Trusted Computing Cuts Users Out
Computers are all about the users. They were invented to help users simplify tasks (whether it is a scientist on a cray or your grandmother on her eMachine). That said, users have always been the problem with computers. We say we want stability, well why don't we run Solaris or FreeBSD? These are among the most stable complex systems out there; they'll do most everything we want and never crash (as opposed to DOS which won't crash but it won't do what we want). The answer is users, we are the weak link, not Solaris, us.
If you need to get something done, tools help. But the best tools won't get anything done if you don't know how to use them. I have a friend who uses a pen and pad of paper to do his budgeting. He has excel, he just doesn't know how to use it.
Wouldn't it be nice if we could just cut the user out of the equation? This is the whole idea behind mechanization, users make mistakes, we'll get a machine to do it. This has provided spectacular leaps in production. This mentality has long been in the computing world. Windows and OSX do this very well and it is a great boon to usability.
Computer security is starting to improve significantly by cutting the user out. All these computer security measures do this:
firewalls without user interaction
anti-virus programs automatically cleaning/deleting files
This makes user security better, it saves time, & does a better job than many users could do on their own.
But cutting the user out (like anything else) when taken too far has scary results. What if someone decided you couldn't be trusted to decide what to put on your computer, and that someone else should decide? This is essentially what "trusted computing" is all about.
There is a great discussion on Slashdot about trusted/treacherous computing. A particularly insightful poster wrote "Trust the computer but don't trust me? That sounds like a disaster waiting to happen." That is the issue at heart here. Firms will decide what you can and can't do on your computer, because you cannot be trusted.
Trusted computing has benefits. By only allowing tested code to run there are a lot of potential benefits:
stability could increase
viruses could be prevented from running
malware could be stomped out
piracy on trusted platforms would end
users would know when their system changed
phishing could be stomped out – no more passwords
These benefits are nothing to snub your nose at. A version of this model is what we have for online security. You can get a "trusted" SSL certificate for your business, signaling that it is OK to put in your SSN or credit card number. This has been a boon to online retailers, it provides a fast way to gain trust with a user. No more lock-ins to companies you have experience with.
There are potentially harmful effects to 'trusted computing' too. What if you were a virus writer and found out how to get your code to be 'trusted.' I don't pretend to understand how this could be done, but if it was it would be far more devastating than current viruses (and the incentive seems high enough for someone to figure this out). By cutting the user out of the equation, you may actually make systems LESS secure. Other potentially harmful effects:
vendor lock-in. Perpetually enforced monopoly power. Do you trust Microsoft to decide for you what applications you can use? Will Firefox be trusted? FF extensions? What about programs that cut into their revenue – OpenOffice? Not to pick on Microsoft, there are hundreds of tech/content firms that would love to eliminate competitors.
control. For censorship, DRM, whatever. This would end piracy. And privacy. And user control of data, documents, and everything else. This provides a spectacular platform for hard drive extortion.
identification. If amazon could uniquely identify you, no need for onerous identification processes. But if someone used your computer without your supervision, or figured out how to fake an identification, you may have just bought a thousand britney spears cds.
We are just on the cusp of 'trusted computing.' Windows Vista supports it. Many computer manufacturers shipped hardware that supports 'trusted computing' already.
The GPLv3 specifically deals with 'trusted computing' and DRM. I'll leave you to figured out what the FSF and Stallman think about them, but it isn't positive.
So is 'trusted computing' good? I'll leave that to you to decide, but it is certainly something to be aware of. As for me, I'll stick with Linux, make sure my hardware doesn't support 'trusted computing', and operate my computer however I please.
By the way, the SSL certificates we use for online purchases... yeah phishers are using them now too.