have an IOMMU which lets the privileged code control which real RAM most (all other?) bus masters can access.
The main thrust of the spec seems to be to establish meanings of messages sent between systems about trustworthyness of other systems. It also spells out how crypto is used to protect these messages.
There is no principle discussion of Privacy CA. The closest note is on page 278, section 9.3. It seems to be a mutually trusted agent (trusted by computer owner & content owner), in the real world that attests to those who care, (think content owners), that some particular platform is bound to a TPM with a known public key. Messages signed by that key may thereby attest to the secure state of that platform which should thereby be allowed to access some content. This would seem to put the Privacy CA in a payment loop.