Security

Trusted computing pushes the limits of security and censorship

Trusted computing (TC) has many implications, including some benefits for large corporations. But there are too many troubling aspects of TC to ignore, as our opinion columnist points out. Here's more about the promises and threats involved in TC.


ScOrpis TechRepublic's first opinion writer. His ideas and suggestions are his own and do not represent those of TechRepublic or CNET Networks.

Last week, I waxed poetic about the implications of "trusted computing," the latest endeavor by a group made up of Microsoft, Compaq, HP, IBM, and Intel, whose goal it is to "create a new computing platform for the next century that will provide for improved trust in the PC platform."

Well, I'm not quite through discussing the trusted computing (TC) concept yet. Consider all the normal procedures that are now being "criminalized" by new legislation under the mantle of "Homeland Security" or other pat slogans and buzzwords. (HIPAA compliance comes to mind.) It follows that today's paranoia may be tomorrow's reality. "We can always turn it off" may cease to be a legal option with the stroke of a pen. It may also cease to be a possible or practical option when important documents fail to open or when your new hard drive sits down and refuses to Save an unsigned file, or even a certain file type.

Amazingly, Microsoft has actually learned a few lessons. Microsoft has learned that whatever steps it takes to secure its products will be cracked inside a week by some bright college student, so they're spending a little money to have Palladium/NGSCB thoroughly cracked and subsequently patched before its release, on the cheap, by the same people who would do it in the field anyway. Call it sneaky, or brilliant if you will, but the fact is that, for once, a Microsoft product will emerge new on the market as a battle-hardened veteran. Don't look for a DeCSS scenario this time around. It won't happen.

Probably the most troubling aspect of TC-compliant systems is that third parties can (and will!) routinely reach into your system and scan it for violations. Any file or device not found to measure up (read: pirated software and MP3s) can be deleted or disabled remotely. You have no say in this. To put it succinctly, the computer and software that you bought with your money will cease to belong to you. None of your digital equipment or files will ever truly be your own property. Also planned, and eagerly looked forward to by certain entities, is expiration-dated content. DVD movies or music albums self-destructing will be of less concern to you than, for instance, forced OS upgrades.

Welcome to the future of computing: The near future
It's amazing, perhaps alarming, how few people actually know of the TC plan. I recently exposed a couple of people in the IT field to the online documentation and got their responses.

Here are a senior programmer's thoughts:
"I like the extra security that TCPA and Palladium adds for corporations. Controlling confidential and secret data is very important. But there is a great deal of room for abuse with TCPA and Palladium. It provides many good features for businesses that develop software as their business by eliminating some of the piracy that goes on. I definitely believe that the larger the company, the more beneficial this will be. With large applications with thousands of hours of development time, extra costs become insignificant, but what about programs with a few hours of development time?

“When developing a piece of software, there is testing that goes on. You may need to test the software on multiple machines. If you have to get each test version signed, it will slow development of small programs. If you don't have to get them signed, how does the application differ from a virus? How much cost and time is involved in getting software applications signed? How much would this software and hardware add to the IT budgets of companies? What about people who write programs at home or on a contract basis for small companies? Who controls the lists of valid and illegal software and versions?

“What happens if people use firewalls to block the transmissions to check the verification lists for illegal software? What happens if the verification lists get corrupted or compromised? Could your software and all of the files be deleted if your software accidentally or maliciously made it onto the list of illegal copies?Who would pay for the loss?

“TCPA and Palladium have some great advantages, but there seem to be many issues that arise out of its use. If all software supports TCPA and Palladium, what vulnerabilities will be opened up? How much do you trust hardware and software to automatically control security for you? I believe that caution needs to be taken with a tool of this magnitude. As with any tool, it can be used for the betterment or detriment of anyone."

A systems engineer had these comments on TC:
"In reading about TCPA and Palladium, there is a clear and evident Catch 22 present, that I believe the implementers hope that we don't see. The necessity and the benefits of the government being able ‘to arrange things so that all Word documents created on civil servants' PCs are ”born classified” and can't be leaked electronically to journalists’ are clear. However, my concern becomes elevated quite significantly when this project blatantly indicates that ’there will be remote censorship.’ And that ‘the mechanisms designed to delete pirated music under remote control may be used to delete documents that a court (or a software company) has decided are offensive.’ These documents ‘could be anything from pornography to writings that criticize political leaders.’

“So, not only are we being restricted as to using pirated software (ok, guys I'll give you that one) but our moral judgments are going to be made FOR us? I'm sorry, what country is this?

“Most of the documentation I have perused on TC indicates overwhelming benefits for corporations. While I can see the automatic securing of documents as a benefit, the evasion of accountability this will provide is more than a little disarming.�

“I'm not following how protecting corporations from being caught in the midst of criminal behavior is a benefit to society. This point will probably be glazed over rather than addressed, but anyone who takes the time to really read this should be asking her/himself the very same questions.

“And, so much for Open Source products. The essence of these products is dissolved the instant they must be proved to any unit of authority. Didn't Microsoft just fight a battle over anti-trust laws? How is this whole idea (based on elements of control enumerated) NOT in violation of anti-trust laws?

“Questions that arise for me as a systems engineer working with highly sensitive data include, but are certainly not limited to:
  • What access or possibility of access will this give an external entity to my data? How can you guarantee me that it will not provide access to the wrong people? In turn, how can we guarantee our clients that their data is safe?
  • What about hot-swappable server components? Will this mean that a company will have to have pre-certified replacement parts on site to be able to maintain the same level of down-time / replacement time we had prior to this being put into place?

From a VP of tech services and support of a major security firm:
"I feel that TCPA and NGSCB is a great idea with regards to the rationale behind it, but I'm afraid there are many (including myself) who will not give the keys to the kingdom, so to speak, to Microsoft and other TCPA members. I think this will give rise to opposition and possible mass migrations of activists for personal privacy from the TCPA initiative. (Does anyone remember PKI in the late nineties?) It will, however, trickle down into our day-to-day computing and will eventually form part of what we now consider daily operations.”

The workaround?
Great idea—except that people will try and sidestep it. Great idea, except I'm not playing. Great idea, except who does it really benefit? Great idea, except that when (not if) it goes wrong, who pays for damages done and who guarantees when things are out of the admin's hands? Well, maybe it’s not such a great idea, with all those caveats.

Is there anything that can be done to prevent or stop this? Well, there's this workaround: Set up a peer-to-peer (P2P) file-sharing group that is safe from third-party monitoring. If you plan to do this, just don't discard your old Pentium II that is running W98. Either it will be what you have to use to run anything you share that way, or these pre-TC machines/OSs will actually go UP in value on the black market. That's assuming ISPs will even allow a non-TC machine to log on to the Internet, because if you try and get a non-signed file with a TC machine, it gets Fritzed on impact. That's also assuming that a TC-compliant router will even pass the packets. (Let's assume that this was merely a highly whimsical suggestion and move on.)

If you want to take a more standard and organized approach for working against the trusted computing initiative, go here and follow the directions

Editor's Picks