p2pnet.net News View:- If you’ve recently bought an IBM ThinkVantage computer, or a Dell Optiplex, or one of a whole range of laptops from Toshiba, HP/Compaq or Samsung then you may have got more for your money than you realised.

Because inside your shiny new computer is an extra chip called the trusted platform module, or TPM, that can be used to provide a whole range of hardware-based security features.

Eventually the TPM will be built into the main processor itself, and if the trusted computing group has its way then you’ll find one in every piece of hardware you own, from mobile phones to TV set top boxes to children’s toys.

But for the moment it’s a separate piece of hardware, providing enhanced security features to programs that know how to use them. And as part of a well-designed network system it can provide a lot more security than we enjoy today.

A big advantage of the TPM is that it’s hardware based.

At the moment most of us rely on software to keep our information safe and secure. It might be password-protected user accounts, data encryption programs or a firewall, but it all relies on program code running on an inherently insecure processor.

Hardware security is less common, even if it is a lot safer. This is partly because it’s more expensive to give someone a smartcard than a password, but also because its more work for users, systems administrators and managers.

As a result we settle for second best.

So when it comes to computer security then trusted systems could be a major step forward. After all, if you’ve got a laptop that will only run programs that have been digitally signed then it will be a lot harder for virus writers to get their malicious code to run.

And if all your files are locked automatically then even if you get your computer stolen your personal data will be safeguarded.

At the moment support for trusted hardware isn’t built into major operating systems. Instead you have to use special software, like HP’s ProtectTools or Wave Systems’ Embassy. This provides file encryption, password management and identity protection, usually for business users who connect to company networks.

Full support for the trusted computing specification won’t be available from Microsoft until the next release of Windows, ‘Longhorn’. This will include what Microsoft, in a typical act of wilful obscurantism, calls the ‘Next Generation Secure Computing Base’, and it will let user-level programs access to the trusted computing hardware.

When that happens we can expect to see a lot of publicity around the new capabilities, and no doubt the Windows security centre will encourage users to turn on their trusted computing capability just as they turn on their firewall.

However there is a downside to the increased security from viruses, spyware and data theft that this will provide. Because the trusted computing base is also used to make digital rights management systems more secure, and this in turn will give content providers a lot more control over what we can do with music, movies and books that we have bought from them.

We’ve seen recently how allowing digital rights management services into our lives can lead to unwelcome consequences. Users of Apple’s iTunes used to be able to stream the music they were listening to to up to five other iTunes users, a great way of letting your mates discover your music collection.

But the latest version of iTunes limits this capability, just as an earlier ‘upgrade’ reduced the number of times you could burn a selected playlist of purchased songs to a CD, and another took away the ability to play songs downloaded from Real’s Harmony service on your iPod.

Apple can do this because they wrote the software and they control the rights management. Once it’s embedded in trusted hardware it will be even harder for dedicated programmers to find their way around these unreasonable restrictions and give us back the fair use rights that should be guaranteed under copyright law.

Similarly, users of Tivo digital video recorders have found that they can’t record some shows, and other programmes that they have recorded are automatically deleted after a day. This happens because of changes that Tivo have made to their software, and the users can’t control it.

Fortunately for those of us who believe that locking-down digital content is a bad idea, and that the flexibility of copyright law is something that should be embraced and not taken away from us, even hardware-based DRM won’t work.

It won’t work because of the fundamental flaw at the heart of the system: in order for the purchaser to view the content it has to be unlocked, and once it is unlocked then someone, somewhere, will figure out a way to make a copy of the unlocked version.

And once an unlocked version leaks onto the network it will be uncontrollable.

The efforts going into DRM would be much better spent building efficient distribution services, finding business models that are based on trusting your customers, and offering high quality downloads at fair prices.

What we want is not so much a trusted computing platform as a trusted customer platform: the record companies and the film industry need to recognise that most of us, most of the time, will pay a reasonable amount for good quality material.

They will benefit more by building a market in which I can share songs with my friends, record shows I want to watch later, and burn CDs for my kids, a market which respects the spirit of copyright law and does not seek to replace it by restrictive contracts or end user agreements.

We need to ensure that trusted computing remains under the control of the users and isn’t used as an excuse to take away the freedoms we enjoy today.

Bill Thompson – andfinally.com

========================

Something you think we should know? tips[at]p2pnet.net

This entry was posted on Sunday, March 20th, 2005 at 4:23 am and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 2654 times