San Francisco - The Electronic Frontier Foundation (EFF) yesterday published a landmark report on trusted computing, a technology designed to improve security through hardware changes to the personal computer.
The report, entitled "Trusted Computing: Promise and Risk," maintains that computer owners themselves, rather than the companies that provide software and data for use on the computer, should retain control over the security measures installed on their computers. Any other approach, says the report's author Seth Schoen, carries the risk of anticompetitive behavior by which software providers may enforce "security measures" that prevent interoperability when using a competitor's software.
The report explains that:
"Our most fundamental concern is that trusted computing systems are being deliberately designed to support threat models in which the owner of a 'trusted' computer is considered a threat. These models are the exception rather than the rule in the history of computer and communications security, and they are not part of the rationales for trusted computing publicly offered by its proponents."
The report addresses technologies such as an operating system project by Microsoft called Next-Generation Secure Computing Base (NGSCB, previously known as Palladium) and a hardware specification project run by the Trusted Computing Group consortium (TCG, previously known as the Trusted Computing Platform Alliance, TCPA).
The report addresses a variety of problems with current trusted computing proposals and concludes:
"[T]reating computer owners as adversaries is not progress in computer security. The interoperability, competition, owner control, and similar problems inherent in the TCG and NCSCB approach are serious enough that we recommend against adoption of these trusted computing technologies until these problems have been addressed. Fortunately, we believe these problems are not insurmountable, and we look forward to working with the industry to resolve them."
Seth Schoen
Staff Technologist
Electronic Frontier Foundation
seth@eff.org
The Electronic Frontier Foundation is the leading civil liberties organization working to protect rights in the digital world. Founded in 1990, EFF actively encourages and challenges industry and government to support free expression and privacy online. EFF is a member-supported organization and maintains one of the most linked-to websites in the world at http://www.eff.org/
