Digital-rights group knocks 'trusted' PCs

The Electronic Frontier Foundation says a component of so-called trusted computing technology from industry giants, including Microsoft and IBM, is a threat to computer users.

Robert Lemos
Robert Lemos Staff Writer, CNET News.com
Robert Lemos
covers viruses, worms and other security threats.
2 min read
A high-profile digital civil liberties group is criticizing a component of the "trusted computing" technology promoted by Microsoft, IBM and other technology companies, calling the feature a threat to computer users.

The paper, which was set to be released late Wednesday by the Electronic Frontier Foundation, analyzes the promised features of several different trusted computing initiatives. The efforts aim to develop next-generation hardware and software that can better protect data from attackers, viruses and digital pirates.

Applauded in the paper are three features of the best-known trusted computing technology, Microsoft's Next-Generation Secure Computing Base, that may be positive ways of securing consumers' computers. However, the EFF criticized a fourth feature--known as remote attestation--as a threat that could lock people into certain applications, force unwanted software changes on them and prevent reverse engineering.

Remote attestation allows other organizations that "own" content on a person's computer to ascertain whether the data or software has been modified. Such technology could easily be at odds with a computer owner's interests, said Seth Schoen, staff technologist for the EFF and the primary author of the paper.

Get Up to Speed on...
Enterprise security
Get the latest headlines and
company-specific news in our
expanded GUTS section.

"We have a technology that doesn't exist today, which computer users are being asked to adopt," Schoen said. "If the new technology can be used in many ways that run counter to the interest of the people, then I think asking them to adopt it doesn't make any sense."

Microsoft, IBM, Intel and other companies have teamed to create hardware that would secure the world's personal computers and win the trust of service and digital-content providers. Microsoft initially proposed a software-hardware system, called Palladium, that would enhance security, while IBM and Intel formed a group called the Trusted Computing Platform Alliance to work on a hardware system.

The companies have formed a new group, the Trusted Computing Group, to work on a single hardware design that will be supported by a number of software programs, including Microsoft's controversial security prototype.

Many critics of the proposal have warned that such systems will wrest computer control from consumers and place it in the hands of software companies and digital-content owners.

The EFF proposes amending the trusted computing initiative to include a feature called "owner override," which would allow computer owners, whether individuals or companies, to essentially lie to an organization that attempts to ascertain the integrity of their content.

Refusing to provide the information required by remote attestation won't work, Schoen said, because such a refusal is still giving something away. "In criminal cases, you can take the Fifth Amendment," he said. "While the jury is not supposed to infer anything from that, the general public certainly infers that the person is guilty or has something to hide."

Only the ability to lie to remote software or a content owner will allow the PC user's rights to be protected, Schoen said.

A representative from Microsoft, which has spearheaded much of the development behind trusted computing, wasn't immediately available to comment on the paper or the proposed feature.