COMMENTARY--The PR about trusted computing is that it will enable more secure data storage, online business practices, and online commerce transactions, all while protecting privacy and individual rights. Our opinion columnist begs to differ on that last part.
The necessity of providing adequate security for computers and networks while maintaining full functionality is a familiar one to today's IT professionals. There must be free and easy access to resources by authorised users and ONLY by authorised users. Of course, with every security measure comes a certain overhead. Having a lock on a physical door necessitates having and safeguarding keys, which in turn necessitates the making and management of keys and a backup plan for lost keysâ€"or, more closely related to passwords and encryption, giving out the combination to the lock and ensuring that only the right people have that combination.
While it's a lot easier to have no lock, just a door that can be opened and entered, that isn't very secure for the storage of valuables. It's the same with securing a network. Whether it's a firewall that snoops through packets before allowing passage, or encrypting/decrypting files, or even just passwords on user accounts, there's a time delay and a requirement to manage the details of the process.
But consider what would happen if there were a second lock on the door that only the police or a neighborhood association representative could open. Consider also that this third party had "your" lock mastered to accept their key too. What kind of agreement would it take for you to feel confident that this third party would not walk into your house at any time and check your belongings against your receipts to make sure that you bought them? What kind of agreement would it take for you to believe that this third party would always be available to open the door upon your request? How about: None! There is no agreement that any rational person would accept in these situations. And yet, that is exactly what is planned for your computer(s).
Some definitions
TCPA (Trusted Computing Platform Alliance): Formed by Compaq, HP, IBM, Intel, and Microsoft, this alliance was formed to work on "creating a new computing platform for the next century that will provide for improved trust in the PC platform." This organisation gave rise to TCG.
TCG (Trusted Computing Group): This is an "industry standards body" that will "develop and promote open industry standard specifications for trusted computing hardware building blocks and software interfaces across multiple platforms, including PCs, servers, PDAs, and digital phones. This will enable more secure data storage, online business practices, and online commerce transactions while protecting privacy and individual rights." (Clearly, the word "trust" is defined in a special and unusual way here; the standard layman's definition is not accurate.)
Palladium: Microsoft's implementation of TCPA/TCG standards. Palladium is Microsoft's code name for an evolutionary set of features for the Windows operating system. A Microsoft press release says, "Combined with a new breed of hardware and applications, these features will give individuals and groups of users greater data security, personal privacy, and system integrity."
NGSCB (Next Generation Secure Computing Base): This is merely the new name for Palladium. It is harder to pronounce ("enscub"), which is possibly a deterrent to discussing it.
"Fritz" chip: Named after U.S. Senator Fritz Hollings, the main proponent of enabling (requiring?) "TC" standards as the law of the land in the United States. (To avoid confusion in this article, both TCPA and TCG will be lumped under the term "TC." It's mostly a cosmetic difference, anyway.)
In a nutshell
What happens with TC is this: Most of the larger and many of the smaller makers of hardware and software will begin producing chips and applications that mutually support a TC standard that includes requiring digital signatures for every file opened on a computer. A computer with an enabled Fritz chip will take control of the machine right from boot-up. At every stage of the boot process, the TC-coded Fritz chip will check and verify compliance with TC standards, from BIOS to starting up services and devices. There will be a table stored internally with a list of TC-approved hardware, and if a device is not present on that list, it might as well not be on the Hardware Compatibility List. All software must have an approved digital signature and an unexpired/non-revoked serial number, or it will not start up. Any "significant changes" to the state of the machine (new hardware or applications) will require going online and recertifying those changes even if those changes are all in TC-compliance.
You will have only two boot results possible: Either a computer that has passed examination by a resident intruder or a machine that will not even work until it's reregistered and passes an online examination. If it passes, a software-based watchdog will take the leash after the boot is completed. If it doesn't pass, someone will know exactly who you are and why your machine is out of compliance.
Depending upon the exact definition of "significant changes," this could amount to an insane Admin overhead level just to get a PC up and running after replacing a NIC. If nothing else, you'll have to "flash" frequently to update the approved hardware list or face failure to boot even after making NO changes at all.
Consider that any system does occasionally get things just a little tiny bit wrong. Hope that this isn't just one more complication when a mission-critical server starts chugging badly and needs attention. "The five nines" (99.999 percent reliability or <5.2 minutes downtime per year) could become a nostalgic memory. At this point, it's not clear exactly what effect the Fritz chip and TC standards will have on hot-swapping server components or hot-plugging USB/FireWire devices. One could hope that changing the state of the machine a bit after the boot sequence wouldn't gum things up. One would also expect that since a major motive behind TCPA was to enforce DRM (digital rights management), that any perceived possible "sidestep" would sound the shutdown alarm in the Trusted OS.
6%
1%
George Orwell's 1984 was a tad early, but my god, it's well under way if we allow this nonsense to propagate.