Electronic Frontier Foundation Media Advisory For Immediate Release: Thursday, October 2, 2003 Contact: Seth Schoen Staff Technologist Electronic Frontier Foundation seth@private +1 415 436-9333 x107 Who Controls Your Computer? Electronic Frontier Foundation Reports on Trusted Computing San Francisco - The Electronic Frontier Foundation (EFF) yesterday published a landmark report on trusted computing, a technology designed to improve security through hardware changes to the personal computer. The report, entitled "Trusted Computing: Promise and Risk," maintains that computer owners themselves, rather than the companies that provide software and data for use on the computer, should retain control over the security measures installed on their computers. Any other approach, says the report's author Seth Schoen, carries the risk of anticompetitive behavior by which software providers may enforce "security measures" that prevent interoperability when using a competitor's software. The report explains that: "Our most fundamental concern is that trusted computing systems are being deliberately designed to support threat models in which the owner of a 'trusted' computer is considered a threat. These models are the exception rather than the rule in the history of computer and communications security, and they are not part of the rationales for trusted computing publicly offered by its proponents." The report addresses technologies such as an operating system project by Microsoft called Next-Generation Secure Computing Base (NGSCB, previously known as Palladium) and a hardware specification project run by the Trusted Computing Group consortium (TCG, previously known as the Trusted Computing Platform Alliance, TCPA). The report addresses a variety of problems with current trusted computing proposals and concludes: "[T]reating computer owners as adversaries is not progress in computer security. The interoperability, competition, owner control, and similar problems inherent in the TCG and NCSCB approach are serious enough that we recommend against adoption of these trusted computing technologies until these problems have been addressed. Fortunately, we believe these problems are not insurmountable, and we look forward to working with the industry to resolve them." For this advisory: http://www.eff.org/Infra/trusted_computing/20031002_eff_pr.php EFF Trusted Computing report: http://www.eff.org/Infra/trusted_computing/20031001_tc.php Trusted Computing talk on October 8, 2003, by EFF Staff Technologist Seth Schoen: http://www.sdforum.org/p/calEvent.asp?CID=1182 About EFF: The Electronic Frontier Foundation is the leading civil liberties organization working to protect rights in the digital world. Founded in 1990, EFF actively encourages and challenges industry and government to support free expression and privacy online. EFF is a member-supported organization and maintains one of the most linked-to websites in the world at http://www.eff.org/ -end- _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/)
This archive was generated by hypermail 2b30 : Thu Oct 02 2003 - 14:44:50 PDT