Manage updates with the Download App
It has a lot of members, although the board of directors consists of Microsoft, Sony, Advanced Micro Devices, Intel, IBM, Sun Microsystems, Hewlett-Packard and two smaller companies that are voted in on a rotating basis.
The basic idea is that you build a computer from the ground up securely, with a core hardware "root of trust" called a Trusted Platform Module, or TPM. Applications can run securely on the computer, communicate with other applications and their owners securely, and be sure that no untrusted applications have access to their data or code.
This sounds great, but it's a double-edged sword. The same system that prevents worms and viruses from running on your computer might also stop you from using any legitimate software that your hardware or operating system vendor simply doesn't like. The same system that protects spyware from accessing your data files might also stop you from copying audio and video files. The same system that ensures that all the patches you download are legitimate might also prevent you from, well, doing pretty much anything.
(Ross Anderson has an excellent FAQ on the topic. I wrote about it back when Microsoft called the system Palladium.)
In May, the Trusted Computing Group published a best practices document: Design, Implementation, and Usage Principles for TPM-Based Platforms . Written for users and implementers of TCG technology, the document tries to draw a line between good uses and bad uses of this technology.
The principles that TCG believes underlie the effective, useful and acceptable design, implementation and use of TCG technologies are the following:
• Security: TCG-enabled components should achieve controlled access to designated critical secured data and should reliably measure and report the system's security properties. The reporting mechanism should be fully under the owner's control.
• Privacy: TCG-enabled components should be designed and implemented with privacy in mind and adhere to the letter and spirit of all relevant guidelines, laws and regulations. This includes, but is not limited to, the OECD Guidelines, the Fair Information Practices and the European Union Data Protection Directive (95/46/EC).
• Interoperability: Implementations and deployments of TCG specifications should facilitate interoperability. Furthermore, implementations and deployments of TCG specifications should not introduce any new interoperability obstacles that are not for the purpose of security.
• Portability of data: Deployment should support established principles and practices of data ownership.
• Controllability: Each owner should have effective choice and control over the use and operation of the TCG-enabled capabilities that belong to them; their participation must be opt-in. Subsequently, any user should be able to reliably disable the TCG functionality in a way that does not violate the owner's policy.
• Ease-of-use: The nontechnical user should find the TCG-enabled capabilities comprehensible and usable.
It's basically a good document, although there are some valid criticisms. I like that the document clearly states that coercive use of the technology--forcing people to use digital rights management systems, for example--is inappropriate.
• The use of coercion to effectively force the use of the TPM capabilities is not an appropriate use of the TCG technology.
I like that the document tries to protect user privacy:• All implementations of TCG-enabled components should ensure that the TCG technology is not inappropriately used for data aggregation of personal information.
I wish that interoperability were more strongly enforced. The language has too much wiggle room
Biography
Bruce Schneier is CTO of Counterpane Internet Security, Inc. He is one of the world's foremost security experts. His latest book is "Beyond Fear: Thinking Sensibly About Security in an Uncertain World."
16 comments
Join the conversation! Add your comment
and implement software ?????
Remember what happened when MS decided that Sun's Java
interfered with MS's goals (especially in IE) ?? Thank goodness,
Sun had the rules in concrete or by now we all would be forced
to use MS's buggy VM code.
MS has it's own goals, development paths, and corporate
policies, none of which really have room for anyone else's ideas.
And that certainly isn't news to anyone who can think for
himself.
and implement software ?????
Remember what happened when MS decided that Sun's Java
interfered with MS's goals (especially in IE) ?? Thank goodness,
Sun had the rules in concrete or by now we all would be forced
to use MS's buggy VM code.
MS has it's own goals, development paths, and corporate
policies, none of which really have room for anyone else's ideas.
And that certainly isn't news to anyone who can think for
himself.
views software (and hardware) as a tool -- the
traditional view.
Whereas the closed-source domain increasingly
views the user as a tool.
I'm not so convinced that the market will
polarize itself between "do what you want to do"
and "do what THEY want you to do". There's simply
too much to suggest that TCG will become
annoying, inconvenient, and costly with no
substantial benefit to the consumer. So long as
there is any alternative, there's little chance
of it predominating. The more onerous TCG
becomes, the more attractive the non-TCG
environment becomes.
For many companies, the TCG system poses a VERY
substantial IP threat and would be a no starter.
If HP won't sell you a TCG-free system, I bet
Lenovo will.
views software (and hardware) as a tool -- the
traditional view.
Whereas the closed-source domain increasingly
views the user as a tool.
I'm not so convinced that the market will
polarize itself between "do what you want to do"
and "do what THEY want you to do". There's simply
too much to suggest that TCG will become
annoying, inconvenient, and costly with no
substantial benefit to the consumer. So long as
there is any alternative, there's little chance
of it predominating. The more onerous TCG
becomes, the more attractive the non-TCG
environment becomes.
For many companies, the TCG system poses a VERY
substantial IP threat and would be a no starter.
If HP won't sell you a TCG-free system, I bet
Lenovo will.
ideas up in the air and see where they come down. As the chief
designer of , Gates has his hands full trying to plug a leaking
ship...meanwhile the rest of the confused programmers are busy
trying to corner the market on CRM, MSNSearch, Office, SQL
Server, Groove, BizTalk, Vista, and whatever number the next
Service Pack for XP will be 3, 4, 5. Any chance this company has
more things to do than it has eyes, ears, and hands to do them?
When you make one bad product you usually concentrate and fix
it, when you make a dozen, where do you begin? A company
with this much money has but one mind, make more cash, crush
more companies with better ideas, cheat and steal a few more
good technologies, and try to corral your user base into forking
over their hard-earned money for half baked junk made with
"ADD" fixated groups of mishmashed products. Soon this gorilla
will choke, or better yet wither away when something plugs up
its rear end from letting out half-a**ed crap.
ideas up in the air and see where they come down. As the chief
designer of , Gates has his hands full trying to plug a leaking
ship...meanwhile the rest of the confused programmers are busy
trying to corner the market on CRM, MSNSearch, Office, SQL
Server, Groove, BizTalk, Vista, and whatever number the next
Service Pack for XP will be 3, 4, 5. Any chance this company has
more things to do than it has eyes, ears, and hands to do them?
When you make one bad product you usually concentrate and fix
it, when you make a dozen, where do you begin? A company
with this much money has but one mind, make more cash, crush
more companies with better ideas, cheat and steal a few more
good technologies, and try to corral your user base into forking
over their hard-earned money for half baked junk made with
"ADD" fixated groups of mishmashed products. Soon this gorilla
will choke, or better yet wither away when something plugs up
its rear end from letting out half-a**ed crap.
Unless i have ABSOLUTE certainty i'll be able to NOT use TPC-technology at choice i will start collecting non-TPC motherboards from this day forth as to build a FREE-technology computer system tomorrow.
I mean ... WHAT security ? To privatise WHAT ? From WHOM ? A virus ? A ... company ? A governement ? A nation ? Unknowns ?
Why not spend all that great money on making great software instead, at a slower rate.
Unless i have ABSOLUTE certainty i'll be able to NOT use TPC-technology at choice i will start collecting non-TPC motherboards from this day forth as to build a FREE-technology computer system tomorrow.
I mean ... WHAT security ? To privatise WHAT ? From WHOM ? A virus ? A ... company ? A governement ? A nation ? Unknowns ?
Why not spend all that great money on making great software instead, at a slower rate.