A high-profile digital civil liberties group is criticizing a component of the "trusted computing" technology promoted by Microsoft, IBM and other technology companies, calling the feature a threat to computer users.
The paper, which was set to be released late Wednesday by the Electronic Frontier Foundation, analyzes the promised features of several different trusted computing initiatives. The efforts aim to develop next-generation hardware and software that can better protect data from attackers, viruses and digital pirates.
Applauded in the paper are three features of the best-known trusted computing technology, Microsoft's Next-Generation Secure Computing Base, that may be positive ways of securing consumers' computers. However, the EFF criticized a fourth feature--known as remote attestation--as a threat that could lock people into certain applications, force unwanted software changes on them and prevent reverse engineering.
Remote attestation allows other organizations that "own" content on a person's computer to ascertain whether the data or software has been modified. Such technology could easily be at odds with a computer owner's interests, said Seth Schoen, staff technologist for the EFF and the primary author of the paper.
Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section.
"We have a technology that doesn't exist today, which computer users are being asked to adopt," Schoen said. "If the new technology can be used in many ways that run counter to the interest of the people, then I think asking them to adopt it doesn't make any sense."
Microsoft, IBM, Intel and other companies have teamed to create hardware that would secure the world's personal computers and win the trust of service and digital-content providers. Microsoft initially proposed a software-hardware system, called Palladium, that would enhance security, while IBM and Intel formed a group called the Trusted Computing Platform Alliance to work on a hardware system.
The companies have formed a new group, the Trusted Computing Group, to work on a single hardware design that will be supported by a number of software programs, including Microsoft's controversial security prototype.
The EFF proposes amending the trusted computing initiative to include a feature called "owner override," which would allow computer owners, whether individuals or companies, to essentially lie to an organization that attempts to ascertain the integrity of their content.
Refusing to provide the information required by remote attestation won't work, Schoen said, because such a refusal is still giving something away. "In criminal cases, you can take the Fifth Amendment," he said. "While the jury is not supposed to infer anything from that, the general public certainly infers that the person is guilty or has something to hide."
Only the ability to lie to remote software or a content owner will allow the PC user's rights to be protected, Schoen said.
A representative from Microsoft, which has spearheaded much of the development behind trusted computing, wasn't immediately available to comment on the paper or the proposed feature.
Join the conversation
Comment replyThe posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.
Web giant is spending $120 million to beef up its Mountain View, Calif., headquarters, according to filings with the city reviewed by the San Jose Mercury News.
The Samsung Galaxy Mini 2 S6500 could make its debut at the Mobile World Congress in Barcelona later this month, according to a leaked promotional image.
MIT creates a simulation to celebrate the 50th anniversary of Spacewar. A relic of the early days of minicomputers, it was one of the first computer video games and set the stage for many others, including Asteroids.
Join the conversation