The TCG (Trusted Computing Group), a nonprofit industry consortium that promotes what it calls "open industry specifications" that vendors use to create "more secure computing products," announced at this weeks CTIA conference, here in PDF form, that it has created a new set of use cases for improving mobile phone security.
The TCG said it intends to have a publicly available specification ready in the first half of 2006.
These use cases involve tighter vendor controls over digital rights management, device authentication, and more secure software downloads, mobile payments and mobile ticketing.
"Unfortunately, much of this security aims to help cell phone carriers cement their control over their customers," the EFF said Thursday in a statement on its Web site.
"TCG is proudly offering to help cell phone carriers lock down your phone," said EFF Staff Technologist Seth Schoen.
"The proposals described today aim to help your cell phone company decide who can publish software or media for your phone, whether you can load your own documents, and even whether you can switch carriers or resell your phone. These are not innovations that consumers will applaud."
TCGs mobile phone work groups active members include Authentec, Ericsson, France Telecom, IBM, Infineon, Intel, Lenovo, Motorola, Nokia, Philips, Samsung, Sony, STMicroelectronics, Texas Instruments, VeriSign, Vodafone and Wave Systems.
The group has been working to identify critical security issues, standardized approaches to them, and implementation.
"Security is increasingly important to the users, manufacturers, service providers and application providers for the increasingly complex mobile phone ecosystem and requires an industry-standard approach to ensure consistent and rapid deployment," said TCG chairman Janne Uusilehto, head of product security technologies at Nokia.
"TCGs experience, expert members and cross-industry membership make it an ideal organization to drive standards for more secure mobile phones."
TCG announced a set of 11 use cases that its members will discuss how to support with TCG technologies in cell phones. Among those, TCG suggested:
- Device integrity and SIMlock/device personalization, to ensure a device is locked to its network and prevents device theft. "This would prevent you from switching mobile carriers or reselling or donating your phone to someone else," said Schoen, of the EFF.
- Platform integrity and software use controls, to ensure the hardware and software are in a state intended by the manufacturer. "These which would let your cell phone company, not you, decide what software is allowed to run on your phone," Schoen said.
- Digital rights management support to protect content on the phone. "This helps publishers, not you, control how you can use media on your cell phone," Schoen said.
The complete list of TCG use cases can be found here.
"TCG says these new features are all in the name of security—whether they are protecting against viruses or ensuring that users cant take their phones with them when they change carriers and cant use third-party applications that arent provided by their carriers," Schoen said. "But this security is not necessarily for consumers benefit."
Despite the potential loss of control consumers will face if these standards are adopted across the industry, Schoen told Ziff Davis Internet that they are likely to be enacted.
"The disappointment is that the cell phone industry is a different culture from the personal computer industry, where users already are aware that there is choice in software that you use on your machine," Schoen said. "The cell phone industry came out of the old landline telephone business, where one company once had all the power.
"People used to rent their phones and buy the monthly service, all from the same company. They had little or no say in what kind of equipment they could use. It was even implied years ago in the telephone agreements that answering machines couldnt be used on home phones."
Schoen said that as a result of this culture, "cell phone culture hasnt quite gotten these ideas [about freedom of choice] down yet."