Why the Internet can’t be Trusted

Posted by Ken Y-N on May 15th, 2008 at 02:21pm

This interesting blog post inspired by a Bruce Schneier article on Wired.com entitled The Myth of the ‘Transparent Society’ gives one a lot of pause for thought.

As an aside, this is why I think it’s important to highlight both sides of the coin on the Trusted Computing debate. An imbalanaced diet of merely “Bill Gates will eat your granny” on one side or “Trust us, we’re doing this for your own good” on the other discourages critical thought. Read Mr Schneier’s article and realise he is right.

The analogy quoted is in part:

Asking to see the officer’s ID in return gives you no comparable power over him or her. The power imbalance is too great, and mutual disclosure does not make it OK.

This is what happens when you do mutual attestation, and if you imagine having a fully Trusted Internet you lose a lot of privacy in exchange for really very little, especially once we introduce the slipperly slope into the argument. Thus, Mr Schneier concludes that if you put any value on your own personal privacy, you cannot participate in this ‘Transparent Society’, of which the Trusted Internet may be one part. Looking at his position and given his definitions, one can only agree with him.

Back at the blog post, it says:

You have no power, they do. You can’t get their power so it will always be lopsided.

How does this differ from just standard SSL? Or who is cross-referencing my mobile phone location with my rail use records from my season ticket, paid by credit card charged to the same bank account as my AdSense payments?

The article concludes along the lines of DRM (Digital Rights Management) equals Trusted Computing equals Trusted Internet equals Microsoft equals stupidity.

I’ve said it before, and I’ll no doubt say it many times again, but the Trusted Computing Group (TCG) really needs to push non-DRM and consumer-friendly use cases. The Trusted Network Connect stuff is great for corporates, but consumers need to see why their home computer should have their Trusted Platform Module (TPM) activated. Indeed, what would be excellent would be a Linux-based open source solution that shows the TPM doing something useful. PGP have announced a TPM extension for key management; what if the TCG sponsored a GPG extension to do something similar?

I seem to have gone rather off-topic! Read the original post over at BambisMusings - Musings from a little deer? here.

Tags: bruce schneier