Trusted Computing comes under attack

Technologies touted as providing a more secure computing experience are actually more likely to reinforce monopolies and lock customers in, security and free software experts have warned

The "Trusted Computing" technologies promoted by major IT companies such as Microsoft and IBM could have negative consequences for customers and rival software makers, according to security experts.

Alan Cox, a lead Linux kernel developer and security architect, said that trusting computing has often been used to lock customers into buying a particular software and to prevent rival software makers from competing on that platform.

"What we've seen so far in the games console industry has been directed as if users are scum — 'this console has lots of fancy hardware so you can't run games we haven't written'. This has been a very negative thing and has been used as a way of cutting down competition," Cox said, at a conference on Trusted Computing held in London on Thursday.

The Trusted Computing Group is developing industry standard specifications for trusted computing building blocks. It has claimed that that the technology will create a safer computer environment, reduce business risks and protect end-user data.

Ross Anderson, a professor of security engineering at Cambridge University who spoke at the same event, agreed with Cox that trusted computing could be used to reinforce monopolies and lock in customers. He claimed the Information Rights Management (IRM) technology that Microsoft introduced in Office 2003, which aims to protect customer's information from unauthorised access, makes it more difficult for companies to migrate to alternative desktop products.

"Imagine that all your customers start using information rights management, if you then want to change to OpenOffice you will have to go to every customer and get their [authentication] certificate," Anderson claimed. "Switching then becomes more difficult — it's no longer a matter of migrating the data that you control, but migrating data that is controlled by many people."

Anderson claimed that the PC industry is moving towards a different business model where hardware is subsidised by software purchases. He predicted that by 2008, people may be able to buy an "OfficePlan" for $29.95 (£16.80) a month, which will give them free hardware on which they can use Microsoft Office applications. The increasing use of this business model would have negative implications for free software vendors. "Companies won't let people run free software on the free hardware," Anderson said.

But Trusting Computing is not inherently "evil", according to Cox, who said that the technology could be useful for preventing tampered software from accessing a network, or to help protect auditing and virus tools from being compromised.

"Trusted Computing is a tool. There's a lot of political debate, that it's really evil or good. But it's only a tool," he said "A lot of people would rather it went away, but we only need to understand what the negatives are so people don't misuse it."

One important step would be to stop using the phrase Trusted Computing, as it is "very misleading", according to Cox. He suggested that it is referred to as "proving and provisioning" instead, to make it clear that it is predominantly about approval, rather than safety.

"An approval system doesn't protect you, whereas Trusted Computing gives you the impression that it's your friend," he said.