UNINNOVATE / Engineering At Its Finest / Since 2006

The Trusted Computing specification for Cell Phones will be introduced Wednesday at the CTIA Wireless IT conference in Los Angeles. The mobile phone industry and the Trusted Computing Group is billing this as a win for consumers and business because it will make cell phones more secure:

Because they increasingly handle sensitive information, hundreds of millions of handsets are becoming targets for thieves and hackers. Enterprises also face challenges as employees increasingly use smartphones to interface with mission-critical data and networks.

How will handset manufacturers, carriers, and the IT community respond to this growing challenge of mobile phone security? Learn what the industry is doing proactively to prevent the loss and theft dof data and personal credentials.

CTIA Wireless IT & Entertainment 2006

However, many worry that Trusted Computing is an enabler of a whole host of new anti-competitive techniques and more extensive DRM controls.  Wikipedia has a good summary of the concerns that have been raised:

Trusted computing can be used for DRM. An example could be downloading a music file from a band: the band’s record company could come up with rules for how the band’s music can be used. For example, they might want the user to play the file only three times a day without paying additional money. Also, they could use remote attestation to only send their music to a music player that enforces their rules: sealed storage would prevent the user from opening the file with another player that did not enforce the restrictions. Memory curtaining would prevent the user from making an unrestricted copy of the file while it’s playing, and secure output would prevent capturing what is sent to the sound system.

Trusted Computing – Wikipedia, the free encyclopedia

The fundamental issue is that Trusted Computing takes control away from the user and places it in the hands of the corporations who write software.  For example, Trusted Computing allows programs to refuse to interoperate with any software that was not specifically validated by the software manufacturer.  Ostensibly, this is to prevent viruses from harming the application but it also effectively prevents competition or application extensions.  As a result, the software manufacturer has control over not only the application, but also any data that the user has created with it.  There is no way to get the data out of the program unless the program allows it:

In the diary example, sealed storage protects the diary from malicious programs like viruses, but it doesn’t distinguish between those and useful programs, like ones that might be used to convert the diary to a new format, or provide new methods for searching within the diary. A user who wanted to switch to a competing diary program might find that it would be impossible for that new program to read the old diary, as the information would be “locked in” to the old program. It could also make it impossible for the user to read or modify his or her diary except as specifically permitted by the diary software. If he or she were using diary software with no edit or delete option then it could be impossible to change or delete previous entrie

Trusted Computing – Wikipedia, the free encyclopedia

It’s important for users to become educated about increasingly restrictive limitations being engineered into devices they depend on.  Before accepting a new restrictive technology under the guise of “better security”, we should consider the lasting implications.

technorati tags:TCM, trusted, computing, cell, mobile, phone, TC