Trust must be earned. This hard lesson is being learned by the five tech giants behind "trusted-computing" initiatives aimed at securing user privacy. Depending on whom you believe, the companies developing trusted-computing technology are either Santa or Satan.

Trusted computing is a nebulous hardware/software concept being trumpeted as the solution to safeguarding information privacy and computer security. Critics counter that the initiative is simply a front to fatten the coffers of Hollywood studios and record labels by enforcing digital-rights management (DRM), and that it could quash innovation in the software industry. And users worry that the technologies could bar them from material stored on their own computers if they haven't met licensing requirements.

Trusted computing is a nebulous hardware/software concept being trumpeted as the solution to safeguarding information privacy and computer security.

The initiative to improve privacy and security is being tackled by two overlapping groups. You've probably read about Microsoft's Palladium technology, which it has rechristened Next-Generation Secure Computing Base (or, lyrically, NGSCB). At the same time, an organization called the Trusted Computing Group (TCG), which was initially founded by AMD, IBM, Hewlett-Packard, Intel, and Microsoft, is developing a similar strategy.

Microsoft's NGSCB will employ software (a nexus) and hardware (a chip) to provide a secure operating environment and determine whether a particular PC has the right to access and run software. Microsoft says the nexus will ship disabled and can be switched on and off by the user. And software developers will be able to build the nexus into other operating systems and apps, although the code will have to be licensed from Microsoft. Contrary to public concerns, Microsoft says NGSCB will not limit users to Microsoft-sanctioned software. The company explains that the nexus-aware chip and other features are not involved in the OS boot process or in whether the chip loads an application that does not use the nexus, which means it cannot block software. But it will be possible for content providers to write applications that require access to one or more nexus-aware services in order to run--and that means some apps might operate only if they have a signed license.

The TCG's plans are similar to those of Microsoft, although it envisions a standard for trusted computing across such devices as PCs, servers, PDAs, and cell phones. Originally launched as the Trusted Computing Platform Alliance (TCPA), the group now has a licensing policy, a marketing budget, and a mission. In short, it's ready to roll.

The TCG also employs a chip that would be placed on the motherboard and include encryption functions as well as memory to store keys to decrypt data. The chip would check your PC's hardware and software to ensure that the hardware components are on an approved list and that the software components have been signed. It also will check enforcement software in the operating system to certify it to third parties for receiving content or to ensure that the PC is certified to run certain applications. The technology is user opt-in, and the chip will ship disabled, just as it is under Microsoft's plan.

"The biggest benefits to consumers will be a higher level of security and trust," says Jim Ward, the TCG's president. The technology will be particularly useful in e-commerce and other financial transactions, and will also protect user data and secrets (keys, passwords, and certificates) from external software attack and theft.

It's not all good, however. "The average PC user is likely to get better security against hackers and the like, but he's also likely to be less able to exercise his fair-use rights with digital content," says Bruce Schneier, founder and chief technical officer of security consultants Counterpane Internet Security. "But again, no one knows for sure." There's a difference between what's technically possible and what the marketplace allows. For instance, you might be able to run any kind of software on a trusted-computing-enhanced computer, but what if Disney will not allow its movies to be viewed on the computer unless certain controls are in place? Ward concedes this is entirely possible.

'The average PC user is likely to get better security against hackers and the like, but he's also likely to be less able to exercise his fair-use rights with digital content.' --Bruce Schneier

Schneier agrees. "If someone were writing a DRM platform, they could say that a certain capability would have to be turned on to use their content," he says. Ward, like Microsoft, says consumers will be able to use any software, including freeware, shareware, and the Linux OS, because the TCG software stack will be an open standard. "There is no need or provision or capability for a software vendor to come to the organization and pay to certify software," he says. "And the technology can't delete anything or prevent anything from happening."

Schneier says the statement that any software will run on trusted platforms might be a stated goal, but "it's certainly not true." As an example, he says Microsoft wants the initiative to interfere with the ability to run viruses and Trojan horses. Other areas of concern include less competition in software development and further market dominance by Microsoft.

It's really too soon to tell what trusted computing will yield. The problem is that the solution to digital privacy could result in massive invasions of privacy. And it doesn't help that no one seems to trust the companies developing trusted-computing technology.