It is Time for the TCG to Repudiate the NSA
By Richard Stiennon
Trust is fragile and the decade long effort on the part of the NSA to compromise all security models has destroyed trust. From its inception the coalition of industry giants who have backed the concept of hardware-based security, the Trusted Computing Group (TCG), have been at odds with the “information should be free” crowd. The problem these giants (Microsoft, Intel, AMD, IBM, HP) faced a decade ago was software and media piracy. As the biggest backer, Microsoft, was the most suspect. In recent weeks that suspicion of Microsoft has exploded into bald-face claims from the German BSI that the Trusted Platform Module, the hardware component of Trusted Computing is an NSA backdoor. And who knows what further releases of the Snowden files will unveil about the NSA’s involvement with the Trusted Computing Group?
The NSA jumped on the Trusted Computing bandwagon early. In recent years they have sponsored the Trusted Computing Conference in Orlando, often shrouded in spookiness as Ellen Mesmer, the intrepid industry reporter, relates. This year the NSA begged off sponsoring the event claiming Sequester, despite its $10 billion budget. The remaining sponsors and organizers could only muster about 60 attendees. Speakers from Microsoft, Wave, Infineon, and other hard core crypto security experts only alluded to the elephant in the room, usually to deride the poor state of journalism and laugh off the unsupported claims of the German government. Denial is a common symptom in reaction to tsunami shifts in markets and global politics. Those who have devoted their careers to parenting super secure architectures are overly confident in their own children. They neglect the perfidy of unconstrained government forces such as an intelligence community whose budget is twice the size of that of Australia’s Ministry of Defense.
The Trusted Computing standard is open and good. It offers a solution to all of the issues that plague the Internet today. Device attestation, strong crypto with unbreakable key storage, identity, code signing, Trusted Network Connections, even secure end-to-end communication are all made possible by a little silicon wafer shipped with most business computers. The day is coming when over a billion computers will be equipped with TPMs. Yet, the actual number of TPMs that are utilized is miniscule.
The reasons for the failure of Trusted Computing will be familiar to many in the security industry. Products do not sell unless they solve a real problem, and security products do not sell unless they address a real and present danger. The community of Trusted Computing advocates, which includes the manufacturers of TPMs, Microsoft, and the Information Assurance Directorate of the NSA, are frustrated that their perfect security models do not catch on. There has been no market driver to incorporate TPMs into security architectures. Until now.
In an ironic twist, the other side of the NSA, the Signals Intelligence Directorate, has inadvertently created the market driver that could propel Trusted Computing forward. In its blind pursuit of its mission the NSA has embarked on a massive surveillance program to “collect everything.” The NSA has compromised all security. All communication is targeted. It has used its legal muscle to force vendors to give up the keys to the kingdom. It has corrupted security models that rely on trust: trust of Certificate Authorities, trust of vendors, trust of encryption protocols. The NSA has done irreparable harm to trust.
The Trusted Computing Group, in order to realize its own mission of moving the world towards a hardware root of trust for security must completely repudiate the NSA. It must formally cut the ties that bind it to the NSA with a public statement of repudiation. Current and former members of the NSA must be barred from participation at all levels including working committees, the board, and from a presence at the Trusted Computing Conference. The members of the Trusted Computing Group must seek to re-establish trust by demonstrating the absence of complicity in the NSA’s surveillance programs. The manufacturers of TPMs must demonstrate that there are no back doors in their products.
Only after repudiating the NSA can the Trusted Computing Group begin to participate in the tenfold boom in IT security spending that has begun. New products and services can be deployed that completely prevent communications from being consumed by the NSA. Trusted Computing will immunize the Internet from a pathogen that is killing trust.