Who should know what's happening in your computer? Who should control it?

My latest Locus column is "What’s Inside the Box," a discussion of whether owners, users or third parties should be able to know and/or control what their computers are doing:

The answer to this that most of the experts I speak to come up with is this:

The owner (or user) of a device should be able to know (or control) which software is running on her devices.

This is really four answers, and I’ll go over them in turn, using three different scenarios: a computer in an Internet cafe, a car, and a cochlear implant. That is, a computer you sit in front of, a computer you put your body into, and a computer you put in your body.

Cory Doctorow: What’s Inside the Box

Insurer offers discounts to customers running in-car GPS telemetry

Writing in PC Pro, Stewart Mitchell describes a partnership between GPS vendor TomTom and Fair Pay insurance, an auto insurer, to offer discounts to people whose GPS devices report low incidences of sudden stops and unsafe turns. I rather like this idea, the idea that your device could offer testimony on your behalf, but a lot depends on how it is implemented.

On the one hand, TomTom could generate trustworthy readings by completely locking its device so that users can't inspect or modify their operations, which would open up the possibility that your device was recording and transmitting information about your location and movements without your knowledge or permission. On the other hand, TomTom could produce a stats-gathering app whose workings were publicly disclosed, but which used a TPM-style module to verify that it hadn't been modified for the purposes of gathering and signing information that you can pass on to the insurer.

This would give TomTom owners the choice of booting their device into a known, publicly verifiable state that respected their privacy, but also produced statistics that third parties could trust. It would also give TomTom owners the choice of booting into alternative environments that did different things.

"We've dispensed with generalisations and said to our customers, if you believe you're a good driver, we'll believe you and we'll even give you the benefit up front," said Nigel Lombard of Fair Pay Insurance.

“If you think of your insurance as your car's MPG - the better you drive, the longer your fuel will last. Good drivers get more for their money and in that sense they will pay ultimately less."

Drivers on the scheme will be given a TomTom PRO 3100 as part of the package, and the device will include Active Driver Feedback and LIVE Services to warn drivers when they were cornering too sharply or braking too hard.

The TomTom will also have a LINK tracking unit fitted in their vehicles, allowing driver behaviour and habits to be monitored.

TomTom tech to set driver insurance premiums (via /.)

Anti-malware hardware has the potential to make it illegal and impossible to choose to run Linux

It's been years since the idea of "trusted computing" was first mooted -- a hardware layer for PCs that can verify that your OS matches the version the vendor created. At the time, TC advocates proposed that this would be most useful for thwarting malicious software, like rootkits, that compromise user privacy and security.

But from the start, civil liberties people have worried that there was a danger that TC could be used to lock hardware to specific vendors' operating systems, and prevent you from, for example, tossing out Windows and installing GNU/Linux on your PC.

The latest iteration of Trusted Computing is called "UEFI," and boards are starting to ship with UEFI hardware that can prevent the machine from loading altered operating systems. This would be a great boon to users -- if the PC vendors supplied the keys necessary to unlock the UEFI module and load your own OS. That way, UEFI could verify the integrity of any OS you chose to run.

But PC vendors -- either out of laziness or some more sinister motive -- may choose not to release those keys, and as a result, PC hardware could enter the market that is technically capable of running GNU/Linux, but which will not allow you to run any OS other than Windows.

What's more, UEFI may fall into the category of "effective access control for a copyrighted work," which means that breaking it would be illegal under the DMCA -- in other words, it could be illegal to choose to run any OS other than the one that the hardware vendor supplied.

Secure boot is optional, but there is likely to be a fair amount of pressure applied by proprietary OS makers to enable it. One could imagine that those vendors might also provide a way to turn off secure boot (from a BIOS-like menu for example), but that is something that might be exploited by rootkits and other malware, so there may well be resistance to allowing that kind of option. Protecting users from rootkits and the like is certainly useful, but there is a competitive advantage as well. Hardware vendors can ensure that only the code they approve can run on the hardware, and proprietary OS vendors will be largely unaffected because their keys will be in the signature database. One would hope that the protection against malware is the primary motivation, but the ability to lock out free OSes is likely seen as a plus.

It is Linux and other free systems that could suffer most from secure boot implementations. While it would be possible for various distributions to get their keys added, that wouldn't help anyone who wanted to run a tweaked version of the "approved" bootloader or kernel. Distributors would not be able to release their private keys to allow folks to sign their own binaries either. Each key is just as valid as any other, so malware authors would just pick up those keys to sign their wares. Exposed keys would also find their way onto the forbidden list rather quickly one suspects.

UEFI and "secure boot" (via /.)