Army to Require Trusted Platform Module in PCs

Overtone writes "Federal Computer Week is reporting that the U.S. Army will require hardware-based security via the Trusted Platform Module standard in all new PCs. They are a large enough volume buyer that this might kick start an adoption loop."

call me cynical, but

[hxnwix]

Army requires TMP so that it can circumvent single-vendor prohibition and be Intel(R) only.

Oooh great...

[masklinn]

The question still remains whether the user himself can trust the trusted computing platform.

If your government or seller or whatever doesn't trust you, doesn't even try in the least, how the hell are you supposed to trust him? The most logical path would be to fully distrust him. And therefore to distrust and refuse trusted computing platform.

Re:Oooh great...

[DarkVader]

Make no mistake, there are NO American, British, or people from any other country than Iraq who are in Iraq fighting for freedom. They may think they are, but they have been deceived.

Those people are fighting for American domination of Iraq, and the expansion of the American Empire. And there IS empire building going on today.

That doesn't make the islamofascists freedom fighters either - but while some of the individual foreigners in Iraq might be interested in helping Iraq obtain some measure of freedom, their commanders ARE NOT.

Iraq is a mission of oil profits, "daddy had a war, I want one too" and a new crusade. It's not about freedom at all.

And your "flogged to death" comment seems to me to be another way of saying "it's worse other places, so be happy that it's really bad here".

Re:Oooh great...

[spirit+of+reason]

Bleh, enough about American "empires" already. I don't doubt that the Bush administration decided to go to war to secure resources (i.e. oil), as has been the case for a lot of the fighting in the past. However, it doesn't mean that another reason for going to war was to liberate the Iraqis. On top of that, there was the perceived threat of terrorist organizations in the 9/11 aftermath. You have to make a case for every war, and usually, if economic interests don't play into the game, the US doesn't go. Instead, she employs sanctions and attempts to freeze assets. The US generally tries to control things through economics, not the military; the military is just used to keep the economics weapon sharp.

So tell me... what countries have become a part of this "American empire"? What nation is really not a nation because the US has taken sovereign control over it (besides Iraq, which needs to develop more widespread support so it doesn't collapse)? There is a big thick line between allies and business partners, and empires.

I don't think Bush is following daddy, but he does seem to be trying to make a Reagan out of himself. I think he wants to be regarded as a hero among his conservative base like Reagan was for "ending" the Cold War (barf... the USSR was collapsing on its own). Too bad he's just a bully; seriously, who came up with the oxymoron "hardline diplomacy"? He should be sacked!

Re:Oooh great...

[Znork]

"There are also a contingent of cowardly, rabid theocrats who are inflicting mayhem on any large crowd of people"

Just to keep you from getting confused; you do realize that the US removed the secular bunch from power and replaced them with the theocrats, right?

Trusted

[Descalzo]

From what I understand, Trusted in this context is used as in "I entrust it with my security" rather than "I find it worthy of my trust."

If I am hanging from a rope over a cliff, I Trust the rope. I "Entrust it with my security" whether or not I find it worthy of that trust.

Re:Trusted

[interiot]

The point is: if the computer trusts someone else more than the end-user, in a security sense, then the end-user is not in control of the security of their machine. In a corporate IT context, this is (generally) a good thing. In an individually-owned computer, this is not really a good thing.

Re:Trusted

[Descalzo]

That's my understanding of it. The Army can do what it feels it must do to protect its own security. My fear is, as the submitter wrote, "They are a large-enough volume buyer that this might kickstart an adoption loop."

Re:Trusted

[Fred_A]

TCP and the whole concept of having trusted binaries running on your machine can indeed be a real boon in a security conscious environment provided that you have the tools to make use of that platform.

In itself TCP isn't inherently evil, the idea makes sense and appears to be reasonably well concieved. What is feared is a lock-in from proprietary software makers coercing the hardware vendors in not releasing the tools to anyone but them.

There might be a glimmer of hope if the trend continues with actions such as the EU vs. Microsoft anti monopoly suit. This kind of thing, focusing on interoperability could well be used so that FOSS (and through that possibly casual Windows and other commercial users) gets to access all the tools required to fully access the system (i.e. keys, etc.).

As Pitr would say

[Lord+Kano]

Am thinkink that someone with a lot of pull is ownink shares in TPM vendors.

government vendors

[SuperBanana]

If your government or seller or whatever doesn't trust you, doesn't even try in the least, how the hell are you supposed to trust him? The most logical path would be to fully distrust him.

Given how often and severely government suppliers and contractors like Halliburton, Bechtels-Parsons, etc engage in all manner of willful, obvious fraud- anyone in the government that trusts their supplier is most likely benefitting in some way from the fraud. I think the challenge wouldn't be to name all the suppliers/contrators that are accused/guilty of fraud, but rather to find those who AREN'T.

Hell, even companies like Boeing are in on the act, though I think the public has generally forgotten about the whole Boeing billing scandal, but investors haven't (though probably only because the settlement cost Boeing a good chunk of change.)

Used to be "war profiteer" would result in you being unable to show your face in public ever again; the shame of taking advantage of the nation's defenses, et al. Now, investors don't care as long as you don't hurt the bottom line getting caught, and the public soon forgets. Same thing with the WTC scene thefts (firefighters, police, FBI, and government officials all the way up to Rumsfeld helped themselves to "mementos" or had people do it for them. Then there were the emergency services companies that shipped tons of relief supplies out of NYC and sold them for hundreds of thousands of dollars in profit.)

Who said...

[Attis_The_Bunneh]

that the military had/has any intelligence?

But seriously, I think the fact that they're going to entrust a hardware mechanism to 'protect' data is flawed beyond compare. It's just one more doodad for the crackers to take on. Just one more challange to get under their belts... I hope you get the picture. Enjoy the 'fun' US Army... ^_^

-- Bridget

Trusted Computing Great for Corporate/Government

[QuantumFTL]

I personally abhor the notion of Trusted Computing on my personal computer, but if you're using a computer provided to you by the government or a corporation for the express purpose of working, it's their right to control what goes on on that computer. It's possible that this will help to stem the tide of malware (at least in corporate environments) by rejecting execution privledges, and allow IT staff to better enforce policies about what can and cannot be run on their computer. It would also help stop things like the Free USB Key Attack (formerly discussed on slashdot).

Of course, this could also make users feel like they are not trusted, and could even lead to overconfidence in the security of the system. Still I see it as a major plus, at least unless I get saddled with it at home.

Slightly different but...

[Flying+pig]

We recently visited a customer who seem to be on the verge of announcing that anybody accessing their systems with any sensitive information will be required to use e-Gap, a dongle based security system from a Microsoft subsidiary (and not to be confused, as Google does, with electronic Grant Application and Processing.) The internal IT people told us e-Gap would refuse to allow a client to connect if it did not have working anti-virus installed, and that in order to verify this, active-x objects would be downloaded to inspect the system. If I have this wrong, apologies, but I'm reporting what I was told.

This is a worrying scenario. Apart from the minor issue that external users will not want to pay for the dongles and that the internal customer is seeing his IT bill spiral, Trusted Computing seems to be heading to a Mexican standoff situation as follows:

Device 1: Permit me to inspect your system by downloading and running this program.
Device 2: Only after YOU have allowed me to verify your credentials by uploading and running this program.
Device 1: No, it is I who am deciding whether you are to be trusted!
Device 2: No, it is I who am deciding that!
Device 1: Anyway, my content is digitally signed by Microsoft, and you must trust it.
Device 2: Microsoft? Not a hope in Hell. I require all downloads to be digitally signed by Steve Jobs in person with a DNA signature.

And so on. Quis custodiet ipsos custodes? And how long before an army unit gets wiped out because of a defective dongle?

Re:Slightly different but...

[ClamIAm]

Unfortunately, if this type of tech gets into citizens' living rooms, they will probably not have the option of requesting credentials from all the important services. Governments/corporations do not want to be forced to provide actual, working credentials that can hold them accountable, so I really doubt they would allow the tech (read: Wintel) to do that.

Of course, then this opens up the whole issue of a service getting 0wned and then securely propagating trusted malware.

It makes sense, but is more danger than good

[Opportunist]

It makes sense for the Army to require TCP. Stolen/lost laptops wouldn't immediately result in a security leak. But this can be achived cheaper, quicker and (and here comes the key point) with more control on the Army's side. Linux can encrypt documents just the same way TCP wants to offer, the difference lies in the open source concept: This inherently gives you the ability to check the security (provided you can read code, but I guess the Army can afford hiring someone who does) of your system.

TCP requires you to trust the person/group that made the security for you. You put yourself completely into the hands of the corporation(s) that create your TCP platform, and you are fully dependent on their ability to come up with a good protection scheme. Not to mention that you have to trust them, implicitly, that they do not want to spy on you and that they are better than their adversaries.

With TCP you hand over the responsibility for security. But you also hand over control. And it has the potential to lure you in a false sense of security which invariably leads to slacking. More than once I've seen a behaviour of neglect in a high security area (I've had my share of time in that field), with people relying so heavily on the technical implementations that they forgo the most basic security measures called for by common sense, because "Hell, what DO we have that security concept for, if I can't trust it fully?"

better one innit

[ajs318]

A country's armed forces ought to have the power to demand the full source code of every application running on their computers, and the resources to write all their own software wherever necessary. There is no shortage of Open Source applications they could use for starting points .....

Re:What's bad about it?

[SiliconEntity]

TC provides a computing platform on which you can't tamper with the application software...

That's a total lie. Almost everything in that piece of propaganda masquerading as a FAQ is a lie.

If you want the truth about TC, try Seth Schoen of the EFF. He has a good summary in his recent blog entry:

What the TPM does do is support remote attestation so that a computer user can tell the computer to prove to a remote party what software it is running (if the software that's running also supports being proven in a way that the remote party understands). Then the remote party can make its own decision about whether the software is good or bad, and what it wants to do about that.

This sounds innocuous in a certain sense. We have learned to mistrust the notion of a single centralized entity that decides what we can and can't do. TCG is not that entity, and TCG is not chartering that entity; instead, we have an unlimited number of entities that potentially make their own decisions, on various scales, about what we can and can't do in particular contexts, small and large. (We don't know yet which of those entities will turn out to have enough power to set which kinds of policies, or how the network externalities will shake out. Some entities with a lot of power, like Microsoft, can try to delegate some of their power, but there are plenty of technical and business obstacles to be worked out on both sides of that sort of delegation.)

What the TPM does do is support remote attestation so that a computer user can tell the computer to prove to a remote party what software it is running (if the software that's running also supports being proven in a way that the remote party understands). Then the remote party can make its own decision about whether the software is good or bad, and what it wants to do about that. The user could also choose not to offer any proof at all; however, although the user has the right to remain silent, the user's silence can and will be used against her. Not offering proof is, of necessity, the functional equivalent of offering proof of the most unacceptable and contrary-to-policy facts imaginable.

That does offer an avenue for a lot of control over you via your computer -- if someone else controls a resource that you need, there is a prospect of conditioning your access to that resource upon the provision of proof that you're running software that the resource controller considers "good". Not TCG, but the individual entities that you deal with: a bank, an entertainment company, an employer, an ISP. Furthermore, each of them could have its own independent definition of what "good" means, because there is no central signing or certifying authority. It is logically quite possible that one entity might refuse to talk to you if you're running configuration A instead of B, whereas another entity would refuse to talk to you if you're running B instead of A. (This is trivially true if each entity gave you a bootable CD and said "you can only communicate with us while you're running from our CD" -- with a TPM and the appropriate software, they can actually tell, and you probably can't fool them.)

The ISP scenario is the point at which the most pervasive possible control could be exercised. TCG has already developed a specification called Trusted Network Connect which is based on the idea that you can be forbidden to connect to a network unless you're running a software configuration that the nework operator approves. This is designed for use in corporations, most of which are accustomed to having a high (but imperfect) degree of control over the software running on their employees' PCs. Of course, the technology is more general, and, as TCG told me, there is nothing to stop it from being used by the People's Republic of China, or by a commercial ISP.

Imposing this requirement on a general population has a very high cost; for one thing, it mea

it's a great idea

[alizard]

if the intent is to create spaces within computers where malware can run invisibly and with no possibility of elimination even if the users find out about it.

Reminds me of the decision made to run modern US warships on Windoze.

Military procurement and ripoff were probably synonymous as of when Sargon the Great's people were buying spears and grain to feed troops. The tradition has continued.

The only question I've got here is how many members of the US Armed Forces are going to get killed by this set of mistakes.

What is trusted platform?

[jsse]

The follow conversation heard during my college might help to answer(or not):

"Sir, what is a trusted system?"

"A system where we can't trust each other."

A brief silence...

"Then what would it be like in an untrusted system?"

"That we can trsut each other."

A long death silence...

Re:Car Analogy!

[Trurl's+Machine]

OK, I'll give a car analogy. They suck, but are fun. My '85 Buick Elektra (I still miss him) was a Trusted Transportation Platform.

Well, I think a correct car analogy for Trusted Computing would be not YOUR car but your DADDY's car. You would trust your daddy to issue you the keys when you needed and your daddy would trust you not to damage the vehicle. Of course, any time there would be any conflict between you two ("dad, I swear to God that this scratch was here before!"), daddy would have the ultimate saying ("swear to anyone you want, kid, but you're gronded").

And you could only trust your dad won't abuse his power. TPM is the same provided that you trust Microsoft, Apple et al love you like your parents.

maybe not...

[ecalkin]

They also created a language called Ada that was a replacement for Cobol. Everyone thought that the DoD requiring new programming in Ada would cause the replacement of COBOL programming Everywhere.

Where is Ada now?

eric

Ouch

[Mark_MF-WN]

Ouch... your bitterness is truly mighty.

You're quite right of course. If the "resistance" in Iraq confined its attacks to America soldiers, they would be freedom fighters. In reality, attacks on American troops are rare. They mostly target other Iraqis who simply aren't the "right" type of Muslim. That barely even qualifies as terrorism; it's more along the lines of a slow, decentralized holocaust.

Imagine if the French resistance in WW2 had schismed into seperate Catholic and Protestant factions, and they'd spent all their time killing each other instead of collecting useful intelligence for the Allies. The people of Yugoslavia put aside enormous cultural difference, ceased all internal violence, and totally unified to form the largest and strongest resistance army that there has even been -- and ousted the Nazis themselves. Tito and company -- probably the best example of freedom fighters since the American war of independence. By way of contrast, consider China during WW2. If the Chinese had cooperated, Japan would have never been able to successfully invade let alone retain control once they were in. Chinese resistance failed because imperialists and Maoists were never able to put their own civil war on hold (although the Maoists apparently tried several times, which part of the reason that the people supported them after the war). It is just mind boggling how far the Iraqi extremists are from being anything other than a plague upon their homeland.

Microsoft has already won

[mcc]

This would be a really worrying thing, but the fact is TPM has already won. It won the instant that Apple adopted TPM and the communities who were publicly worrying and complaining about Palladium and Trusted Computing for all those years went suddenly silent and shrugged the instant that nebulous notions like "freedom" came into conflict with solid, purdy white plastic.

Here is the thing: TPM's adoption was waiting not on an adoption cycle exactly, but an apathy cycle. TPM was never something that the consumer was supposed to approve of, want, or even really know was there. The adoption of TPM was mostly counting on the consumer not having any idea what they were buying, counting on the blinking 12:00 effect, counting on the idea that most consumers would not even know TPM was in their computer until the first time that they try to do something and the computer says "no".

TPM isn't there for the consumer. It's there to protect the computer from the consumers. It's there to allow software and content vendors to trust your computer, to trust your computer to ensure it will act in their interests and not yours. These vendors are the ones that TPM is being done for the benefit of, not the consumer. This means that in order for TPM to win, it isn't necessary for the consumer to "adopt" it. All that has to happen is for the consumer to fail to actively reject it when it is quietly dropped into the hardware they were going to buy anyway.

And that's already happening. So although the military would legitmately represent an adoption cycle-- the military, of course, has a legitimate and logical need to create networks within which the machinery is trusted and the user is absolutely not-- it doesn't really matter. The military isn't the kind of adoption TPM needs to reach enough critical mass that vendors can begin requiring it in new applications, I don't think-- it's not like military hardware is going to be used to run lots of games and DRMed consumer media, as far as I know. The worrying thing is TPM's level adoption in the consumer segment, since that's where it has potential to do actual harm. And that's already begun, and so far nothing is happening to stop it...

Scenario For TMP Use

[rogerborn]

You're in the Army. You're in the field under fire. You have a hardened Army laptop. You are sending and receiving
vital messages back and forth with another unit directing fire around your position. Your laptop doesn't have any
software or files on it that are personal to you. Not your music. Not your games, etc. What is has is a trusted and
fool-proof means of getting and receiving messages that you can trust with your life and the lives of your unit.

Therefore, you trust the info on your Army issued laptop. You know that no foreign agent or enemy
can break in and send info to you or anyone else in the system, pretending to be someone you trust.

If your unit is overrun and you lose your laptop, anyone trying to use it without authentication or by hacking,
will cause the laptop to self-destruct.

It is the Army who owns the computer. They own the software. They own the system. They own the TMP.

What everyone has been trying to do here is to apply TMP to their onw personal consumer/business computer.
These are two separate and definitive worlds of computing operation. The only thing similar in our
world is trusting who the person is you are communicating with, as being who they say they are, and not
someone else pretending to be that person, in Chat or Email. But that is completely different (and minor)
level of trust than what the Army is looking for, isn't it?

"You already have zero privacy. Get over it."

Re:How can the Army trust the module?

[mrchaotica]

...minimizing costs and risks. Compared to the other costs of doing business, the cost of a Microsoft Office license is minimal.

WTF are you smoking? Between the legendary insecurity of Microsoft software and formats, and the fact that the formats are proprietary (meaning they will be expensive to archive and maintain), MS Office is the worst possible thing for the military to use!

"The Army" is far from monolithic

[briancnorton]

To say that "the army" is requiring all pcs to do anything is questionable at best. What this appears to apply to is the enterprise systems. That's maybe a couple hundred servers that fall into the command of Netcom. I see no mention of netcom having responsibility for things like desktops, agency by agency servers, etc. Never can tell though.

Re:Trusted computing is not necessarily bad...

[DanQuixote]

Amen!

A knife is not a bad thing. It is not a good thing. It is only a thing. Some will use it to threaten and mug, others will use it to dice tomatoes or perform surgery. It is only a thing.

A gun is not a bad thing. It is not a good thing. It is only a thing. Some will use it to stop invaders or obtain meat. Others will use it to hijack planes. It carries no inherent righteousness or villany.

A Trusted Computing Platform is not...

Come on people, separate the tool from the actions of saints and sinners so that we can make engineering trade-off based decisions instead of emotional ones.