summaryrefslogtreecommitdiff
path: root/talermerchantdemos/blog/articles/en/can-you-trust.html
diff options
context:
space:
mode:
Diffstat (limited to 'talermerchantdemos/blog/articles/en/can-you-trust.html')
-rw-r--r--talermerchantdemos/blog/articles/en/can-you-trust.html316
1 files changed, 316 insertions, 0 deletions
diff --git a/talermerchantdemos/blog/articles/en/can-you-trust.html b/talermerchantdemos/blog/articles/en/can-you-trust.html
new file mode 100644
index 0000000..51db680
--- /dev/null
+++ b/talermerchantdemos/blog/articles/en/can-you-trust.html
@@ -0,0 +1,316 @@
+<!--#include virtual="/server/header.html" -->
+<!-- Parent-Version: 1.79 -->
+<title>Can You Trust Your Computer?
+- GNU Project - Free Software Foundation</title>
+<!--#include virtual="/philosophy/po/can-you-trust.translist" -->
+<!--#include virtual="/server/banner.html" -->
+<h2>Can You Trust Your Computer?</h2>
+
+<p>by <a href="http://www.stallman.org/">Richard Stallman</a></p>
+
+<p>
+Who should your computer take its orders from? Most people think
+their computers should obey them, not obey someone else. With a plan
+they call &ldquo;trusted computing&rdquo;, large media corporations
+(including the movie companies and record companies), together with
+computer companies such as Microsoft and Intel, are planning to make
+your computer obey them instead of you. (Microsoft's version of this
+scheme is called Palladium.) Proprietary programs have
+included malicious features before, but this plan would make it
+universal.</p>
+<p>
+Proprietary software means, fundamentally, that you don't control what
+it does; you can't study the source code, or change it. It's not
+surprising that clever businessmen find ways to use their control to
+put you at a disadvantage. Microsoft has done this several times: one
+version of Windows was designed to report to Microsoft all the
+software on your hard disk; a recent &ldquo;security&rdquo; upgrade in
+Windows Media Player required users to agree to new restrictions. But
+Microsoft is not alone: the KaZaa music-sharing software is designed
+so that KaZaa's business partner can rent out the use of your computer
+to its clients. These malicious features are often secret, but even
+once you know about them it is hard to remove them, since you don't
+have the source code.</p>
+<p>
+In the past, these were isolated incidents. &ldquo;Trusted
+computing&rdquo; would make the practice pervasive. &ldquo;Treacherous
+computing&rdquo; is a more appropriate name, because the plan is
+designed to make sure your computer will systematically disobey you.
+In fact, it is designed to stop your computer from functioning as a
+general-purpose computer. Every operation may require explicit
+permission.</p>
+<p>
+The technical idea underlying treacherous computing is that the
+computer includes a digital encryption and signature device, and the
+keys are kept secret from you. Proprietary programs will use this
+device to control which other programs you can run, which documents or
+data you can access, and what programs you can pass them to. These
+programs will continually download new authorization rules through the
+Internet, and impose those rules automatically on your work. If you
+don't allow your computer to obtain the new rules periodically from
+the Internet, some capabilities will automatically cease to function.</p>
+<p>
+Of course, Hollywood and the record companies plan to use treacherous
+computing for Digital Restrictions Management (DRM), so
+that downloaded videos and music can be played only on one specified
+computer. Sharing will be entirely impossible, at least using the
+authorized files that you would get from those companies. You, the
+public, ought to have both the freedom and the ability to share these
+things. (I expect that someone will find a way to produce unencrypted
+versions, and to upload and share them, so DRM will not entirely
+succeed, but that is no excuse for the system.)</p>
+<p>
+Making sharing impossible is bad enough, but it gets worse. There are
+plans to use the same facility for email and documents&mdash;resulting
+in email that disappears in two weeks, or documents that can only be
+read on the computers in one company.</p>
+<p>
+Imagine if you get an email from your boss telling you to do something
+that you think is risky; a month later, when it backfires, you can't
+use the email to show that the decision was not yours. &ldquo;Getting
+it in writing&rdquo; doesn't protect you when the order is written in
+disappearing ink.</p>
+<p>
+Imagine if you get an email from your boss stating a policy that is
+illegal or morally outrageous, such as to shred your company's audit
+documents, or to allow a dangerous threat to your country to move
+forward unchecked. Today you can send this to a reporter and expose
+the activity. With treacherous computing, the reporter won't be able
+to read the document; her computer will refuse to obey her.
+Treacherous computing becomes a paradise for corruption.</p>
+<p>
+Word processors such as Microsoft Word could use treacherous computing
+when they save your documents, to make sure no competing word
+processors can read them. Today we must figure out the secrets of
+Word format by laborious experiments in order to make free word
+processors read Word documents. If Word encrypts documents using
+treacherous computing when saving them, the free software community
+won't have a chance of developing software to read them&mdash;and if
+we could, such programs might even be forbidden by the Digital
+Millennium Copyright Act.</p>
+<p>
+Programs that use treacherous computing will continually download new
+authorization rules through the Internet, and impose those rules
+automatically on your work. If Microsoft, or the US government, does
+not like what you said in a document you wrote, they could post new
+instructions telling all computers to refuse to let anyone read that
+document. Each computer would obey when it downloads the new
+instructions. Your writing would be subject to 1984-style retroactive
+erasure. You might be unable to read it yourself.</p>
+<p>
+You might think you can find out what nasty things a treacherous-computing
+application does, study how painful they are, and decide
+whether to accept them. Even if you can find this out, it would
+be foolish to accept the deal, but you can't even expect the deal
+to stand still. Once you come to depend on using the program, you are
+hooked and they know it; then they can change the deal. Some
+applications will automatically download upgrades that will do
+something different&mdash;and they won't give you a choice about
+whether to upgrade.</p>
+<p>
+Today you can avoid being restricted by proprietary software by not
+using it. If you run GNU/Linux or another free operating system, and
+if you avoid installing proprietary applications on it, then you are
+in charge of what your computer does. If a free program has a
+malicious feature, other developers in the community will take it out,
+and you can use the corrected version. You can also run free
+application programs and tools on nonfree operating systems; this
+falls short of fully giving you freedom, but many users do it.</p>
+<p>
+Treacherous computing puts the existence of free operating systems and
+free applications at risk, because you may not be able to run them at
+all. Some versions of treacherous computing would require the
+operating system to be specifically authorized by a particular
+company. Free operating systems could not be installed. Some
+versions of treacherous computing would require every program to be
+specifically authorized by the operating system developer. You could
+not run free applications on such a system. If you did figure out
+how, and told someone, that could be a crime.</p>
+<p>
+There are proposals already for US laws that would require all computers to
+support treacherous computing, and to prohibit connecting old computers to
+the Internet. The CBDTPA (we call it the Consume But Don't Try Programming
+Act) is one of them. But even if they don't legally force you to switch to
+treacherous computing, the pressure to accept it may be enormous. Today
+people often use Word format for communication, although this causes
+several sorts of problems (see
+<a href="/philosophy/no-word-attachments.html">&ldquo;We Can Put an End to Word
+Attachments&rdquo;</a>). If only a treacherous-computing machine can read the
+latest Word documents, many people will switch to it, if they view the
+situation only in terms of individual action (take it or leave it). To
+oppose treacherous computing, we must join together and confront the
+situation as a collective choice.</p>
+<p>
+For further information about treacherous computing, see
+<a href="http://www.cl.cam.ac.uk/users/rja14/tcpa-faq.html">http://www.cl.cam.ac.uk/users/rja14/tcpa-faq.html</a>.</p>
+<p>
+To block treacherous computing will require large numbers of citizens
+to organize. We need your help! Please support
+<a href="http://DefectiveByDesign.org">Defective by Design</a>, the
+FSF's campaign against Digital Restrictions Management.</p>
+
+<h3>Postscripts</h3>
+
+<ol>
+<li><p>
+The computer security field uses the term &ldquo;trusted
+computing&rdquo; in a different way&mdash;beware of confusion
+between the two meanings.</p></li>
+
+<li><p>
+The GNU Project distributes the GNU Privacy Guard, a program that
+implements public-key encryption and digital signatures, which you can
+use to send secure and private email. It is useful to explore how GPG
+differs from treacherous computing, and see what makes one helpful and
+the other so dangerous.</p>
+<p>
+When someone uses GPG to send you an encrypted document, and you use
+GPG to decode it, the result is an unencrypted document that you can
+read, forward, copy, and even reencrypt to send it securely to
+someone else. A treacherous-computing application would let you read
+the words on the screen, but would not let you produce an unencrypted
+document that you could use in other ways. GPG, a free software
+package, makes security features available to the users; <em>they</em> use <em>it</em>.
+Treacherous computing is designed to impose restrictions on the users;
+<em>it</em> uses <em>them</em>.</p></li>
+
+<li><p>
+The supporters of treacherous computing focus their discourse on its
+<a name="beneficial">beneficial uses</a>. What they say is often
+correct, just not important.</p>
+<p>
+Like most hardware, treacherous-computing hardware can be used for
+purposes which are not harmful. But these features can be implemented in
+other ways, without treacherous-computing hardware. The principal
+difference that treacherous computing makes for users is the nasty
+consequence: rigging your computer to work against you.</p>
+<p>
+What they say is true, and what I say is true. Put them together and
+what do you get? Treacherous computing is a plan to take away our
+freedom, while offering minor benefits to distract us from what we
+would lose.</p></li>
+
+<li><p>
+Microsoft presents Palladium as a security measure, and claims that
+it will protect against viruses, but this claim is evidently false. A
+presentation by Microsoft Research in October 2002 stated that one of
+the specifications of Palladium is that existing operating systems and
+applications will continue to run; therefore, viruses will continue to
+be able to do all the things that they can do today.</p>
+<p>
+When Microsoft employees speak of &ldquo;security&rdquo; in connection with
+Palladium, they do not mean what we normally mean by that word:
+protecting your machine from things you do not want. They mean
+protecting your copies of data on your machine from access by you in
+ways others do not want. A slide in the presentation listed several
+types of secrets Palladium could be used to keep, including
+&ldquo;third party secrets&rdquo; and &ldquo;user
+secrets&rdquo;&mdash;but it put &ldquo;user secrets&rdquo; in
+quotation marks, recognizing that this is somewhat of an absurdity in the
+context of Palladium.</p>
+<p>
+The presentation made frequent use of other terms that we frequently
+associate with the context of security, such as &ldquo;attack&rdquo;,
+&ldquo;malicious code&rdquo;, &ldquo;spoofing&rdquo;, as well as
+&ldquo;trusted&rdquo;. None of them means what it normally means.
+&ldquo;Attack&rdquo; doesn't mean someone trying to hurt you, it means
+you trying to copy music. &ldquo;Malicious code&rdquo; means code
+installed by you to do what someone else doesn't want your machine to
+do. &ldquo;Spoofing&rdquo; doesn't mean someone's fooling you, it means
+you're fooling Palladium. And so on.</p></li>
+
+<li><p>
+A previous statement by the Palladium developers stated the basic
+premise that whoever developed or collected information should have
+total control of how you use it. This would represent a revolutionary
+overturn of past ideas of ethics and of the legal system, and create
+an unprecedented system of control. The specific problems of these
+systems are no accident; they result from the basic goal. It is the
+goal we must reject.</p></li>
+</ol>
+
+<hr />
+
+<p>As of 2015, treacherous computing has been implemented for PCs in
+the form of the &ldquo;Trusted Platform Module&rdquo;; however, for
+practical reasons, the TPM has proved a total failure for the goal of
+providing a platform for remote attestation to verify Digital
+Restrictions Management. Thus, companies implement DRM using other
+methods. At present, &ldquo;Trusted Platform Modules&rdquo; are not
+being used for DRM at all, and there are reasons to think that it will
+not be feasible to use them for DRM. Ironically, this means that the
+only current uses of the &ldquo;Trusted Platform Modules&rdquo; are
+the innocent secondary uses&mdash;for instance, to verify that no one
+has surreptitiously changed the system in a computer.</p>
+
+<p>Therefore, we conclude that the &ldquo;Trusted Platform
+Modules&rdquo; available for PCs are not dangerous, and there is no
+reason not to include one in a computer or support it in system
+software.</p>
+
+<p>This does not mean that everything is rosy. Other hardware systems
+for blocking the owner of a computer from changing the software in it
+are in use in some ARM PCs as well as processors in portable phones,
+cars, TVs and other devices, and these are fully as bad as we
+expected.</p>
+
+<p>This also does not mean that remote attestation is harmless. If
+ever a device succeeds in implementing that, it will be a grave threat
+to users' freedom. The current &ldquo;Trusted Platform Module&rdquo;
+is harmless only because it failed in the attempt to make remote
+attestation feasible. We must not presume that all future attempts
+will fail too.</p>
+
+<hr />
+
+<blockquote id="fsfs"><p class="big">This essay is published
+in <a href="http://shop.fsf.org/product/free-software-free-society/"><cite>Free
+Software, Free Society: The Selected Essays of Richard
+M. Stallman</cite></a>.</p></blockquote>
+
+</div><!-- for id="content", starts in the include above -->
+<!--#include virtual="/server/footer.html" -->
+<div id="footer">
+<div class="unprintable">
+
+<p>Please send general FSF &amp; GNU inquiries to <a
+href="mailto:gnu@gnu.org">&lt;gnu@gnu.org&gt;</a>. There are also <a
+href="/contact/">other ways to contact</a> the FSF. Broken links and other
+corrections or suggestions can be sent to <a
+href="mailto:webmasters@gnu.org">&lt;webmasters@gnu.org&gt;</a>.</p>
+
+<p><!-- TRANSLATORS: Ignore the original text in this paragraph,
+ replace it with the translation of these two:
+
+ We work hard and do our best to provide accurate, good quality
+ translations. However, we are not exempt from imperfection.
+ Please send your comments and general suggestions in this regard
+ to <a href="mailto:web-translators@gnu.org">
+ &lt;web-translators@gnu.org&gt;</a>.</p>
+
+ <p>For information on coordinating and submitting translations of
+ our web pages, see <a
+ href="/server/standards/README.translations.html">Translations
+ README</a>. -->
+Please see the <a
+href="/server/standards/README.translations.html">Translations README</a> for
+information on coordinating and submitting translations of this article.</p>
+</div>
+
+<p>Copyright &copy; 2002, 2007, 2014, 2015, 2016 Richard Stallman</p>
+
+<p>This page is licensed under a <a rel="license"
+href="http://creativecommons.org/licenses/by-nd/4.0/">Creative
+Commons Attribution-NoDerivatives 4.0 International License</a>.</p>
+
+<!--#include virtual="/server/bottom-notes.html" -->
+
+<p class="unprintable">Updated:
+<!-- timestamp start -->
+$Date: 2016/11/18 06:31:39 $
+<!-- timestamp end -->
+</p>
+</div>
+</div>
+</body>
+</html>