Slashdot Mirror

← Back to Stories (view on slashdot.org)

UK Government Pushing For 'Trusted Computing'

Posted by timothy on from the bland-acceptance dept.

Motor writes "As has long been expected — we are now beginning to see governments pushing for the use of so-called 'trusted computing' — chips installed in all computers that effectively remove control of the PC from its owner. While there may be security advantages to some of the ideas, few can doubt that it represents a fundamental shift in the IT world. A radical move away from an open technology landscape and towards a system that denies all access unless you have the right credentials. Governments will demand the right credentials to access their services — meaning approved software stacks (i.e Windows) with the right digital signatures. Vernor Vinge had it right ."

15 of 291 comments (clear)

  1. No, Thank You, Dear Government by koestrizer · · Score: 5, Insightful

    My Linux machine is well-protected and I don't need your meddling nor do I need Microsoft's.

    1. Re:No, Thank You, Dear Government by Gaygirlie · · Score: 5, Insightful

      My Linux machine is well-protected and I don't need your meddling nor do I need Microsoft's.

      That is indeed one of the reasons why this will not work: there are people using all kinds of different OSes, including all the mobile ones, desktop OSes and whatnot. If the UK government were to only allow devices with the trusted computing built-in both the hardware and software they'd be instantaneously removing access for everyone who is used to using mobile devices to access those services.

      Another case of government not understanding technology, yet still pushing everyone to adopt it.

    2. Re:No, Thank You, Dear Government by craigc05 · · Score: 5, Informative

      Mentioned URL: http://www.gnu.org/philosophy/can-you-trust.html

    3. Re:No, Thank You, Dear Government by pmontra · · Score: 4, Insightful

      Suppose you are a Linus Torvalds some years in the future. How do you create your own OS if your PC only boots existing OSes and you don't work for a company that can buy or create non TC hardware?

    4. Re:No, Thank You, Dear Government by chill · · Score: 4, Interesting

      Easily, if you hold the keys. The trick is the keys that sign the boot image need to be in your control.

      Google does this with their CR-48 Chromebook. It will only boot Google-signed images. But, there is a small switch in the battery compartment to put it into developer mode where it'll boot any image.

      I *LIKE* TPM, as long as I generate the signing keys for the images. Then it'll boot what *I* tell it, and not necessarily what MS or the gov't, or anyone else tell it to.

      It ensure that *I* can trust my computer. Screw what they want to trust.

      --
      Learning HOW to think is more important than learning WHAT to think.
    5. Re:No, Thank You, Dear Government by Teun · · Score: 4, Insightful
      From the article:

      These are making the public safe online and ensuring the country is one of the best in the world for online business; making the UK more resilient in the face of cyber attack and better able to protect its interests; proving a more "open and vibrant" cyber security environment; and having the knowledge, skills and capability to underpin these.

      "Building the most resilient cyber defences in the world will not help if you are suffering from intellectual property theft," he said. "Trusted computing underpins security and can underpin growth, providing confidence in transactions, expanding markets and making them function more efficiently."

      The first quoted sentence is the usual self congratulating typical for British politicians, nothing to see here, move along.
      The second part of the quote starts with divulging who is sponsoring this 'action'.

      Bah!

      --
      "The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
    6. Re:No, Thank You, Dear Government by Dr_Barnowl · · Score: 3, Interesting

      Linux can use TPM just fine.

      It's one of those double edged swords - you can indeed, create a trusted platform. The question is, where does the trust reside?

      Despite all the the hoo-haa about MS pushing Secure Boot for Windows 8 machines, part of me thinks it's a good thing - it will help to prevent a certain class of rootkit. The downside is that I don't trust MS not to abuse the feature to make it harder to load other operating systems on your machine. A colleague of mine was impressed enough with a certain LiveUSB this week that he intends to try it out on his ageing, ailing, overcrufted Windows machine at home. If Secure Boot was enabled on his machine, this would not have been possible.

      Given the amount of software on my Windows machine at work devoted to snooping on what software I run, what files I have on my drive, and what websites I visit, the attitude is that my employer does not trust ME. To be honest, I wouldn't trust the average user not to foul up their computer. I might even welcome a trusted platform, if it meant that all this cruft went away and I could devote the resources to actually doing my job... but as a software developer, I can't run in an completely trusted environment, by definition, I have to be able to run software that has not been approved by our IT department, because I'm writing it.

    7. Re:No, Thank You, Dear Government by kermidge · · Score: 5, Informative

      Thanks for the link.

      Okay, I read. I followed the included link http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html and read it, then spent another couple of hours reading more from a few of the links included in that article. At first blush there is some seriously horrifying stuff going on, much of it masquerading under the simplified banner of "think of the children"-style of emotional appeal but whose ultimate goal, and real appeal to the powers that be, is ultimately profit and control. Then it gets worse, IMO.

      To me the warning of the dictum latterly attributed to Lord Acton (?) of "Power corrupts; absolute power corrupts absolutely." applies. [I suspect that that thought precedes written language.] If the power exists, it will be used - similar to yet farther reaching than "The 400" effectively control the US economy concomitant with its realpolitik. (I came across an article yesterday about researchers using systems analysis to determine that 1381 multi-nationals effectively controlled the planet's economy, all sans benefit of conspiracy but rather merely efficiency, but cannot find the link just now - science 2.0, perhaps; it was interesting reading, and it doesn't require a tin-foil hat to accord it some credence.)

      So, if I have this a-rightly: TC does not, or will not, eventually, require more than a CPU and, at root, certain few government keys. It will be independent of OS, BIOS or UEFI, separate on-board chip, application code, what have you. Non-TC CPUs will be isolated to unconnected hobbyists; there will be no Internet functionality independent of approved TC CPUs. By extension, it will not even be possible to have private electronic-based communication amongst "ourselves" using PGP and such, because non-TC comms will not make it through any of various Internet intermediaries. And I suggest not counting on darknet.

      http://en.wikipedia.org/wiki/Trusted_Computing_Group gives a quick look at the initial industry players.

      At the moment, so far as I know, volume production of chips is not a trivial or easily hidden activity; further, absent genuine keys or imaginary effective counterfeits, independent and free electronic interaction will not be possible. If you think that's a gloomy overthink, it was worse before I read the comics section.

      What with proprietary formats and such, DRM, DMCA, etc. - tip of the iceberg and all that - I see this as a snowball rolling down an endless slope such that the only hope is that "the" singularity when it may happen might prove a more benign overlord or, perhaps, even companion of sorts. Meanwhile, let's continue to have fun. It's only cradle to grave, right?

      On the off-chance anyone got this far: sorry for the long post. I first read on some of this back in the early 90's, and found it to be sufficiently scary and depressing then after doing a bit of extrapolation.

      Any smart people with non-smart-ass ideas on how to deal with this? I'm a bit more than curious, even 'tho, at 64, it may not be personally relevant for long.

    8. Re:No, Thank You, Dear Government by shutdown+-p+now · · Score: 3, Interesting

      The right question to ask is: what proportion of people who bought iPhone or iPad would have still bought them if they were non-jailbreakable?

  2. Two words... by Doctor_Jest · · Score: 5, Insightful

    Fuck. Off.

    I will be the final arbiter of what runs on MY computers. Not some nebulous "trusted computing" that is in the back pocket of proprietary software conglomerates. There's no point in it unless the real agenda is to wrest control from users' hands. (The recent "secureboot" crap for Windows 8 is a prime example.) It's my computer. It's my data. It's not yours. It won't ever be yours. And no amount of fearmongering will convince me you have my best interests in mind.

    Kiss my ass. No, really. Not on the left cheek, not on the right cheek, but RIIIIGHT in the MIDDLE.

    --
    It's the Stay-Puft Marshmallow Man.
  3. There is an intellectual property-security complex by 0xdeadbeef · · Score: 5, Interesting

    Actually, no, Richard Stallman had it right long before Vernor Vinge.

    DRM has never been about getting paid, it has always been about keeping control. And for all the shit Microsoft got about Palladium, the Apple zealots sure turned a 180 in 2007.

    But the zealots are right about one thing - the iPhone is the future of computing. And that future is a boot stamping on a human face, forever.

  4. RTFA by Anonymous Coward · · Score: 5, Informative

    The article quite clearly states that the government wants *its own* computers to have TPM installed, it doesn't mention anything about home users.

  5. Not for you by EdZ · · Score: 4, Informative

    This sounds less like requiring a TPM for access to, say, the jobcentreplus website (i.e. requiring TPM for the general public) and more an attempt to stem the tide of embarrassing governmental data breaches, i.e. requiring new government and MOD hardware to be a bit less rubbish in terms of data security. Requiring new hardware to access government services for eh general public won't happen, simply because there'd need to be a way to grandfather in all the non-protected devices in public libraries, distributed through government programs, etc.

  6. "Security advantages" hahahahaahah by unity100 · · Score: 3, Insightful

    A chip that allows utter control of a computer remotely, and security advantages ?

    underground crime networks wouldnt blink an eye and would not waste even a '0-day' before they hack them to their advantage.

    Politicians are stupid from an i.t. perspective. They shouldnt be allowed to talk on anything i.t.

    --
    Read radical news here
  7. Too many issues by msobkow · · Score: 3, Insightful

    There are too many issues of lock-in and lock-out associated with so-called "Trusted Computing", in particular the potential to block users from installing their operating system of choice on the hardware they own.

    So far the TPM initiatives deployed by the vendors have failed one after the other. X-Box, PS3, smart phones -- every TPM system I know of to date has failed to provide the protection promised, while restricting freedom of choice by the general public.

    As a result, the only ones who really benefit from TPM are those who want to implement hardware DRM (digital restrictions management.) I'm not willing to give up my software freedoms to support the media companies.

    --
    I do not fail; I succeed at finding out what does not work.