Diatribes - Computer, Economic & Political

This blog is really just for me. If you find something interesting on it, leave me a comment. If you disagree with something, let me know what and why. In this blog I am just putting some of my thoughts for computers, the economy, politics, and other topics in writing.

19 February 2006

Trusted Computing Cuts Users Out

Computers are all about the users. They were invented to help users simplify tasks (whether it is a scientist on a cray or your grandmother on her eMachine). That said, users have always been the problem with computers. We say we want stability, well why don't we run Solaris or FreeBSD? These are among the most stable complex systems out there; they'll do most everything we want and never crash (as opposed to DOS which won't crash but it won't do what we want). The answer is users, we are the weak link, not Solaris, us.

If you need to get something done, tools help. But the best tools won't get anything done if you don't know how to use them. I have a friend who uses a pen and pad of paper to do his budgeting. He has excel, he just doesn't know how to use it.

Wouldn't it be nice if we could just cut the user out of the equation? This is the whole idea behind mechanization, users make mistakes, we'll get a machine to do it. This has provided spectacular leaps in production. This mentality has long been in the computing world. Windows and OSX do this very well and it is a great boon to usability.

Computer security is starting to improve significantly by cutting the user out. All these computer security measures do this:

automatic updates

firewalls without user interaction

anti-virus programs automatically cleaning/deleting files

This makes user security better, it saves time, & does a better job than many users could do on their own.

But cutting the user out (like anything else) when taken too far has scary results. What if someone decided you couldn't be trusted to decide what to put on your computer, and that someone else should decide? This is essentially what "trusted computing" is all about.

There is a great discussion on Slashdot about trusted/treacherous computing. A particularly insightful poster wrote "Trust the computer but don't trust me? That sounds like a disaster waiting to happen." That is the issue at heart here. Firms will decide what you can and can't do on your computer, because you cannot be trusted.

Trusted computing has benefits. By only allowing tested code to run there are a lot of potential benefits:

stability could increase

viruses could be prevented from running

malware could be stomped out

piracy on trusted platforms would end

users would know when their system changed

phishing could be stomped out – no more passwords

These benefits are nothing to snub your nose at. A version of this model is what we have for online security. You can get a "trusted" SSL certificate for your business, signaling that it is OK to put in your SSN or credit card number. This has been a boon to online retailers, it provides a fast way to gain trust with a user. No more lock-ins to companies you have experience with.

There are potentially harmful effects to 'trusted computing' too. What if you were a virus writer and found out how to get your code to be 'trusted.' I don't pretend to understand how this could be done, but if it was it would be far more devastating than current viruses (and the incentive seems high enough for someone to figure this out). By cutting the user out of the equation, you may actually make systems LESS secure. Other potentially harmful effects:

vendor lock-in. Perpetually enforced monopoly power. Do you trust Microsoft to decide for you what applications you can use? Will Firefox be trusted? FF extensions? What about programs that cut into their revenue – OpenOffice? Not to pick on Microsoft, there are hundreds of tech/content firms that would love to eliminate competitors.

control. For censorship, DRM, whatever. This would end piracy. And privacy. And user control of data, documents, and everything else. This provides a spectacular platform for hard drive extortion.

identification. If amazon could uniquely identify you, no need for onerous identification processes. But if someone used your computer without your supervision, or figured out how to fake an identification, you may have just bought a thousand britney spears cds.

no more privacy. Is the opposite of anonymity, nonymity? How would this affect free speech, in say China, or the US?

We are just on the cusp of 'trusted computing.' Windows Vista supports it. Many computer manufacturers shipped hardware that supports 'trusted computing' already.

The GPLv3 specifically deals with 'trusted computing' and DRM. I'll leave you to figured out what the FSF and Stallman think about them, but it isn't positive.

So is 'trusted computing' good? I'll leave that to you to decide, but it is certainly something to be aware of. As for me, I'll stick with Linux, make sure my hardware doesn't support 'trusted computing', and operate my computer however I please.

By the way, the SSL certificates we use for online purchases... yeah phishers are using them now too.

2 Comments:

Anonymous Jake said...

I'm going to miss good old supply and demand markets. I'm sure you understand basic economic theory, where consumers set what is goig to be sold in a market. Unfortunately we're at a point where the industry is setting the market, despite what the consumers want. We don't want non-skippable ads on our DVDs. We want to put our music where we want it, not where our DRM says we can. We don't want to have to roll out extra dough to watch next generation disks. I don't know about everyone else, but I don't need to watch in 1080p. But who know's if I'll have a choice, the industry might force me into it (although piracy won't).

Jake

26 February, 2006  
Blogger jambarama said...

Majoring in economics, I have a pretty good idea of how supply and demand work. : )

If consumers don't get what they want, there must be a market failure. I've thought of a few ideas for what that might be, the most likely is as follows:
- Less than perfect information. Now economists don't really think perfect information exists, but you'd call it "good" information. Because these systems are very complex, and few know how they work, few know how the systems will impact them. It doesn't help any that firms are keeping the negatives a bit 'secret'.

The content industry is almost as oligopolistic as the computer industry was 10 years ago (after win 95, it is getting better now with OSX and digestible linux distros). In an oligopoly most firms play 'cournot' meaning they get high returns. Not competitive, but not a monopoly. The only way to keep an industry oligopolistic is to keep out entrants. This can be done through high fixed costs (or potentially high fixed costs), legislation, large cost advantages (which is a good thing), and preference. I'll leave it up to you guys to figure out which one is at play here.

I think one of the biggest reasons for public apathy is because the work is done for them. The EFF fights for them, privacy geeks fight for them, so do a lot of other sources. If we (EFF & geeks) lose, then this stuff will ACTUALLY affect people. Then they might care.

26 February, 2006  

Post a Comment

Subscribe to Post Comments [Atom]

<< Home