[IP] "Digital-rights group knocks 'trusted' PCs"
Digital-rights group knocks 'trusted' PCs
By <mailto:rob.lemos@xxxxxxxx?subject=FEEDBACK:Digital-rights group knocks
'trusted' PCs>Robert Lemos
Staff Writer, CNET News.com
<http://news.com.com//2100-7355_3-5085442.html?tag=prntfr>http://news.com.com/2100-7355-5085442.html
Story last modified October 2, 2003, 5:45 AM PDT
A high-profile digital civil liberties group is criticizing a component of
the "trusted computing" technology promoted by Microsoft, IBM and other
technology companies, calling the feature a threat to computer users.
The paper, which was set to be released late Wednesday by the
<http://www.eff.org/>Electronic Frontier Foundation, analyzes the promised
features of several different trusted computing initiatives. The efforts
aim to develop next-generation hardware and software that can better
protect data from attackers, viruses and digital pirates.
Applauded in the paper are three features of the best-known trusted
computing technology, Microsoft's Next-Generation Secure Computing Base,
that may be positive ways of securing consumers' computers. However, the
EFF criticized
<http://www.microsoft.com/resources/ngscb/four_features.mspx/>a fourth
feature--known as remote attestation--as a threat that could lock people
into certain applications, force unwanted software changes on them and
prevent reverse engineering.
[]
Remote attestation allows other organizations that "own" content on a
person's computer to ascertain whether the data or software has been
modified. Such technology could easily be at odds with a computer owner's
interests, said Seth Schoen, staff technologist for the EFF and the primary
author of the paper.
"We have a technology that doesn't exist today, which computer users are
being asked to adopt," Schoen said. "If the new technology can be used in
many ways that run counter to the interest of the people, then I think
asking them to adopt it doesn't make any sense."
Microsoft, IBM, Intel and other companies have teamed to create hardware
that would secure the world's personal computers and win the trust of
service and digital-content providers. Microsoft initially proposed a
software-hardware system, called
<http://news.com.com//2100-1001-982127.html?tag=nl>Palladium, that would
enhance security, while IBM and Intel formed a group called the Trusted
Computing Platform Alliance to work on a hardware system.
The companies have formed a new group, the Trusted Computing Group, to work
on a single hardware design that will be supported by a number of software
programs, including
<http://news.com.com//2100-1009-1000142.html?tag=nl>Microsoft's
controversial security prototype.
Many critics of the proposal
<http://news.com.com//2009-1001-964628.html?tag=nl>have warned that such
systems will wrest computer control from consumers and place it in the
hands of software companies and digital-content owners.
The EFF proposes amending the trusted computing initiative to include a
feature called "owner override," which would allow computer owners, whether
individuals or companies, to essentially lie to an organization that
attempts to ascertain the integrity of their content.
Refusing to provide the information required by remote attestation won't
work, Schoen said, because such a refusal is still giving something away.
"In criminal cases, you can take the Fifth Amendment," he said. "While the
jury is not supposed to infer anything from that, the general public
certainly infers that the person is guilty or has something to hide."
Only the ability to lie to remote software or a content owner will allow
the PC user's rights to be protected, Schoen said.
A representative from Microsoft, which has spearheaded much of the
development behind trusted computing, wasn't immediately available to
comment on the paper or the proposed feature.
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/