I thought folks would enjoy some "required readings" in the context of the latest triennial round of pleas to the Copyright Office to grant exemptions from the DMCA -- hearings starting today in California and next week in DC:
> http://www.copyright.gov/1201/hearings/2009 The following submissions and testimony from the 2006 and 2003 proceedings exhibit should convey the kinds of "exemptions" we really need. All of these texts are pasted below. New Yorkers for Fair Use's 2006 Request for an Exemption (drafted by Jay Sulzberger): > http://www.copyright.gov/1201/2006/reply/10sultzberger_NYFU.pdf Jay's testimony at the hearing itself begins on page 36 here (the text is pasted below as well): > http://www.copyright.gov/1201/2006/hearings/transcript-mar31.pdf Jay's testimony at the 2003 hearing may also be found to be salient. Here's a good transcript (also pasted below): > http://thread.gmane.org/gmane.org.dmca-activists/570/focus=572 It starts at the bottom of page 171 of the official transcript here: > http://www.copyright.gov/1201/2003/hearings/transcript-may2.pdf See the copyright.gov transcript links above to track the further discussion each year. Part 2: Developments in "Trusted Computing" In the meantime, note the following "Trusted Computing" developments. First, a workshop at CMU. Plus Microsoft has recently hired Jonathan Shapiro, lead developer for the EROS/Coyotos/Bit-C projects. These are projects to produce a fully virtualized operating system, which is a key part of palladiated computers -- a form of "DRM" that succeeds completely in robbing you of the ability to control your own computer. "Virtualization" means making *all* parts of the computer virtual -- you cannot directly address a port, a bit in RAM, anything. Essentially, every single operation on the computer is PGP-encrypted, and you must route all operations through an impregnable kernel. A palladiated computer uses *somebody else's* private key on your own computer's motherboard, creating a system that gives outsiders complete control over what you can do. "Trusted Infrastructure" Workshop > http://www.cylab.cmu.edu/TIW/ Microsoft hires Jonathan Shapiro: > http://blogs.zdnet.com/microsoft/?p=2463 > http://www.coyotos.org/pipermail/bitc-dev/2009-April/001784.html Richard Stallman on Treacherous Computing: > http://www.gnu.org/philosophy/can-you-trust.html "Virtualization" technology proceeds apace while our policy channels fail to distinguish private interest concerns from the true concerns and nature of copyright. Seth --- Request for an Exemption, 2006: > http://www.copyright.gov/1201/2006/reply/10sultzberger_NYFU.pdf This is a comment on the class of works proposed by Edward W. Felten and Deirdre K. Mulligan to be exempt from the prohibition on circumvention of DRM under the DMCA. Our comment is that the Felten-Mulligan class is drawn too narrowly. We present an amended definition of the Felten-Mulligan class of works, with brief arguments. 0. The class of works which should be exempt from the Anti-Circumvention Clauses of the DMCA consists of all malicious software, including viruses, worms, spywares, trojan horses, remote controllers, rootkits, and more. The phrase "malicious software" designates programs which cause harms to a computer and/or its owner, and which are placed on the computer against the owner's wishes and without the owner's express consent. Malicious software might be delivered with a computer or be installed later. Some malicious software may be contained in, or make use of, components installed as hardware. 1. Harms from not granting the exemption: Millions of home and business computer owners have had to remove malicious software from their computers. Many computer owners have had credit card numbers and bank passwords appropriated and compromised. If the circumvention of Technological Protective Measures preventing malicious software from being detected, analyzed, or removed, were illegal, then the DMCA would be used as a shield against computer owners' rights to maintain control over their computers. The numbers here are easy to estimate as being in the billions of dollars per year losses caused by malicious software, and the number of people adversely affected by malicious software as being in the millions. 2. Harms from granting the exemption: Some malicious software works are under copyright. The malicious software author would lose an apparent right of concealment, and thus, often, the practical ability to commit a crime, or crimes, against the intended victim or victims. In some cases the author, or other rightsholder, might be unable to make a living by making and distributing malicious software, or software which is in part malicious. The numbers here are harder to estimate, since we know of no successful suit by a malicious software rightsholder against a person who has discovered the malicious software and removed it, on the basis of copyright infringement, or DMCA violation. Perhaps a thousand, or perhaps ten thousand, malicious software authors/rightsholders might lose their chance to sue their victims under the DMCA Anti-Circumvention Clauses. 3. General argument for exemption: Decrypting lists of blocked sites in filtering software presently enjoys an exemption to the anti-circumvention provisions of the DMCA. Computer owners throughout the world are today at great risk of infestation by malicious software. If an exemption were not available for circumvention of malicious software, the scale of harm that would ensue would be far greater than for filtering software. Fewer computer owners are at risk of missing/seeing some sites due to false positives and false negatives on blocked sites lists. The danger from malicious software is in most cases much higher. The harms our exemption would defend against are not hypothetical: Recently many computers have been infested by the Sony BMG rootkit, and the rootkit has been used by other distributors of malicious software to compromise home and business computers. The Sony BMG rootkit attempts to conceal itself, is under copyright (though it likely also infringes others' copyrights) and is itself malicious software, in that it is installed without consent and damages the computer. Our exemption would prevent Sony BMG from successfully claiming that the computer owner who gains access to the rootkit has violated the Anti-Circumvention Clauses of the DMCA. For information on the Sony BMG rootkit see: http://www.eff.org/IP/DRM/Sony-BMG The Sony BMG rootkit is an example of a kind of DRM which Microsoft, in cooperation with Intel, IBM, and various computer vendors, intend to place in many home computers in the next few years. The Sony BMG rootkit is weak in practice, in that an expert in Microsoft OSes, if hired to find, analyze, and craft defenses against it, would almost surely succeed pretty quickly. The system of DRM once called by Microsoft "Palladium", and today called by Microsoft "NGSCB", would offer to licensees of Microsoft the same cloaking capabilities as the Sony BMG rootkit does today. But Palladium is much harder to crack open and remove than the Sony BMG rootkit. And Palladium offers other services to authors of malicious software beyond what the Sony BMG rootkit has made available. Here is a quote which shortly conveys part of the threat Palladium poses to owners of home computers: From http://zgp.org/linux-elitists/[email protected]#[email protected] Re: [linux-elitists] Monday 15 Dec: first all-Open Source System-on-Chip Jason Spence <[email protected]> Thu, 11 Dec 2003 16:49:11 -0800 rfc822 mailmethis On Thu, Dec 11, 2003 at 01:23:33PM -0600, D. Joe Anderson wrote: > > w00t! Here's a good start to the the back-up plan if > TCPA/Longhorn/Palladium/"Fritz-chips"* get out of hand. You know, the black hat community is drooling over the possibility of a secure execution environment that would allow applications to run in a secure area which cannot be attached to via debuggers and such. -Jason Last known location: 2.5 miles northwest of MOUNTAIN VIEW, CA Under a government which imprisons any unjustly, the true place for a just man is also a prison. --Henry David Thoreau End quote. Our exemption would, in part, lift the burden of legal risk a computer owner would face in the attempt to remove malicious software that lies behind the cloak of Palladium. For information about Palladium see http://en.wikipedia.org/wiki/Trusted_computing http://en.wikipedia.org/wiki/Talk:Next-Generation_Secure_Computing_Base 4. Our proposed exemption differs from some proposed exemptions in that our exemption is not aimed at preserving decades old textbook examples of fair use rights, such as the right to quote a work in argument, the right of parody, etc.. Rather, our exemption, if granted, would defend important personal property, that is, the home computer. The exemption would also defend privacy and free speech rights, because of the use of home computers to communicate using the world's Net. The dangers our exemption defends against cannot be classed as picayune inconveniences nor as negligible impairments of rights. Our exemption would help defend fundamental human rights. New Yorkers for Fair Use http://www.nyfairuse.org Jay Sulzberger [email protected] US Mail Address: New Yorkers for Fair Use 622A President Street Brooklyn, NY 11215 --- 2006 Opening Testimony: MR. SULZBERGER: My name is Jay Sulzberger, and Im a working member of New Yorkers for Fair Use. Id like to address Matthew Schruers last statement and expand on it. I think lawyers are terribly important here and, of course, the part of the law that is terribly important in these considerations is not copyright law. Its the law of private property. Its the law of privacy. Those are the parts of the law. Now, Matthew also mentioned that should we be handing the entire computer and communications infrastructure of the United States and the world over to copyright holders in cooperation with hardware manufacturers and Microsoft? And the answer is of course not. But we have to first be clear on this. This is so obvious when stated in those terms that I believe theres not a single person in this -- just a moment. Is there anybody here who is disabled from understanding the concept of private property? If anybody is not clear on it, and I know lawyers will raise all sorts of objections because theres a too simple notion of a perfect freehold, a perfect ownership of a chattel. But look. Your computer and your house, your relationship and ownership to it, if youve bought it and are legally running it and youre not violating, youre not committing copyright infringement by publishing for profit other peoples works for which you dont have a license, copyright holders should not be inside your computer, and they shouldnt have pieces of code that you cant look at to get control of your computer. And I had a sentence in my comment up on Professor Feltens proposal for an exemption, and, of course, people would think, "Oh, hes being witty." Im not being witty. Who are the copyright holders? For whom do you have to give authorization under the Section -- Ill have to check it -- J, I think, of the 1201(j) of the DMCA, you have to get authorization from people whove written a piece of malware thats gotten on your machine without your express consent thats damaging your machine. I think theres no member of the panel and I think theres no member of the people up on the dias who can possibly defend the concept that United States copyright law is going to require me to go and get permission from somebody whos invaded my machine, done damage to my machine, cost me hours of effort, and, if Im a business, perhaps cost me thousands and thousands of dollars. These are the issues. Now, why are we unclear on this? Its because we dont know what a computer is. Copyright has already been misused to allow Microsoft and Apple to place stuff in our machine when we go to the store were not allowed to look at. Its my right to look at every darn piece of code. Its my right to publish what the code does. Its my right to decompile. You might find me agreeing its not my right to sell an improved version of their operating systems without getting a copyright license for it, but thats quite a separate issue. The issue here is private ownership and wiretapping. And this is ridiculous that the DMCA should be misinterpreted so as to actually defend people who write malware. We have heard testimony from people who have tried to get the people who wrote the malware to do something about it, and their response was nothing or, "We promise not to sue you," or, "Maybe well sue you." This isnt okay. Every lawyer here has taken a course or one or two or more on the law of private property. And, my gosh, copyright law can never say that I lose my right of ownership of a computer because some copyright holder appeals to the DMCA after theyve written a trojan, a virus, whatever it is theyve written, something that goes into my machine, a rootkit. Now, I was going to explain more, but I think Ive come to the end of my time. I see these introductory comments are short. And what I wanted to do was explain how Sony BMG rootkit is negligible in its damage compared to what the DMCA anticircumvention clauses are enabling in the near future. Theyre enabling Microsoft, as announced, it announced in 2002 that it was going to install and license a rootkit to anybody who paid the money. The system, the OS, and the hardware together, lets briefly call them Palladium -- theyve changed the name, I think I made the same joke three years ago, into moms apple pie and the anti-terrorist loveable operating system with lots of bright, shiny colors. Ive forgotten if thats their latest name for it. Look. Theyve got something called the curtain. When you pay Microsoft a certain amount of money in the future, they claim they will let you write programs that are hidden behind the curtain. You can never look at them. The Sony BMG rootkit is a joke today. Its based on the Microsoft operating system. You can get around it in a few weeks, if youre really competent and have hotshot students or if youve a professional and know what youre doing and know about Microsoft operating system. You can get right around it, and, of course, it always has the joke get-around that I think if you press the shift key while the thing is loading theres certain circumstances it doesnt get installed. Look. Thats nothing. You should hardly be concerned about it, except we know that people who write viruses and trojans that damage your machines will appeal to the anticircumvention clauses in the DMCA. Its a joke how little damage its caused compared to whats coming down the pike real soon unless you act. I know it seems ridiculous. Youre specialists in copyright. Youre specialists in learning, publication, making sure authors get paid, what are the rights here, what are the rights there. Its because the country has gone crazy and because people dont know what ownership of computers means that we have this thing. I think Ive come to the end of my opening statement. Im sorry to rant so hard, but I know that youre prepared for it. --- 2003 Opening Testimony: I'm Jay Sulzberger, and I'm here to represent New Yorkers for Fair Use. Well, I was a little bit puzzled as to what to say on this panel, because seemingly this particular panel is about very specific harms of a very specific part of a big, complex law. But as a matter of fact, I've been provided by the first three panelists with a parade of horribles. Mr. Montoro seems to have an 86 page parade of horribles, and of course CERT has an extraordinary parade of horribles -- things that one would not have thought could happen in America, things that one would have expected in the old Russian Communist empire. And of course, Mr. Band has just brought up the problem of the looting, spontaneous or planned, of ancient libraries of Earth's heritage [as had been reported in Iraq -- Seth]. I will just try to make what I thought was a difficult argument: We should not be discussing particular exemptions of particular clauses of the DMCA. But I think that with the three panelists before me, the pattern is clear: There's no excuse for any anticircumvention law in the United States of America. Because in each and every case, it is not that we have a parade of particular offenses against good sense, offenses against our freedom, attacks on free markets, attacks on scientific research, attacks of artists rights, attacks on our right to free speech, and most important, a fundamental, general and effective attack upon our present right of private ownership of computers. Computers today are printing presses -- and it's shocking! I have certain conservative tendencies; I am also sympathetic to the socialists. But the idea that everybody who's a member of the middle classes can pick up a computer for 300 bucks, and pay their 20 bucks a month and get Internet access, and set up a web page -- it's shocking! Democracy is one thing, but mob rule is another. But yet, there's nothing that America can do about this. I hope there isn't. But it looks as though there is. The DMCA anticircumvention clauses, in combination with the loose association, the alliance of cartels, oligopolies and monopolies which I term the englobulators, is in process of placing spy machinery and remote control machinery at this very moment, into every single Intel motherboard that's going to be sold in the next year. When Microsoft completes the software part of its system of DRM called Palladium, this will end, completely, your right of ownership, your right of private use of your Palladiated computer. Now, the question arises: This can't be true, what I'm saying. I'm a nut, I'm an extremist, I'm strident. Yes. (Laughter) But I'm not nearly as much of a nut, I'm not nearly as much of an extremist, and I'm not nearly as crazy, vicious and strident, as the englobulators. The question arises as: Why hasn't the press picked up on the fact that I'm the less extreme of the extremists? I believe in the Constitution -- even though I didn't sign it; that's my anarchist side. I think there's something to the first ten Amendments. And I think we should take the Fourth Amendment very seriously. I think also the Fifth has something to say about takings. Why doesn't the press get it? It's a very simple reason -- I'm talking about rights and powers. I'm talking about fundamental rights of ownership, fundamental rights of free speech, fundamental rights of free association using our Internet and our computers. Why doesn't the press get it? Because in practice today, most people run a damaged, malfunctioning and obsolete operating system, usually called Microsoft Windows -- there's several versions. Copyright law has already been, I think, dreadfully misapplied for the last twenty years, to prevent people from gaining control of their own property in their own homes. This is important property. We know that Microsoft -- and as a matter of fact all other vendors and makers of source-secret operating systems -- it's almost impossible not to give in to the temptation to spy somewhat on your users, particularly if they're connected to the Internet. Sun has done it; other companies have done it. It's mainly Microsoft because it was only interested in the Internet after 1990, although some of us have used the Net since 1970. Now most people have a computer. It is their means of personal communication; it's also their means of authorship, and their means of publication. Now, let me deal with the accusation of copyright infringement. Yeah, sure -- there's going to be a heck of a lot more very serious copyright -- of the most dreadful sort -- because there are computers on the Internet, and I don't give a good gosh-darn about it. The invention of writing was dreadful to the ancient and honorable profession of the singing poet. The invention of the printing press did terrible things to the Catholic Church's position in Europe, particularly once the Bible was translated and then printed. Things change. And the cries of a small, unimportant industry -- I mean the whole of the "content providers" side -- who of course refuse to admit there are any more content providers -- I really enjoy my own stuff much more than anything Disney has made since 1935. I stand equal to them, by the way. New Yorkers for Fair Use, one of our favorite tropes is: "Nonsense! We're not consumers; we're owners and we're makers." Okay. Let me try and outline what anticircumvention laws do, and what they're about. This is one of our standard pieces of propaganda; we've been handing it out since last summer (Shows flyer). "We are the Stakeholders" -- why do we say we're the stakeholders? This is an old joke, everybody knows it, I'm sure I'm not the first person to say this. In Washington parlance they say, what is a stakeholder? It's some organized group that can afford a full-time lobbyist, that's all. The bizarre spectacle of seeing small private interests -- when I say small, I mean small: the cotton subsidies last year in the United States were about, I think, 40% of the gross of Hollywood. You don't see huge articles about particular wrongs and a huge struggle on the basic principles over how much of a subsidy they should get. Okay. I'm not sure I'm actually going to read this whole thing, but -- "Freedom One: You may buy a copy of a movie recorded on DVD, you may watch this movie whenever you please, you may make copies of this movie, some of which may be exact copies, others of which may be variant copies." We all know that the legal underpinnings of DRM is anticircumvention. In the future, you won't be able to do that. Now, this is an assault on private ownership of computers. This is absurd. There's no need to say it, you all know this: Ernest Miller and Joan Feigenbaum, both at Yale, suggested that this is just a mistake, it's going to be corrected. Copyright law shouldn't say anything about private copies. In the first place, technically it's going to be very hard. You're going to have an endless line of the most difficult, subtle things. For example, something on a news spool. Is that a copy or is it something in transmission? The natural point which will defend us against the dreadful assault on private property which is all the anticircumvention clauses of the DMCA, is to draw a natural line. Inside your house, you've got a copy of something, if you've lawfully obtained it -- Oh, by the way, we're not copyright extremists. I myself am a big supporter of the GPL, which is a somewhat strict copyright license, and I consider it actually one of the main foundations of the defense of free software. If you don't draw the line, if you seek for exemptions, you'll have to make hundreds of exemptions -- and even if you enforce them -- and you could enforce them -- the principle would remain: you don't have control over your machine. You'd have to get lobbyists, or a grassroots organization to come to Washington, appear before you every three years, and beg, on bended knee, for particular exemptions. You don't have to do that. You are allowed to turn to Congress and say, we've seen the parade of horribles. And not just one parade. All of the people here, arguing for exemptions -- the principle is the same: These people can't reach into your house and tell you what to do! It's absurd! I'm going to try to avoid discussing the other side of the bundle of rights that these people want to take away from us: the right to free publication, the right to free dissemination -- which are of course restricted by copyright, which I support strongly. I don't think it right that I should be allowed to go down and steal a movie without paying for it and set up a movie house and charge admission for it. I'm sorry, I lost my track in one of my sentences -- You know, the Xerox machine -- it's always the same structure, we all know this here: the people who have the old methods for publication think their methods have to go on forever; always the words "business model" are used. Well, you know, we're not worried about their business models. We're worried about our computers and our rights. And I believe it is within your commission to turn and then say, "We've had it." What are we going to do, have to have these hearings every six months? We're going to have to have ten of you up there, and a hundred of us here, explaining the absolute terrible things that anticircumvention laws in the United States do to markets, do to freedom of speech, do to development of better computers, etc., etc., etc. I think you can turn and say, "We've heard enough. We suggest that Congress reconsider the entire bundle of anticircumvention clauses of the DMCA." And if I'm asked a specific question, I will be happy to try and connect by at most three half steps, any particular anticircumvention measure to truly horrible and very large scale things. Thank you. --- > http://www.cylab.cmu.edu/TIW/ (via posting to David Farber's Interesting People list) From: David Farber <[email protected]> To: "ip" <[email protected]> Date: 04/28/2009 04:33 AM Subject: [IP] Advanced Workshop and Summer School on Architectures for Trustworthy Computing TIW 2009: TRUSTED INFRASTRUCTURE WORKSHOP: ADVANCED SUMMER SCHOOL ON ARCHITECTURES FOR TRUSTWORTHY COMPUTING JUNE 8-12, 2009, Carnegie Mellon University, Pittsburgh, PA, USA When IT infrastructure technologies fail to keep pace with emerging threats, we can no longer trust them to sustain the applications we depend on in both business and society at large. Ranging from Trusted Computing, to machine virtualization, new hardware architectures, and new network security architectures, trusted infrastructure technologies attempt to place security into the very design of commercial off-the-shelf technologies. The TIW is an open innovation event modelled as a highly interactive summer school, consisting of lectures, workshops, and other lab sessions. It is aimed at bringing together researchers in the field of IT security with an interest in systems and infrastructure security, as well as younger Master-1òùs or PhD students who are new to the field. Funding is available to support student attendance. AGENDA HIGHLIGHTS - 4 keynote lectures - 7 technology lectures: Trusted computing architecture, TPM module, attestation, SW-based attestation, virtualization security, network security, and trusted storage. - 4 research workshops: HW security, attestation in practice, OS security, verification and formal methods. - 3 hands-on labs: TPM, trusted virtualization, trusted network connect. Several social events and networking with other researchers are planned. For more details on the workshop and how to register, please visit http://www.cylab.cmu.edu/TIW TIW SPONSORS - Carnegie Mellon CyLab - Fujitsu - HP Labs - IBM - NSA - NSF - Seagate CONTACTS Workshop details: Michael Willett <[email protected]> Registration details: Tina Yankovich <[email protected]> SPEAKERS Leaders from academia, industry, and government are delivering the lectures, labs, and workshops. VENUE CyLab, Carnegie Mellon University CIC Building 4720 Forbes Avenue Pittsburgh, PA 15213 --- > http://www.gnu.org/philosophy/can-you-trust.html Can You Trust Your Computer? by Richard Stallman Who should your computer take its orders from? Most people think their computers should obey them, not obey someone else. With a plan they call trusted computing, large media corporations (including the movie companies and record companies), together with computer companies such as Microsoft and Intel, are planning to make your computer obey them instead of you. (Microsoft's version of this scheme is called Palladium.) Proprietary programs have included malicious features before, but this plan would make it universal. Proprietary software means, fundamentally, that you don't control what it does; you can't study the source code, or change it. It's not surprising that clever businessmen find ways to use their control to put you at a disadvantage. Microsoft has done this several times: one version of Windows was designed to report to Microsoft all the software on your hard disk; a recent security upgrade in Windows Media Player required users to agree to new restrictions. But Microsoft is not alone: the KaZaa music-sharing software is designed so that KaZaa's business partner can rent out the use of your computer to their clients. These malicious features are often secret, but even once you know about them it is hard to remove them, since you don't have the source code. In the past, these were isolated incidents. Trusted computing would make it pervasive. Treacherous computing is a more appropriate name, because the plan is designed to make sure your computer will systematically disobey you. In fact, it is designed to stop your computer from functioning as a general-purpose computer. Every operation may require explicit permission. The technical idea underlying treacherous computing is that the computer includes a digital encryption and signature device, and the keys are kept secret from you. Proprietary programs will use this device to control which other programs you can run, which documents or data you can access, and what programs you can pass them to. These programs will continually download new authorization rules through the Internet, and impose those rules automatically on your work. If you don't allow your computer to obtain the new rules periodically from the Internet, some capabilities will automatically cease to function. Of course, Hollywood and the record companies plan to use treacherous computing for DRM (Digital Restrictions Management), so that downloaded videos and music can be played only on one specified computer. Sharing will be entirely impossible, at least using the authorized files that you would get from those companies. You, the public, ought to have both the freedom and the ability to share these things. (I expect that someone will find a way to produce unencrypted versions, and to upload and share them, so DRM will not entirely succeed, but that is no excuse for the system.) Making sharing impossible is bad enough, but it gets worse. There are plans to use the same facility for email and documentsresulting in email that disappears in two weeks, or documents that can only be read on the computers in one company. Imagine if you get an email from your boss telling you to do something that you think is risky; a month later, when it backfires, you can't use the email to show that the decision was not yours. Getting it in writing doesn't protect you when the order is written in disappearing ink. Imagine if you get an email from your boss stating a policy that is illegal or morally outrageous, such as to shred your company's audit documents, or to allow a dangerous threat to your country to move forward unchecked. Today you can send this to a reporter and expose the activity. With treacherous computing, the reporter won't be able to read the document; her computer will refuse to obey her. Treacherous computing becomes a paradise for corruption. Word processors such as Microsoft Word could use treacherous computing when they save your documents, to make sure no competing word processors can read them. Today we must figure out the secrets of Word format by laborious experiments in order to make free word processors read Word documents. If Word encrypts documents using treacherous computing when saving them, the free software community won't have a chance of developing software to read themand if we could, such programs might even be forbidden by the Digital Millennium Copyright Act. Programs that use treacherous computing will continually download new authorization rules through the Internet, and impose those rules automatically on your work. If Microsoft, or the US government, does not like what you said in a document you wrote, they could post new instructions telling all computers to refuse to let anyone read that document. Each computer would obey when it downloads the new instructions. Your writing would be subject to 1984-style retroactive erasure. You might be unable to read it yourself. You might think you can find out what nasty things a treacherous computing application does, study how painful they are, and decide whether to accept them. It would be short-sighted and foolish to accept, but the point is that the deal you think you are making won't stand still. Once you come to depend on using the program, you are hooked and they know it; then they can change the deal. Some applications will automatically download upgrades that will do something differentand they won't give you a choice about whether to upgrade. Today you can avoid being restricted by proprietary software by not using it. If you run GNU/Linux or another free operating system, and if you avoid installing proprietary applications on it, then you are in charge of what your computer does. If a free program has a malicious feature, other developers in the community will take it out, and you can use the corrected version. You can also run free application programs and tools on non-free operating systems; this falls short of fully giving you freedom, but many users do it. Treacherous computing puts the existence of free operating systems and free applications at risk, because you may not be able to run them at all. Some versions of treacherous computing would require the operating system to be specifically authorized by a particular company. Free operating systems could not be installed. Some versions of treacherous computing would require every program to be specifically authorized by the operating system developer. You could not run free applications on such a system. If you did figure out how, and told someone, that could be a crime. There are proposals already for US laws that would require all computers to support treacherous computing, and to prohibit connecting old computers to the Internet. The CBDTPA (we call it the Consume But Don't Try Programming Act) is one of them. But even if they don't legally force you to switch to treacherous computing, the pressure to accept it may be enormous. Today people often use Word format for communication, although this causes several sorts of problems (see We Can Put an End to Word Attachments). If only a treacherous computing machine can read the latest Word documents, many people will switch to it, if they view the situation only in terms of individual action (take it or leave it). To oppose treacherous computing, we must join together and confront the situation as a collective choice. For further information about treacherous computing, see http://www.cl.cam.ac.uk/users/rja14/tcpa-faq.html. To block treacherous computing will require large numbers of citizens to organize. We need your help! The Electronic Frontier Foundation and Public Knowledge are campaigning against treacherous computing, and so is the FSF-sponsored Digital Speech Project. Please visit these Web sites so you can sign up to support their work. You can also help by writing to the public affairs offices of Intel, IBM, HP/Compaq, or anyone you have bought a computer from, explaining that you don't want to be pressured to buy trusted computing systems so you don't want them to produce any. This can bring consumer power to bear. If you do this on your own, please send copies of your letters to the organizations above. Postscripts 1. The GNU Project distributes the GNU Privacy Guard, a program that implements public-key encryption and digital signatures, which you can use to send secure and private email. It is useful to explore how GPG differs from treacherous computing, and see what makes one helpful and the other so dangerous. When someone uses GPG to send you an encrypted document, and you use GPG to decode it, the result is an unencrypted document that you can read, forward, copy, and even re-encrypt to send it securely to someone else. A treacherous computing application would let you read the words on the screen, but would not let you produce an unencrypted document that you could use in other ways. GPG, a free software package, makes security features available to the users; they use it. Treacherous computing is designed to impose restrictions on the users; it uses them. 2. The supporters of treacherous computing focus their discourse on its beneficial uses. What they say is often correct, just not important. Like most hardware, treacherous computing hardware can be used for purposes which are not harmful. But these uses can be implemented in other ways, without treacherous computing hardware. The principal difference that treacherous computing makes for users is the nasty consequence: rigging your computer to work against you. What they say is true, and what I say is true. Put them together and what do you get? Treacherous computing is a plan to take away our freedom, while offering minor benefits to distract us from what we would lose. 3. Microsoft presents palladium as a security measure, and claims that it will protect against viruses, but this claim is evidently false. A presentation by Microsoft Research in October 2002 stated that one of the specifications of palladium is that existing operating systems and applications will continue to run; therefore, viruses will continue to be able to do all the things that they can do today. When Microsoft speaks of security in connection with palladium, they do not mean what we normally mean by that word: protecting your machine from things you do not want. They mean protecting your copies of data on your machine from access by you in ways others do not want. A slide in the presentation listed several types of secrets palladium could be used to keep, including third party secrets and user secretsbut it put user secrets in quotation marks, recognizing that this somewhat of an absurdity in the context of palladium. The presentation made frequent use of other terms that we frequently associate with the context of security, such as attack, malicious code, spoofing, as well as trusted. None of them means what it normally means. Attack doesn't mean someone trying to hurt you, it means you trying to copy music. Malicious code means code installed by you to do what someone else doesn't want your machine to do. Spoofing doesn't mean someone fooling you, it means you fooling palladium. And so on. 4. A previous statement by the palladium developers stated the basic premise that whoever developed or collected information should have total control of how you use it. This would represent a revolutionary overturn of past ideas of ethics and of the legal system, and create an unprecedented system of control. The specific problems of these systems are no accident; they result from the basic goal. It is the goal we must reject. _______________________________________________ Discuss mailing list [email protected] http://freeculture.org/cgi-bin/mailman/listinfo/discuss
