[IP] Critics wary oftrusted computing

[Dave Farber <dave@farber.net>]

[ I am not sure this helps all that much but there is a more balanced view
than some of the stuff written. There is still much to much emotion and much
too little facts . Djf]


MSNBC
Critics wary of'trusted computing'
Computer firms promise better security, but at what price?
ASSOCIATED PRESS

SAN JOSE, Calif., Nov. 5  To thwart hackers and foster online commerce, the
next generation of computers will almost certainly cede some control to
software firms, Hollywood and other outsiders. That could break a
long-standing tenet of computing: that PC owners ultimately control data on
their own machines.
       MICROSOFT CALLS ITS technology "Palladium." Intel dubs it
"LaGrande." An industry group that includes these companies, IBM,
Hewlett-Packard and 170 others terms it "trusted computing."
        (MSNBC is a Microsoft - NBC joint venture.)
        Though the initiatives have technical differences, they share the
goal of hardwiring security into silicon and related software  a leap
beyond today's less-secure mechanisms, which are coded into programs to
protect data.
        "This is a fundamentally new approach as opposed to taking a
software-only, Band-Aid approach," said Narendar Sahgal, a software
planning manager at Intel.
        The efforts would help protect movies and other digital content
from piracy and even personal copying, and critics see few benefits for
consumers.
        "I don't think the kind of trustworthiness they seek to deliver is
at all desirable," said Ross Anderson, a security researcher at Cambridge
University. "It's not security for me. It's security for them."

PLATFORMS, NOT POLICIES
        The companies and content providers behind the initiative claim
that by protecting data from external attacks and unlawful trading they'll
be able to unlock the potential of computing itself.
        The key is creating a realm in computing where each bit of
communication  an e-mail, an online purchase, a check of a database, the
reading of a document  can be achieved only by interacting with secured,
uniquely identified hardware through "trusted agents."
        Each agent would enforce policies set by senders, recipients,
copyright holders or a combination that would decide how the content can be
used.
        In this realm, Hollywood could safely release its works. The health
care and financial industries could communicate with clients without fear
of leaks. And ordinary users could rest assured that critical information
won't be stolen or wrecked by the virus du jour or hackers.
        "There are certain transactions and certain businesses where you
need to understand and trust the device you're talking to," said Scott
Dinsdale, executive vice president of digital strategy for the Motion
Picture Association of America.
        Developers of the new technology say they're just building trusted
platforms, not setting any policies for using them.
        All emphasize that specific tasks  such as managing digital
rights  can be built on top of their technologies but are not part of the
initiatives.
        Peter Biddle, Microsoft's product manager for Palladium, said it
would not empower copyright holders to reach into consumers' computers and
make "untrusted" documents  such as music files  disappear.
        In fact, he said, users could use Palladium to protect content from
scans and hacks by copyright holders, who have lately employed intrusive
methods in a bid to curb piracy.

VIRTUAL VAULTS
        Computers with the new capabilities are not expected for several
years, but critics say the details released so far do not bode well for
open computing.
        Trustworthiness would be achieved by giving users two choices:
trusted and untrusted. On a computer running in untrusted mode, information
would be shared just as it has been for the past 20 years. It's also still
vulnerable to attack.
        The trusted realm, however, would be immune from such attack. Data
and memory would be contained in a virtual vault. Keys would be held by a
chip that lets in only trusted software.
       Content creators could write and enforce rules that determine
whether a file could, for instance, be distributed or printed. They could
prohibit untrusted machines from accessing a trusted document.
        Palladium, LaGrande and others are being designed to enforce
existing rules and ones devised in the future.
        Scott Charney, Microsoft's chief security strategist, said users
and providers will set the rules  just as they do today. The difference, he
said, is that the new technologies will create a secure environment for
enforcing those rules.
        Critics fear, however, that it will be the end user who might end
up being trusted the least in the brave new world of trusted computing.
        Creators of trusted programs could resort to draconian tactics to
ensure their policies are enforced, Anderson said.
        Programs found to be illegally copied could be rendered useless
remotely. Sensitive e-mail, which might be useful in investigations, could
vanish. And e-books could be subjected to virtual book burnings.
        Industry pioneer David P. Reed, formerly the chief scientist at
Lotus Development Corp., called the initiatives "booby traps."
        "I'm personally angry and disgusted that ... companies that grew up
because of the personal computer revolution, which empowered users, are now
acting to harm the users," Reed said.

OPTING OUT
        Supporters, however, argue that the new architecture will create
more opportunities than it limits, as more and more consumers and content
providers try things they now avoid because of insecurity.
        Biddle said laws and regulations that now protect sensitive
documents from shredding also should bar the destruction of e-mail or other
computer-generated material.
        Moreover, users will continue to have control, because they can
always choose not run the security features, Charney and other
trusted-computing supporters say.
       But those who refuse risk limiting choices, just as people who
refuse to buy the Windows operating system are closed out of a computing
world dominated by Microsoft, Anderson said.
        Seth Schoen, staff technologist at the Electronic Frontier
Foundation, said incompatibility is the biggest threat posted by the
trusted-computing initiatives.
        "I don't think anyone can absolutely compel you to do anything in
particular," he said. "What they can do is create an incompatibility or
refuse to deal with you unless you meet a particular condition."
        Charney promised that Microsoft will not misuse the technology.
        "Listen to what we say and watch what we do. Actions speak louder
than words," Charney said. "And then if we're saying 'X' but doing 'Y,' not
only will we lose trust but our brand is hurt and we lose market share."

        © 2002 Associated Press. All rights reserved. This material may not
be published, broadcast
**********************************

Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 510
2120 L Street, NW
Washington, D.C. 20037
202-478-6124
lillie.coney@acm.org


------ End of Forwarded Message

_______________________________________________
Drm-class mailing list
Drm-class@boiling.fluid.cs.cmu.edu
http://boiling.fluid.cs.cmu.edu/mailman/listinfo/drm-class


------ End of Forwarded Message

-------------------------------------
To unsubscribe or update your address, click
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/