The Web Science Trust

In law we trust? Trusted Computing and legal responsibility for internet security

Schafer, Burkhard and Danidou, Yianna (2009) In law we trust? Trusted Computing and legal responsibility for internet security. In: Proceedings of the WebSci'09: Society On-Line, 18-20 March 2009, Athens, Greece. (In Press)

[img]
Preview
PDF (Poster Description) - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader
52Kb

Abstract

This paper analyses potential legal responses and consequences to the anticipated roll out of Trusted Computing (TC). Taking the UK House of Lords report on personal internet security as a starting point for our analysis, we argue that TC constitutes such a dramatic shift in power away from users to the software providers that it is necessary for the legal system to respond. A possible response is to mirror the shift in power by a shift in legal responsibility, creating new legal liabilities and duties for software companies as the new guardians of internet security. Trusted Computing (TC), a project commenced by an industry organization known as the Trusted Computing Group (TCG), was set up to achieve higher levels of security for the information technology infrastructure. It was driven by the recognition that it is insufficient to rely on users taking the necessary precautions, such as regularly updated firewalls and anti-virus systems themselves. The notion of “trust” as used Trusted computing, which we will introduce inthe first part is not the sociological concept, but was taken from the field of trusted systems, that is systems that can be relied upon to perform certain security policies. Nonetheless, the outcome ultimately would be to allow the user to “blindly trust” his computer again, without a constant need for self-monitoring. Prevention of Denial of Service (DoS) attacks, the performance of access control and monitoring and the achievement of scalability are just some of the numerous technical challenges that the current distributed systems need to over-come. A trusted environment must fulfil three basic conditions: protected capabilities; integrity measurement and integrity reporting, all creating and ensuring platform trust.We argue that the legal responses to Trusted computing can benefit from bringing the technological concept of "trusted system" and the sociological concept of "trust" into a dialogue. We illustrate this argument by two examples: The first takes as its starting point a jurisprudential and socio-legal analysis of the private law concept of "reliance liability" to argue that imposition reliance liability might be an appropriate way to ensure the necessary trust of users in TC can be nourished. However, certain arguments from the economic analysis of law are also introduced to illustrate the pitfalls of such an approach. Secondly, we discuss the implications of trusted computing for forensic computing, electronic evidence and crime detection. We argue that TC has the potential of undermining existing approaches to the detection and prosecution of cybercrime, permitting an almost most unlimited "Trojan defence" unless legislative action is taken. Again, we put this argumentation a wider socio-legal context. Bringing together ideas from the discussion on policing the risk society with the empirical work by Alana Maurushat carried out at the Cyberspace Law and Policy Centre at UNSW, we argue that TC may become the final push to the privatisation of wide ranging policing functions on the internet. We conclude by bringing the two examples together, arguing that "with great powers comes great responsibility". Trust, responsibility and power then are the building blocks for the legal responses to the potentials and challenges for internet security created by trusted computing

Item Type:Conference or Workshop Item (Poster)
Uncontrolled Keywords:trusted systems, trusted computing, liability, digital evidence, forensic computing
Subjects:Web Science Events > Web Science 2009
ID Code:173
Deposited By: W S T Administrator
Deposited On:24 Jan 2009 08:45
Last Modified:25 Oct 2011 16:34

Repository Staff Only: item control page

EPrints Logo
Web Science Repository is powered by EPrints 3 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits.