An anonymous blogger has posted a very interesting list of potential areas where TC might be helpful. While I agree with most of the text, I just want to raise an additional issue:Most of the examples the blogger lists are examples where TC is used to increase trust in communications networks. If you look at what kind of partners have to trust each other in a communications network, there are basically three categories:
- A service provider wants to trust individual users of his service.
- A service provider wants to trust other service providers.
- An individual user wants to trust a service provider.
In the blogger's list, online elections, multi-player games, financial transactions, and VPNs, e.g., are examples for category 1. Anonymous remailers are examples for category 2. Online gambling and online shopping privacy are examples for category 3.
I want to focus on category 3. In these cases, an individual user employs TC in order to assess the trustworthiness of a particular service provider (does the online gambling service cheat? does the online shopping service respect the privacy of its users?). The anonymous blogger now proposes that, in order to assess the trustworthiness of the service provider, the user should verify whether the service provider is using a certified and validated software package with particular certain features (the software does not cheat, it protects privacy interests).
It is important to realize that category 3 is not limited to those two examples given. In all cases where the user has some reason to distrust a service provider (and that is, basically, in really all cases), a certification as proposed by the blogger could assure the user that the service provider adheres to certain principles.
This, however, raises the problem of certification infrastructures surrounding TC. Should there be competition between different certification infrastructures? If not, is there a danger that the provider of the certification infrastructure will misuse his power over the infrastructure? If yes, what would be the results for competition in markets that rely on TC?
I am not saying these are problems of the current TC specifications. They are problems of the trusted ecology that will emerge on top of TC once TC has been adopted on a wide-scale basis. As I've written before, it seems a major issue to me how certification/validation infrastructures that will emerge within TC networks are designed.
One of the most important features of TC architectures is that they transfer trust in societal entities into trust in technological components (see id. at 645). It is not the CRTM which provides the core root of trust. It is an institution that vouches for some features of a particular CRTM. The nice thing of TC is that I do not have to trust 100 components in a particular computer anymore. I only have to trust the institutions that vouch for the particular computer. In such an approach, it becomes of utmost importance how those societal institutions that provide the ultimate root of trust
(here: the certification providers) are designed. On this institutional level, should there be one single root of trust, or should there be competing trust hierarchies? TC companies often imply that, because such questions are beyond the scope of current TC specifications, the companies do not deal with such questions. I don't think that is a sufficient answer. Any real-world TC ecology will consist of more than just the TC specifications. (I don't have a sufficient answer to these questions either, but I think one should work on those and, ultimately, may be able to find a good solution).