LWN: Comments on "Linux Implements Support For Trusted Computing, Safer Online Transactions (The Gov Monitor)"

In other words, DRM from top to bottom ...

niner — Thu, 26 Nov 2009 21:23:57 +0000

Then your lady should have an occasional look at the law.

If I may cite Austrian law on this:
"§ 40b. Wird ein Computerprogramm von einem Dienstnehmer in Erfüllung
seiner dienstlichen Obliegenheiten geschaffen, so steht dem Dienstgeber
hieran ein unbeschränktes Werknutzungsrecht zu, wenn er mit dem Urheber
nichts anderes vereinbart hat."

In English (for anyone interested): if a computer program is written by an
employee while fulfilling his duties to his employer, the employer gets
unlimited usage rights unless he arranged something different with the
program's creator.

http://www.ris.bka.gv.at/Dokument.wxe?Abfrage=Bundesnorme...

Some further explanation:
http://www.fnm-austria.at/erf/info/de:Arbeitsergebnisse

In other words, DRM from top to bottom ...

anton — Thu, 26 Nov 2009 20:39:10 +0000

Sure, the fingerprint system may help against a casual attacker. However, given a determined attacker you have delivered the key with the lock, because your laptop undoubtedly is decorated with lots of fingerprints of all your fingers.

In other words, DRM from top to bottom ...

anton — Thu, 26 Nov 2009 20:31:10 +0000

In Austrian law (and a number of other European countries) the Urheberrecht belongs to the author and is not transferable (unless the author dies). There are also the Verwertungsrechte (usage rights), and they can be licensed and maybe transferred to others, but that's up to contracts. There is no automatic transfer of any rights by law, and when I asked the legal department of TU Wien about this, the lady at the other end was very surprised about my question; the idea of such an automatic transfer was obviously completely alien to her.

In other words, DRM from top to bottom ...

Baylink — Wed, 25 Nov 2009 21:05:40 +0000

Way to strawman electronic voting systems, there, guy.

The places in which a voting system needs to be strong are well known, and there are perfectly usable approaches to utilizing electronic assistance in as many of them as possible without turning any of the process into a black box.

That the US did not *choose* these approaches, with the "Help America Vote (The Way We Want Them To) Act", does not mean that they do not exist, nor that their design is not robust.

In other words, DRM from top to bottom ...

drag — Tue, 24 Nov 2009 18:26:37 +0000

In the USA it depends.

I think as a employee usually you do a NDA or something like that were you
agree that all work done at work is your employer's copyright. I don't
think that is entirely necessary from a legal standpoint, but it helps make
sure people understand what is going on.

If your a contractor then that is much more out in the open. I suppose most
of the time contractors will provide copyright transfers as part of their
service, but that is really up to the contractor and the employer to
negotiate and can go either way.

Now there are some dirty tricks that are common among Universities and
whatnot. A lot of those people feel that by providing a educational
environment they are providing a community service so that things like
doing software patents is just natural for them to do to raise capital. A
sense of entitlement.

So what happens at a lot of those places is that Universities will take
student software and inventions and get software patents and take control
of the copyrights. A few times students have tried to fight them, but if
they are doing it as part of classwork and are doing it using facilities
provided by the university then I think they generally lose.

So if your a employee or, especially a student, and you want to do
something on your own you can later profit from or whatever then make sure
to do it on your own time with your own equipment or you may lose control
of it.

In other words, DRM from top to bottom ...

brinkmd — Tue, 24 Nov 2009 15:46:23 +0000

This is a very common misunderstanding, and one that really hurts every discussion of TPM. Benefits such as hard-disk encryption can be achieved without problems even if all keys in the system are known to the user (at least in principle). Nobody is against that as far as I know. In this scenario, the TPM is nothing but a glorified smart card with some tamper-resistant storage and a crypto OS.

The point of contention has been the remote attestion feature, which relies on a secret key in the TPM chip that is not known (and must not be known) to the owner of the hardware, but only to the manufacturer. This remote attestion feature in principle allows third parties to verify the content of the system, and implementation of other supsicious features. It is not needed for local disk encryption.

This is why the GPLv3 allows TPM features in software, but only if all keys are provided to the user. This effectively disables all features based on remote attestion (DRM etc), but does allow local disk encryption etc.

In other words, DRM from top to bottom ...

brinkmd — Tue, 24 Nov 2009 15:40:58 +0000

Interesting, is the Gforth case documented somewhere (news articles, etc)? It would be an interesting case study.

I am not sure your interpretation of the law is correct. It's certainly complicated, and the complications are one reason the FSF stays out of this issue. Also, it may be significantly different in Germany and the US, and the FSF is a US based organization (with some quite US-centric views on politics).

In any case, the comment I was replying to was directed at the consumer protection clauses against DRM in the GPLv3, and that specifically addresses "consumer products" only ("either (1) a "consumer product", which means any
tangible personal property which is normally used for personal, family,
or household purposes, or (2) anything designed or sold for incorporation
into a dwelling.")

In other words, DRM from top to bottom ...

tialaramex — Tue, 24 Nov 2009 15:11:44 +0000

Those built-in fingerprint verification systems don't have a good security reputation

However, in practice there are few scenarios in which weakness of the fingerprint system matters at all. The most common laptop specific security problem is "I left it on the train / in a pub / etc." and I think full disk encryption gives a reasonable level of peace of mind in that type of scenario regardless of whether the key is protected by a passphrase, a USB dongle or a fingerprint reader.

Needs legal changes as well

giggls — Tue, 24 Nov 2009 14:40:04 +0000

Number 4 is what gaming consoles basically are.

In other words, DRM from top to bottom ...

Cyberax — Tue, 24 Nov 2009 14:35:52 +0000

We use TPM to prevent leak of medical records, even if a server with then is physically stolen.

My notebook uses full-disk encryption with keys in TPM, unlocked by my fingerprint (with validation done in hardware). It's also quite nice.

In other words, DRM from top to bottom ...

niner — Tue, 24 Nov 2009 13:11:47 +0000

That's not correct according to my understanding of the law. The code you
produce at work belongs to the company you work for. That's written in
German and Austrian law. If this code is an extension of a GPL'ed program,
that is still true. You may not take this code and use it for private
purposes _unless_ the company distributes the code and or binaries of the
resulting program. In this case you as a private person may obtain a copy
and get the full rights granted by the GPL. But the company has to
distribute it. If it does this development solely for in-house use, you
have no rights because the GPL explicitly only covers distribution. It
says something like "if you _distribute_ the program, you have to grant
these rights to the one you distribute it to".

Be careful! A wrong understanding of what this license can do and does may
lead to serious trouble.
IANAL.

In other words, DRM from top to bottom ...

forthy — Tue, 24 Nov 2009 12:57:19 +0000

The FSF probably won't liberate you, slave, but in general, the GPL also protects you as employee. A team-member of the Gforth team once ported Gforth inside G&D to a smartcard, and since Gforth was under GPL, and he demanded to get the modified sources outside, he could do so. And this is a extremely secretive and security-sensitive company, with very tight control, and separated networks and so on.

You, as employee, have the same rights to get the source code under GPL as any other person which obtains the binary. Your employment contract, your NDA, they all don't cover this. You may refrain from doing so as "gentlemen agreement", but it is not binding, and it shouldn't harm you if you don't follow this agreement. I.e. if you work on an in-house application using a modified GPL program, you don't have to take the source outside, but if you do, your boss can't do anything about it. It's your right. At least under German law, where copyright bases on a non- and the company only owns an exclusive license - which it can't for a GPL program.

Needs legal changes as well

fritsd — Tue, 24 Nov 2009 12:55:37 +0000

IANAL and I haven't thought it through yet, but I suspect it will be very useful, after more of these TC devices enter the market, to have mandatory government-enforced labels on computer devices, and actual lawsuits with massive damages for "false advertising" if they are misleading, to categorize four new types of computers:

1. general-purpose computers for which the owner owns the TC keys
(this would be what we now call a "PC" or "computer')

2. special-purpose computers for which the owner owns the TC keys
(this would encompass routers, TVs, game consoles etc. that the FSF would be happy with)

3. special-purpose computers for which someone else owns the TC keys
(good: medical devices?, bad: TIVO)

4. general-purpose computers for which someone else (RIAA?) owns the TC keys
(IMHO these should be banned from the market but at least they should NEVER be allowed to be sold as "computers", only with a clear warning label "if you buy this don't believe that you really own it").

Call me a cynic but I've seen a case where a PC had a factory-locked BIOS where nobody knew the password and I see the writing on the wall that category 4 WILL come into being if it's profitable and not stopped :-)

In other words, DRM from top to bottom ...

freemars — Tue, 24 Nov 2009 11:51:58 +0000

But think about untamperable voting systems

I'll stick to bits of paper and an opaque box ThankYouVeryMuch. The fairness of a voting system needs to be something the average high school graduate can verify. Suppose determining the validity of a voting system required someone with an advanced degree in biochem?
How do I know the election judge didn't just trigger 10 votes for candidate Z?
Trust the expert...
How do I know my vote will be counted?
Trust the expert...
How do I know my vote is annonymous?
Trust the expert...
Bleh.

But for critical life support and smart-enough smart bombs -- sure, use DRM if it will help.

Linux Implements Support For Trusted Computing, Safer Online Transactions (The Gov Monitor)

giggls — Tue, 24 Nov 2009 10:46:51 +0000

I was wondering if this will work with interpreted languages?

If a trusted binary happens to be your favorite scripting language interpreter the whole stuff would not be that useful anymore.

To a smaller extend this will even be true for /bin/sh which will allow for any untreusted shellscript to be executed.

In other words, DRM from top to bottom ...

ledow — Tue, 24 Nov 2009 08:26:45 +0000

Think about the uses of Linux, though.

We're not talking people's desktops using TPM to control the spread of MP3's... that's the domain of other, inferior operating systems.

But think about untamperable voting systems, embedded control devices in military applications, life-support etc. With those, TPM is actually pretty damn vital in one way or another and without that, Linux will always be a second-class citizen.

Nobody is suggesting that people will run out and DRM all their music collection because their PC has TPM compatibility... that's just stupid. But the places where you *need* to ensure that nobody has tampered with the machine, that's a bit more important.

In other words, DRM from top to bottom ...

Trelane — Tue, 24 Nov 2009 02:58:25 +0000

(To be clear, the "Ugh" was directed at the latter two campaigns; the hardware endorsement thing is a very, very good idea IMHO, and long overdue)

In other words, DRM from top to bottom ...

Trelane — Tue, 24 Nov 2009 02:55:09 +0000

Interestingly, I just got a newsletter about the FSF's new "Protects Your Freedom" hardware endorsement program. From the newsletter, since I can't find a web page on it:

I write to you this holiday season with exciting news to report. We are preparing to launch a new hardware endorsement program that will see consumer product packaging carrying an FSF endorsement mark with the slogan, "Respects Your Freedom." The first product endorsed - to be announced during December - will be a netbook running gNewSense, a fully free GNU/Linux distribution.

An FSF endorsement will tell the world that a product respects everyone's freedom: meaning any user can change the device and make it doe whatever the hardware is capable of doing, as all the hardware is fully compatible with free software. Users can play without the fear of proprietary licensing and its associated legal threats. The endorsement will be backed by the FSF's rock-solid commitment to software freedom and users' rights. Our endorsement tells everyone in the world that the software on these products can be trusted completely to work for them. The program will be open to all device manufacturers, and over time we hope that it will encourage citizens to seek out products that carry our mark, helping to build a sustainable environment for computer user freedom.

So much better than BadVista and 7Sins. Ugh.

In other words, DRM from top to bottom ...

drag — Tue, 24 Nov 2009 02:27:27 +0000

Well I was thinking about situations like that, but with different types of
keys.

Probably what would be smart if you depended on something that was
'brickable' and was important to you would be to print out the key into
"ascii armor" format and put it in a fireproof safe and then in a bank drop
box or something like that.

Although I suppose escrow would make sense for some types of companies.

In other words, DRM from top to bottom ...

gmaxwell — Mon, 23 Nov 2009 23:50:26 +0000

It's also fairly easy for manufacturers to avoid the GPLv2 if they really want to. FreeBSD is not GPL, WinCE is not GPL, code you write is yours to do with as you wish, etc.

Presumably the GPL applications have some advantages which offset the obligations.

Hopefully manufacturers will see advantages in shipping with GPLv3 covered code which are sufficient to offset the potential advantages of the few user-freedom-unfriendly business models that v3 inhibits.

I suspect that this is self-balancing: The more freedom unfriendly devices there are, the more some developers will be inclined to adopt v3, the more advantage freedom friendly devices will gain and the less attractive denying freedom is as a business model.

In other words, DRM from top to bottom ...

brinkmd — Mon, 23 Nov 2009 23:44:01 +0000

It's true for consumers, but it is not true for workers. The FSF stays out of B2B and business-internal politics. This is then about owning the means of production.

In other words, DRM from top to bottom ...

mheily — Mon, 23 Nov 2009 23:15:57 +0000

It's pretty easy for manufacturers to avoid the GPLv3 if they really want to. The Linux kernel is GPLv2. Busybox is GPLv2. uClibc is LGPLv2. Combine these three and you have the basic ingredients for an embedded computer/appliance. This is what Google has done with the Android platform, for example.

In other words, DRM from top to bottom ...

gravious — Mon, 23 Nov 2009 23:01:58 +0000

This is true. And when you think about it, this could actually be a real opportunity for FOSS because it can assure people because of its openness while proprietary-ware can't except for, "trust us - you're in control, really"

In other words, DRM from top to bottom ...

Cyberax — Mon, 23 Nov 2009 22:52:54 +0000

TC systems usually allow you to reset them. That requires proof of physical presence (typically, you need to press a certain key) and destroys all existing keys on the TPM.

In other words, DRM from top to bottom ...

niner — Mon, 23 Nov 2009 22:15:33 +0000

I'd say especially because of GPL3 this does not scare me so much anymore.
GPL3 makes sure our freedom is protected, so we can enjoy the nice side of
this technology. And there are for sure quite a few use cases where having
tight control over which software runs on a system is a good thing to
have. This is a powerful tool and like with every such thing it depends on
the one yielding it. GPL3 makes sure, that it's ultimately the user.

In other words, DRM from top to bottom ...

gravious — Mon, 23 Nov 2009 21:55:11 +0000

I'd be afraid that if I had the one and only key, I'd lose it cuz I'm a klutz and then I'd own a brick :( It'd be nice if there was a fairly foolproof third-party trust system. Maybe some kind of legal escrow or something?

In other words, DRM from top to bottom ...

gravious — Mon, 23 Nov 2009 21:53:14 +0000

... it's definitely a piece of tech that cuts both way. It seems inevitable that we're going to have top to bottom, hardware to software authentication and verification so we may as well get used to it. I wonder if the new Google Chrome OS devices will re-use this so that we'll get a more robust implementation of this tech, both in hardware and software. There are pluses and minuses here, I imagine the further along the moral continuum you are towards GNU/Linux and Stallman-land you are the more you'll be against this; the further along the path to (ahem) pragmatism? or BSD or GPL2-land you are the more you'll be "meh" about it. (If that makes sense to you, ... it does to me!) Personally, I'm a let's-wait-and-see and remember folks, it's not the tech that's evil, it's the folks!

In other words, DRM from top to bottom ...

drag — Mon, 23 Nov 2009 21:45:08 +0000

Yeah.. that can be a good thing depending on exactly what you want to do. Most of the time; bad though.

It's usually good if your the one that holds the keys. I wouldn't mind
having a 'safe' computer, although I suppose it's a pain to keep updated.

In other words, DRM from top to bottom ...

JoeBuck — Mon, 23 Nov 2009 21:08:39 +0000

... so that no unauthorized modification can be made to the code. If you run a device with this technology included, and you don't have the signing key, then the device does not belong to you; it's under the control of whoever has signature authority.