Watch new security specs says academic

Attempts to introduce copyright controls into the very core of everyday technology should be a serious concern of IT professionals, politicians and policy makers.

Attempts to introduce copyright controls into the very core of everyday technology should be a serious concern of IT professionals, politicians and policy makers.

That's the view of Australian academic Bill Caelli (pictured), who says such measures are coming from the Trusted Computing Platform Alliance (TCPA) and Microsoft’s “next generation secure computing base”.

“In plain English”, says Caelli, “[these measures would] remove control of your PC from you and give it to content or application developers.”

TCPA is a computer industry body which promotes the introduction of standardised measures, software- and hardware-based, to prevent the abuse of copyright material on users’ PCs, PDAs and mobile phones. It is supported by vendors including Intel, IBM and HP.

TCPA will work by means of “trusted” platform modules — unchangeable manufacturer-generated keys — which will protect and seal storage and enable remote “attestation”, among other functions. “For example, the machine will be able to say ‘I’m not going to play this DVD if I detect that someone has played with the DVD drive’.”

The upshot is that equipment manufacturers and content providers will have a public key of users’ computers, says Caelli, head of Queensland University of Technology’s software engineering and data communications school.

“You will technically lose control of your machine — control will be vested in the supplier of content to your machine.”

The TCPA specification hasn’t been completed, but IBM has nevertheless already TCPA-enabled some PCs and ThinkPad notebooks.

NGSCB seeks to achieve similar goals but is a separate initiative of Microsoft’s. It was previously called Palladium.

Caelli says NGSCB “isn’t Microsoft’s version of TCPA for Windows — yet” and IBM’s TCPA-enabled devices don’t support NGSCB, despite Microsoft being a member of the TCPA.

Caelli, a visiting speaker at a New Zealand Information Security Forum in Auckland earlier this month, says governments need to address how the introduction of TCPA and NGSCB might affect their countries’ sovereignty.

“Politicians can’t just look at it and say ‘this is about technology’ — it has nationally significant implications regarding who has the right to exert control over the citizens of New Zealand.”

While e-commerce and security benefits are being linked to the TCPA and NGSCB initiatives, Caelli says it’s all about copyright protection. “Is it in aid of benefitting users or more for copyright protection, DRM [digital rights management] and Hollywood?”

An all-NGSCB and TCPA world is some time away, as the TCPA specification is still unofficial and NGSCB is unfinished. It has been hinted that NGSCB will be part of Longhorn, the next version of Windows, but Caelli says it’s not planned for any immediate or long-term versions of Windows.

Other technical issues still surround both NGSCB and TCPA, not the least of which is what happens if an enabled machine seriously crashes.

“Recovering sealed data after a machine crash is very complicated. It [would be] an optional procedure requiring contact with the TPM [trusted platform module] manufacturer.” So complicated is the potential process that “manufacturers may be reluctant to support it”.

Caelli also says the security and control aspects could be turned on their head and used by undesirables such as paedophile groups, making it difficult for law enforcement agencies to crack them.

NGSCB, meanwhile, won’t make any difference to the actual security of the operating system, as it will sit alongside it, not beneath it. “NGSCB gives up on Windows OS security and adds another isolated security kernel, the nexus.”

In effect, NGSCB assumes Windows code is untrusted, Caelli says.

Join the newsletter!

Error: Please check your email address.

More about BillHPIBM AustraliaIntelMicrosoftQueensland University of TechnologyQueensland University of TechnologyTechnologyTrusted Computing Platform Alliance

Show Comments
[]