DIDW 2004: Trusted Computing


I'm in Dan Gillmor's session on "trusted computing." Dan is a great choice to moderate this discussion. His blog is Dan Gillmor's eJournal. The panel is Geoffrey Strongin (AMD), Lark Allen (Wave Systems), and Denise Howell (Reed Smith). I met Lark when I was CIO for Utah. I've known Denise for a few years too. She does the excellent Bag and Baggage blog.

Strongin speaks first saying that addressing the problems of privacy, security, and third party trust requires changing the PC platform. He's on the Trusted Computing Group's board of directors. The point in his slide that's sure to cause contention says "Protecting data against unauthorized disclosure." This sounds good in theory, but in practice means that the PC has to become something less than a general purpose computing device. In the extreme, it becomes a player for content produced by others. The AMD architecture is being changed to incorporate trusted computing features including:

  • Isolated execution space
  • Enhanced virus protections
  • Storage sealing
  • Secure initialization
  • Secure input and output
  • Remote attestation

The latter is about delivering evidence to remote parties about the state of the computer. For example, attesting that security credentials were authenticated in an environment free from spyware.

Lark is the CEO of Wave. Lark spent several decades working for IBM and then struck out on his own. Last time I heard from Lark his company had a trusted keyboard. I don't remember the details. They've moved beyond that, it seems. Lark contends that Web services requires known identity and high trust. The former is done in a variety of methods. The latter, according to Lark comes through trusted computing. Trust is a relationship. Wave has built secure random number generators RSA key generators into a standard package (I think that's what the keyboard is about). The part is the trusted platform module (TPM) and is part of almost every Thinkpad and many HP laptops as well. The TPM is based on an open standard. The goal is to put a TPM into every platform including PDAs and cell phones.

Denise talks about "issue spotting," lawyer-speak for "how can people sue each other?" She speaks specifically about where trusted computing and the notion of fair use (from copyright law) might run afoul of each other. She cites a Lexmark case decided yesterday by the Sixth Circuit Court of Appeals as an example. Using trusted computing, Lexmark could have kept the generic ink cartridge manufacturer from interfacing with their printer--even though such an interface would be legal. Another example is the Ninth Circuit decision about P2P software. The question is "Can a third party prevent a user from doing things on their own computer that are legal?" Clearly most people would say no. So, the second question becomes "Can trusted computing cut with a fine enough knife to ensure that only truely illegal activates are prevented by third parties?"

Dan asks "Assume for the first time in history, it becomes impossible to hack into documents and applications. Are courts ready to say "you have to make things hackable to allow fair use?" Denise responds that even though that seems like an extreme position to take, the courts have been quite active in upholding fair use. Strongin says that this is a fascinating public policy issue and that the problem shouldn't be about what technology to build but should be decided in public policy.

lark talks a little more about the TPM and I understood it for the first time (even though I owned a Thinkpad with one for years, I never used it). Its like the Keychain on OS X, except that its in hardware so that keystroke logging spyware, etc. can't eavesdrop on the user actions (keyboard direct to the TPM and cryptographic functions happening on the chip). I use the keychain all the time. The note feature is handy for storing information I want to keep secure on my machine in addition to its standard use of storing usernames and passwords.

Dan asks "What keep Microsoft from using trusted computing to keep OpenOffice from reading Word documents or even OpenOffice itself from running on Windows?" Strongin says that this isn't a technology problem, but a public policy platform. Don't condemn the technology because it might be used for bad purposes. Of course, the irony of that statement is that this is precisely what the DMCA does and what INDUCE builds upon.

Strongin speaks to the issue of backdoors and says that these systems are easily breakable. That sounds reassuring except for the fact that that means that in reality all they'll do is inconvinience legitimate users rather than stopping the things they're trying to stop. Sad.