"Trusted Computing," which you can learn about at
http://www.eff.org/Infrastructure/trusted_computing,
particularly Trusted Computing: Promise and
Risk,
has reared its ugly head again. Readers may recall various diatribes
I've given on this subject in various conversations both on and offline,
or in various emails.
As discussed in Take Control of TCPA published in the Linux Journal, Trusted Computing offers some significant benefits for mitigating the damage a hacked system can create, if properly integrated with an intrusion detection system. Again trusting the LJ article, it appears that IBM's Linux efforts are along these lines. In this manifestation, I am not particularly opposed to Trusted Computing, used in this manner, it allows an owner to have greater control over his or her system, aids in securing his or her information, both good things to see happening. In such a situation, the user controlled activation of Trusted Computing, we have a new technology empowering users against any and all attackers. My concerns, well outlined in the EFF documents, is that vendors will use the Trusted Computing chip to take control away from users, to allow 3rd parties to ascertain information about you and your computer usage without your control, to allow vendors to decide for you what constitutes an environment in which their software can be run. This would set up an adversarial situation in which the user would in fact be untrusted, and be trusted, by his own machine, only to the extent that he conforms to the expectations set in place by others. Gone would be the presumption of innocence, instead you would have to prove yourself to the computer, and to the network as a whole.