Slashdot Mirror

← Back to Stories (view on slashdot.org)

EFF Position on Trusted Computing

Posted by michael on from the code-is-law dept.

Seth Schoen writes "EFF has just released our analysis of Trusted Computing. We find that the technology could benefit computer security, but must be fixed to ensure that the computer owner is always in control. We also propose a specific way of fixing it. There's coverage of our position at news.com. More articles should be up in the near future at the new EFF Trusted Computing page. Thanks to all the people who helped us understand this technology!"

6 of 183 comments (clear)

  1. Bad assumption by Jason1729 · · Score: 5, Insightful

    This seems to be assuming "Trusted Computing" is intended to benefit users.

    The real reason it exists is precisely to take control away from the computer owner and give it to the content owner. Given that, what is the point of the EFF proposing "fixes" to help keep the computer owner in control, when its primary design goal is the exact opposite?

    Jason
    ProfQuotes

    1. Re:Bad assumption by pla · · Score: 5, Insightful

      Given that, what is the point of the EFF proposing "fixes" to help keep the computer owner in control, when its primary design goal is the exact opposite?

      Because it throws the ball back over the fence to those trying to force DRM on us.

      In essence, the EFF has given these folks an ultimatum - "You want a trusted computing environment, but not the public backlash? You can fix it like this. Now put up or shut up".

      Up to this point, the Palladium group et al could safely ignore most of us, since all of us opposed to DRM have basically just whined about it. Now that someone (and a respectable someone, at that) has offered them a way to get what they claim they want, choosing to ignore that will very tangibly clarify the real intent - If they ignore the EFF's recommendations completely, they all but publically admit they only care about stripping users of the right to use their own machines, rather than creating some fictional "safe" computing environment.

  2. Re:EFF's position is outrageous by Highrollr · · Score: 5, Insightful

    Having my computer do what I want it to doesn't seem particularly outrageous to me.

  3. It's a game -- flush out the rats of hidden agenda by Morgaine · · Score: 5, Insightful

    The point of the EFF doing this is precisely to underline the fact that big business is attempting to take control of the end-user computing platform away from the user.

    You see, the problem is not so much that big business is doing this, but that it is doing so by subterfuge rather than out in the open.

    The EFF is just flushing out the rats here. If business were trying to take control of people's property openly then the EFF wouldn't need to put on an act of innocence and merely be "identifying dangers" as the proposed solutions as if business wasn't aware of them.

    It's a good strategy. Big business can only respond by saying either "Oh yeah, we hadn't realized" (LOL), or else it can reply that this was indeed the intention. In both cases, the user wins.

    My bet though is that the EFF will be met by total silence.

    --
    "The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
  4. I want a secure computer by kfg · · Score: 5, Insightful

    Not a "trusted" one.

    Just as I wish with my house. I want my house to protect me, my papers, possessions and privacy. I want it to be nobody's business what my house contains, even to the point of being able to protect myself against legitimate legal prossecution.

    Oddly enough, that's what the Constitution was written to provide my house with.

    It is up to me to secure my house with whatever technological measures are available to provide that security and understand how to use that technology. I'm perfectly willing to take the same responsibility for the security of my computer. Just provide me with the tools. Then go the hell away and leave me alone.

    The second my house starts deciding for me what I may or may not keep in it or do inside it I get a new house.

    The day my computer decides it doesn't "trust" me with what I'm storing in it or doing with it I pull the plug.

    Fortunatly for me there are already hundreds of millions of "untrusted" computers already out there in the wild that do everything I might require my computer to do.

    KFG

  5. Re:Sad to see EFF legitimizing this by Alsee · · Score: 5, Informative

    How are you going to assure that a change was made by you and not by some software pretending to be you?

    Actually that is pretty easy, you press a special button/switch. Malicious software is incapable of faking actual physical control. I proposed exactly such a modification to TCPA months ago.

    I e-mailed this one of the main TCPA proponents about this back in January. It was David Safford, author of Why_TCPA and TCPA_Rebuttal. I explained this system and pointed out that there every single claimed benefit of Why_TCPA works just as well with actual and full owner control like my (and the EFF's) proposed modification grants. He did not dispute this.

    His only reply was to suggest this change would no longer keep laptops secure against a thief. This suggestion fails on two grounds. First of all it directly contradicts TCPA_Rebuttal where he claims TCPA is not designed to be secure against physical access and that this supposedly 'proves' that TCPA is not designed for DRM. If TCPA is not supposed to be secure against physical access then it is disingenuous to claim it is supposed to protect a laptop against theft. The second reason his 'theft' argument fails is that it is simple to combine a physical button-press with an owner ID code or password before full control is given. A theif cannot get this owner password, and software can neither get the password nor press the button.

    Granting the owner of the machine to his own keys (passwords) that are locked in the TCPA chip gives the owner full control over the system. There is absolutely no justification for denying the owner access to his own keys. The only purpose for this design requirement is to use it as a weapon against the owner and for various varients of DRM.

    Of course Microsoft and the TCPA proponents will never accept my proposal (and the EFF's proposal) because the only real motivation for this hardware change is for DRM-type purposes. If owners maintain actual control over their machines and it can't be used for DRM systems then the entire project is a waste of time. Everything else is just a smoke-screen. TCPA will not prevent your computer from being infected with a virus, and it will not prevent that virus from slagging your entire hard drive and everything on it. The only thing it will do is prevent the virus from distributing copies of your 'secure' music files.

    -

    --
    - - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.