Sunday, November 4, 2007

Stallman on Trusted Computing and DRM

I previously mentioned Paul Vixie's speech to the Commonwealth Club about (among other things) one's continued free access to one's own data. Of course, he's not the only one so concerned. Along with other prominent people, Richard Stallman has been beating this drum for some time now, for example in Can you trust your computer?.

This essay takes aim at trusted computing, which Stallman calls "treacherous computing" and which I'll refer to here as "TC". It's the same initiative that Vixie mentions, though not by name. Given the history involved it's no surprise Stallman should take the position he does, but when not one but several of the major pioneers of the net as we know it are sounding a caution, it's a good idea to think particularly carefully about what they're saying.

Reading Stallman's piece, I feel a bit of dissonance that I'm not completely sure how to resolve. My particular viewpoint coming in includes these basic tenets:
  • Information is hard to constrain. I don't believe there's some undefinable essence in information itself that causes it to thwart restrictions, but as a practical matter, anything that appears on the net unencrypted has the potential to spread very far very fast (whether anyone will pay attention is a different matter, one of human bandwidth).
  • Technology is largely neutral. As the lady said, any tool is a weapon if you hold it right. The converse also holds. Apparent controversies about technology often turn out to be controversies about law, society and ethics.
  • It's hard, and often counterproductive, to fight market forces; market forces, like technology, are largely neutral.
So whence the dissonance? On the one hand, I'm very sympathetic to the idea that trying to use technology to stop people from using technology inappropriately is risky at best and open to abuse at worst. Technology doesn't know when it's being used inappropriately. I also share the more general skepticism toward promises to do something for me for my own good.

On the other hand, I don't find the arguments Stallman advances against initiatives like TC particularly satisfying either. Thence the dissonance.

Let's back up a bit and look at what TC is. There are two basic components:
  • Content -- whether music, email, code or whatever -- is strongly encrypted.
  • The keys needed for decryption are tightly tied to particular physical pieces of hardware (using a combination of hardware support, further encryption and digital signatures).
For example, suppose I buy the right to listen to a song someone has recorded. In the TC world, this means that my song player will get a key enabling it to play the song, possibly along with further instructions such as "only play this song N times" or "don't play this song after such-and-such date". Since the ability to play that encrypted song rests solely with my player, I can copy the song file and share it all I want, but the experience of hearing it is still tied to that physical player (or others that have been authorized).

Personally, I don't have a problem with this scenario per se. I'm fine with pay-per-view movies on TV, for example. I don't feel I have some basic right to store and copy any collection of bits that happens to enter my house. The movie I watch on PPV isn't mine. I didn't write it, direct it, produce it or act in it. My cable provider is selling me the opportunity to watch that movie at home during a given time period. That seems fair.

Whether you approve of the particular way my $4 gets distributed among the cable operator, the studio, the creative people involved, their agents, the catering truck on the set and so forth is a separate, non-technical issue.

I believe this is one source of dissonance. To check this, I went back and re-read the GNU Manifesto. If you haven't read it in a while (or ever), please do so and take a moment to appreciate how much it got right over twenty years ago and to consider how much of today's landscape was shaped by it. I'm writing this using Firefox running on Ubuntu, for example. If you work for, say, Red Hat, in a real sense you owe your job in part to this document.

[FSF's position on copyrights is more sophisticated than what I describe next. I had originally tried to fix the text up, but later realized that it's more bloggish just to let the text stand as written (or as close as I could un-fix it) and continue the conversation, as for example here. -- DH 18 Nov 2007]
One of the bases of GNU is that software copyrights are not only not useful, but inherently harmful. One reason given is that a piece of software is fundamentally different from a book, play, musical composition or what-have-you. Another is that network technology has changed the economics of copying.

It's an easy extrapolation from this second point to the notion that copyrights are not only inapplicable to software but to anything else as well. For centuries, copyrights could be enforced (logically enough) by limiting the means of copying. That avenue is open to serious challenge now, and TC as applied to DRM is clearly an attempt to put the genie back into the bottle.

I'm skeptical of genie-bottling exercises in general, but I'm not ready to give up on the idea of copyrights as a legal and economic construct. Much of the backlash against TC, however, seems to be based on the idea that copyrights in general are harmful -- at least when used in particular ways. Stallman says as much in a footnote, and others have mentioned it more prominently:

A previous statement by the palladium developers stated the basic premise that whoever developed or collected information should have total control of how you use it. This would represent a revolutionary overturn of past ideas of ethics and of the legal system, and create an unprecedented system of control.
But the whole point of existing copyrights is that the creator of a work retains control over what happens to it. A common magazine contract is for "first serial rights", meaning that the buyer (a magazine) has the right to print the article once, but that the author retains the right to publish it again, for example in an anthology. When I buy that magazine, I in turn have the right to read it, but not to copy it or quote it outside the fairly well-delimited area of "fair use". Otherwise I am breaking the law and subject to stiff penalties.

This is fairly complete control over the physical realization of an author's ideas, and this is the current law, not a revolutionary break from it. So what's different in the digital world? My guess is that in the physical world, copyright is quite tightly controlled when it comes to large publishers -- a magazine publishing plagiarized work will be subject to major lawsuits and a seriously damaged reputation -- but pretty lax once you enter the home.

Who hasn't made a mix tape/CD? No one cares, even though an anthology is a "derived work", at least as far as I understand US law. TC has the potential to seriously disrupt this. It is not the idea of authors retaining control that is new and unsettling. It is the high degree of automated, fine control. TC can impose restrictions like "you can only listen to this song at these precise times on this particular player, and the player can report any attempt to get around this" as opposed to "if you try to make and sell a lot of copies of this song, you'll be in big trouble if we catch you." At the very least, this will require a lot of further hashing out in the courts and the markets.

There is a lot more to be said here. I haven't even touched on the very legitimate concerns about civil liberties and Orwellian nightmares. Again, I don't believe the problems are quite as new as they might seem nor the world quite as unprepared, but these too bear careful scrutiny. More to follow, I hope.

No comments: