Microsoft promotes "Trustworthy Computing," a concept which it introduced at the beginning of 2002, as computing that is as reliable, available, private, and easy to use as the telephone. Trustworthy Computing is similar to Microsoft’s previously promoted concept of "Information at Your Fingertips" in that it describes a long-term goal for its products and services, rather than a specific set of technologies or practices. But unlike previous concepts promoted by Microsoft, Trustworthy Computing may actually delay the next round of product releases, will require new hardware and software, and will involve partners, customers, and the entire industry.

Computing as Dial Tone

Microsoft Chief Technical Officer Craig Mundie began discussing Trustworthy Computing at conferences in Jan. 2002, and Bill Gates referenced the concept in a memo to all employees emphasizing security and quality above "cool features." (See "Gates Puts Focus on Trustworthy Computing" on page 10 of the Feb. 2002 Update.) Now, it's become a theme: Microsoft speakers at the TechEd and WinHEC conferences in Apr. 2002 all had at least one Trustworthy Computing slide in their presentations.

Trustworthy Computing starts with the premise that for computers to become a bigger part of users' lives, users must be able to trust them. According to Microsoft (and others, including SUN), users should think of computer systems in the same way as they think about telephony today: people don't think twice about using a phone to place an important call, but just pick up the phone, hear a dial tone, and place the call, confident that they are talking to only the intended party and that no one else is listening in.

Before users will place such trust in computer systems, Microsoft believes that improvements must be made in the following areas:

• Availability—systems must be available when users need them
• Suitability—systems must have the right set of features to accomplish the intended job, and users must know which features meet their needs
• Integrity—systems must change information only in appropriate and intended ways
• Privacy—systems must ensure that users' information is collected and shared only with their full knowledge and consent
• Reputation—the providers of systems must be seen as reputable and trustworthy.

Many observers have used "Trustworthy Computing" and "security" interchangeably, but security is only one step on the way to Trustworthy Computing. Microsoft states that to meet the goals of Trustworthy Computing, the entire computing industry—including all makers of hardware, operating systems, and applications—as well as the corporations and individuals using the systems, will have to address not only security but also issues such as quality, system architectures, development practices, and computing policies (both internal corporate and government legislation).

Enterprises, Internet Spark Reappraisal

The concepts of Trustworthy Computing are not new—in fact, Microsoft could have published a white paper on Trustworthy Computing 15 years ago. But Trustworthy Computing has become particularly important to Microsoft for several reasons:

Enterprises. With sales of PC desktops slowing, Microsoft is focusing more than ever on the enterprise and, in particular, is trying to get its server software into enterprise data centers. In the past, when its typical customers were standalone users and workgroups or departments, Microsoft could promote lots of features at relatively low cost as benefits that outweighed issues of trustworthiness. For enterprises, the weighting of the two requirements is reversed.

Digital entertainment. Content owners are concerned that the PC allows unsavory users to easily pirate content with little or no quality loss and violate copyrights, and Microsoft must convince content owners that the PC can be a viable and trustworthy platform for entertainment. Without this confidence, content owners may deny access to the content needed to drive the PC into homes as an entertainment hub.

Internet. The Internet exposes an organization's computing systems to numerous users and systems that are outside of the organization's control and who might intend harm, making it more important that the organization’s computing systems be trustworthy. Additionally, Microsoft is counting on Internet-based commerce to drive sales of servers and software, but the growth of such commerce is slowed by users’ worries about privacy. End users are more aware of the risks of using computer systems to send and store private information, such as credit card numbers and account balances.

Antitrust and reputation. Microsoft's reputation has been harmed by revelations in the antitrust case, and this harm has had a direct effect on its business—for example, many partners would not sign up to participate in Microsoft's .NET My Services plan because they did not believe Microsoft would resist the temptation to use their customers' data for marketing purposes. (See "New Strategy Devised for .NET My Services" on page 20 of the Apr. 2002 Update.)

Impacts on Development, Lobbying

Regardless of its motives, the concept of Trustworthy Computing is already having an impact within Microsoft: the Windows group has a new focus on quality that may be part of the reason that Microsoft has delayed Windows .NET Server. (See "Windows .NET Server Delayed" on page 9 of the Apr. 2002 Update.)

Significantly more trustworthy hardware and software could also create a spurt of upgrade spending. Mundie is already hinting that today’s hardware and software cannot be made retroactively trustworthy, and that it will take years to get to truly Trustworthy Computing.

Finally, Microsoft and other companies will use concepts like Trustworthy Computing as the basis for lobbying government agencies and influencing legislation in the areas of product liability, security, and privacy. For example, Microsoft may try to influence current digital rights management bills being proposed in the U.S. Senate.

For a copy of Mundie’s "Trustworthy Computing" white paper, see www.microsoft.com/PressPass/exec/craig/01-31trustworthywp.asp.