diff options
author | Tong Hui <tonghuix@gmail.com> | 2016-03-25 16:52:03 +0800 |
---|---|---|
committer | Tong Hui <tonghuix@gmail.com> | 2016-03-25 16:52:03 +0800 |
commit | 5d6f7b414de4b04ddc19629ac6d1f5e5f3cb42ac (patch) | |
tree | b7d47d7d26bf9cd76ceeae138c71d4a99c7ac662 /docs/can-you-trust.md | |
download | fsfs-zh-5d6f7b414de4b04ddc19629ac6d1f5e5f3cb42ac.tar.xz |
first
Diffstat (limited to 'docs/can-you-trust.md')
-rw-r--r-- | docs/can-you-trust.md | 269 |
1 files changed, 269 insertions, 0 deletions
diff --git a/docs/can-you-trust.md b/docs/can-you-trust.md new file mode 100644 index 0000000..116308f --- /dev/null +++ b/docs/can-you-trust.md @@ -0,0 +1,269 @@ +--- +Generator: 'texi2html 1.82' +description: Untitled Document +distribution: global +keywords: Untitled Document +resource-type: document +title: Untitled Document +... + +1. Can You Trust Your Computer? {#can-you-trust-your-computer .chapter} +=============================== + +@firstcopyingnotice{{Copyright © 2002, 2007, 2014, 2015 Richard +Stallman\ + {This essay was first published on <http://gnu.org>, in 2002. This +version is part of @fsfsthreecite} Who should your computer take its +orders from? Most people think their computers should obey them, not +obey someone else. With a plan they call “trusted computing,” large +media corporations (including the movie companies and record companies), +together with computer companies such as Microsoft and Intel, are +planning to make your computer obey them instead of you. (Microsoft’s +version of this scheme is called Palladium.) Proprietary programs have +included malicious features before, but this plan would make it +universal. + +Proprietary software means, fundamentally, that you don’t control what +it does; you can’t study the source code, or change it. It’s not +surprising that clever businessmen find ways to use their control to put +you at a disadvantage. Microsoft has done this several times: one +version of Windows was designed to report to Microsoft all the software +on your hard disk; a recent “security” upgrade in Windows Media Player +required users to agree to new restrictions. But Microsoft is not alone: +the KaZaa music-sharing software is designed so that KaZaa’s business +partner can rent out the use of your computer to its clients. These +malicious features are often secret, but even once you know about them +it is hard to remove them, since you don’t have the source code. + +In the past, these were isolated incidents. “Trusted computing” would +make the practice pervasive. “Treacherous computing” is a more +appropriate name, because the plan is designed to make sure your +computer will systematically disobey you. In fact, it is designed to +stop your computer from functioning as a general-purpose computer. Every +operation may require explicit permission. + +The technical idea underlying treacherous computing is that the computer +includes a digital encryption and signature device, and the keys are +kept secret from you. Proprietary programs will use this device to +control which other programs you can run, which documents or data you +can access, and what programs you can pass them to. These programs will +continually download new authorization rules through the internet, and +impose those rules automatically on your work. If you don’t allow your +computer to obtain the new rules periodically from the internet, some +capabilities will automatically cease to function. + +Of course, Hollywood and the record companies plan to use treacherous +computing for Digital Restrictions Management (DRM), so that downloaded +videos and music can be played only on one specified computer. Sharing +will be entirely impossible, at least using the authorized files that +you would get from those companies. You, the public, ought to have both +the freedom and the ability to share these things. (I expect that +someone will find a way to produce unencrypted versions, and to upload +and share them, so DRM will not entirely succeed, but that is no excuse +for the system.) + +Making sharing impossible is bad enough, but it gets worse. There are +plans to use the same facility for email and documents—resulting in +email that disappears in two weeks, or documents that can only be read +on the computers in one company. + +Imagine if you get an email from your boss telling you to do something +that you think is risky; a month later, when it backfires, you can’t use +the email to show that the decision was not yours. “Getting it in +writing” doesn’t protect you when the order is written in disappearing +ink. + +Imagine if you get an email from your boss stating a policy that is +illegal or morally outrageous, such as to shred your company’s audit +documents, or to allow a dangerous threat to your country to move +forward unchecked. Today you can send this to a reporter and expose the +activity. With treacherous computing, the reporter won’t be able to read +the document; her computer will refuse to obey her. Treacherous +computing becomes a paradise for corruption. + +Word processors such as Microsoft Word could use treacherous computing +when they save your documents, to make sure no competing word processors +can read them. Today we must figure out the secrets of Word format by +laborious experiments in order to make free word processors read Word +documents. If Word encrypts documents using treacherous computing when +saving them, the free software community won’t have a chance of +developing software to read them—and if we could, such programs might +even be forbidden by the Digital Millennium Copyright Act. + +Programs that use treacherous computing will continually download new +authorization rules through the internet, and impose those rules +automatically on your work. If Microsoft, or the US government, does not +like what you said in a document you wrote, they could post new +instructions telling all computers to refuse to let anyone read that +document. Each computer would obey when it downloads the new +instructions. Your writing would be subject to 1984-style retroactive +erasure. You might be unable to read it yourself. + +You might think you can find out what nasty things a +treacherous-computing application does, study how painful they are, and +decide whether to accept them. Even if you can find this out, it would +be foolish to accept the deal, but you can’t even expect the deal to +stand still. Once you come to depend on using the program, you are +hooked and they know it; then they can change the deal. Some +applications will automatically download upgrades that will do something +different—and they won’t give you a choice about whether to upgrade. + +Today you can avoid being restricted by proprietary software by not +using it. If you run GNU/Linux or another free operating system, and if +you avoid installing proprietary applications on it, then you are in +charge of what your computer does. If a free program has a malicious +feature, other developers in the community will take it out, and you can +use the corrected version. You can also run free application programs +and tools on nonfree operating systems; this falls short of fully giving +you freedom, but many users do it. + +Treacherous computing puts the existence of free operating systems and +free applications at risk, because you may not be able to run them at +all. Some versions of treacherous computing would require the operating +system to be specifically authorized by a particular company. Free +operating systems could not be installed. Some versions of treacherous +computing would require every program to be specifically authorized by +the operating system developer. You could not run free applications on +such a system. If you did figure out how, and told someone, that could +be a crime. + +There are proposals already for US laws that would require all computers +to support treacherous computing, and to prohibit connecting old +computers to the internet. The CBDTPA (we call it the Consume But Don’t +Try Programming Act) is one of them. But even if they don’t legally +force you to switch to treacherous computing, the pressure to accept it +may be enormous. Today people often use Word format for communication, +although this causes several sorts of problems.[(1)](#FOOT1) If only a +treacherous-computing machine can read the latest Word documents, many +people will switch to it, if they view the situation only in terms of +individual action (take it or leave it). To oppose treacherous +computing,[(2)](#FOOT2) we must join together and confront the situation +as a collective choice. + +To block treacherous computing will require large numbers of citizens to +organize. We need your help! Please support +[DefectiveByDesign.org](DefectiveByDesign.org), the FSF’s campaign +against Digital Restrictions Management. + +### Postscripts {#postscripts .subheading} + +1. The computer security field uses the term “trusted computing” in a + different way—beware of confusion between the two meanings. +2. The GNU Project distributes the GNU Privacy Guard, a program that + implements public-key encryption and digital signatures, which you + can use to send secure and private email. It is useful to explore + how GPG differs from treacherous computing, and see what makes one + helpful and the other so dangerous. + + When someone uses GPG to send you an encrypted document, and you use + GPG to decode it, the result is an unencrypted document that you can + read, forward, copy, and even reencrypt to send it securely to + someone else. A treacherous-computing application would let you read + the words on the screen, but would not let you produce an + unencrypted document that you could use in other ways. GPG, a free + software package, makes security features available to the users; + *they* use *it*. Treacherous computing is designed to impose + restrictions on the users; *it* uses *them*. + +3. The supporters of treacherous computing focus their discourse on its + beneficial uses. What they say is often correct, just not important. + + Like most hardware, treacherous-computing hardware can be used for + purposes which are not harmful. But these features can be + implemented in other ways, without treacherous-computing hardware. + The principal difference that treacherous computing makes for users + is the nasty consequence: rigging your computer to work against you. + + What they say is true, and what I say is true. Put them together and + what do you get? Treacherous computing is a plan to take away our + freedom, while offering minor benefits to distract us from what we + would lose. + +4. Microsoft presents Palladium as a security measure, and claims that + it will protect against viruses, but this claim is evidently false. + A presentation by Microsoft Research in October 2002 stated that one + of the specifications of Palladium is that existing operating + systems and applications will continue to run; therefore, viruses + will continue to be able to do all the things that they can + do today. + + When Microsoft employees speak of “security” in connection with + Palladium, they do not mean what we normally mean by that word: + protecting your machine from things you do not want. They mean + protecting your copies of data on your machine from access by you in + ways others do not want. A slide in the presentation listed several + types of secrets Palladium could be used to keep, including “third + party secrets” and “user secrets”—but it put “user secrets” in + quotation marks, recognizing that this is somewhat of an absurdity + in the context of Palladium. + + The presentation made frequent use of other terms that we frequently + associate with the context of security, such as “attack,” “malicious + code,” “spoofing,” as well as “trusted.” None of them means what it + normally means. “Attack” doesn’t mean someone trying to hurt you, it + means you trying to copy music. “Malicious code” means code + installed by you to do what someone else doesn’t want your machine + to do. “Spoofing” doesn’t mean someone’s fooling you, it means your + fooling Palladium. And so on. + +5. A previous statement by the Palladium developers stated the basic + premise that whoever developed or collected information should have + total control of how you use it. This would represent a + revolutionary overturn of past ideas of ethics and of the legal + system, and create an unprecedented system of control. The specific + problems of these systems are no accident; they result from the + basic goal. It is the goal we must reject. +6. As of 2015, treacherous computing has been implemented for PCs in + the form of the “Trusted Platform Module”; however, for practical + reasons, the TPM has proved a total failure for the goal of + providing a platform for remote attestation to verify Digital + Restrictions Management. Thus, companies implement DRM using + other methods. At present, “Trusted Platform Modules” are not being + used for DRM at all, and there are reasons to think that it will not + be feasible to use them for DRM. Ironically, this means that the + only current uses of the “Trusted Platform Modules” are the innocent + secondary uses—for instance, to verify that no one has + surreptitiously changed the system in a computer. + + Therefore, we conclude that the “Trusted Platform Modules” available + for PCs are not dangerous, and there is no reason not to include one + in a computer or support it in system software. + + This does not mean that everything is rosy. Other hardware systems + for blocking the owner of a computer from changing the software in + it are in use in some ARM PCs as well as processors in portable + phones, cars, TVs and other devices, and these are fully as bad as + we expected. + + This also does not mean that remote attestation is harmless. If ever + a device succeeds in implementing that, it will be a grave threat to + users’ freedom. The current “Trusted Platform Module” is harmless + only because it failed in the attempt to make remote + attestation feasible. We must not presume that all future attempts + will fail too. + +<div class="footnote"> + +------------------------------------------------------------------------ + +### Footnotes + +### [(1)](#DOCF1) + +@raggedright See my article “We Can Put an End to Word Attachments,” at +<http://gnu.org/philosophy/no-word-attachments.html>, for a description +of the problems Word documents cause and a number of suggestions on how +to tackle them. @end raggedright + +### [(2)](#DOCF2) + +@raggedright For further information, see the “‘Trusted Computing’ +Frequently Asked Questions,” at +<http://www.cl.cam.ac.uk/users/rja14/tcpa-faq.html>. @end raggedright + +</div> + +------------------------------------------------------------------------ + +This document was generated by *tonghuix* on *March 25, 2016* using +[*texi2html 1.82*](http://www.nongnu.org/texi2html/).\ |