[e-lang] On the moral bankruptcy of the term "Trusted Computing"

Mark S. Miller e-lang@mail.eros-os.org
Mon, 02 Feb 2004 10:03:05 -0800

Trust is necessarily a subjective judgement, often depending on vastly more 
inarticulate subjective factors than taste. Although there's supposedly "no 
accounting for taste", people often try to convince each other about what 
they should and shouldn't like. Arguments about what should and should not 
be trusted are at least as tricky and non-objective. As with taste, trust is 
properly swayed by arguments and evidence, but no further. If someone 
implicitly tells me what I must trust, I should be at least as offended as 
if they told me what I must like. These kinds of decisions are prior to our 
notions of objective rationality.

Norm Hardy taught me the importance of the concept of TCB. This wonderful 
concept has such a horribly misleading name that, whenever we use it, we 
should explain that it stands for "That mechanism other things are 
necessarily vulnerable to." When someone uses phrases like "Trusted 
Computing", whether they are talking about a TCB or the Intel et. al. Trusted 
Computing Group, I simply say "But I don't trust it." The TCG's implicit 
claim to the contrary is no different than if engineers claimed an artifact 
was Universally Liked by design. Perhaps they should form the Universally 
Liked Computing Group.

The terms "rely" and "vulnerable" do not create this offensive confusion. To 
claim that Winston Smith is vulnerable to the state, and relies on the state 
not to vaporize him, is a judgement that observers can well make about his 
situation. To claim that he thereby trusts the state not to vaporize him is 

The same issue applies to the phrase "Trusted Third Party". Just because I 
use a protocol that renders me vulnerable to Verisign, such that my fate 
relies on its good behavior, is no grounds for telling me I trust it. I do not.

As always, feel free to forward widely.

Text by me above is hereby placed in the public domain