It has a lot of members, although the board of directors consists of Microsoft, Sony, Advanced Micro Devices, Intel, IBM, Sun Microsystems, Hewlett-Packard and two smaller companies that are voted in on a rotating basis.
The basic idea is that you build a computer from the ground up securely, with a core hardware "root of trust" called a Trusted Platform Module, or TPM. Applications can run securely on the computer, communicate with other applications and their owners securely, and be sure that no untrusted applications have access to their data or code.
This sounds great, but it's a double-edged sword. The same system that prevents worms and viruses from running on your computer might also stop you from using any legitimate software that your hardware or operating system vendor simply doesn't like. The same system that protects spyware from accessing your data files might also stop you from copying audio and video files. The same system that ensures that all the patches you download are legitimate might also prevent you from, well, doing pretty much anything.
In May, the Trusted Computing Group published a best practices document: Design, Implementation, and Usage Principles for TPM-Based Platforms . Written for users and implementers of TCG technology, the document tries to draw a line between good uses and bad uses of this technology.
The principles that TCG believes underlie the effective, useful and acceptable design, implementation and use of TCG technologies are the following:
Security: TCG-enabled components should achieve controlled access to designated critical secured data and should reliably measure and report the system's security properties. The reporting mechanism should be fully under the owner's control.
Privacy: TCG-enabled components should be designed and implemented with privacy in mind and adhere to the letter and spirit of all relevant guidelines, laws and regulations. This includes, but is not limited to, the OECD Guidelines, the Fair Information Practices and the European Union Data Protection Directive (95/46/EC).
Interoperability: Implementations and deployments of TCG specifications should facilitate interoperability. Furthermore, implementations and deployments of TCG specifications should not introduce any new interoperability obstacles that are not for the purpose of security.
Portability of data: Deployment should support established principles and practices of data ownership.
Controllability: Each owner should have effective choice and control over the use and operation of the TCG-enabled capabilities that belong to them; their participation must be opt-in. Subsequently, any user should be able to reliably disable the TCG functionality in a way that does not violate the owner's policy.
Ease-of-use: The nontechnical user should find the TCG-enabled capabilities comprehensible and usable.
It's basically a good document, although there are some valid criticisms. I like that the document clearly states that coercive use of the technology--forcing people to use digital rights management systems, for example--is inappropriate.
The use of coercion to effectively force the use of the TPM capabilities is not an appropriate use of the TCG technology.I like that the document tries to protect user privacy:
All implementations of TCG-enabled components should ensure that the TCG technology is not inappropriately used for data aggregation of personal information.I wish that interoperability were more strongly enforced. The language has too much wiggle room
Bruce Schneier is CTO of Counterpane Internet Security, Inc. He is one of the world's foremost security experts. His latest book is "Beyond Fear: Thinking Sensibly About Security in an Uncertain World."
Page 1 | 2
16 commentsJoin the conversation! Add your comment