EFF publishes report on trusted computing: "Promise and Risk"

[Declan McCullagh <declan () well com>]

Electronic Frontier Foundation Media Advisory

For Immediate Release: Thursday, October 2, 2003


Contact:

Seth Schoen
  Staff Technologist
  Electronic Frontier Foundation
  seth () eff org
  +1 415 436-9333 x107


Who Controls Your Computer?

Electronic Frontier Foundation Reports on Trusted Computing

San Francisco - The Electronic Frontier Foundation (EFF)
yesterday published a landmark report on trusted computing,
a technology designed to improve security through hardware
changes to the personal computer.

The report, entitled "Trusted Computing: Promise and Risk,"
maintains that computer owners themselves, rather than the
companies that provide software and data for use on the
computer, should retain control over the security measures
installed on their computers. Any other approach, says the
report's author Seth Schoen, carries the risk of
anticompetitive behavior by which software providers may
enforce "security measures" that prevent interoperability
when using a competitor's software.

The report explains that:

"Our most fundamental concern is that trusted computing
systems are being deliberately designed to support threat
models in which the owner of a 'trusted' computer is
considered a threat. These models are the exception rather
than the rule in the history of computer and communications
security, and they are not part of the rationales for
trusted computing publicly offered by its proponents."

The report addresses technologies such as an operating
system project by Microsoft called Next-Generation Secure
Computing Base (NGSCB, previously known as Palladium) and a
hardware specification project run by the Trusted Computing
Group consortium (TCG, previously known as the Trusted
Computing Platform Alliance, TCPA).

The report addresses a variety of problems with current
trusted computing proposals and concludes:

"[T]reating computer owners as adversaries is not progress
in computer security. The interoperability, competition,
owner control, and similar problems inherent in the TCG and
NCSCB approach are serious enough that we recommend against
adoption of these trusted computing technologies until these
problems have been addressed. Fortunately, we believe these
problems are not insurmountable, and we look forward to
working with the industry to resolve them."

For this advisory:
http://www.eff.org/Infra/trusted_computing/20031002_eff_pr.php

EFF Trusted Computing report:
http://www.eff.org/Infra/trusted_computing/20031001_tc.php

Trusted Computing talk on October 8, 2003, by EFF Staff
Technologist Seth Schoen:
http://www.sdforum.org/p/calEvent.asp?CID=1182


About EFF:

The Electronic Frontier Foundation is the leading civil
liberties organization working to protect rights in the
digital world. Founded in 1990, EFF actively encourages and
challenges industry and government to support free
expression and privacy online. EFF is a member-supported
organization and maintains one of the most linked-to
websites in the world at
http://www.eff.org/

                           -end-

_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)