German govt comes out against Trusted Computing and Secure Boot

Trusted Computing and Secure Boot, especially Secure Boot, are supposed to boost the security of devices that you own. Yes, devices that you own! However, judging from the manner that Secure Boot has been implemented, it sure feels like you do not own that device you bought with your money. Hence the phrase Restricted Boot is more apt.

And since corporations now run the government, a corporation with enough power (and money… the power comes from the money) can dictate what you can do on and with that device that you own. Microsoft’s ability to dictate to hardware vendors, and by proxy, dictate to you, how secure boot can be implemented, is a very good example.

So far, who has challenged Microsoft? Other than dissenting voices from the Free Software and Open Source community, nobody.

But the German government has made an official statement on Secure Boot (and Trusted Computing). Since it’s just a position statement, it does not count as a legal challenge to Microsoft, but it’s s start. The Free Software Foundation Europe was the first to report on this German government statement.

Here are key points that they made:

3. Complete control by device owners
Device owners must be in complete control of (able to manage and monitor) all the trusted computing security systems of their devices. As part of exercising control over their devices, device owners must be able to decide how much of this control to delegate to their users or administrators. Delegating this control to third parties (to the device manufacturer or to hard- or software components of the device) requires conscious and informed consent by the device owner (i.e., also with full awareness of possible limits on availability due to measures taken by the third party to whom control options were delegated).

With Restricted Boot, you are no longer in charge of your device, especially a computer preloaded with a Microsoft Windows 8 operating system.

4. Freedom to decide
When devices are delivered, trusted computing security systems must be deactivated (opt-in principle). Based on the necessary transparency with regard to technical features and content of trusted computing solutions, device owners must be able to make responsible decisions when it comes to product selection, start-up, configuration, operation and shut-down. Deactivation must also be possible later (opt- out function) and must not have any negative impact on the functioning of hard- and software that does not use trusted computing functions.

I agree. Give me all the fancy security features, but let me decide whether I want to turn any on or not. Even when enabled by default, make it easy for me to disable them.

6. Private use
The Federal Government explicitly calls on makers of trusted computing devices and components (both hard- and software) to offer devices and components also to private users which allow owners complete control over the trusted computing security system at all times.

Nice statement, but the German government needs to do more than “call on makers.” They have an obligation to protect consumers from mega-monopolies. For starters, an anti-trust investigation of the license agreement between Microsoft and hardware vendors will be a step in the right direction.

While we await a more meaningful action from the German government, what has the government over here in our America done or said about this?

You may read the complete German government statement in a PDF file available here.

Related Posts

FSF works with PayPal to the benefit of the free software community The Free Software Foundation thanks PayPal for responding to its concerns and making its terms more free software friendly. BOSTON, Massachusetts, ...
ProtonMail and Paypal: Do we need government approval to encrypt email? There's something brewing between Paypal and ProtonMail, a company based in Switzerland that provides secure email services, much like what Lavabit us...
Troubleshooting containers after they’re long gone Every sysadmin, operator, and even app developer has been there. There’s a spike in your dashboard and your #alerts Slack channel is firing off. Somet...
Flatcar: A tool for creating Docker-ready Rails projects One of the most compelling reasons to use Ruby on Rails is the ease in which you can get a web project up and running. And one of Docker's key benefit...
Snowden on Dropbox: It’s hostile to privacy Dropbox is a very popular Cloud storage services, but is it good for the privacy-conscious? According to Edward Snowden, it's not. In an intervi...
Intel Lifts the Hood on its “Single-Chip Cloud Computer” Chips that can simulate a supernova or predict a hurricane are yesterday’s goal, if Intel’s recently unveiled 48-core research chip is any indication....

We Recommend These Vendors and Free Offers

ContainerizeThis 2016 is a free, 2-day conference for all things containers and big data. Featured, will be presentations and free, hands-on workshops. Learn more at

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).

Want to become an expert ethical hacker and penetration tester? Request your free video training course of Online Penetration Testing and Ethical Hacking

Whether you're new to Linux or are a Linux guru, you can learn a lot more about the Linux kernel by requesting your free ebook of Linux Kernel In A Nutshell.

One Comment

  1. Geez, I feel like my computer is turning into a tablet or smartphone, where I’ll have to jailbreak it before I can even load the software I want, onto it. 🙁

    Actually, this is one of the reasons I have yet to purchase a tablet. Once I can dual boot GNU/Linux with KDE touch screen plasma desktop, then I’ll buy a tablet. Until then, I’m sticking with laptops… so long as I can keep installing the OS of my choice on them…

Leave a Comment

Your email address will not be published. Required fields are marked *