[Politech] EFF publishes report on trusted computing: "Promise and Risk"

From: Declan McCullagh (declan@private)
Date: Thu Oct 02 2003 - 14:24:23 PDT

  • Next message: Declan McCullagh: "[Politech] Electronic Frontiers Australia on problems with anti-spam laws [sp]"

    Electronic Frontier Foundation Media Advisory
    For Immediate Release: Thursday, October 2, 2003
    Seth Schoen
       Staff Technologist
       Electronic Frontier Foundation
       +1 415 436-9333 x107
    Who Controls Your Computer?
    Electronic Frontier Foundation Reports on Trusted Computing
    San Francisco - The Electronic Frontier Foundation (EFF)
    yesterday published a landmark report on trusted computing,
    a technology designed to improve security through hardware
    changes to the personal computer.
    The report, entitled "Trusted Computing: Promise and Risk,"
    maintains that computer owners themselves, rather than the
    companies that provide software and data for use on the
    computer, should retain control over the security measures
    installed on their computers. Any other approach, says the
    report's author Seth Schoen, carries the risk of
    anticompetitive behavior by which software providers may
    enforce "security measures" that prevent interoperability
    when using a competitor's software.
    The report explains that:
    "Our most fundamental concern is that trusted computing
    systems are being deliberately designed to support threat
    models in which the owner of a 'trusted' computer is
    considered a threat. These models are the exception rather
    than the rule in the history of computer and communications
    security, and they are not part of the rationales for
    trusted computing publicly offered by its proponents."
    The report addresses technologies such as an operating
    system project by Microsoft called Next-Generation Secure
    Computing Base (NGSCB, previously known as Palladium) and a
    hardware specification project run by the Trusted Computing
    Group consortium (TCG, previously known as the Trusted
    Computing Platform Alliance, TCPA).
    The report addresses a variety of problems with current
    trusted computing proposals and concludes:
    "[T]reating computer owners as adversaries is not progress
    in computer security. The interoperability, competition,
    owner control, and similar problems inherent in the TCG and
    NCSCB approach are serious enough that we recommend against
    adoption of these trusted computing technologies until these
    problems have been addressed. Fortunately, we believe these
    problems are not insurmountable, and we look forward to
    working with the industry to resolve them."
    For this advisory:
    EFF Trusted Computing report:
    Trusted Computing talk on October 8, 2003, by EFF Staff
    Technologist Seth Schoen:
    About EFF:
    The Electronic Frontier Foundation is the leading civil
    liberties organization working to protect rights in the
    digital world. Founded in 1990, EFF actively encourages and
    challenges industry and government to support free
    expression and privacy online. EFF is a member-supported
    organization and maintains one of the most linked-to
    websites in the world at
    Politech mailing list
    Archived at http://www.politechbot.com/
    Moderated by Declan McCullagh (http://www.mccullagh.org/)

    This archive was generated by hypermail 2b30 : Thu Oct 02 2003 - 14:44:50 PDT