Trusted computing
Treacherous Computing (TC) or Trusted Computing (TC)
Who should your computer take its orders from? Most people think their computers should obey them, not obey someone else. TC allows large content producers (including the movie companies and record companies), together with computer companies such as Microsoft and Intel, to make your computer obey them instead of you.
Executive Summary
- What is TC?
TC is designed to prevent the user of the computer from modifying the software running on his computer, also to allow the software to securely communicate with its programmers and with other software running on the computer. TC is about having the final say about who is in charge of your computer; under TC it is no longer you.
- Why do the producers of TC want it?
Some content producers want TC so that they can make it harder for crackers to beat their DRM. Microsoft wishes to use TC to require users to have licensed software. Some people want to be able to restrict a document or CD or DVD so that it only runs on one designated computer.
- Why would any one buy a TC?
Ordinary Users are most likely to obtain a TC when they need to buy a new computer, as it would just be a 'feature', built in on all new computers. Another possibility is that some future Operating System version, such as Windows, would require TC before it would run. To enable users to keep running their favourite OS, they would buy the new hardware that was needed. The same can be said for applications, such as Word.
Governments and organisations that deal with confidential documents may want TC, assuming they can produce and configure it themselves. If they had to buy it from some one else it would reduce their security to lower than it currently is. This is because it would be possible to lock documents so they only worked on one machine or one a small group of machines, this would greatly reduce the chances of document accidentally leaking to non-secure locations.
Background
Currently, with most computers people are running, the user has the ability to modify or change the software running on their computer.
The reason why this is a problem for some software and content producers is that this freedom to modify software or modify the way that software runs on a computer makes most DRM systems trivial to break. Ultimately, you can simply run a extra layer of software between the operating system and the DRM software that tells the DRM software what it wants to hear.
TC does not provide any security for the user of PC, instead it provides security for the software producer and the content producer. It restricts what the PC can and can not do and can reduce the use of the computer.
Proposed Benefits - Criticism
The requirement that any compiled program be signed by a trusted authority before it can run it would make viruses a thing of the past.
- Not true. Many viruses are script based and may not be covered. In addition, security holes can arise even in software written by fully trusted entities (such as: yourself, your IT department), such bugs arise not from lapses in trust but lapses in the competence of the programmer and his test team.
Problems and Concerns
When a group of nominal competitors get together to control an industry, they're accused of acting as a trust. Because such arrangements are often illegal, they're usually kept secret and informal.
Not in the computer industry. Every major hardware and software company has embraced TC, a technology that involves placing special security hardware inside every PC. Opponents say it's designed to prevent competition, hinder interoperability, and perhaps give vendors permanent control over every PC they ship-even after it's been bought and paid for.
TC has serious issues of lock-in and interoperability, it will allow software creators to lock their data to the applications and make it more difficult to create interoperable alternatives, thus promoting lock-in. Sealed storage that allows data to be encrypted such that only one particular application can decrypt it, and potentially makes it impossible to switch to a different software package, or access the data in an interoperable way.
The technology puts too much power and control into the hands of those who design systems and software.
Users lose their anonymity.
When ever some one pushing TC uses the word "security" you need to realise that they do not mean protecting the machine from harm (the normal meaning of that word in computing), they mean protecting your data on your machine from access by you in ways others do not want.
Forced upgrades, and forced downgrades.
With out TC the user of a PC gets to choose when he upgrades, because of this some users deliberately do not upgrade straight away, because they want to see if the first adopters have any serious problems with the new software. With TC the producers of the software can choose to upgrade the software without your consent; it is also possible for them to downgrade your software without your consent.
Won't you techy guys just work a way around TC?
- Please Please don't force us into a situation where we have to do that - democracy is supposed to prevent rebellions not pass the buck for it to techies!
- Under the EU Copyright Directive that may well be illegal. Do consult a lawyer.
- It would be hard, if someone was willing to spend some money and some time they could do it eventually.
Economic harm
TC will favour large companies over small ones
Links
Organisations
Documents
- Frequently Asked Questions
- Trusted Computing: A Matter of Trust
- TC at wikipedia
- Can you trust your computer?
- EFF on TC
- ZDNet on TC
- Trusted Computing an animated short by Benjamin Stephan and Lutz Vogel
- Cryptography and Competition Policy - Issues with `Trusted Computing' by Ross Anderson - The most significant strategic development in information technology over the past year has been `trusted computing'. This is popularly associated with Microsoft's `Palladium' project, recently renamed `NGSCB'. In this paper, I give an outline of the technical aspects of `trusted computing' and sketch some of the public policy consequences.
Press
- 2006-11-24 - Slashdot - Trusted Or Treacherous Computing?
- Summary: For a hint about the possible end-game of Microsoft's Trusted Computing Initiative, check out the patent application published Thanksgiving Day for Trusted License Removal, in which Microsoft describes how to revoke rights to render based on 'who the user is, where the user is located, what type of computing device or other playback device the user is using, what rendering application is calling the copy protection system, the date, the time, etc.' So much for Microsoft's you-should-have-control assurances.
- 2006-11-17 - The Register - Trusted Computing readies anti-malware specs
- Author: Bryan Betts
- Summary: The Trusted Computing Group (TCG) is to release its software infrastructure specifications next week. The specs will help technology such as NAC (network access control) determine if a device should be allowed network access or not.
- 2006-11-02 - Boing Boing - Apple drops Trusted Computing
- Author: Cory Doctorow
- Summary: This is the core of the Trusted Computing initiative, a chip that can, depending on implementation, be used to lock you out of reading your own data on "unauthorized" applications, to allow network service providers to discriminate against users of alternative software (e.g., "You're using Firefox -- go get Explorer and come back") and enforce DRM -- but also allow you to better secure your own data (you can do the latter without enabling the former, too).
- 2006-09-05 - ZDNet Australia - NZ draws line on DRM and trusted computing
- Author: Rob O'Neill
- Summary: New Zealand’s lead state-sector authority has drawn a line in the sand to ensure government information security is not compromised by new "trusted computing" and digital rights management (DRM) technologies.
- 2006-09-03 - The Register - Trusted computing a shield against worst attacks?
- Author: Robert Lemos
- Summary: Trusted computing proponents may have found their best argument yet for incorporating specialised security hardware into every computer system. A report published this week by computer firmware developer Phoenix Technologies concluded that the risks posed by the most damaging digital attacks could be eliminated if companies adopted technology to identify users' computers on the network.