(On a side note, I think we would have more online, cheap, free-to-copy music choices today if people would stop buying and/or illegally copying digital music. As consumers, we have the ultimate power over music vendors. If we all just stop buying music for a few months in protest of the unfair usage terms and pricing structures, I think we'd see the industry turn on a dime. Most of the music is pretty crappy, anyway — what would you be missing?)
2. Trusted OS
A few operating systems, including Windows Vista, use the TPM to help confirm a trusted boot path and to help encrypt information stored on hard drives. But security takes so much more than BitLocker Drive Encryption. The TPM chip, or something like it, is the root component of a secure computer communicating infrastructure, allowing hardware and software vendors to confirm that the starting boot path for the computing device was as intended and unmodified (for example, making sure a Trojan rootkit wasn't added to the mix).
After the verified boot process happens, a trusted and verified OS can be loaded. For example, 64-bit Windows Vista, where all drivers must be signed, is a start down this path, but it won’t be enough if only Microsoft does it. Every computing device’s OS must do the same, including OSes for Internet-enabled cell phones, BlackBerrys, mobile computing devices, and all the other devices we can’t imagine just yet. And the authentication must be extended for more than boot drivers — it should include any default OS component and installed application.
Every installed application should be authenticated during the install and before each startup. Software vendors, including Microsoft, are working toward this goal with various initiatives. The idea is to confirm to the end-user that every component they are using is trusted and authenticated. This needs to be extended to every process and thread used by the application. Essentially, not a single process can load into memory unless unmodified and preauthorized.
3. User authentication
Users must be securely authenticated when they log in, using something beyond simple passwords. At businesses, this would mean holding senior management and system administrators accountable for authenticating their own users and devices. For home users, this would mean holding the ISPs accountable for logons that result in gaining access to the secure portion of the Internet. Among other things, default authentication would prevent spam, as well as DDoS and phishing attacks.
Unfortunately, none of this will confirm that the authenticated tools, and the resulting data, aren’t used for maliciousness. Therefore, we need all network packets authenticated from source to destination. The users and computers creating or sending data will have to be authenticated and confirmed, and the packets are tracked and authenticated whenever data is sent from source to destination.
I’m not so worried about the data itself. Heck, the data can and should be encrypted by default. We just need to be able to track the packet from source to destination so that if something malicious is sent, we can track it back to its original source computer and authenticated user.