La gestion des DRM en perspective

B- The group of Article 29

The group of data protection resulting from article 29 of Directive 95/46 adopted last January^43(*) a working paper on the data-processing platforms of confidence, and, in particular, on the work carried out by Trusted Computing Group (Group TCG).^44(*) This one includes/understands a very significant number actors^45(*) of the data-processing sector and telecommunications of which the goal is, inter alia, of « to write draft specifications for a new generation of chips of safety hardware called Trusted Platform Modules (TPM) ».

One will note in this respect that « Chip TPM comprises the following functionalities:

- public key: generation of the pairs of keys, signature by public key, checking, encoding and decoding ;

- starting in confidence: the registers of configuration of platform (PCR) record sections of information of the configuration during all the sequence of starting. Once the computer moving, of the data (such as symmetrical keys for encrypted file) can «be sealed» under a PCR;

- initialization and management: these functions make it possible to the owner to use or not the chip, to give it to zero and to take possession of it. The new version of the specifications makes it possible to the owner to delegate a certain number of functions to the user ». ^46(*)

Nevertheless, work of this consortium is interesting to follow insofar as, on the one hand it includes/understands the whole of the major actors of the data-processing sector and télécoms and on the other hand it was committed respecting and to take into account the whole of the Community legislation relating to the data protection^47(*) such as that is specified and discussed in the document quoted above. The evolutions of the specifications of version 1.1 with version 1.2 propose in particular various solutions in agreement with waitings specified by the Group of Article 29.

One will mention here, and as example, the problems relating to the data protection via an external certification. Within this framework, the TCG envisaged two possibilities, that is to say :

- the intervention of a third of confidence which would certify the identity of the users to their correspondent, without revealing it ;

- to use the characteristic «Direct Anonymous Attestation (DAA)» which makes it possible the user to create a key of certificate of identity (Certificate Identity Key, AIK) without presenting the key of endorsing (Endorsement Key, EK), which constitutes a single identifier. ^48(*)

If no decision were still taken, one sees despite everything the efforts and the implications which can have a bringing together between various at the same time private but so institutional actors.^49(*)

* ⁴³ Article 29 Groups data protection, Working paper on the data-processing platforms of confidence, and, in particular, on the work carried out by Trusted Computing Group (Group TCG), January 23, 2004, 9p. www.europa.eu.int/comm/privacy

* ⁴⁴ The TCG is a non-profit institution which belongs to an international organization having adopted the specifications of the TCPA (Alliance for a data processing of confidence). Ibid, p.3. https://www.trustedcomputinggroup.org/home

* ⁴⁵ https://www.trustedcomputinggroup.org/about/members/

* ⁴⁶ Ibid, p. 4-5. It will be noted has that INTEL has just marketed new a range of processor intended to equip the personal assistants and mobile telephones multimedia which integrates its platform of safety «INTEL Wireless Trusted Platform». It has a system of integrated DRM which could prohibit the access to files not having the rights of access necessary (Christophe Guillemin, INTEL installs DRM in its chips for mobile apparatuses, April 20, 2004, www.zdnet.fr). One will be able to also read the document of INTEL entitled «  Intel® Wireless Trusted Platform: Security for Mobile Devices  »

ftp://download.intel.com/design/pca/applicationsprocessors/whitepapers/30086801.pdf

* ⁴⁷ Directives 95/46/EC and 2002/58/EC on the level of the data protection in general and data protection in the electronic communications. But also the provisions of the directives «trades electronic», Directive 2000/31/EC of June 8, 2000 and «signatures electronic», Directive 1999/93/EC.

* ⁴⁸ Ibid p.7.

* ⁴⁹ It does not remain about it less than certain questions remain open and in particular the fact in the future of knowing where will be the Thirds of confidence (PCA) bus considering the importance of the data which they have in their possession, of the protection measures more than adequate will have installation so that those are not stored at the same time in only one place but also in only one State.