Bruce Schneier: Security and Control
A well-known expert in the field of cryptography and network security, Bruce Schneier, in his article introduces the reader to the possible consequences of replacing the concepts of "security" and "control" by examining their relationship using the example of the lock-in, which is gaining popularity. among software and computer equipment manufacturers. It is not difficult to guess that such a scheme is unlikely to have a positive impact on the development of free software.
Buying an iPhone is not the same as buying a car or a toaster. Your iPhone comes with a complex set of rules about what you can and cannot do. For example, you cannot install unauthorized third-party software. You cannot unlock your iPhone and use the cellular operator of your choice. And Apple very seriously enforces the rules - the firmware update in September 2007 removed all unauthorized software and, in some cases, made unlocked phones unsuitable for further use. There was even a special term - “Bricked” (from the word brick (Eng.) - brick; the closest translation is “wry”) and, it seems, Apple is not very sorry about the damaged devices.
')
Computer companies want more control over the products they sell by resorting to increasingly draconian security measures. The reasons are purely economic. Control allows the company to manage competition for related products. For example, for Mac computers, anyone can sell any software. But Apple took it upon itself to determine who and what programs can sell for the iPhone. This position allows, if necessary, to increase competition or secure a monopoly position. This allows you to dictate terms to other companies that would like to sell software for the iPhone.
But the main benefit of gaining control is in strengthening the attachment (lock-in). Attachment is an economic condition to make it difficult to switch to a competing product. For some products, an example for a cola, there is no attachment. I can drink Coke today and Pepsi tomorrow. But for other products it is more difficult.
Changing a text editor, for example, requires installing a new software, learning a new interface and a set of commands, converting all the created files (which cannot always be converted correctly) and, in some cases, buying new hardware. My text editor can annoy me for a long time before I just consider the possibility of carrying out all this work and costs.
The idea of ​​"binding" is not new. That is why all game console manufacturers make their games incompatible with other game consoles, otherwise how could they, selling the console at a loss, make money by selling the games themselves? That is why Microsoft never seeks to disclose its file formats so that other applications can read them. That is why music purchased from Apple for iPod will not play on other music players. That is why American mobile operators oppose the possibility of keeping the number when changing the operator.
Using attachment, companies can protect their sales even if a company reduces customer service, raises prices, refuses innovation, and neglects its customer base. This is especially noticeable for IT companies: once having discovered such a strategy for themselves, today everyone is thinking about how to get more than possible.
Often, companies increase attachment to themselves through security mechanisms. Sometimes patents are used for this, but copy protection, digital rights management (DRM), and other security mechanisms are much more common. Such security does not correspond to what we are accustomed to consider security: these technologies do not protect us from external threats, they protect the manufacturer from us.
Microsoft has been developing a similar type of control-based security mechanism for several years. The system was originally called Palladium, now NGSCB (Next-Generation Secure Computing - next-generation secure computing). The idea of ​​NGSCB is to build a security system based on control at the hardware level. Implementation details are complex, but the results of implementing such a system will vary from being able to download only the Microsoft-authorized operating system to the possibility of denying access to unauthorized files. The competitive advantages of such a system are enormous.
Of course, Microsoft does not advertise NGSCB. The company is positioning the system as a security tool that protects users from network worms, Trojans and other malware. But control is not equivalent to security, and such means make us more vulnerable to other threats. Replacing the concepts of “control” and “security”, companies have the opportunity to strengthen control, which works against our interests.
As for Apple and the iPhone, I don't know what they are going to do. On the one hand, there is an analytical report, according to which, about a million iPhones were unlocked, costing Apple about $ 450 million. On the other hand, Apple plans this month to release a developer kit that removes the previous restriction and allows third parties to write their software for the iPhone. Apple will try to maintain control by applying the secret key, which is required for all "official" third-party programs and, which has, of course, been disclosed.
Translation is not mine, article scopipastina. Published to express your own opinion and to know the opinion of the community.
Personal opinion: I am not happy about this approach to the apple business. Of course, it’s not up to me to decide what to do, but such proprietaryity can alienate a potential buyer.
Buying an iPhone is not the same as buying a car or a toaster. Your iPhone comes with a complex set of rules about what you can and cannot do. For example, you cannot install unauthorized third-party software. You cannot unlock your iPhone and use the cellular operator of your choice. And Apple very seriously enforces the rules - the firmware update in September 2007 removed all unauthorized software and, in some cases, made unlocked phones unsuitable for further use. There was even a special term - “Bricked” (from the word brick (Eng.) - brick; the closest translation is “wry”) and, it seems, Apple is not very sorry about the damaged devices.
')
Computer companies want more control over the products they sell by resorting to increasingly draconian security measures. The reasons are purely economic. Control allows the company to manage competition for related products. For example, for Mac computers, anyone can sell any software. But Apple took it upon itself to determine who and what programs can sell for the iPhone. This position allows, if necessary, to increase competition or secure a monopoly position. This allows you to dictate terms to other companies that would like to sell software for the iPhone.
But the main benefit of gaining control is in strengthening the attachment (lock-in). Attachment is an economic condition to make it difficult to switch to a competing product. For some products, an example for a cola, there is no attachment. I can drink Coke today and Pepsi tomorrow. But for other products it is more difficult.
Changing a text editor, for example, requires installing a new software, learning a new interface and a set of commands, converting all the created files (which cannot always be converted correctly) and, in some cases, buying new hardware. My text editor can annoy me for a long time before I just consider the possibility of carrying out all this work and costs.
The idea of ​​"binding" is not new. That is why all game console manufacturers make their games incompatible with other game consoles, otherwise how could they, selling the console at a loss, make money by selling the games themselves? That is why Microsoft never seeks to disclose its file formats so that other applications can read them. That is why music purchased from Apple for iPod will not play on other music players. That is why American mobile operators oppose the possibility of keeping the number when changing the operator.
Using attachment, companies can protect their sales even if a company reduces customer service, raises prices, refuses innovation, and neglects its customer base. This is especially noticeable for IT companies: once having discovered such a strategy for themselves, today everyone is thinking about how to get more than possible.
Often, companies increase attachment to themselves through security mechanisms. Sometimes patents are used for this, but copy protection, digital rights management (DRM), and other security mechanisms are much more common. Such security does not correspond to what we are accustomed to consider security: these technologies do not protect us from external threats, they protect the manufacturer from us.
Microsoft has been developing a similar type of control-based security mechanism for several years. The system was originally called Palladium, now NGSCB (Next-Generation Secure Computing - next-generation secure computing). The idea of ​​NGSCB is to build a security system based on control at the hardware level. Implementation details are complex, but the results of implementing such a system will vary from being able to download only the Microsoft-authorized operating system to the possibility of denying access to unauthorized files. The competitive advantages of such a system are enormous.
Of course, Microsoft does not advertise NGSCB. The company is positioning the system as a security tool that protects users from network worms, Trojans and other malware. But control is not equivalent to security, and such means make us more vulnerable to other threats. Replacing the concepts of “control” and “security”, companies have the opportunity to strengthen control, which works against our interests.
As for Apple and the iPhone, I don't know what they are going to do. On the one hand, there is an analytical report, according to which, about a million iPhones were unlocked, costing Apple about $ 450 million. On the other hand, Apple plans this month to release a developer kit that removes the previous restriction and allows third parties to write their software for the iPhone. Apple will try to maintain control by applying the secret key, which is required for all "official" third-party programs and, which has, of course, been disclosed.
Translation is not mine, article scopipastina. Published to express your own opinion and to know the opinion of the community.
Personal opinion: I am not happy about this approach to the apple business. Of course, it’s not up to me to decide what to do, but such proprietaryity can alienate a potential buyer.
Source: https://habr.com/ru/post/31429/
All Articles