“3. Complete control by device owners
Device owners must be in complete control of (able to manage and monitor) all the trusted computing security systems of their devices. As part of exercising control over their devices, device owners must be able to decide how much of this control to delegate to their users or administrators. Delegating this control to third parties (to the device manufacturer or to hard- or software components of the device) requires conscious and informed consent by the device owner (i.e., also with full awareness of possible limits on availability due to measures taken by the third party to whom control options were delegated).
4. Freedom to decide
When devices are delivered, trusted computing security systems must be deactivated (opt-in principle). Based on the necessary transparency with regard to technical features and content of trusted computing solutions, device owners must be able to make responsible decisions when it comes to product selection, start-up, configuration, operation and shut-down. Deactivation must also be possible later (optout function) and must not have any negative impact on the functioning of hard- and software that does not use trusted computing functions.
5. Public administration, national and public security interests
Because trusted computing security systems are widely used in the private-law mass market, public administration can and should be able to benefit from the availability of cost-effective solutions as well. However, the operation and availability of devices in public administration and in the field of national and public security require the owner’s sole control over the trusted computing security systems on the devices used by the owner. Due to public and national security interests, under no circumstances may the owner be forced to give up control, even partial control, over a trusted computing security system to other third parties outside the public administration’s sphere of influence.”
As M$ insists OEMs ship UEFI “Secure Boot” enabled, the German government seemingly intends to ban M$’s OS from now on. That’s great. Trusting M$ with any IT is insane.