RealTime IT News

EFF Blasts Phone Security Proposal

Be careful what you wish for. When the Trusted Computing Group (TCG) issued its recommendations for mobile phone security this week, it also asked for industry feedback.

No problem.

TCG, a non-profit industry standards board, got an earful from the Electronic Frontier Foundation, a San Francisco-based, non-tech industry group.

The EFF's stinging critique today of TCG's plans focused on consumer rights in areas such as privacy and digital technology, and said TCG's proposal is too restrictive on consumers.

The EFF response objects to digital rights management (DRM) support, which it says will control how and what content users can have on their phones.

DRM, which gives publishers the technology to restrict illegal copying and distribution of its software, has been a controversial topic in regards to music and other content distribution via the Internet for years.

EFF also objects to a TCG recommendation that phones include SIMlock/device personalization to ensure a device is locked to its network to help prevent theft. The EFF argues such inclusion will prevent consumers from switching mobile carriers or even reselling or donating an unwanted phone.

"TCG is proudly offering to help cell phone carriers lock down your phone," said Seth Schoen, EFF staff technologist, in a statement.

"The proposals described today aim to help your cell phone company decide who can publish software or media for your phone, whether you can load your own documents, and even whether you can switch carriers or resell your phone. These are not innovations that consumers will applaud."

Brian Berger, chairman of TCG's marketing work group, told internetnews.com that EFF has jumped the gun because the TCG document only detailed a set of potential examples of security implementations and that a final specification won't be issued till mid-2006.

"TCG has always had the concept of giving consumers the right to opt-in in our work on the PC environment," he added. "We expect something similar in the mobile environment where [security options] aren't all necessarily the default, but something consumers choose to enable."

He said he expects phone companies to do what is right for them to compete successfully, and if consumers want the option of switching carriers with the same phone or donating a phone, that capability will be made available.

Endpoint Technologies Analyst Roger Kay sees it two ways.

"There is some truth in what EFF is saying in terms of potential restrictions, but the EFF's views are an extremely paranoid perspective," he told internetnews.com.

Kay argues that corporations have the right to restrict content or access on company-owned cell phones any way they see fit. As for consumers, Kay said security should be an overriding concern.

"There is going to be more value to phones over time, particularly with the prevalence of electronic wallets for e-commerce and in that case you want your phone locked out to a degree for security," said Kay.

"If the phone company says you can't get a certain ringtone because they are not sure it's safe, I'll take that every day versus the risk my personal info will be stolen or compromised," he added.

TCG's mobile phone workgroup includes Ericsson, IBM, Intel, Lenovo, Motorola, Nokia, Philips, Samsung, Sony and VeriSign. TCG previously has issued security standards adopted by desktop computer makers, such as Lenovo.