Trusted Computing (TC) (good faq), in case you don’t obsessively read slashdot, is the name for a range of technologies that enable cryptographic verification of the code running on a computer as well as the ability to control what code can access certain information. This technology would allow people to verify that the output of some program running on an untrusted computer, possibly even one owned by someone else, is indeed produced by that program and hasn’t been forged or modified. In theory it would also allow people to encrypt information in such a way that only authorized programs could access the unencrypted data.
The most well known ‘feature’ of trusted computing is to enable secure digital rights management (DRM) for digital media. For instance an online music store like the apple music store might encrypt the song they sell you so that only the iTunes player on a system with TC technology could access the decrypted data and unlike current DRM technology it would be (in principle) secure [insecure]. Among other things this would make it very difficult to illegally copy the content you purchased. For this reason trusted computing is being strongly promoted by the Trusted Computing Group which includes some of the biggest companies in the computer world (Intel, Microsoft, IBM, HP and AMD). However, TC faces significant opposition from many computer hobbyists, open source advocates and the EFF. The concern of these groups isn’t that TC and DRM would prevent piracy, they convincingly argue that it would not, but that it would take too much power away from the user and give it to the vendor.
The essential concern is that the vendor has complete control over your use of their content enabling anti-competitive behavior, blocking fair use, preventing the use of third party of hobbyist enhancements and forcing unnecessary repurchase. These problems have been widely discussed and the EFF can explain the harms far better than I. Suffice it to say that DRM technology could be really fucking bad for the consumer as well as culture.
However, these misuses of the technology are something that can be addressed by proper legislation (the market isn’t sufficient as many of the harms occur via a tragedy of the commons or are opaque to the average consumer). One ambitious solution I think has promise would be for congress to define a set of mandatory rights for the retail purchase of media/IP by individuals. This could deal with the DRM problem and End User License Agreements (EULA) in one fell swoop and if the rights were broad enough undermine the motivation for DRM technology or even ban it’s use for retail media entirely.
While I’m worried about the effects of DRM technology, especially during the time it takes to pass new laws, the fact that it can be used for unsavory purposes isn’t enough of a reason to oppose the technology. In fact it is downright inconsistent for the hacker/open source community to defend services like bittorrent and programs like DeCSS (unencrypts DVDs) because they have upstanding uses as well as enabling piracy but dismissing trusted computing because it could be used for evil. Like bittorrent and DeCSS trusted computing also has many compelling applications.
Utilization of all the excess computing power in PCs around the world has been a dream of researchers and hackers for years but apart from free projects like Seti@Home it has yet to come to fruition. One large obstacle is the technological inability to guarantee the results of a remote computation are valid. Few people are going to fake results for Seti@Home or other charitable work but once you start paying people for the use of their computer their is an incentive to make more money by only pretending to run the computations. Also more serious projects need to worry about malicious interference. Trusted computing can solve these problems by providing a cryptographic guarantee the result you receive is the result of running a certain piece of code. Additionally companies will be reluctant to make use of commoditize computing power if their competitors can see their private data just by selling time on their CPUs. While it is more difficult than generally acknowledge to provide truly cryptographically secure computation (timing attacks) trusted computing can make it very very difficult to decipher the encrypted data while still allowing your computer to work on it.
This is just one potential application of trusted computing other than DRM. Many others have been proposed including, email with guaranteed deletion dates, to better protection of personal information, greater computer security, digital cash and perhaps the ability to run your programs on anyone’s computer. As with any major computing advance the most compelling uses are probably things that haven’t even been thought of yet. Given all these potential advantages it would be a shame to throw out a whole technology just because it can also be used for evil. It would be unfortunate even to adopt the EFF’s solution that would give the computer owner an override of trusted computing facilities as this would eliminate all but the computer security application of trusted computing.
If computer freedom advocates want to be consistent they should recognize that it is wrong to demonize the technology of trusted computing just because it can be used for evil just like it is wrong to demonize P2P networks or DeCSS because of their illicit applications. Certainly their are improvements that can be made to trusted computing to make it better (instead of verifying the software stack thus requiring a trusted kernel features to authenticate valid context switching should be used instead) but we should work to improve the technology not throw it out.
Loading ...