EFF Blasts Phone Security Proposal

Be careful what you wish for. When the Trusted Computing Group (TCG) issued its recommendations for mobile phone security this week, it also asked for industry feedback.

No problem.

TCG, a non-profit industry standards board, got an earful from the Electronic Frontier Foundation, a San Francisco-based, non-tech industry group.

The EFF’s stinging critique today of TCG’s plans focused on consumer rights in areas such as privacy and digital technology, and said TCG’s proposal is too restrictive on consumers.

The EFF response objects to digital
rights management (DRM) support, which it says will control how and what content
users can have on their phones.

DRM, which gives publishers the technology
to restrict illegal copying and distribution of its software, has been a controversial topic in regards to music and other content distribution
via the Internet for years.

EFF also objects to a TCG recommendation that phones include
SIMlock/device personalization to ensure a device is locked to its network
to help prevent theft. The EFF argues such inclusion will prevent consumers
from switching mobile carriers or even reselling or donating an unwanted

“TCG is proudly offering to help cell phone carriers lock
down your phone,” said Seth Schoen, EFF staff technologist, in a statement.

“The proposals described today aim to help your cell phone
company decide who can publish software or media for your phone, whether you
can load your own documents, and even whether you can switch carriers or
resell your phone. These are not innovations that consumers will applaud.”

Brian Berger, chairman of TCG’s marketing work group, told
internetnews.com that EFF has jumped the gun because the TCG
document only detailed a set of potential examples of security
implementations and that a final specification won’t be issued till

“TCG has always had the concept of giving consumers the right to
opt-in in our work on the PC environment,” he added. “We expect something similar in the mobile environment where [security options] aren’t all necessarily the default, but something consumers choose to enable.”

He said he expects phone companies to do what is right for
them to compete successfully, and if consumers want the option of switching
carriers with the same phone or donating a phone, that capability will be
made available.

Endpoint Technologies Analyst Roger Kay sees it two ways.

“There is some truth in what EFF is saying in terms of potential
restrictions, but the EFF’s views are an extremely paranoid perspective,” he told

Kay argues that corporations have the right to restrict content
or access on company-owned cell phones any way they see fit. As for
consumers, Kay said security should be an overriding concern.

“There is going to be more value to phones over time, particularly with
the prevalence of electronic wallets for e-commerce and in that case you want
your phone locked out to a degree for security,” said Kay.

“If the phone company says you can’t get a certain ringtone because they
are not sure it’s safe, I’ll take that every day versus the risk my
personal info will be stolen or compromised,” he added.

TCG’s mobile phone workgroup includes Ericsson, IBM, Intel, Lenovo, Motorola, Nokia,
Philips, Samsung, Sony and VeriSign. TCG previously has issued security standards adopted by desktop computer makers, such as Lenovo.

News Around the Web