Security of computer systems and networks is a growing concern in today’s society. Although present computer security functions overwhelmingly rely on software, a combination of software and hardware security can theoretically enhance computer security. The Trusted Computing Group (TCG), a consortium of hardware manufacturers, software developers and system integrators, are developing security solutions based on hardware chips and secure software. The hope is that this approach, referred to as Trusted Computing, will provide a higher level of computer security.
Broadly speaking Trusted Computing is a set of features minimizing the damage caused by a successful attacker, through the following initiatives:
- Memory Curtaining,
- Secure Input/Output,
- Sealed Storage, and
- Remote Attestation.
Trusted Computing has given rise to a number of consumer concerns. The three most pressing of these are:
1. Enforcement of Digital Rights Management (DRM);
2. “Locking in” consumers to proprietary software or families of software;
3. Surveillance of the consumer’s activities and other infringements of privacy.
Firstly, Digital Rights Management (DRM) encompasses a number of technological measures that owners of content can take to protect their rights in order to minimize unauthorized copying and distribution. Developer-enforced defenses take two forms: (1) legal rights enforced through the judicial system, based upon the Copyright Act and related intellectual property legislation, and (2) through technical protection measures or DRM, a form of content-owner “self-help”. Although these DRM anti-piracy measures could help protect the interests of copyright owners, they could also be abused to prevent “fair dealing” uses that are presently legal for consumers.
As Trusted Computing could effectively tilt the balance toward the copyright owner, and away from consumer interests, care must be exercised in preserving the effect of “fair dealing” provisions in the Copyright Act. Legislative revisions of the Copyright Act should give adequate weight to the ultimate consequences of rigorously limiting how consumers use digital content. Loss of innovation and diminished creativity are two possibilities among numerous undesirable results that consumers may suffer.
The second concern is that Trusted Computing can be used to reduce or block compatibility of software from different sources. A resultant lack of interoperability arising from Trusted Computing would effectively force consumers, once they have started using a particular operating system, to commit to it and continue to purchase upgrades or new applications from the same vendor. Furthermore, it is possible that the “remote attestation” feature of Trusted Computing (which reports to a third party the status of the user’s computer) will increase the pressure on consumers to run certain kinds of software, and may intensify lock-in. This concern is magnified in a market where certain suppliers hold significant market power, as is presently the case in many computer markets.
Trusted Computing also may fall afoul of the Competition Act, which regulates “anticompetitive acts”, as well as “abuse of dominant position” in a market by a supplier or group of suppliers. These provisions, properly considered with other relevant intellectual property law, may be useful in addressing the possible ills of software lock-in.
The third and final concern related to Trusted Computing are the possible surveillance applications associated with the project, especially those raised by the remote attestation feature. Remote attestation has the potential to limit individual consumer autonomy over their own personal computers. Further, it may allow effortless data mining to occur, as well as enable the creation of detailed user profiles. Significantly, remote attestation could fall under the definition of “transmission data” under the federal government’s ‘lawful access’ proposals contained in Bill C-74, the Modernization of Investigative Techniques Act (MITA) making computer users’ Trusted Computing profiles available to law enforcement with limited judicial oversight.
“Personal information”, as defined in the Personal Information Protection and Electronic Documents Act (PIPEDA), and as interpreted by the Office of the Privacy Commissioner of Canada appears to cover collecting cryptographic certificates through remote attestation. Thus, general design best practices that emphasize privacy, such as positive/opt-in consent provisions related to remote attestation, should be implemented before TC is broadly introduced to the Canadian public. Current design specifications place the computer user in control of remote attestation. However, refusal to comply may lead to being barred from accessing certain servers and not being able to complete certain transactions. Proposals for Direct Anonymous Attestation, a digital signature scheme that allows anonymous signing, as well as “Owner Override”, a feature that would allow a computer owner to generate an attestation that represents any state that the owner wishes to have represented, instead of the actual state of the machine, may protect users’ privacy if implemented successfully.
In conclusion, while the proposed infrastructure of Trusted Computing could be useful for enhancing security in the business environment, the benefits to consumers are harder to isolate. Therefore, it is imperative that the TCG play careful attention to addressing consumer needs in terms of DRM, software interoperability, and the privacy issues generated by Trusted Computing, as it becomes ubiquitous in the computing world.
PIAC REPORT: SHOULD CONSUMERS TRUST TRUSTED COMPUTING?
Download File: trust_trusted_computing.pdf [size: 0.1 mb]