"We were concerned that users were able to opt in and not be controlled from above," said Susan Landau, a distinguished engineer at Sun Microsystems who worked on the Best Practices document after Sun joined the Trusted Computing Group. Sun was not a member of the Trusted Computing Platform Alliance.
"The public criticism certainly created pressure," especially when it conflicted with consumer privacy guidelines in Europe and elsewhere, she said.
"I think it's interesting that the [Trusted Computing Group] technology is continuing, but the big DRM push, so far, has not happened," Landau said.
Putting trust in a module
The centerpiece of the Trusted Computing Group is the Trusted Platform Module, a microcontroller that stores keys, passwords, and digital certificates in a secure, isolated area. They are widely distributed in computers from Dell, Fujitsu, Gateway, Hewlett-Packard, Intel, Lenovo, Toshiba, and others, but most people don't even know they are there. BitLocker makes use of the Trusted Platform Module.
Microsoft has "convinced a lot of hardware manufacturers to put the chips in computers and they're in a lot of computers, but they're not doing anything," Schneier said. "The question is what are they going to do with the chips? How is Dell feeling these days?"
A Dell spokesman did not return a call seeking comment. Even Scott Rotondo, president of the Trusted Computing Group, acknowledges that the Trusted Platform Modules need more applications.
"A lot of them haven't been utilised fully and in some cases not at all," said Rotondo, who works as a senior staff engineer in Solaris Security Technologies at Sun. "The supporting infrastructure has been slow to materialise."
"It stands to reason that there might be frustration on the part of hardware manufacturers," Rotondo said, likening it to a "chicken and egg situation."
"We need to really make use of these things before the hardware manufacturers get tired and take them away," he added.
Trusted Platform Modules "have not yet fulfilled their potential, but Microsoft and other companies are working on it," the Microsoft representative said.
A Trusted Computing Group spokeswoman said on Wednesday that the organisation is not focused on DRM and that applications that use the TPM include secure email, multifactor authentication, password management, and single sign-on. The group is also working to extend the concepts of hardware-based security to storage, network security, and mobile devices, she said.
While initial concerns about misuse of the technologies slowed down the group's efforts, people see legitimate uses for the technology, and digital rights management could be among them, Rotondo said. However, any digital rights management systems would have to maintain a proper balance between the rights of the content owner and the rights of the consumer, he said.
Where Microsoft failed in doing that, Apple has succeeded, according to Paul Saffo, a Silicon Valley-based technology forecaster.
"The biggest thing that has changed in the last five years is iTunes and the iPhone," he said. "The companies got their protection and the consumers got the right to purchase individual songs at a price that was less than the cost of the album."
Don't discount Microsoft just yet, warns Ross Anderson, a security engineering professor at the University of Cambridge's Computer Lab and an early critic of the Trusted Computing Platform Alliance.
Asked if the world has been spared a Microsoft digital rights management machine, Anderson responded in an email: "Wrong — WMP [Windows Media Player] and the surrounding stuff that MS hopes will enable it to do to the HDTV market what Apple did for MP3s."
Saffo joked: "It's like a horror movie; they'll be back."
1%
4%
