Secure systems conundrum

B y definition, a secure system enforces some policy it is given. For example, such a policy might prevent confidential files from being revealed or might notify the copyright holder every time an MP3 file is played. The former protects the user as an individual; the latter enables new means of charging for electronically distributed intellectual property. Both might be seen as improving the status quo. Yet whether secure systems are in practice attractive really depends on two questions: What range of policies can the system enforce? And, Who chooses what policies the system enforces? Automated policy enforcement mechanisms are incapable of showing good taste, resolving ambiguity, or taking into account the broader context in which a computer system exists. So formulating as a policy something that accurately reproduces our intents is likely to be impossible, and we must endure policies that conservatively block actions they shouldn't. One example involves system policies that disallow copying CDs containing music or software even though such copying is permitted by " fair use " provisions of copyright law. In general, intent is difficult to formulate precisely as a policy that can be enforced with a secure system—witness what happens in writing laws, which too often forbid or allow things society didn't intend. The question of who chooses what policies are enforced? is tantamount to deciding who controls the system. On special-purpose devices (mobile phones and cable modems), enforcing policies imposed by others has not seemed offensive. Software on these devices is regularly updated and usage monitored without user consent (or knowledge). But enforce a policy to restrict what happens on a desktop system, and this system may no longer be general purpose. No surprise, then, that the Trusted Computing Platform Alliance (TCPA) and other efforts concerned with hardware and operating system support for secure computing systems are controversial. The surprise is that technical details are only a small part of the picture. Today's computer users are either unwilling or unable to formulate nontrivial security policies for their desktop computers. So policies enforced by secure systems will likely come from third parties. We can only hope these will be consistent with our individual and collective best interests. What forces might bring this about? The law and the market seem the likely candidates. The law arguably is not up to the task. Courts are having difficulty applying current laws to cyber-space—witness the debate associated with …