Updated: 1.7.2002; 18:32:51 GMT.

Security weblog



daily link  Sunday, June 23, 2002

MS: Secure HW+DRM

Topically, just after Ross Anderson's paper warning about potential control that trusted hardware would give censors, news have been broken at MSNBC about hardware-supported DRM that Microsoft plans to built-in into the new version of Windows.

The concept is rather ambivalent as it holds chances to resolve many problems but also to create some severe new ones. Or as David Farber puts it:

I was attracted to the TPCA effort due to its focus on providing security and privacy in a dynamic flexible way. It should be capable, among a lot of other uses, of supporting a Digital Rights Management (DRM) regime that can be used to both protect intellectual property and individual privacy and the individuals fair use of the IP.

As in any such technology it could be miss-used in the market place by devious suppliers of hardware and software. But for what it is worth I found a remarkable sensitivity and caution to the societal issues at all levels of the TPCA leading companies and the willingness to 'do things right'

  9:22:41 PM  permalink  
Open source DRM?

"The consensus among security professionals I have discussed the matter with is that if you want to do DRM without hardware support – another topic that is not for today – then there is little choice but to rely on some level of secrecy or obfuscation." says Roger Needham.

You can as well translate it into a statemement that open source and software-only DRM are mutually exclusive.

  1:11:30 PM  permalink  
Meanwhile in the civilised world ...

... as DIW reports, ISTPA, a research non-profit backed by IT companies, has released Privacy Framework meant "... to provide an analytical starting point and basis for developing products and services that support current and evolving privacy regulations and business policies, both international and domestic."

Brief look shows that the Framework essentially decribes a set of services and mechanisms, together with their interactions, that form an architecture of a subsystem to implement the requirements of European data protection laws such as expressed here.

It is, indeed, an interesting initiativr, which is, however, in an early stage of development. What's also important, is the fact that such applications can help the company avoid unintentionally breaching it's own agreed policy, but if they have the policy only as a smokescreen, the software won't be implemented.

  12:16:36 PM  permalink  

  
June 2002
Sun Mon Tue Wed Thu Fri Sat
            1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30            
May   Jul
Misc

About
Reading list
Resources
Contact me

News

SANS NewsBites
Crypto-gram
UKCrypto
Information Security
all.net
Objectwatch
CBDi Forum

Channels

Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. Better Living Through Software (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. Content Wire - Digital Copyright (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. DeveloperWorks.com - Security Articles (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. Dictionary.com Word of the Day (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. Digital Identity (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. Digital Identity World (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. Eric J. Norlin's Blog (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. Joel on Software (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. Jon's Radio (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. Line56: B2B News (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. O'Reilly Network Articles (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. onlineblog.com (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. RISKS Digest (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. Scripting News (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. SecurityFocus (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. Web Services Architect (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. WebServices.Org (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. Wired News (rss)


Subscribe to "Security weblog" in Radio UserLand.

jenett.radio.simplicity.1.3R
Radio Userland


Copyright 2002 © Jiri Ludvik.
Last update: 1.7.2002; 18:32:51.