Why is corporate adoption of the trusted computing standard still very low when over 70% of new computing devices have built-in trusted platform modules (TPMs)?
The Trojan horse is often cited as the event that led to the demise of Troy, writes Raj Samani from ISSA UK. Although the theft of the Palladium by Odysseus and Diomedes is the action that allowed for the a daring raid. The Greeks learned that Troy was protected by the Palladium, and would not fall while it remained within Troy's walls.
It therefore seemed fitting that the development of an internal module designed to protect the computing environment was codenamed 'Palladium'. A hardware component to generate and store encryption keys; it was seen as the answer for encryption, and authentication of users, applications and other computers.
By containing its own Root of Trust, it is seen as the answer to Bill Gates' prayers by getting the Chinese to pay for software. The Free Software Foundation has however dubbed an alternative name - Treacherous computing.
So despite an estimated (IDC) 250 million PCs shipping with TPM hardware this year, there are few applications using the modules. Equally, the proposed benefits have also been dismissed; claims to prevent malware, and the ability to stop spam already exists with mail white-lists. Privacy violations are argued to be the result of abuse of authorised access and according to Ross Anderson of the University of Cambridge: "TC will increase the incentives for companies to collect and trade personal data on you They constrain what you can do with your PC in order to enable application and service vendors to extract more money from you."
The benefits appear to be largely superseded by DRM requirements embedded into applications and content. Although beneficial this largely effects commercial organisations supplying to end customers, and is not seen as something that is beneficial to the corporate environment. That, combined with the very applications favouring TPM, is largely the reason for the lack of corporate adoption.
Such negative connotations are clearly to the detriment of the wide scale adoption of Trusted Computing. Equally, a device that "might also stop you from using any legitimate software that your hardware or operating system vendor simply doesn't like" [Schneier], is also unlikely to provide a compelling reason for adoption. Although there are benefits, it would seem computer users are unwilling to relinquish control of their PCs for now.