Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

UK Government Pushing For 'Trusted Computing'

timothy posted about 3 years ago | from the bland-acceptance dept.

Privacy 291

Motor writes "As has long been expected — we are now beginning to see governments pushing for the use of so-called 'trusted computing' — chips installed in all computers that effectively remove control of the PC from its owner. While there may be security advantages to some of the ideas, few can doubt that it represents a fundamental shift in the IT world. A radical move away from an open technology landscape and towards a system that denies all access unless you have the right credentials. Governments will demand the right credentials to access their services — meaning approved software stacks (i.e Windows) with the right digital signatures. Vernor Vinge had it right ."

Sorry! There are no comments related to the filter you selected.

No, Thank You, Dear Government (5, Insightful)

koestrizer (2491576) | about 3 years ago | (#37810124)

My Linux machine is well-protected and I don't need your meddling nor do I need Microsoft's.

Re:No, Thank You, Dear Government (5, Insightful)

Gaygirlie (1657131) | about 3 years ago | (#37810220)

My Linux machine is well-protected and I don't need your meddling nor do I need Microsoft's.

That is indeed one of the reasons why this will not work: there are people using all kinds of different OSes, including all the mobile ones, desktop OSes and whatnot. If the UK government were to only allow devices with the trusted computing built-in both the hardware and software they'd be instantaneously removing access for everyone who is used to using mobile devices to access those services.

Another case of government not understanding technology, yet still pushing everyone to adopt it.

Re:No, Thank You, Dear Government (0)

Anonymous Coward | about 3 years ago | (#37810320)

The modern phone platforms have been shipping with "TPM" for quite a while:
http://www.arm.com/products/processors/technologies/trustzone.php [arm.com]

Re:No, Thank You, Dear Government (1)

mhelander (1307061) | about 3 years ago | (#37810690)

So that leaves...just linux? :P

Re:No, Thank You, Dear Government (1)

Coisiche (2000870) | about 3 years ago | (#37810410)

If the UK government were to only allow devices with the trusted computing built-in both the hardware and software they'd be instantaneously removing access for everyone who is used to using mobile devices to access those services.

Other than the "bread and circuses" impact it would have I think that a government would perceive that at a good thing.

Re:No, Thank You, Dear Government (4, Insightful)

Teun (17872) | about 3 years ago | (#37810484)

From the article:

These are making the public safe online and ensuring the country is one of the best in the world for online business; making the UK more resilient in the face of cyber attack and better able to protect its interests; proving a more "open and vibrant" cyber security environment; and having the knowledge, skills and capability to underpin these.

"Building the most resilient cyber defences in the world will not help if you are suffering from intellectual property theft," he said. "Trusted computing underpins security and can underpin growth, providing confidence in transactions, expanding markets and making them function more efficiently."

The first quoted sentence is the usual self congratulating typical for British politicians, nothing to see here, move along.
The second part of the quote starts with divulging who is sponsoring this 'action'.

Bah!

Re:No, Thank You, Dear Government (0)

Anonymous Coward | about 3 years ago | (#37810508)

Right, because the 0.7% Linux desktop market share matters, and because they WANT you running an OS you control.

News flash: many mobile devices already include TPM modules, and this will be the norm shortly. Linux will be out though, because it's fundamentally designed to give control of the computer to the user, which is the antithesis of trusted computing. And nobody will notice or care: they aren't enough Linux users around. So a few nerds will make noise, they won't change anything, and life will go on.

Mobile devices are not a problem. Looked how locked down the iPad and iPhone are. That fits right in with the spirit of trusted computing.

Re:No, Thank You, Dear Government (1)

Runaway1956 (1322357) | about 3 years ago | (#37810668)

No worries, Mate! Linux users will figure out a hack soon enough. In fact - the criminal element probably already has an angle on it. Criminal kingpins in Russia discussing this article with criminal kingpins in America:

Russian: So, the UK thinks they can block us?
American: No, I don't believe that they think that - they are just challenging us to get more creative.
Russian: You mean, something like counterfeit chips?
American: For starters, yes. We just get some knockoffs made in China, and program them ourselves.
Russian: Then what? Fall back to Linux, which the government doesn't control?
American: Of course. We already have things like OpenBios. We need to hack some way for all those nosy government agencies to talk with our chip, through Linux, which of course, will tell the government whatever we want it to tell them!

Re:No, Thank You, Dear Government (2)

RCL (891376) | about 3 years ago | (#37811018)

Mobile devices are not a problem. Looked how locked down the iPad and iPhone are. That fits right in with the spirit of trusted computing.

You realize that according to figures that you can on the web jailbroken iPhones constitute from 10 to 30% of the market? And those are certainly "conservative" estimates, because judging from iOS piracy rate ([1] [tuaw.com] [2] [reddit.com] ) percentage of jailbroken iDevices should be much larger!

Re:No, Thank You, Dear Government (1)

Arancaytar (966377) | about 3 years ago | (#37810926)

My Linux machine is well-protected and I don't need your meddling nor do I need Microsoft's.

That is indeed one of the reasons why this will not work: there are people using all kinds of different OSes, including all the mobile ones, desktop OSes and whatnot. If the UK government were to only allow devices with the trusted computing built-in both the hardware and software they'd be instantaneously removing access for everyone who is used to using mobile devices to access those services.

Another case of government not understanding technology, yet still pushing everyone to adopt it.

In politics "this will not work" is not the same thing as "this will not happen". More often, it is the opposite.

Re:No, Thank You, Dear Government (1)

craigc05 (2377254) | about 3 years ago | (#37810246)

It's not about your security, it's about theirs. GNU has a nice article about treacherous computing on their site, if you're the type that can stomach RMS. Posting from phone, will find link in a sec.

Re:No, Thank You, Dear Government (2)

OeLeWaPpErKe (412765) | about 3 years ago | (#37810264)

Actually TPM allows protection in both directions. It works a bit like banks' systems. With a TPM you can secure a laptop, give it out to anyone, and you can set it up so they won't be able to break the encryption even if they know the passwords.

If you work for a company, you can give out VPN credentials to idiots that are uncopyable. If they get infected with a virus, the VPN won't come up.

I've consulted for a bank, and here's the dream : full offline money. If you have a TPM they will manage your account in your laptop (or phone, or ...) and have full offline payments. Because the TPM will only give their program access to the data, they can still prevent you from simply adding money in your own account, while allowing fully disconnected payments to occur which the bank will only find out about weeks after the fact (and so can you on other's computers of course).

In general TPM's allow fully disconnected trust relationships.

Surely such features are worth something ? Several linux companies are already using them.

All it does is simply making sure that if you tell some company you're going to take good care of their data, you have to actually do it (or delete the data, you're perfectly at liberty to do that). I mean what do you have against this ? Other than "I want to pirate stuff" (which will still be perfectly possible, just slightly more involved).

Re:No, Thank You, Dear Government (4, Insightful)

pmontra (738736) | about 3 years ago | (#37810334)

Suppose you are a Linus Torvalds some years in the future. How do you create your own OS if your PC only boots existing OSes and you don't work for a company that can buy or create non TC hardware?

Re:No, Thank You, Dear Government (4, Interesting)

chill (34294) | about 3 years ago | (#37810368)

Easily, if you hold the keys. The trick is the keys that sign the boot image need to be in your control.

Google does this with their CR-48 Chromebook. It will only boot Google-signed images. But, there is a small switch in the battery compartment to put it into developer mode where it'll boot any image.

I *LIKE* TPM, as long as I generate the signing keys for the images. Then it'll boot what *I* tell it, and not necessarily what MS or the gov't, or anyone else tell it to.

It ensure that *I* can trust my computer. Screw what they want to trust.

Re:No, Thank You, Dear Government (1)

Rich0 (548339) | about 3 years ago | (#37810806)

Well, the CR-48 doesn't quite do what you say you want.

In secure mode it only boots their OS. In developer mode it will boot anything. There is no option to only boot "your" OS.

I think that trusted computing is fine, as long as I control the keys in the computer. Oh, and if I get a copy of the private keys associated with any public keys that are pre-loaded in the thing (not a big deal from a security standpoint - they just need to assign a unique keypair to each PC).

Re:No, Thank You, Dear Government (1)

chill (34294) | about 3 years ago | (#37810840)

You are correct in that it doesn't suit my needs. However, several laptops do in that they have TPM chips included, but uninitialized. You can initialize them and create the keys. This is optimal.

I really don't mind the government mandating having a lock -- so long as *I* and not *they* have the key.

Re:No, Thank You, Dear Government (1)

vadim_t (324782) | about 3 years ago | (#37810898)

Ah, but why would the government mandate a lock and leave it up to you to do something with it?

There's no point in that. If you really want a TPM you can go and buy a computer with one, there's no need to globally impose having it on the entire population (which won't come for free, btw).

The only point in requiring it is that there's something for the government in it, and most likely not to your benefit. Even if you do want a TPM you should oppose the government's attempt to introduce it, because it will serve them, not you.

Re:No, Thank You, Dear Government (2)

gman003 (1693318) | about 3 years ago | (#37810390)

Nothing is unbreakable. Intel's TPM works basically the same way game console lockout chips do, with some enhancements - and you'll notice that there's a thriving market in modchips and softmod hacks. Worst-case, Linus would've had to reverse-engineer and break the TPM. Best-case, you go to a jailbreakme.com-like site and disable it entirely from software.

Re:No, Thank You, Dear Government (-1)

OeLeWaPpErKe (412765) | about 3 years ago | (#37810984)

You are basing this on a wrong assumption. There is *nothing* in TPM that prevents you from creating or booting a custom OS. The ONLY thing TPM does is that it prevents you from lying about which OS you're running (you can refuse to say, you can give obviously wrong information, but you can't give convincing-but-wrong information).

Re:No, Thank You, Dear Government (2)

maxwell demon (590494) | about 3 years ago | (#37810356)

If you work for a company, you can give out VPN credentials to idiots that are uncopyable.

Are there copyable idiots, too? :-)

Re:No, Thank You, Dear Government (1)

cyber-vandal (148830) | about 3 years ago | (#37810490)

Yes they're called pop stars

Re:No, Thank You, Dear Government (1)

ScrewMaster (602015) | about 3 years ago | (#37810642)

Yes they're called pop stars

Technically, pop stars are just easily reproducible. We'd need more advanced cloning technology to actually copy them, and if we do make copies of Britney Spears, I'm leaving the country.

Re:No, Thank You, Dear Government (2)

vadim_t (324782) | about 3 years ago | (#37810366)

Surely such features are worth something ? Several linux companies are already using them.

Not to me. Why would I want it? If the bank likes it, it's profitable for them, but that doesn't mean it's necessarily profitable for me.

Offline payments also seem largely unnecessary given how the internet is increasingly available anywhere.

Also there are a lot of potential pitalls. If you transfer money to me offline, can the money disappear if the computers are never synchronized?

All it does is simply making sure that if you tell some company you're going to take good care of their data, you have to actually do it (or delete the data, you're perfectly at liberty to do that)

That is a perversion. There's no such thing as me keeping "their data". It's my data, and I should have full control over it. If they really have "their data", then it just stays on their servers, where it's fully their problem. I don't see why I suddenly guarantee its security for no advantage to myself.

I mean what do you have against this ? Other than "I want to pirate stuff" (which will still be perfectly possible, just slightly more involved).

Loss of control. My stuff is mine, period, and I don't have to give lenghty explanations of that. But no, it's not piracy. On my hardware, which I paid for, I should have absolute access to every single bit of it.

I will certainly not buy anything that implements such a scheme.

Re:No, Thank You, Dear Government (0)

Anonymous Coward | about 3 years ago | (#37810474)

no,fuck you

Re:No, Thank You, Dear Government (0)

Anonymous Coward | about 3 years ago | (#37810506)

I think this short [lafkon.net] sums up trusted computing pretty well.

Re:No, Thank You, Dear Government (2)

Dog-Cow (21281) | about 3 years ago | (#37810566)

All idiots are copyable, and most have been.

Re:No, Thank You, Dear Government (1)

greenbird (859670) | about 3 years ago | (#37810814)

In general TPM's allow fully disconnected trust relationships.

The government drone quoted in the article clearly states this has nothing to do with security and everything to do with DRM and controlling what is on your system.

From the fine article:

Owen Pengelly, deputy director of policy at the Office for Cyber Security and Information Assurance in the Cabinet Office..."Building the most resilient cyber defences in the world will not help if you are suffering from intellectual property theft," he said.

Re:No, Thank You, Dear Government (0)

Anonymous Coward | about 3 years ago | (#37810414)

Linux supports TPM, so that shouldn't be a problem, really. And you could always just not use the government's services through your computer (go to a library or somewhere else with a public computer if you need to, for instance). Just sayin'.

Re:No, Thank You, Dear Government (1)

SuricouRaven (1897204) | about 3 years ago | (#37810588)

Linux supports TPM - but will the govenment agencies support linux?

Re:No, Thank You, Dear Government (0)

Anonymous Coward | about 3 years ago | (#37810516)

I would kind of love if I had protection for my Linux though.

Seriously, some of these proposed technologies could protect also Linux from pre-boot attacks by ensuring only MY Linux can be started, and that my full-disk encryption keys are kept safe. Also these chips could in future scan every starting process for vulnerabilities, and for other nasty things.

Re:No, Thank You, Dear Government (1)

blueg3 (192743) | about 3 years ago | (#37810930)

You can certainly do that. I just don't think it's easy to set up. There have been security papers, even, where people have configured Linux servers where the TPM on the server could prove to a client that the server's boot chain and software stack are verified. (Efficient? No.)

Re:No, Thank You, Dear Government (1)

westlake (615356) | about 3 years ago | (#37810918)

My Linux machine is well-protected and I don't need your meddling nor do I need Microsoft's

But is it your Linux machine or does it belong to your employer, your school, or your parents?

If your employer and others allow external access to secured internal systems, services and data, can they insist on dealing only with known, trusted, machines?

The Linux machine with no network access is, for all practical purposes, a doorstop.

Re:No, Thank You, Dear Government (0)

Anonymous Coward | about 3 years ago | (#37811060)

Actually, there is much more support for trusted computing in Linux than there is in Microsoft products. The notion that trusted computing is "not open" or "takes control of the computer away from the user" is complete paranoid delusion. Don't trust me? Try learning about the technology from something other than Wikipedia, and instead read the completely open specifications for the TPM and its software stack, available at trustedcomputinggroup.org. Also, have a look at the source code for Linux projects like TrouSerS (available at SourceForge) and Trusted GRUB.

The notion that the TPM takes control away from the user seems to be based on the fact that the TPM has a processor and key store that remain locked in a smartcard-inspired chip on the motherboard. Although you might not trust the firmware on this chip, you know just as much, if not more, about it than you do about the firmware running on your hard drive controller, your processor, or any other system developed as a closed source system and needed for operating your open source software. The TPM stores private keys in it's private data store, and only two of those. What you do with those is up to you as a developer, using the completely open specifications mentioned above.

Remote attestation got you paranoid? Once again, that probably means that you have not read anything about it. The TPM stores SHA-1 hashes of firmware and software made by other components of the system, and most of those hashes are taken by -- wait for it -- open source software. The remote attestation mechanism is all about taking those measurements, hashing them together into Program Control Registers, and then hashing those PCRs and a server-supplied nonce into a "quote," which is signed by a TPM-protected private key. The process of assembling this quote is done by software at the full discretion of the owner of the computer. It is not done in secret, it does not reveal any information about the computer that the owner does not wish to reveal, and it does not depend on any particular software. It is, in fact, a much more useful tool when the chain of transitive measurements can be extended further from a root of trust. This is something that Microsoft does very poorly (by some Bitlocker elements, which don't use any part of remote attestation for what its worth), but is done quite well by many open source tools developed for Linux.

What can this do for you as a user? It can give you more insight into the code that is running underneath your open source operating system. When was the last checked to see if your BIOS (or EFI) was running unmanipulated? If you have done this without the assistance of a TPM, did that mean removing the firmware from the computer and examining it forensically offline, or just trusting what version the BIOS said that it was running? There has been plenty of research on BIOS rootkits, so perhaps this isn't a bad idea. By writing your own software (on an open source system), you can remotely attest measurements of the BIOS code in your computer to YOU (not to the MPAA or name-your-own-untrusted-entity-on-the-internet).

Perhaps your Linux machine isn't as well protected as you think it is, and the use of trusted computing could help you make it much better protected. Of course, you could also just comment on Slashdot about a technology you know nothing about and make yourself look like a fool to anyone else that does. Whatever.

This won't last. (1, Interesting)

mfh (56) | about 3 years ago | (#37810130)

Here is what we'll do.

We will create and use our own internet and if you have one of those chips on your computer, we'll disable your access to it. Thanks Government for giving us a way of checking if someone is controlled by you!!

Re:This won't last. (2)

arth1 (260657) | about 3 years ago | (#37810178)

This is the entirely wrong way to think. Like most technologies, this one has good uses and bad uses. To ban a technology because of bad uses is no different whether it's you doing it or a government doing it.
Lack of TPM is a deal breaker for many businesses and individual - being able to encrypt a laptop in a way that the HD can't be used if removed from the machine, and can't be booted without verifying biometric data against the TPM signed data means that even with the machine, it's just a brick without the user.

The first time around, privacy advocates were concerned that TPM would be used by the big corps to lock in the sofware more efficiently than any dongle, and create a DRM hell. But it didn't, because the vast majority of users aren't interested in paying extra for such a feature. But those who are haven't changed the playing field.

Re:This won't last. (1)

maxwell demon (590494) | about 3 years ago | (#37810388)

As soon as TPM is a government-mandated requirement on every computer, using TPM as a "superdongle" doesn't cause any additional direct cost for the customer of programs doing so.

Re:This won't last. (2)

greenbird (859670) | about 3 years ago | (#37810784)

The first time around, privacy advocates were concerned that TPM would be used by the big corps to lock in the sofware more efficiently than any dongle, and create a DRM hell. But it didn't, because the vast majority of users aren't interested in paying extra for such a feature. But those who are haven't changed the playing field.

You, my friend, are either blindly naive or an idiot. The article blatantly and clearly states that primary purpose of this is to create DRM hell. The only reason it hasn't so far is that any products that use this are FAR less useful than products that don't use it and thus worth much less to the market. A nice government mandate will eliminate any ability of the market to make choices about such things. This has NOTHING to do with security. It has everything to do with control and the governments and established elite are finding that they are losing it. Wake up. Please.

From the fine article:

Owen Pengelly, deputy director of policy at the Office for Cyber Security..."Building the most resilient cyber defences in the world will not help if you are suffering from intellectual property theft,"

All a matter of $ (1)

Mathinker (909784) | about 3 years ago | (#37810688)

The problem isn't having a TPM module in your computer, it's having one without knowing its secret keys.

Even if every computer would have such a module, because one needs such a module to run Windows, for example, that doesn't mean that the computer vendor wouldn't be willing to give you the keys to the module for some extra profit. Especially if, for example, your computer is manufactured in a somewhat less "Western" country than the UK, say, China? Last time I checked, at least a few computers were manufactured there, no? (nod, nod, wink, wink)

Or possibly, for example, some of the Chinese companies who design/manufacture these TPMs might be less interested in investing (or rather, in their eyes, wasting) money to design them to be invincible against side channel attacks (like power consumption attacks)?

Even if the computer does have a TPM, there's no way to check from your trusted OS that the TPM hardware is properly designed to be resistant to attack.

Re:This won't last. (1)

westlake (615356) | about 3 years ago | (#37811016)

We will create and use our own internet and if you have one of those chips on your computer, we'll disable your access to it.

And no one will give a damn.

The geek tends to spiral into ever-narrowing circles of influence.

Windows 7 Sins. The Other OS on the PS3. The "Walled Garden" of the iOS. Dead-end protests every one of them

Sad to see another country cutting its own throat (2)

Crashmarik (635988) | about 3 years ago | (#37810160)

The U.S. has been doing it to itself with an insane tax code, and product liability laws from the netherworld. Europe is going down the road of not trusting its people.

Re:Sad to see another country cutting its own thro (1)

Dondoet (2199592) | about 3 years ago | (#37810240)

Europe is not a country.

Re:Sad to see another country cutting its own thro (1)

Crashmarik (635988) | about 3 years ago | (#37810268)

The union is for all intents and purposes

Re:Sad to see another country cutting its own thro (2)

NeutronCowboy (896098) | about 3 years ago | (#37810440)

The European Union is specifically not a country, not for any intents or any purposes. What the EU has is a common foreign policy and a system of rules that minimizes the impact of national borders on commerce.That's it. And the common foreign policy is on top of the foreign policy of each member state, not a replacement for it. The EU is much more a loosely federated club with very lax rules and even laxer enforcement.

Wanna know what a weak federal government looks like? Look at the EU.

Re:Sad to see another country cutting its own thro (1)

cyber-vandal (148830) | about 3 years ago | (#37810504)

Unless you read the UK tabloids in which case the EU is akin to the USSR and has its evil tentacles interfering in all aspects of our lives.

Re:Sad to see another country cutting its own thro (0)

Anonymous Coward | about 3 years ago | (#37810726)

Let's just assume that the EU is a superset of standard government models. It supersedes the levels below it, although has the anti-democratic bend that you call lack of a vote.

Regardless, UK, EU, or W/E, it's going to have a potentially devastating impact on freedom of information and self-determination in my opinion - should it be allowed to go ahead. I'm not saying this as simply a geek either. I know people who honestly *prefer* a linux-based system for more than just it's freedom. They consider it *better* than Windows.

Honest disclosure: I am a dedicated linux user.

Re:Sad to see another country cutting its own thro (1)

joocemann (1273720) | about 3 years ago | (#37810272)

And the UK isn't europe!

Re:Sad to see another country cutting its own thro (1)

Anonymous Coward | about 3 years ago | (#37810316)

Since Europe is not a democracy (since the unelected commission holds final authority, overriding everyone else's), it's obvious that it will go down the path of every other oppressive government and lock down much more than just computers. Censorship laws are already in place protecting the feelings of politicians and certain minority groups (the justification being that muslims will kill lots of people if you tell people/publish that muhammad was a child-rapist, so you need to "keep the peace". Why is this censorship ? Because "this is the truth" is not an acceptable defense like in libel laws. If the truth "hurts" inter-ethnic-group relations, it's illegal)

Re:Sad to see another country cutting its own thro (1)

Anonymous Coward | about 3 years ago | (#37810428)

Each constituent country can and does flout European Commission directives. New legislation requires ratification in each country, and almost every 'agreement' and policy has exception states and nations which have implemented the policy so badly it fails to meet the required legislation.

Well shit I've fed the troll.

Re:Sad to see another country cutting its own thro (1)

zippthorne (748122) | about 3 years ago | (#37810848)

Capriciously enforcing unjust laws does NOT justify keeping around the mechanism by which bad laws are produced....

Re:Sad to see another country cutting its own thro (1)

Teun (17872) | about 3 years ago | (#37810836)

Since Europe is not a democracy (since the unelected commission holds final authority, overriding everyone else's)

You read too many British tabloids.

The EU Commission answers to the governments that appointed the members.

As a matter of fact, many European countries have a government that is not directly elected but governs in the name of the elected parliament.
To make it clear to a UK audience, the members of such a government are appointed by the elected parliament, they are not members of the parliament.

It is an unholy alliance of the French and Brits that veto's any attempts to give such powers to the democratically elected EU parliament.

Re:Sad to see another country cutting its own thro (1)

ohnocitizen (1951674) | about 3 years ago | (#37810572)

Offtopic. The US tax code and product liability laws are completely unrelated to this story. You might make an interesting argument that governments world wide are moving further and further away from trusting their citizens, and this is yet another salvo in that battle. A relevant example from the US would be the Senators who are making noises about removing the ability to directly elect Congress.

Security? (1)

colinrichardday (768814) | about 3 years ago | (#37810166)

Will handing Microsoft that kind of power make the internet more secure?

Re:Security? (1)

arth1 (260657) | about 3 years ago | (#37810196)

Will handing Microsoft that kind of power make the internet more secure?

The first time industry handed them TPM, they provided BItlocker. So the answer is probably "yes".
Even if you rightly hate Microsoft for other reasons, this doesn't seem to be one.

Re:Security? (2)

colinrichardday (768814) | about 3 years ago | (#37810358)

Except that BitLocker, like other such programs, is susceptible to a cold-boot attack. http://en.wikipedia.org/wiki/BitLocker_Drive_Encryption [wikipedia.org]

Re:Security? (1)

arth1 (260657) | about 3 years ago | (#37810444)

Non sequitur. Your car and house's locks are susceptible to a lot of attacks, likely anything from picking to drilling out the lock, or breaking in through a window. That doesn't stop the locks from being useful.

The point is that from track record, Microsoft seems to not take advantage of TPM to do DRM lock-in, but instead provide features that arguably can be of value to the end user. Much as I like bashing Microsoft, I won't prematurely bash them over this.

Re:Security? (1)

colinrichardday (768814) | about 3 years ago | (#37810612)

Point taken. But if people can't install Linux on their PCs, what alternative will they to Windows?

Re:Security? (0)

Anonymous Coward | about 3 years ago | (#37810352)

Sure - isn't Windows 7 the most secure Windows ever?

Like Windows Vista was...and Windows XP...and Windows 2000...

Windows? (0)

Anonymous Coward | about 3 years ago | (#37810194)

Sounds to me like someone is using the windows bogeyman to scare slashdot.

Two words... (5, Insightful)

Doctor_Jest (688315) | about 3 years ago | (#37810210)

Fuck. Off.

I will be the final arbiter of what runs on MY computers. Not some nebulous "trusted computing" that is in the back pocket of proprietary software conglomerates. There's no point in it unless the real agenda is to wrest control from users' hands. (The recent "secureboot" crap for Windows 8 is a prime example.) It's my computer. It's my data. It's not yours. It won't ever be yours. And no amount of fearmongering will convince me you have my best interests in mind.

Kiss my ass. No, really. Not on the left cheek, not on the right cheek, but RIIIIGHT in the MIDDLE.

Re:Two words... (1)

joocemann (1273720) | about 3 years ago | (#37810252)

You have the most appropriate response I've read so far. The notion of this is ridiculous!

There is not enough *wrong* with our current tech to necessitate this bullshit.

The best response is outrage, and th UK people should burn this idea to the ground and reprimand those pushing it!

Re:Two words... (0)

BSAtHome (455370) | about 3 years ago | (#37810270)

I second that emotion.

Re:Two words... (0)

Anonymous Coward | about 3 years ago | (#37810432)

"I will be the final arbiter of what runs on MY computers"

No you won't, because in 15 or 20 years, you won't have any choice unless you want to be completely disconnected from the modern world. You won't be able to buy open systems any more.

It'll happen step by step: first, just needed to do banking and shopping online, but eventually, even to connect to the internet in the first place. It'll be sold as for our own good, and people will eat it up. Just look at how eager people are to buy iPads and other locked down devices. You seriously think anybody outside of a few nerds gives a shit? They don't, and those few nerds are not enough to change the nature of the market.

Now, if you could get 75% of everybody to care, sure, it'd matter. But not only don't they care, they don't even *understand*.

Control over the internet is the ultimate dream of governments everywhere, it's just that the ones outside China have to go about it slowly and make sure it's to protect us. Excuses must be found. But it'll happen, and you won't be able to buy anything else. Want to make your own CPU? Go ahead, but don't expect to go online with it.

Not this year, not next, maybe not even within a decade. But it WILL happen.

Re:Two words... (0)

Anonymous Coward | about 3 years ago | (#37810624)

Want to make your own CPU? Go ahead, but don't expect to go online with it.

Not this year, not next, maybe not even within a decade. But it WILL happen.

Why stop at the CPU? If it comes to that, eventually there will be enough sufficiently pissed off and motivated individuals to make their own internet. It might take a long time if the 'old' internet becomes locked down and unusable for such subversive uses, but it too will happen eventually. The only way this could be stopped is if society itself goes into totalitarian lockdown and you can't even freely associate with people face to face. Not saying the above is impossible, but that's a few steps beyond only having absolute control over our toys.

Re:Two words... (0)

Anonymous Coward | about 3 years ago | (#37810676)

"motivated individuals to make their own internet"

Sure, go ahead, but don't expect 99.9% of everybody else to be on it. Don't expect your bank to be on it. Don't expect to do any online shopping on it. Don't expect gaming studios to support it. Don't expect any infrastructure, so you might not even get outside your own house with it. And so on. It will only be a little sandbox for you and a few others in your basement. That's about all.

And making your own CPU? That's gonna rule out all but one in a few millions of people.

Re:Two words... (0)

Anonymous Coward | about 3 years ago | (#37810476)

I will be the final arbiter of what runs on MY computers.

and they will be the final arbiters to decide wether or not your computer can access thier services, it seems.

now that I think of it... here in Italy lots of the computers you find in offices (even government's) are still stuck with the old and lame internet explorer 6, and when you develop something you *must* assure compatibility down to that.

trusted computing and windows 3.1 won't blend well, so maybe retrocompatibility will save us here?

Appropriate Orwell quote (1)

jools33 (252092) | about 3 years ago | (#37810512)

"Nothing was your own except the few cubic centimetres inside your skull"
George Orwell 1984.

Re:Two words... (1)

kheldan (1460303) | about 3 years ago | (#37810910)

Hear, hear.

But also this: I don't care WHAT bullshit controls they attempt to put on a motherboard, someone will have a hack to completely defeat it within a week of it's release. Suck it, fascist government assholes!

But no trusted government... (1)

Anonymous Coward | about 3 years ago | (#37810266)

....and no one pushing for it.

Funny (1)

Grindalf (1089511) | about 3 years ago | (#37810306)

That's true of just about every computer designed in the US via MW link. The fact of the matter is that there is no sure way to protect users against “Alpha Male Syndrome” etc. when it occurs in government agents. You can't obtain enough employees to see the data of that military psi level. You will wind up with a room full of skitsing employees as soon as they find they super-stud revenge target. So it is technically incorrect to allow this, and always was ...

There is an intellectual property-security complex (5, Interesting)

0xdeadbeef (28836) | about 3 years ago | (#37810312)

Actually, no, Richard Stallman had it right [gnu.org] long before Vernor Vinge.

DRM has never been about getting paid, it has always been about keeping control. And for all the shit Microsoft got about Palladium, the Apple zealots sure turned a 180 in 2007.

But the zealots are right about one thing - the iPhone is the future of computing. And that future is a boot stamping on a human face, forever.

Re:There is an intellectual property-security comp (2)

spottedkangaroo (451692) | about 3 years ago | (#37810382)

I agree on all counts except for one thing ... If you click through to the article (Vinge had it right), she's talking about his idea that it rises slowly without any disaster to get people to go for it. Surely Vinge built on ideas from others, everyone does. But they're specifically talking about how accepting we all are (will be?) toward it. In his Rainbows End, a character specifically says that we traded freedom for safety, implying that it was a willing transition.

Re:There is an intellectual property-security comp (1)

ScrewMaster (602015) | about 3 years ago | (#37810696)

I agree on all counts except for one thing ... If you click through to the article (Vinge had it right), she's talking about his idea that it rises slowly without any disaster to get people to go for it. Surely Vinge built on ideas from others, everyone does. But they're specifically talking about how accepting we all are (will be?) toward it. In his Rainbows End, a character specifically says that we traded freedom for safety, implying that it was a willing transition.

I'm reminded of the main title sequence for that Babylon 5 spinoff "Excalibur", where the Technomage Galen intones, "Whom do you trust? Whom do you serve?"

RIght now, I trust my computer systems because I know they serve me, and only me. If that changes, computing will be a very different place, although the bulk of humanity may never realize it.

TPM (2)

Ogun (101578) | about 3 years ago | (#37810328)

Because the certificate authorities have a really proven track record.

Also, it really helps against buffer overrun exploits which in now way is a common thing...

The usual bollocks, in other words.

Re:TPM (1)

ScrewMaster (602015) | about 3 years ago | (#37810712)

Because the certificate authorities have a really proven track record.

Also, it really helps against buffer overrun exploits which in now way is a common thing...

The usual bollocks, in other words.

Yes, and in fact they're probably the ones who will accidentally subvert the whole thing on a Biblical scale some day, with some drain-bamaged "revenue enhancement" scheme like their ill-fated 404 redirects.

Re:TPM (1)

blueg3 (192743) | about 3 years ago | (#37810916)

Why would a trusted computing architecture use "has a code signing cert issued by a CA" as a rule? They're cheap and they only provide accountability, not security. That rule isn't even sufficient for Windows drivers -- you need a cert issued by one of the CAs that's been counter-signed by Microsoft.

So much British (-1)

Anonymous Coward | about 3 years ago | (#37810380)

Okay, here's the thing. The UK does not produce anything except some biscuits and cereals (biscuits = cookies). Yeah, I've heard about Norton Motorcycles and BEA. The UK is all about mental foreplay with Londoners (also called The City) don't do anything except financial jugglery. We have a saying "Count your fingers after you have shaken hands with a Britisher".

Trusted Computing my ass!!

To the concerned Britishers ..... what the fuck is wrong with you? The land of Brunel & Newton?

Re:So much British (2)

digitig (1056110) | about 3 years ago | (#37810720)

The UK does not produce anything except some biscuits and cereals (biscuits = cookies).

They are way down on the list of things we make; our pharmaceutical, engineering, chemical and booze industries are much bigger. Here's a moderately recent list of UK exports. [google.com]

Re:So much British (1)

ScrewMaster (602015) | about 3 years ago | (#37810722)

We have a saying "Count your fingers after you have shaken hands with a Britisher".

Janis Ian once said something similar: "I always check my wallet when leaving a record company executive's office" or words to that effect.

How can anybody object? (0)

Anonymous Coward | about 3 years ago | (#37810394)

Government exists to make us all safe and secure and there's nothing that government can't do better than individual people. /sarcasm

It al depends who holds the key (1)

Teun (17872) | about 3 years ago | (#37810400)

It all depends who holds the key, the owner/user or some bureaucratic institution.

I would welcome a system with a strong wall against the installation of malicious software but ultimately the owner of the device should be in control.

And just as much I realise the vast majority of (Windows/ OSX) computer users find it out of their league to decide what is safe or unsafe software, a devilish dilemma!

Yet no more devilish than handing this over to the aforementioned bureaucrats.

Re:It al depends who holds the key (1)

ScrewMaster (602015) | about 3 years ago | (#37810804)

And just as much I realise the vast majority of (Windows/ OSX) computer users find it out of their league to decide what is safe or unsafe software, a devilish dilemma!

Not really. There's no particular reason that an operating system can't be reasonably safe on the Internet. The only "dilemma" here is whether or not you choose to use the mainstream operating system (Windows) or something else that's more secure. Yes, I know, Microsoft has come a long way with security, but they still have a ways to go, and as long as they're the dominant desktop OS they'll have a bull's eye painted on their backs. If you want security, and don't really need Microsoft compatibility (and in this age of ever more sophisticated Web-based applications, fewer and fewer people do) then skip Windows entirely and stop worrying about being part of a botnet.

This talk of trusted computer is exactly what everyone here is saying it is: a power grab. And they'll play on Windows users' fears in order to rationalize it, just like they've played on our fears of terrorism to do all the other things they've done to us. Mark my words: government officials will play the T-card (and of, of course, the CP-card) when it comes to promoting "trusted computing". Ought to call it "busted computing" since it fundamentally breaks the concept of a "personal computer."

RTFA (5, Informative)

Anonymous Coward | about 3 years ago | (#37810422)

The article quite clearly states that the government wants *its own* computers to have TPM installed, it doesn't mention anything about home users.

Re:RTFA (1)

ScrewMaster (602015) | about 3 years ago | (#37810812)

The article quite clearly states that the government wants *its own* computers to have TPM installed, it doesn't mention anything about home users.

Not yet.

Not for you (4, Informative)

EdZ (755139) | about 3 years ago | (#37810454)

This sounds less like requiring a TPM for access to, say, the jobcentreplus website (i.e. requiring TPM for the general public) and more an attempt to stem the tide of embarrassing governmental data breaches, i.e. requiring new government and MOD hardware to be a bit less rubbish in terms of data security. Requiring new hardware to access government services for eh general public won't happen, simply because there'd need to be a way to grandfather in all the non-protected devices in public libraries, distributed through government programs, etc.

What services are these? (1)

PPH (736903) | about 3 years ago | (#37810580)

Governments will demand the right credentials to access their services

When I want something from the government, I'll might be obliged to use their approved interface. But when the government wants something from me, they'll have to use mine. Paying my taxes, for example. If Windows crashing becomes a plausible excuse for not filing a return, the gov't is going to have a serious revenue problem on its hands.

Realistically, the revenue department will always have to allow paper returns for this reason. And the staff required to process them. The only way to minimize this requirement (but never totally eliminate it) is to reduce the barriers to using their on-line interface. Not raise them.

Re:What services are these? (1)

vadim_t (324782) | about 3 years ago | (#37810706)

Paying my taxes, for example. If Windows crashing becomes a plausible excuse for not filing a return, the gov't is going to have a serious revenue problem on its hands.

Yeah, right. What they'll do is to send you a certified letter saying you have a week to pay your taxes, or else. You might be able to convince them a bit longer, but the excuse won't work indefinitely. If you don't pay, they'll just give you a big fine, in addition to forcefully collecting the owed tax from your bank account.

Re:What services are these? (1)

Rich0 (548339) | about 3 years ago | (#37810862)

Uh, more like they'll send you a certified letter saying that you're already past-due, and please file and don't forget to add the following fine to your payment.

The next step will be a police officer knocking on your door.

I doubt a tax agency is going to resort to polite reminders.

"government's leading IT security officials" (1)

newcastlejon (1483695) | about 3 years ago | (#37810608)

I.E. No-one who could actually present a bill before parliament.

This has come up before and it'll come up again, but it's not gonna happen. If this was anything more than an unnamed bureaucrat saying "this would be handy" then it might pique my interest but otherwise it's no different from an MI5 spook saying that tracking everyone's browsing would be useful to the security services.

By that I mean yes, it would be useful, but even if it was technically possible parliament wouldn't consent to such nakedly draconian measures. They may seem a bunch of fatuous blowhards but they're not total idiots and they do have some moral standards.

Re:"government's leading IT security officials" (0)

Anonymous Coward | about 3 years ago | (#37810852)

They may seem a bunch of fatuous blowhards but they're not total idiots and they do have some moral standards.

I lost faith in their 'moral standards' when I heard the Mandybill aka the 'Digital Economy Act' became law.

Friends of friends (1)

biodata (1981610) | about 3 years ago | (#37810678)

I wonder if Owen Pengelly has friends with financial interest in 'trusted computing' firms. Someone must be feeding him this line I guess.

10 years from now (0)

Anonymous Coward | about 3 years ago | (#37810718)

"One of the government's leading IT security officials has said trusted thinking will play a significant role within the forthcoming security strategy.

The technology, is installed on a chip in people's brains and uses cryptography to authenticate actions and verify that only authorised thoughts run on it.

Speaking at a seminar on the subject he said the security strategy, expected to be published in mid-November, will revolve around four key objectives. These are making the public safe and ensuring the country is one of the best in the world for businesses; making the country more resilient in the face of terrorist attack and better able to protect its government's interests;

"Building the most effective police in the world will not help if you are suffering from intellectual property theft, like people telling others about a movie they have seen" he said. "Trusted thinking underpins security and can underpin growth, providing confidence in transactions, expanding markets and making them function more efficiently for corporations."

Pengelly added that he is now working with a security team in the Department of Business to work out what enforcement methods the government could provide to encourage the take-up of the relevant standards.

It's easy to improve security this way (1)

Hentes (2461350) | about 3 years ago | (#37810762)

It's easy to imporve security by taking away most of the functionality, but in most cases it isn't worth it.

000000 xxxxxxxxx - 00x the movie (1)

cosmas_c (1079035) | about 3 years ago | (#37810890)

hold your fire - 00x the "new" james bond come will !
  - at least queen Elizabeth so said !
- Queen the king is tired :-) ...

Okay UK government, you first! (1)

erroneus (253617) | about 3 years ago | (#37810932)

Before they start pushing out essentially untested technologies onto the public, shouldn't they test it on themselves first? If it does indeed offer "something better" let them test it on themselves and their own infrastructure first. Check to see that everything runs as it should and if not, what adjustments are needed to make it work. And most importantly, identify how it can be done fairly and without excluding various parties from participating in the marketplace.

If it can't be done without fairness and equality in the market, then it shouldn't be done.

I'm all for limiting the damage that infected Windows machines can do, but I get the feeling they aren't considering much beyond MS Windows. The wikipedia on the subject discusses some of the problems that would likely come from the use of TC. I won't go into those details but will recommend at least skimming over the page to see it. (Is a link really necessary? I guess so... [wikipedia.org] ) Will there be a list of requirements of how NOT to implement TC to ensure a fair and level marketplace?

Before anyone says so, I know they aren't particularly interested in fairness or equality because they don't really know what it means.

more big brother (0)

Anonymous Coward | about 3 years ago | (#37810948)

Great video about how we can break away from these "controls".

http://www.youtube.com/watch?v=x1I3uiqeG-g

Job Creation (1)

sgt scrub (869860) | about 3 years ago | (#37810960)

This sounds like it will start an industry. Companies building devices capable of having ID codes changed, much like a MAC address, will find themselves a large customer base.

Not a big deal (0)

Anonymous Coward | about 3 years ago | (#37810972)

As usual, the slashdot crowd gets it wrong.

How is it an invasion of privacy if the government is using a secure identification system to validate who is connecting to government services? You wouldn't want some scam artist stealing your taxpayer dollars, so instead of authenticating with a username+password, the government can more securely identify you with username+pin+TPM/Smart Card and more readily provide you with the expected service (DMV, Social Security, Welfare, etc.).

The government, if it is smart, does not need to mandate an entire software stack. It is much harder to exploit a box than it is to steal a password, so the use of secure hardware to authenticate would be a good step forward.

Uh.. (0)

Anonymous Coward | about 3 years ago | (#37811012)

The article looks like it is talking about government computer systems. This sounds like something perfect for government (or even business) computer systems which need to be heavily locked down to prevent theft of sensitive data. Hardliners like rms may call this an attack on peoples rights but quite honestly if I found that someone had been doing a lot of the things that he calls freedom on our work systems they would be fired immediately.

Sad to see the BS is believed even on Slashdot (-1)

Anonymous Coward | about 3 years ago | (#37811034)

Linux supports Trusted Computing and has done for years. There are whole distros built around it - like Trusted Gentoo.

Trusted Computing allows you to make sure that only binaries signed by approved keys can be run on your machine. Stop and think about it - how many of the problems with malware, viruses, etc, would go away if the hordes of moronic computer-users that are out there were finally safe from all of it?

There's plenty of potential for abuse of this system, sure - if your hardware won't allow you to add keys so you can only run, say, Microsoft-approved software, then absolutely, it's a really Bad Thing.

But what's wrong with, say, a computer that will only run binaries that either Canonical or you personally sign? A computer that, even if somebody cracks it and gain root access, will still refuse to run any software that wasn't compiled by you or Ubuntu? No tampered-with version of 'ps' that won't show you the dodgy software running, because they can't install the dodgy 'ps' or anything else either.

Trusted Computing is just encryption. Being against it just because it can be abused is like being against GPG because terrorists use it to share child porn undetectably via email.

I for one get enough spam from idiot-owned Windows PCs that anything that could be done to secure them and give my filters a break gets my vote.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?