Geoneil
Jan 21, 2004, 00:36
...Is it a good thing or a bad thing?
http://www.eff.org/Infra/trusted_computing/20031001_tc.php
http://www.againsttcpa.com/what-is-tcpa.html
http://www.gnu.org/philosophy/can-you-trust.html
Some random quotes...
from the EFF site...
"Computer security is undeniably important, and as new vulnerabilities are discovered and exploited, the perceived need for new security solutions grows. "Trusted computing" initiatives propose to solve some of today's security problems through hardware changes to the personal computer. Changing hardware design isn't inherently suspicious, but the leading trusted computing proposals have a high cost: they provide security to users while giving third parties the power to enforce policies on users' computers against the users' wishes -- they let others pressure you to hand some control over your PC to someone else. This is a "feature" ready-made for abuse by software authors who want to anticompetitively choke off rival software."
"Intel's LaGrande Technology (LT) and AMD's Secure Execution Mode (SEM), for example, provide hardware support needed for all the major feature groups in NGSCB. The Intel and AMD projects are not discussed as separate entities here, but their features would build on TCG features to provide the hardware support demanded by NGSCB."
"We recognize that hardware enhancements might be one way to improve computer security. But treating computer owners as adversaries is not progress in computer security. The interoperability, competition, owner control, and similar problems inherent in the TCG and NCSCB approach are serious enough that we recommend against adoption of these trusted computing technologies until these problems have been addressed. Fortunately, we believe these problems are not insurmountable, and we look forward to working with the industry to resolve them."
From the against TCPA site...
"This bill plans to legally force secure (TCPA-conform) systems. So in the USA it would then not be allowed to buy or sell systems that are not TCPA-conform. Passing this law would be punished with up to 5 years of prision and up to $500.000 fine. The same would apply for development of "open" software. Open means that it would work on systems that're not TCPA-conform.
Even if this bill would only valid in the USA it would have catastrophically effects worldwide. Because US companies are not allowed to develop and sell "unsecure" software, others would have to jump onto the TCP-train, so they would give total control over themself to the TCPA (USA?), or they would have to live completely without software and harware from US-companies. No Windows, Solaris, MacOS, Photoshop, Winamp or to say it short: The largest part of all software that's used on this planet would not be usable."
"# The informational self-determination isn't existing anymore, it's not possible to save, copy, create, program, ..., the data like you want. This applies for privates as for companies
# The free access to the IT/Software market is completely prevented for anyone except the big companies, the market as we know it today will get completely destroyed
# Restrictions in the usage of owned hardware would apply
# The liberty of opinion and the free speech on the internet would finally be eliminated
# The own rights while using IT-technologies are history.
# The national self-determination of the der particular countries would be fully in the hands of the USA
# Probably the world would break into two digital parts (Countries that express against TCPA)"
From the GNU site...
"Most people think their computers should obey them, not obey someone else. With a plan they call "trusted computing", large media corporations (including the movie companies and record companies), together with computer companies such as Microsoft and Intel, are planning to make your computer obey them instead of you. (Microsoft's version of this scheme is called "Palladium".) Proprietary programs have included malicious features before, but this plan would make it universal."
"It's not surprising that clever businessmen find ways to use their control to put you at a disadvantage. Microsoft has done this several times: one version of Windows was designed to report to Microsoft all the software on your hard disk; a recent "security" upgrade in Windows Media Player required users to agree to new restrictions. But Microsoft is not alone: the KaZaa music-sharing software is designed so that KaZaa's business partner can rent out the use of your computer to their clients."
In the past, these were isolated incidents. "Trusted computing" would make it pervasive. "Treacherous computing" is a more appropriate name, because the plan is designed to make sure your computer will systematically disobey you. In fact, it is designed to stop your computer from functioning as a general-purpose computer. Every operation may require explicit permission."
While I'm all for making my computer more secure, I'd like to keep control of my computer that I have paid for with my money.
And as this would be controlled by large corporations (who I wouldn't trust as far as I would throw) we'd have to assume that control of our computers (that we have paid for) to scan and delete our files would be what it would be used for...
What do you think?
(btw: please feel free to move this to a more appropriate thread, if you feel as if you should...)
http://www.eff.org/Infra/trusted_computing/20031001_tc.php
http://www.againsttcpa.com/what-is-tcpa.html
http://www.gnu.org/philosophy/can-you-trust.html
Some random quotes...
from the EFF site...
"Computer security is undeniably important, and as new vulnerabilities are discovered and exploited, the perceived need for new security solutions grows. "Trusted computing" initiatives propose to solve some of today's security problems through hardware changes to the personal computer. Changing hardware design isn't inherently suspicious, but the leading trusted computing proposals have a high cost: they provide security to users while giving third parties the power to enforce policies on users' computers against the users' wishes -- they let others pressure you to hand some control over your PC to someone else. This is a "feature" ready-made for abuse by software authors who want to anticompetitively choke off rival software."
"Intel's LaGrande Technology (LT) and AMD's Secure Execution Mode (SEM), for example, provide hardware support needed for all the major feature groups in NGSCB. The Intel and AMD projects are not discussed as separate entities here, but their features would build on TCG features to provide the hardware support demanded by NGSCB."
"We recognize that hardware enhancements might be one way to improve computer security. But treating computer owners as adversaries is not progress in computer security. The interoperability, competition, owner control, and similar problems inherent in the TCG and NCSCB approach are serious enough that we recommend against adoption of these trusted computing technologies until these problems have been addressed. Fortunately, we believe these problems are not insurmountable, and we look forward to working with the industry to resolve them."
From the against TCPA site...
"This bill plans to legally force secure (TCPA-conform) systems. So in the USA it would then not be allowed to buy or sell systems that are not TCPA-conform. Passing this law would be punished with up to 5 years of prision and up to $500.000 fine. The same would apply for development of "open" software. Open means that it would work on systems that're not TCPA-conform.
Even if this bill would only valid in the USA it would have catastrophically effects worldwide. Because US companies are not allowed to develop and sell "unsecure" software, others would have to jump onto the TCP-train, so they would give total control over themself to the TCPA (USA?), or they would have to live completely without software and harware from US-companies. No Windows, Solaris, MacOS, Photoshop, Winamp or to say it short: The largest part of all software that's used on this planet would not be usable."
"# The informational self-determination isn't existing anymore, it's not possible to save, copy, create, program, ..., the data like you want. This applies for privates as for companies
# The free access to the IT/Software market is completely prevented for anyone except the big companies, the market as we know it today will get completely destroyed
# Restrictions in the usage of owned hardware would apply
# The liberty of opinion and the free speech on the internet would finally be eliminated
# The own rights while using IT-technologies are history.
# The national self-determination of the der particular countries would be fully in the hands of the USA
# Probably the world would break into two digital parts (Countries that express against TCPA)"
From the GNU site...
"Most people think their computers should obey them, not obey someone else. With a plan they call "trusted computing", large media corporations (including the movie companies and record companies), together with computer companies such as Microsoft and Intel, are planning to make your computer obey them instead of you. (Microsoft's version of this scheme is called "Palladium".) Proprietary programs have included malicious features before, but this plan would make it universal."
"It's not surprising that clever businessmen find ways to use their control to put you at a disadvantage. Microsoft has done this several times: one version of Windows was designed to report to Microsoft all the software on your hard disk; a recent "security" upgrade in Windows Media Player required users to agree to new restrictions. But Microsoft is not alone: the KaZaa music-sharing software is designed so that KaZaa's business partner can rent out the use of your computer to their clients."
In the past, these were isolated incidents. "Trusted computing" would make it pervasive. "Treacherous computing" is a more appropriate name, because the plan is designed to make sure your computer will systematically disobey you. In fact, it is designed to stop your computer from functioning as a general-purpose computer. Every operation may require explicit permission."
While I'm all for making my computer more secure, I'd like to keep control of my computer that I have paid for with my money.
And as this would be controlled by large corporations (who I wouldn't trust as far as I would throw) we'd have to assume that control of our computers (that we have paid for) to scan and delete our files would be what it would be used for...
What do you think?
(btw: please feel free to move this to a more appropriate thread, if you feel as if you should...)