Some of the more strident privacy advocates like to raise concerns that the tamper-resistant identity a Trusted Platform Module assigns to a PC somehow poses a threat to the privacy of the PC owner.
There’s a certain irony here, since the same concerns could be voiced – yet are markedly not – about the cell phones we all carry. All cell phones currently incorporate a SIM module able to track the user wherever they go, and it’s hooked to a live network all the time.
The real threat to consumer or end-user privacy doesn’t come from some shadowy corporate or government interest, but rather the common cybercriminal seeking targets in today’s online ecosystem. TPMs provide an excellent mechanism to protect the individual identity of an end-user’s device by providing a supremely secure, integrated capacity to store a PC’s security keys.
By extension, TPMs enable users to securely post properly encrypted content over the web. For example, if a user wishes to store files at Google Apps or communicate with someone securely via email or some other platform, only TPMs provide a mechanism for common key management across all those disparate networks and applications.
And because a TPM can store multiple keys, it enables the end-user to access secure services from multiple, independent providers. Whoever ultimately owns the PC controls the keys that are stored on its TPM – not the chip manufacturer, nor the computer-maker.
At the end of the day, having the tools to defend identity, protect keys, secure communications over the web, and protect information stored in the Cloud, is central to privacy concerns. While it is true large organizations can use TPMs onboard a PC to manage payment, license content or secure distribution of their intellectual property, it is misleading to suggest they will – or even can—use these tools to violate at will the privacy rights of consumer PC owners.
More to the point, trusted computing can deliver greater data integrity to the individual PC and its owner. Why should Apple computers be the only device platform able to protect the interests of Apple, its application developers and its end-users? Don’t developers and end-users who use PCs deserve the same assurances of security?
So, far from a threat to end-user rights, trusted computing provides an effective way to establish a secure network of devices able to protect the revenue streams, business models, IP, and services on which even the smallest entities rely. Trusted computing provides a foundation for protecting privacy, protecting access to IP, and protecting the individual user’s choice to choose these different solutions and services.