Security technologies could backfire against consumers
By Robert Lemos
SAN FRANCISCO--At the USENIX Security Conference held here recently, Microsoft developers touted the company's upcoming Palladium architecture as technology that would enhance privacy, stymie piracy and increase a corporation's control over its computers.
Others, however, see a more nefarious role for the security software.
"The perception is that the security protects content on the user's PC from third parties," said a security consultant who goes by the moniker of Lucky Green. "That's wrong."
The conflict highlights a growing debate over "trusted computers"--machines equipped with the technology to wall off data, secure communications and verify the characteristics of their system. Although military and intelligence agencies have used such systems, the concept has been met with opposition in mainstream consumer markets.
The reason: The masses don't necessarily trust the companies developing "trusted computing" technology.
Richard Stallman, founder of the Free Software Foundation and of the GNU project for creating free versions of key Unix programs, lampooned the technology in a recent column as "treacherous computing."
"Large media corporations, together with computer companies such as Microsoft and Intel, are planning to make your computer obey them instead of you," he wrote. "Proprietary programs have included malicious features before, but this plan would make it universal."
He and others, such as Cambridge University professor Ross Anderson, argue that the intention of so-called trusted computing is to block data from consumers and other PC users, not from attackers. The main goal of such technology, they say, is "digital-rights management," or the control of copyrighted content. Under today's laws, copyright owners maintain control over content even when it resides on someone else's PC--but many activists are challenging that authority.
In fact, Microsoft sees the initial markets for the Palladium technology to be in the business realm. The new software and hardware could secure VPNs (virtual private networks) by allowing administrators to positively identify computers on the network. Corporate executives, concerned that embarrassing e-mail messages might end up appearing in court and in the news, could require employees to use trusted computing technologies that could throw away the digital keys to any message more than one month old. Such considerations could make Palladium and other trusted technologies a fairly easy sell to businesses.
It's consumers that could be the hitch.
Moreover, lawmakers have introducedbills this year that could strengthen copyright controls over computers and the data they store. A measure proposed by Sen. Ernest "Fritz" Hollings, D-S.C., would require hardware makers to include anti-copying mechanisms in all new consumer electronic devices. Another bill promoted by Rep. Howard Berman, D-Calif., would allow copyright owners to use technical measures, including unauthorized access and attacks on file-sharing networks, to prevent copyright infringement.
Such pro-security measures have gained momentum in the post-Sept. 11 political climate, which has focused attention on Internet threats of terrorism.
"I think we need a trusted environment. Things are too insecure," said David Farber, a telecommunications law professor at the University of Pennsylvania and one of four advisers to the Trusted Platform Computing Alliance (TPCA), a hardware-based security initiative. "They were insecure before 9/11, and they are needed more now."
Advertising their trust
"A trusted platform can attest to its configuration, and I, a merchant, can decide if I want to deal with that PC," Marcus Varady, marketing manager for Intel's safer computing initiative and the chair of the TCPA steering committee, said in a recent interview. "I can then drop my wall of protection within that environment to collaborate with them on a trusted level."
William Arbaugh, an associate professor of computer science at the University of Maryland, acknowledged that the TPCA could improve security but said hardware and software modifications could do even more harm if abused by companies.
"The TCPA as it stands now is unacceptable," Arbaugh concluded.
In addition, even proponents of the technology concede that it is not foolproof in preventing piracy. Palladium, for instance, could not stop a hardware attack, which might cause some information to leak out. The technology's security disappears when data is outside the Palladium infrastructure, Microsoft's Biddle said.
"Once Elvis has left the building, Elvis can't get back in the building," he added.
Small changes, big results
The TCPA and Microsoft's Palladium rely on additions to the hardware of normal PCs. While Palladium calls for more extensive changes, the modifications are remarkably similar.
Both call for a new chip to be placed on the motherboard of all future computers. The chip would include new encryption functions as well as a small amount of memory that would act as a digital vault to store important keys to decrypt protected data. The TCPA refers to the chip as the "trusted platform module," a successor to Intel's processor ID--an idea the chipmaker abandoned in 1999 after aover privacy. Microsoft refers to the hardware component of Palladium as the "security support component."
Opponents criticize any process or technology controlled by a single company that may have ulterior motives--especially when that company is Microsoft. Eben Moglen, a noted Free Software Foundation attorney and professor of law at Columbia University, has argued that such proprietary initiatives could stunt the growth of open-source technologies like Linux, which is gathering strength as a challenger to the Windows operating system.
Green suspects that Microsoft wants to use Palladium to enforce software licenses. He claims the day after attending the USENIX Security Conference, he contacted an attorney and filed two patents on ways that Palladium-like systems could be used for such enforcement. While Green won't discuss his intentions, many believe he is trying to preempt companies from using the technology for this purpose.
"The objective and capabilities are to secure the applications and data against the end user to the benefit of third parties," he said of trusted computing initiatives in general.
Proponents scoff at such notions as conspiracy theory. "I have seen no signs that Microsoft and Intel are out to screw the world; and if they do screw the world, I think Congress will stop them," said the University of Pennsylvania's Farber.
Nevertheless, all parties involved acknowledge the confounding complexity of the issue, and even Microsoft doesn't know where it will end up.
"We can speak to what we intend to have happen," said Mario Juarez, another product manager for Palladium, but "there are so many unanswered questions at this point."