EFF has published its comments on the Intel LaGrande Technology Policy Draft. The paper raises several interesting points. Among other things, the paper stresses that a real opt-in technology is not a technology which can simply be turned on or off. It is a technology that offers a fine-grained way to turn various components of the technology on and off. This is particularly important when the option to turn the entire technology off is useless in reality due to network effects and the dependence of the user on the technology. Furthermore, the paper writes about the privacy implications of "direct anonymous attestation" (DAA), which was introduced into TCG 1.2 and allows, among other things, the direct attestation of platform characteristics without the use of a privacy-CA. Finally, the paper raises an interesting point which I, too, have never fully understood. All TC initiatives deliberately do not impose any enforceable compliance rules onto adopters of the technology. Thereby, TC standardiziation bodies do not have ultimate control over how TC technologies are applied. Instead, TC bodies create Best Practices Working Groups and issue Policy Statements. Such procedure may have many reasons, including antitrust concerns. However, in another area, the same companies which are developing TC are using elaborate licensing mechanisms in order to ensure that their technologies are used only in particular ways: DRM. The licenses of CSS, DTCP, HDCP, CPRM, CPPM, you-name-the-acronym include specific policy-related provisions which, in the area of TC, can only be found in blurred best practices and policy statements.
