Pages: p. 14
Ed Felten did a rather nice job of explaining Trusted Computing (TC) in the May/June issue ("Understanding Trusted Computing: Will Its Benefits Outweigh Its Drawbacks?" in On The Horizon, p. 60).
As much as I thought that Felten was fair and balanced (I really did like the article), I was personally a little disappointed that he didn't cover more issues. But perhaps this was just not possible in the given format and mission of the column. I did appreciate that he was able to separate TC from potential applications of TC, such as digital rights management—but I also would have liked to have seen discussion on some other aspects of TC.
Felten does discuss "how TC will change the rules," but only in regard to "interoperation" and "the economics of TC." These are indeed important, but might there be rule-changing implications in other areas? For example, how might TC address any of the issues brought up in the two previous On The Horizon columns (software liability and software security [security engineering])? Is there a direct technical and commercial tie-in with new or other distributed computing technologies such as Web services or grid and utility computing? How might TC affect academic research directions?
Most of what we know today about TC seems to be specific to client systems, and there was no discussion of TC's use of virtualization technologies. How might or should TC technology be used in the server space (are there differences between client and server), and is this the best use of virtualization (see recent work by Tal Garfinkel, Mendel Rosenblum, and Dan Boneh at Stanford on "Flexible OS Support and Applications for Trusted Computing")? There are plenty more TC issues I'd like to hear discussed as balanced as Felten has done in this article.
Felten concludes by rightly calling for a reduction in the "level of vitriol in the TC debate," and also for us to "focus on the real effects of TC...before it's too late." As a corollary, I think it's far from being too late for this community to effect TC, its goals, implementation, and ultimate use.
I also must say that I liked the point-counterpoint format of the original On The Horizon in the January/February IEEE Security & Privacy (where software liability was discussed from two opposing perspectives). I hope to see more of that in coming issues.
IBM T.J. Watson Research Center
Ronald Perez points out several interesting aspects of Trusted Computing. As he suspects, space did not allow me to address these in my On the Horizon column. Trusted Computing is a topic that deserves wide debate, with many voices participating, and I am glad to see that debate continuing.
Let me thank you for this excellent issue (May/June). I found the article by Niels Provos and Peter Honeyman ("Hide and Seek: An Introduction to Steganography"), and columns by Ed Felten and Bruce Schneier ("Guilty Until Proven Innocent?") to be especially good, but also enjoyed most of the others. I have a comment regarding Marc Donner's Biblio Tech department, regarding what he calls the "Deckard paradox" in Blade Runner. If you can, go and have a look at the movie's director's cut, which (unsurprisingly) has a few more scenes. You may remember when Deckard leaves the apartment and picks up the origami paper unicorn that his police colleague made. In the movie's production cut, this does not make much more sense than letting us know that the colleague had been there. However, in the director's cut, this is preceded by a dream scene in which Deckard dreams of a unicorn. In other words, the colleague exactly knew what Deckard dreamed...guess why...so the paradox is resolved in a way that is also possible in the production cut but not as obvious.
It's a great film, both visually and story-wise. I hope your work (continues to) leaves you enough time to go to the movies now and then!
You're absolutely right about the unicorn scene in the director's cut. We do try to avoid "spoilers" when writing about films, however. Thank you for your kind comments about IEEE Security & Privacy and about the Biblio Tech department.
IEEE Security & Privacy welcomes communications from its readers, whether to comment, make a point, or express an opinion on our pages or Web site. Letters might be edited for clarity and brevity. Please send your comments to lead editor Kathy Clark-Fisher at email@example.com.