TORONTO (djc Features) — Trust. As a word and a concept, it’s loaded with different meanings: “Trust,” the noun, is commonly used to denote a confidence, reliance or faith in something’s integrity. In law, it refers to a property entrusted to one party for another’s benefit. And in business terms, well, it’s either a body of corporations, colluding to regulate prices and squeeze out non-aligned competitors; or it’s the most basic, time-honoured foundation of all commerce.
As the global business environment — particularly the tech sector — grows more complicated in the 21st century, so has the concept of trust. On one hand, the most persistently thriving companies owe much of their success to creating trust relationships with customers through unfailing quality, value, service and speed: Amazon, Dell and Charles Schwab come to mind. On the other hand, there are those companies, also highly successful, that a great deal of people seem to distrust — and increasingly believe that the feeling is mutual.
Enter Microsoft: A company that, if you believe what you read on Slashdot, can’t be trusted to produce an effective or secure phone index. At the same time, enough households, companies, governments and military institutions sufficiently trust the Washington giant to fuel its virtual monopoly on PC operating systems — despite regular complaints about security holes, frequent crashes and susceptibility to viruses. But Microsoft wants to change all that.
In January 2002, Bill Gates kicked off a 10-year, multi-million dollar project dubbed Trustworthy Computing, a commendably prudent venture to place security and privacy concerns above new product development. When the “SQL Slammer” worm came around a year later, disrupting hundreds of thousands of systems around the world including Microsoft’s own, it became increasingly obvious that there was still lots of work to do. In all fairness, Microsoft has been diligent in issuing patches — lots of patches — giving frazzled IT administrators the chance to prove their worth.
Last July, Polish security researchers discovered a critical vulnerability in the Windows Remote Procedure Call of several MS operating systems, including Windows Server 2003, which Microsoft CEO Steve Ballmer once touted as a “breakthrough in terms of built-in security and reliability.” The U.S. Department of Homeland Security, which recently signed a contract making Microsoft its main software provider, expressed concern that a worldwide hacking campaign could be underway. If that wasn’t bad enough, one week later a team of enterprising Swiss researchers revealed a way to crack Windows passwords in an average of just 13.6 seconds, exposing the inherent weakness of Microsoft’s encryption scheme.
Asked to comment on the success thus far of the Trustworthy Computing initiative, NTBugTraq moderator Russ Cooper said, “I rated it an ‘F’ in January 2003. Nothing so far has changed that. If it were possible to give it a lower grade, I would.” It’s reasonable to trust that it’s got nowhere to go, but up.
In the meantime, Microsoft has another, much more controversial initiative in the works. In 1999, the company helped form the Trusted Computing Platform Alliance along with Compaq, HP, IBM and Intel. The basic goal, as stated by the Alliance (later renamed the Trusted Computing Group, or TCG), was to create hardware that focuses on “building levels of trust into the computing platform.”
Microsoft’s contribution, code-named Palladium, is essentially a new Windows architecture that utilizes security features built into hardware fitted with Trusted Computing (TC) technologies. Chip manufacturers like Intel and AMD would develop coprocessors, each with a pair of unique, hidden cryptographic keys, that work with the software component to encrypt all sorts of data. Microsoft vows that the technology could be used to ensure privacy, stop viruses and even block spam.
Due in late 2004, and expected to be part of the next Windows in 2005, Palladium has since been renamed the Next-Generation Secure Computing Base (NGSCB). Microsoft reps deny that the techy new name suggests the company is trying to avoid criticism; either way, they have received plenty.
“Traditionally, you decide what policy you want for your computer, and computer security is about enforcing that policy to protect you against outsiders,” says Electronic Frontier Foundation technologist Seth Schoen. “In the NGSCB and TCG designs, though, the computer and its software are being protected not only against intruders, but against their owner.”
Schoen, who regularly meets with Microsoft about the project, is referring to the controversial feature known as “remote attestation.” This patented technology can digitally sign a program or piece of data and allow other systems to verify the integrity of the software. For instance, a bank could use it to confirm that their client is not transferring funds generated by corrupt accounting software. Or, suppose Microsoft wanted to finally make Hotmail accessible exclusively through Internet Explorer; not only would this be possible, but there would be no way to override the feature.
Richard Stallman, the outspoken cyber-gadfly, GNU author and anti-copyright activist, called this “treacherous computing.” He, along with scores of other open-source enthusiasts, sees a great potential for misuse in the NGSCB. For example, software makers who aren’t “approved” by whatever consortium exists to decide these things could become bit players in a TCG-controlled marketplace.
Businesses might be forced to make unwelcome software upgrades, or be powerless to migrate to different systems. Because it will be nearly impossible to tamper with existing software, “white-hat hackers” who test and improve code for fun, prestige or altruism will be prevented from doing so — discouraging the innovation and competition that has helped make the Internet what it is today. And if the NGSCB lives up to Microsoft’s expectations and effectively halts spam, viruses and remote attacks, then security and firewall firms could start dropping like dot-coms.
But it’s not just the geeky champions of open source who are nervous. Companies will be able to digitally confine sensitive documents to internal groups, and define a lifespan for them. This has some journalists, academics, lawmakers and researchers worried that businesses and institutions will be less publicly accountable. Ironically, it could also make it easier for organized criminals (including software pirates) to operate in secrecy.
However, the most widespread concern is that these technologies could be used to enforce digital rights management (DRM) schemes — something the music, film and publishing industries have been angling for, along with certain overzealous members of the U.S. Senate. With the NGSCB architecture in place, intellectual property holders could remotely track down pirated (or perhaps offensive) content, and delete it. Indeed, Microsoft’s patent includes such capabilities as time- or playback-based expiration limits on files, and “trust fields” defined by entertainment bodies.
Microsoft denies any intention to drive DRM, pointing out that the entertainment industry would be suicidal to be so restrictive with digital content. Even so, it is in Microsoft’s best interest to “play nice” with groups such as the Recording Industry Association of America. On one hand, Bill Gates would love to see the Windows-powered PC become the heart of the home entertainment network, displacing standalone devices like DVD players and stereos. On the other hand, he recognizes that content providers like Sony, who may also manufacture such devices, abhor the flexibility and inclusiveness of computers — and might threaten to exclude PCs from emerging media formats unless some built-in protection is in place.
The truth, though no company would outright admit it, is that people simply can’t be trusted. Every day, millions of Internet users blithely swap untold gigabytes of MP3s, movies, software, fonts and pornography, whether out of principle, impatience or stinginess. Whenever their ability to do so is threatened, they become indignant, inducing the oft-misunderstood quote “information wants to be free.”
Then again, one could argue that Microsoft’s success partially depends on dishonesty; how many home users actually purchase the software that’s become the world standard? The problem, as Microsoft sees it, is that people have become too happy with their current systems’ speed, and too comfortable with their outdated versions of MS Office. Windows often ships with new PCs, but slumping computer sales in recent years have forced Microsoft to find new angles. Hence the NGSCB.
But will consumers trust Microsoft’s new crusade? It’s a good question. People are astoundingly trusting nowadays, routinely forfeiting privacy for convenience — your credit card, cell phone and Internet activities are constantly being monitored and archived, trust me — and many will probably tolerate similar intrusions in the future.
A better question is whether we really need this technology, and when it arrives, if we will have a choice. There’s an extensive debate going on over whether these technologies will be optional, and what the consequences of opting out are. Some critics speculate that many applications won’t run, at least not like they’re supposed to.
The idea behind these technologies is nothing new. It’s also not unique — even Linux/GNU has TC-enabled versions pending. Intel tried to introduce a similar concept in 1999, but shut it down due to public condemnation. Back in 1996, a researcher named Markus Kuhn wrote his Master’s thesis about a theoretical cryptoprocessor that uses a trusted “reference monitor,” encrypting data on the fly. Appropriately named “TrustNo1,” it was inspired by American military technologies that existed since the early 1970s. As Ross Anderson, author of the vitriolic Trusted Computing FAQ points out, a “trusted component” in military terminology describes something that can break your security policy; sort of like remote attestation.
Microsoft is currently embroiled in a patent dispute over many of its TC technologies. The suing company, InterTrust, claims Microsoft infringed on dozens of its digital security patents. In a July pre-trial hearing, the judge ruled overwhelmingly in favour of InterTrust, though it’s expected to end in a pricy out-of-court settlement.
This case was filed more than two years ago; since then, Microsoft has already put various TC features in its products, including Windows XP and Xbox. As NTBugTraq’s Russ Cooper said, “I cannot remember a technology that MS has released which has been slowed down by lawsuits.”
Speaking of which, remember when the words “Microsoft” and “trust” were associated only to their antitrust suit? The case is still very much alive in Europe, where pressure from the European Commission has only increased in recent months. However, in the United States, Massachusetts is the only the state still battling on, stubbornly refusing to sign the settlement agreement worked out by its co-plaintiffs last November. Some cynics contend that, even if Microsoft is an anticompetitive monopoly, it makes money, and money’s good for the economy.
If that’s true, it goes to show that you can’t trust anyone these days…but you can always trust funds.
