Voting and X-Ray machines? [LWN.net]

Laser & DRM

Posted Oct 5, 2006 13:18 UTC (Thu) by stijn (subscriber, #570) [Link]

In your example, in my opinion, the problem lies with willful violation of safety regulations, not with GPL v3. Making devices tamper proof is a wholly different dimension. Similarly, I don't have root access at the (Debian) workstation where I type this. It is a policy enforced by my employer, orthogonal to the workings of the GPL v2.

Laser & DRM

Posted Oct 5, 2006 13:42 UTC (Thu) by mingo (subscriber, #31122) [Link]

In your example, in my opinion, the problem lies with willful violation of safety regulations, not with GPL v3.

The problem lies in the GPLv3: in essence it declares the "tool of DRM" evil, without leaving for circumstances. It does so by defining the DRM keys to be part of the "Source Code" (see Section 1 of the GPLv3) - and hence forbids the non-release of keys upon redistribution (they are defined into source code, and thus must be released).

Without leaving for circumstances (except a limited list of hand-carved exceptions of a currently known good uses of DRM) it's just plain impossible to correctly map all "good" and all "evil" uses of DRM in advance. The GPLv3 allows little for the licensor (or the judge) to weigh circumstances - it forces the decision of "good vs. evil" right in the license. Furthermore, in its public messaging, the FSF does not even allow for the /possibility/ of "good" DRM uses - DRM has been villified in its entirety.

This is what i loosely described in other threads as "the GPL now gets into the business of defining good and evil, and it should not do so".

To go back to your suggestion: even if there's a blatant violation of safety regulations, if the manufacturer is proven to /not/ have done everything technically possible to protect health, it can be found liable. (there are precedents for that) So a manufacturer, if it cannot use DRM in its laser, X-ray, radio or radar machine might just pick another OS, just to be on the safe side.

And even if it's not found liable, the manufacturer's engineers might have (gasp) conscience.

Laser & DRM

Posted Oct 5, 2006 14:32 UTC (Thu) by nim-nim (subscriber, #34454) [Link]

> To go back to your suggestion: even if there's a blatant violation of safety
> regulations, if the manufacturer is proven to /not/ have done everything
> technically possible to protect health, it can be found liable. (there are
> precedents for that) So a manufacturer, if it cannot use DRM in its laser,
> X-ray, radio or radar machine might just pick another OS, just to be on the
> safe side.

If the tamper-proofness of the device is so important he should go ROM. DRM is not an absolute protection either.

Laser & DRM

Posted Oct 5, 2006 14:38 UTC (Thu) by stijn (subscriber, #570) [Link]

Right now I have not yet seen convincing examples where DRM could be Good. In the proposed scenarios the Goodness comes from preventing certain evil things, where to me it seems that those evil things are illegal to begin with and can be prevented by other means, e.g. contract, warranty, ownership, access and probably a few others. The proposed scenarios, as far as I am aware, furthermore have so far been thought experiments. Correct me if I am wrong. As for the "engineer's conscience", we drive cars that are well capable of killing ourselves and other people with a minimum of effort (and the list is neverending), never mind guns.

So on the one hand we have evil DRM marching in on our lives, limiting our rights and taking away stewardship, with no Good specimen yet to be discovered. On the other hand we have the possibility that Good DRM may further our lives at some point in the futures. As far as I am aware, the Good DRM in those scenarios 1) can be replaced by other means and 2) is likely not a definite remedy to the problem it is supposed to solve either.

I appreciate your concern about 'defining good and evil', but the considerations above and the scenarios thus far have to my mind not yet advanced the DRM case.

Then there is the issue whether the DRM clause now makes v3 transcend software by tying keys to the source. The discussions elsewhere have not convinced me that Pandora's box has been opened. It is a view consistent with the four freedoms that Tivoization violates the spirit of GPL v2, although I am still trying to decipher your Tivo/PC/harddisk/binary example elsethread!

Laser & DRM

Posted Oct 5, 2006 19:29 UTC (Thu) by drag (subscriber, #31333) [Link]

Exactly.

It's like saying:

Hey barcode readers owners shouldn't be allowed to tweak their devices. Therefore the GPLv2 is bad because it doesn't allow people to embed binary-only drivers into the Linux kernel to prevent this!

Also manufacturers are legally obligated to restrict certain frequencies and power outputs on their Wifi cards. The Linux kernel being GPLv2 doesn't allow people to embed binary modules to prevent this and thus GPLv2 is bad.

It's realy kinda silly.

Laser & DRM

Posted Oct 5, 2006 13:26 UTC (Thu) by nim-nim (subscriber, #34454) [Link]

This particular example is screaming "firmware" at me. Though I don't think the manufacturer would be the one condemned here.

Laser & DRM

Posted Oct 5, 2006 15:33 UTC (Thu) by GreyWizard (guest, #1026) [Link]

I don't doubt the sincerity with which you present this argument but it makes no sense to me. Either a shop owner owns or does not own the laser scanner. In the first case (as long as the manufacturer properly documents applicable regulations and potential safety hazards) modifications that break the law are clearly the responsibility of that owner. In the second case there is no reason the actual owner can't deploy tamper resistance and anti-DRM licensed software at the same time.

This appeal to emotion with regard to "hurting the little guy" doesn't stand up to reason. There are innumerable ways in which an employer could abuse an employee. Most have nothing to do with software, but an accounting package could accept payments below the minimum wage, cash registers could generate fake errors that the employee is forced to pay for and so on and so fort. Do you propose to address all of these problems with DRM too?

The law already deals with such problems effectively, but if we re-solve them with technology we can force the shop keeper to rent the devices from a third party (possibly the vendor) and use tamper resistance to achieve the same effect. An owner has historically been able to use property in any manner desired without interference from any party other than the government. Why should software change the definition of ownership?

Laser & DRM

Posted Oct 6, 2006 2:40 UTC (Fri) by sepreece (subscriber, #19270) [Link]

Why do you limit tamper resistance to rented equipment? Many manufacturers attempt to make their hardware tamper resistant, regardless of whether the equipment is intended for sale or rental. For instance, cases may be sealed (the case would be replaced if the item had to be repaired) or may require special tools or techniques to open.

The primary reason for this is liability. If you make a good-faith effort to make it hard to modify your device, you reduce the probability that someone will convince a jury that you negligently enabled a misuse or failure that caused damage.

A secondary reason is reputation. If the user modifies the device and it fails in a way that gets publicized, the press and the public will hear about it as the failure of your device. For instance, newspaper stories about exploding cellphone batteries almost always mention the phone manufacturer; if the retailer or the user has installed an aftermarket battery, that rarely gets mentioned.

The same factors apply to software. Of course, this only speaks to why the manufacturer cares. If user freedom is what matters to you, it may not matter whether the manufacturer has a legitimate reason to want to lock down the software in its devices.

Laser & DRM

Posted Oct 6, 2006 7:50 UTC (Fri) by nim-nim (subscriber, #34454) [Link]

For those rare cases where you need to be tamper resistant it's easy enough to:
1. use ROM
2. use an update jumper located inside the case you've already made tamper-resistent to protect from hardware mods

If you can't afford either, I guess the device is also "protected" with "warranty broken if opened" paper seals or locks with standard keys, so the only reason you're so sold on DRMs is:
1. they feel dirt cheap,
2. your tamper-proof critical device is so buggy you need to update it all the time
3. you have zero respect for the wishes of the people who wrote your free software

Laser & DRM

Posted Oct 6, 2006 13:46 UTC (Fri) by sepreece (subscriber, #19270) [Link]

There are several scenarios for flash-based software in consumer devices:

- Field upgradeability (adding new features, etc.); this is widely used in music players ["new iPod updater is available"] and set-top boxes. In the former case it's usually the owner doing the update; in the latter case the update is usually pushed by the service provider, more-or-less transparent to the user.

- Field repairs (fixing broken software); this is often included in the kind of upgrades described above; sometimes security updates are done, as for desktop software; again, it's usually either owner-initiated or pushed by the service.

- Customization in distribution; this is very important to the device manufacturers, especially for mobile phones; in this case the phone is flashed with a generic load in the factory and software specific to the carrier and/or market is flashed in distribution or at the point-of-sale; it would be possible to blow an e-fuse at that point to make all or part of the software nonmodifiable after sale, but the user would probably object, since they do sometimes ask for updates after they have the phone. There have been [very] rare phone recalls, but phone upgrades in the field are usually user-initiated.

Note that previous discussions have always centered around "user able to modify" versus "manufacturer able to modify". This ignores the more common real-world case of "user able to have the phone updated" versus "manufacturer able to update phone unilaterally".

Device manufacturers typically have no access to a device in the field [set-top boxes that are updated by a service provider are an obvious exception]. A mobile phone carrier has access, and sometimes uses it to push content updates and service-enablement updates, but generally not to update the base software. In most cases, only the user has the right/ability to initiate a software update. However, their only option is to select another manufacturer/carrier-approved load for their device.

I point this out only because it reshapes the discussion somewhat. The fairness argument has been presented as "pass along the same rights you have". In this case, the situation actually is more like "the end user can choose to upgrade the phone to a newer version of the software", which sounds much less asymmetrical.

Laser & DRM

Posted Oct 6, 2006 14:01 UTC (Fri) by nim-nim (subscriber, #34454) [Link]

However, as long as the recipient of the software binary and code is in control, the GPLv3 is happy. The reason why very improbable and creative scenarii have been presented so far is the GPLv3 absolutely does not forbid sane uses of signing and cryptography (such as your examples)

Laser & DRM

Posted Oct 7, 2006 2:15 UTC (Sat) by mikov (subscriber, #33179) [Link]

Even if you are right and the manufacturer is resorting to DRM only because they are dirt-cheap or the device is buggy, it is certainly not the GPL's place to make manufacturers "not cheap" or to force them to sell a high quality product.

Manufacturing is a much more complex, difficult, risky and expensive process than many people realize. It is absolutely nothing like releasing software and I feel that many people in their understandable zeal for software freedom are ignoring this, probably because they don't have first hand experience with manufacturing physical goods as opposed to software.

Pragmatically speaking, I feel that since GPLv3 cannot fully prevent all restrictions to software modification (as many people pointed out a ROM is an easy option), it should not attempt it all. Further on, even if GPLv3 is ultimately the right thing to do, seeing how it is splitting the community in two before our own eyes, it is very likely to do more harm than benefit (again, as many people have pointed out).

Laser & DRM

Posted Oct 7, 2006 12:46 UTC (Sat) by nim-nim (subscriber, #34454) [Link]

> Pragmatically speaking, I feel that since GPLv3 cannot fully prevent all
> restrictions to software modification (as many people pointed out a ROM is
> an easy option), it should not attempt it all.

Pragmatically speaking, I feel that since DRM cannot fully prevent all modifications (as many people pointed out a ROM is an easy option), it should not attempt it all

Liability & Reputation

Posted Oct 6, 2006 15:14 UTC (Fri) by GreyWizard (guest, #1026) [Link]

Both reasons are unconvincing. Many products are dangerous but cannot be made safer using DRM so the law must find a balance between requirments for manufacturers and end user responsibility. Why should a standard that suffices for makers of guns and baby toys not work for software too? Most people don't believe vendors should be held accountable for specialized changes made by third parties, so this is a public relations problem rather than a technical one.

But all of this is really beside the point. I didn't ask why a manufactuer might want to deploy DRM because that's obvious. Controlling devices after sale allows advanced market segmentation as well as more nefarious things that have been described elsewhere. I am asking if there is a public benefit that might justify the costs of tolerating DRM, not least of which is confounding the age old notion of ownernship which has served society well.

Liability & Reputation

Posted Oct 6, 2006 18:55 UTC (Fri) by sepreece (subscriber, #19270) [Link]

I didn't actually claim that DRM made the products safer [and, of course, I was talking about Trusted Computer, rather than DRM]. It makes the manufacturer safer by reducing potential liability. In the particular example that started this subthread (modifying the software controlling a laser to increase its output) it presumably would also make the product safer, but that's not really what we were talking about.

You actually asked why software should be different than hardware. I wasn't really arguing that it should. The same kinds of liability and PR issues attach to hardware as well, and manufacturers typically do what they can to avoid user modification of dangerous or regulated hardware, including things like sealing cases, drilling out screw heads, and using sealed modules.

You ask now if there is a public benefit to tolerating locked-down software [I assume that's what you meant by DRM in this context.] For regulated devices, I think there is a clear public benefit; otherwise the devices wouldn't be regulated. Note that here you asking for software to be treated more permissively than hardware, where you had previously asked why they should be treated differently - there are no legal restrictions on manufacturers' ability to make hardware unmodifiable.

You posit commercial and nefarious reasons for manufacturers to deploy DRM. I certainly know of cases where manufacturers have used reversible technical measures (either hardware or software) to downgrade special versions of products, so that they could sell them at lower prices than products without those restrictions. This is sometimes referred to as "slugging". In most cases those have been in situations where there was a contractual relationship preventing the customer from (like the well-known case of the IBM unit-record equipment that could be jumper-modified to be twice as fast]. TC clearly would help the manufacturer avoid customer self-upgrades. I don't consider that to be nefarious (nor qualitatively different from the case where exactly the same end is achieved with a one-way change that makes the device non-upgradeable).

I don't expect to convince anybody who is already convinced in the other direction. If you believe the freedom of your code is paramount, and don't mind that that freedom limits its use in certain kinds of devices, that's your choice.

Public Benefit is the Question

Posted Oct 10, 2006 3:44 UTC (Tue) by GreyWizard (guest, #1026) [Link]

I was talking about Trusted Computer, rather than DRM

Then you were off topic. You comment is a reply to mine which is about DRM. That comment is attached to an article about the GPLv3 drafts which would prohibit distribution of code licensed that way to implement DRM. Perhaps you are confused about what the relevant clauses of the GPLv3 drafts do and suppose that they restrict activities which are not DRM?

It makes the manufacturer safer by reducing potential liability.

This claim is fanciful in the case of DRM and questionable otherwise. I have some devices which are user servicable and others with comparable purposes which use sealed cases of one kind or another. Do you contend that the manufacturers of the former are more exposed to liability than the latter? I find that hard to believe. Once I take a screw driver to a thing the results are clearly my responsibility, which is why there are sometimes safety warnings on stickers covering the screws. On the other hand I have no trouble believing that liability and public relations are excuses to conceal motives such as market segmentation.

Making dangerous things easy might make a manufacturer liable. Failing to make them impossible will not. Generally speaking, making a laser scanner with a knob that allows the output to be set to unsafe levels is a recipe for trouble. Making a laser scanner for which the user can extract the source code, modify that using specialized programming skills, compile and install the result is not. Good luck convincing a court that you did all that accidentally.

You ask now if there is a public benefit to tolerating locked-down software [I assume that's what you meant by DRM in this context.]

Here is the text you responded to: "I am asking if there is a public benefit that might justify the costs of tolerating DRM [...]" I am pleased that when I write "DRM" you *presume* that I mean "DRM" but I cannot guess your motive for making a fuss about this.

For regulated devices, I think there is a clear public benefit; otherwise the devices wouldn't be regulated.

What you seem to be saying is that "compliance with appropriate regulations is good" implies "any measure which makes non-compliance more difficult is good." Nonsense. Every check on compliance has a corresponding cost. Requiring a police officer to monitor the use of all laser scanners would make it much harder to use an unsafe power level than merely deploying DRM, but obviously this is not a reasonable solution.

So far uses of DRM that don't involve managing digital rights seem like solutions in search of problems.

Note that here you asking for software to be treated more permissively than hardware, where you had previously asked why they should be treated differently - there are no legal restrictions on manufacturers' ability to make hardware unmodifiable.

You believe I am asking for this because it pleases you to do so, not because I have suggested legal restrictions on locking down software or otherwise proposed some policy. Perhaps you are confused by the phrase "tolerate DRM"? By this I did not mean "allow DRM to be a legal practice" (this community has no power to make that decision) but "permit software that we write to be used to implement DRM" -- in other words reject the relevant provisions of the GPLv3 draft. I have been asking for an explanation of how DRM might benefit the public as well as criticising some examples that seem poorly thought out (specifically voting machines, x-ray equipment, liability and reputation).

You posit commercial and nefarious reasons for manufacturers to deploy DRM.

A discussion would be easier if you bothered to read before responding. I noted that the reasons manufacturers like DRM include advanced market segmentation (of which your story about "slugging" is an example) as well as more nefarious reasons. I did not offer an opinion on whether advanced market segmentation is nefarious, except to say that more nefarious reasons exist. Anyway, the point of all that was to say that there is no question that some manufacturers like DRM. They do.

The issue worth discussing is whether DRM can provide a practical benefit to the public. That your attempts at an answer are muddled nonsense does not prove that a reasonable affirmative case can't be made, so I don't know the answer.

Public Benefit is the Question

Posted Oct 13, 2006 2:03 UTC (Fri) by sepreece (subscriber, #19270) [Link]

Umm, The topic of the thread was technology used to lock down software so the user/owner can't modify it. That's TC, not DRM. TC is often used in implementing DRM, but is not iteslf DRM, in normal usage.

Your belief that fear of liability is fanciful may make you comfortable, but the corporate lawyers I know disagree with you. And, yes, a device that is user-serviceable carries more potential for liability than one that isn't, other things being equal. I never said it was practical or a goal to remove all risk of liability; that doesn't reduce the impetus to reduce it where the cost is not prohibitive.

"I have been asking for an explanation of how DRM might benefit the public as well as criticising some examples that seem poorly thought out (specifically voting machines, x-ray equipment, liability and reputation)."

Cell phones are a reasonable example of a place where there is a public good in making operating software non-modifiable except by authorized parties. Modified cell phones could be used to disrupt cellular networks that are considered to be public safety assets. As to actual DRM, as opposed to TC, I guess I'd have to ask how you define "public benefit". Is it a public benefit to make content available to consumers that otherwise would not be?

I did not say you said that market segmentation was nefarious, I said you had posited commercial and nefarious raasons. I intended that to mean reasons that were commercial and reasons that were nefarious, but I guess that it was ambiguous.

DRM is the topic

Posted Oct 15, 2006 3:05 UTC (Sun) by GreyWizard (guest, #1026) [Link]

Umm, The topic of the thread was technology used to lock down software so the user/owner can't modify it.

No, the topic is DRM. I should know since it was my comment that started this thread. I said, "Perhaps there are legitimate uses for DRM [...]" and did not mention any implementation technology. Your comment that began this sub-thread is attached to mine, in which I mention DRM twice and Trusted Computing not at all. Finally, this thread is attached to an LWN article titled "Similar in spirit?" which likewise mentions DRM but not Trusted Computing. The controversial GPLv3 draft terms in question would prohibit DRM but not any particular technology. There is no reason to be discussing Trusted Computing in this context.

Your belief that fear of liability is fanciful may make you comfortable, but the corporate lawyers I know disagree with you.

Are you referring to fear of liability in general? If so, then you are off the mark yet again because I made no statement about that. Here is the text you are responding to: "This claim [that DRM makes a manufacturer safer by reducing potential liability] is fanciful in the case of DRM [...]" If not and you intend to demonstrate that fear of liability caused by leaving out including DRM is reasonable then you must do better than invoking unnamed lawyers who take your position. Can you name one? Can you cite a case in which a manufacturer was found liable for failing to include DRM? Do you even have much weaker evidence like a manufacturer that explicitly claims in a public statement to use DRM for reducing liability?

Cell phones are a reasonable example of a place where there is a public good in making operating software non-modifiable except by authorized parties.

Cell phones are an excellent example of a technology where openness would benefit the public by unlocking the potential for innovation. Despite the message you are replying to you still ignore the costs of preventing modifications. For good measure you overstate the benefits too: a cell phone is not the only or even the most convenient way to disrupt cellular networks. Cell phone jamming devices are illegal but readily available and possibly even a benefit to the public in some cases. (See http://www.slate.com/id/2092059/ for a thought provoking discussion of this topic.) A case for the public benefit of DRM needs less ambiguous examples.

DRM is the topic

Posted Oct 17, 2006 14:11 UTC (Tue) by sepreece (subscriber, #19270) [Link]

"in which I mention DRM twice and Trusted Computing not at all"

I apologize. Your note that started this thread mentions DRM twice and "tamper resistance" also twice. One of those uses is in a place where it appears to be paralleled to "DRM". I mistakenly took "DRM" to be mteaning tamper resistance, which I interpreted as TC (locking down the software, as opposed to content). The base LWN article, however, is about TC (anti-Tivoization) as much as it is about DRM.

I am not free to quote or name our corporate lawyers. However, the liability w/r/t DRM would be based on contract conditions with whatever service the DRM was protecting. Similar issues could arise at several levels in a cell phone context (the content provider(s) and the carrier). For cell phones, there would also be potential liability for network damage or interference caused by a modified device. That last liability would be unlikely to end up in court, but would be a factor in negotiations between manufacturer and carrier.

The fact that there are other means of jamming cellular networks is completely irrlevant to the question of whether it's a public benefit to avoid malicious modification of cell phones. The phone itself is a particularly easy and ubiquitous vector for an attack. Note that there are cases of incorrect operation by phones (not modified phones) not just doing local jamming, but bringing down a broader network.

I'm not sure what you're asking for in saying that I'm ignoring the costs. I'm sure there is an opportunity cost in reduced innovation, though I don't think you can quantify it any better than I. On the other hand, contractual requirements with carriers make it, to some extent, a moot point - the level of TC support required by the carriers for tamper resistance is increasing steadily.

Again, I am interpreting "DRM" in this case to mean "tamper resistance", which I take to mean "trusted computing", because that's what you seem to be talking about. DRM (content control) clearly has nothing to do with protecting the network. I agree that it's hard to quantify the public benefit of DRM.

There clearly is public demand for content that the content owners will make available only under DRM. Some of that content is stuff that most people would describe as a public benefit (educational and cultural material). Obviously, there is also public demand for other things that would not usually be considered a public benefit (like pornography), so demand is not a sufficient argument.

Defining DRM

Posted Oct 17, 2006 19:20 UTC (Tue) by GreyWizard (guest, #1026) [Link]

The base LWN article, however, is about TC (anti-Tivoization) as much as it is about DRM.

I'm not sure what you mean by this. The LWN article is about the GPLv3 drafts, which would prohibit the use of covered software in systems that implement DRM. By DRM I mean a system which enforces some software behavior regardless of what the owner might want. This seems to be the conventional definition of the term, so "Tivoization" is DRM. Trusted Computing is a technology with which DRM and possibly other things can be implemented. Since the GPLv3 drafts would affect Trusted Computing only when it is used for DRM I still don't see how it can be relevant.

However, the liability w/r/t DRM would be based on contract conditions with whatever service the DRM was protecting.

DRM clearly has advantages for the businesses who control the keys in the same way censorship is an advantage for those implement it. The question is whether a free software license should attack DRM. I don't propose to answer that question but clearly contracts between vendors are not relevant.

The fact that there are other means of jamming cellular networks is completely irrlevant to the question of whether it's a public benefit to avoid malicious modification of cell phones.

On the contrary, the availability of jamming devices demonstrates that cell phone network disruption is not a serious problem in practice.

Consider an analogy. Some programmers create malicious software that attacks exposed internet services. Wouldn't there be a public benefit to regulating compilers and using DRM to embed identifying information in all source code? This way people who do harm could be discovered and punished. Isn't the availability of unauthorized compilers completely irrelevant to the question of whether this would be beneficial?

I'm sure there is an opportunity cost in reduced innovation, though I don't think you can quantify it any better than I.

I'm not asking you to quantify it exactly but to think through the consequences. DRM doesn't seem to accomplish anything for cell phone network robustness that couldn't be done more effectively with proven technology, but it clearly creates problems. Gloves can be used to avoid leaving fingerprints at the scene of a crime, but we don't insist they be registered. Cryptography can be used by criminals for conspiracy, but this is not a strong enough reason to keep it out of the hands of legitimate users. For the same reason, we should not insist on preventing people from changing a cell phone operating system merely because we can imagine disruptive uses.

There clearly is public demand for content that the content owners will make available only under DRM.

There is no shortage of educational and cultural material on the market and the notion that content owners are sitting on an enormous pile of it that they will only release when the playing field is tipped still further in their favor is often presented by certain trade associations but is always unescorted by evidence. We've reached the point of diminishing returns on that strategy. Distributing material under copyright without the consent of the owner is already illegal and successful enforcement happens all the time, often without the need to go to court. Indeed, enforcement is so easy that legitimate uses are often suppressed. Denying people control of their own computers is not going to improve this situation.

Defining DRM

Posted Oct 18, 2006 22:20 UTC (Wed) by sepreece (subscriber, #19270) [Link]

"By DRM I mean a system which enforces some software behavior regardless of what the owner might want. This seems to be the conventional definition of the term, so "Tivoization" is DRM."

I haven't heard "DRM" used this way other than in this discussion of GPLv3. The conventional use of "DRM" is for content control (management of access rights to content). That was my point (and I'm not the only one who has tried to make that point in both this discussion and in the Busybox discussion that was on the same LWN front page). Locking down software is TC, not DRM.

"clearly contracts between vendors are not relevant"

All I can say is, it's not irrelevant to the companies that make consumer electronics, nor to the people who want to buy content despite the DRM that the content owners require. You are, of course, free to consider that they are irrelevant.

"we should not insist on preventing people from changing a cell phone operating system merely because we can imagine disruptive uses."

Well, we DO choose to ban or control some things with dangerous or disruptive uses. So far, the manufacturers, the carriers, and the FCC are on the side of controlling this one. If you can convince them otherwise, then arguing about the GPL would be unnecessary. Changing the GPL isn't a high-leverage approach to convincing them.

"Denying people control of their own computers is not going to improve this situation."

Generally, they're not being denied control of their computers, even if you buy the argument that a cellphone should be considered a computer. They're being denied the ability to access services with untrusted clients. That seems to me to be within the purview of the service providers, regardless of the ownership of the device.

DRM, DRM, DRM

Posted Oct 19, 2006 3:05 UTC (Thu) by GreyWizard (guest, #1026) [Link]

The conventional use of "DRM" is for content control (management of access rights to content).

And in what way does this statement contradict mine? Tivo clearly employs DRM for content control. That the conventional use is content control does not deny the possibility of other uses. The LWN article seems to agree with me, as it refers to the GPLv3 draft provisions that would affect Tivo as "anti-DRM provisions" several times.

Locking down software is TC, not DRM.

First, Trusted Computing is but one technology for locking down software. See http://en.wikipedia.org/wiki/Trusted_Computing for more details. Second, locking down software can be done under the control of the hardware owner or some other party. Since the GPLv3 has no effect on the former case it should be clear that locking down software in general is not what is at issue. We need some term that expresses only the latter. DRM seems to be that term as far as I can tell (though of course DRM can be implemented less effectively without hardware), but if that usage offends you propose another term that doesn't confuse the issue in this way.

Here is the text you were responding to: "The question is whether a free software license should attack DRM. [...]clearly contracts between vendors are not relevant." In what way is it unclear that "relevant" means "relevant to the question" in this case? Replacing the plain meaning of those words with the notion that companies making consumer electronics and the people who buy them are "irrelevant" in general is either an incredible failure of comprehension or outright intellectual dishonesty.

Well, we DO choose to ban or control some things with dangerous or disruptive uses.

Cell phone disruption is generally much less dangerous than guns or drugs, to choose two such things over which there is much disagreement. The preferences of established economic powers and the politicians they patronize does not demonstrate that strict regulation in the specific case of cell phone operating systems would be appropriate or reasonable.

Changing the GPL isn't a high-leverage approach to convincing them.

Some people would dispute this claim and many who wouldn't still find ensuring that their software is not used to implement DRM reason enough. But this is a larger issue than the one raised by this thread, which is merely whether DRM has advantages for society as a whole.

Generally, they're not being denied control of their computers, even if you buy the argument that a cellphone should be considered a computer.

I wrote about "denying people control of their own computers" in response to your claim that there is "public demand for content [...]available only under DRM" which was not specifically about cell phones. That said, while one might plausibly argue that control of a cell phone operating system is unimportant or that cell phones are such special purpose devices that freedom is not useful enough to defend (we'll have to agree to disagree on these points) the ability to replace cell phone operating system software is undeniably a form of control and a modern cell phone is most definitely a computer.

Since you've forced me to revisit this, I wish I had noted in my last message that claiming DRM is good for the public because content owners will only release things the public wants under those circumstances is circular reasoning. Suppose the public wants cultural or educational content owned by an organization that refuses to release it without a human sacrifice. Does this demonstrate that human sacrifice is good for society?

Laser & DRM

Posted Oct 6, 2006 12:22 UTC (Fri) by man_ls (subscriber, #15091) [Link]

The GPLv3 does not allow the use of DRM in a couple of other cases, for example to prevent the tweaking of barcode-reader laser light intensities by shop owners.

How come changing the intensity of a laser is "DRM"? Where are the "digital rights" that are managed? Those of the employee, those of the employer? Sorry, Ingo, but you are tweaking your meanings once again; you are presenting another example of "Trusted Computing" as defined by Microsoft et al, or of a Trusted Platform Module (TPM). Not DRM. The difference is important and crucial to this debate.

For a TPM, the key might be set by the owner at the time of purchase and changed whenever was thought necessary. For DRM the key must stay in possession of the manufacturer / developer. A TPM is a possible solution to the problem presented, even though technically it is not very good (allowing software to change laser intensity above a certain level is probably a bad idea). DRM is not a possible solution.

Note that the FSF is against "Trusted Computing" (Stallman calls it "Treacherous Computing") as well as against DRM.

Again, the reason for the injustice is that the FSF is making the false assumption that DRM is "evil", and that "upstream" providers are doing "evil lock-in", while "downstream recipients" are the "victims".

This distinction is the very essence of DRM. Corporations distributing "content" to passive consumers.

Laser & DRM

Posted Oct 6, 2006 13:59 UTC (Fri) by sepreece (subscriber, #19270) [Link]

While I completely agree that the distinction between DRM and Trusted Computing support is important, and actually pointed it out in a comment in one of these treads yesterday, it's wrong to point at Ingo as the source for confusing them. The blame for that confusion is pretty much universal. Stallman has done it, the kernel developers did it in their statement. Ingo was just using "DRM" as it has been widely used in the multiple discussions over the last couple of weeks.