The TPM is only accessible through the channel/tunnel established by the user. Since that channel is always on when the TPM is in use, it can’t be broken or the TPM connection breaks altogether. I use my TPM the entire time I’m on my machine, so I would know immediately.
The only thing I’ll grant you is if the user is unaware of the TPM on their machine and/or isn’t using it. But even then, the TPM isn’t an interface module with the rest of the system. There would have to be some sort of program on the system regularly running to tunnel the info on the user’s activities to the authorities.
As a system engineer, designer, and general tinkerer, it boggles my mind that people wouldn’t root and reformat their machines out of box, but then, I guess that goes to your point.
I’m a bit of a tyro here, so please forgive any genuinely stupid things I say here, but...
Would it be possible to write a subroutine that connects to the channel/tunnel during start up or shutdown, reads the TPM to a hidden file, then disconnects from the tunnel and frees it up for ordinary unimpeded use?
The user then uses the system as per normal.
The TPM mirror in the hidden file can later be accessed at the snooper’s leisure.