Dear all, this is a bit off topic, but it applies to free software licensing becuase it will need a license written to upload it. Please review and comment.
The argument of the DRM proponents is that it is not possible to protect their content without taking away the rights of the students. That is why I have sought to design a solution for content distribution based on free software and open standards that still protects the content from illegal distribution. I seek with this proposal to address these issues in the context of free software without violating the rights of the students. Lets say that we have some content that an author worked hard on, and it should be distributed to people who decide that paying a reasonable fee. Now the one issue is that even if the users should have the right to examine the source code of the software, we still need a way to prevent them from extracting the content out of that software. If you allow the user to modify the viewing software as to create an human readable and machine processable of the content instead of displaying it, then you are opening up the content for further duplication. Now we are precluding screen shots and OCR software here. Lets say that you want to deliver a rastrasterizedy of the content to the user at an agreed upon resolution. Vector graphics would again allow too much export control. So we have an agreement between a content provider and a content consumer for a delivery of a certain amount of content that meets a certain level of quality to a viewer that limits the users rights in a predefined manner. Now, the viewer cannot store the content in a internal data format that is readable by an debugger, because it would be too easy to snarf that data out. So, I think we can solve this problem very simply : You need to trust that the user will only use an agreed upon version of the viewer software. This software can be free software, and the full source code may be made available, but the content provider does not agree to provide the content to any but an specified and verified set of modules to the user. So I proposed the following architecture : 1. The users are to be validated by a chip-card system, each user must have a way to authenticate their identity using a card issued by the content provider or a certificate authority. Simple PGP PGP SSH certificate can also be agreed here. 2. The users agree to have a free software client module installed that is of a specified version. This software is able to make a network connection to the content provider and send a digitally signed and encrypted signature of itself to the content provider by a secure channel. This creates a secure session that can only be understood by the client module. The user agrees that he does not have the right to intercept this content which uses open and free software that he can inspect on his leisure. The session however is only good for one set of package, because the user might swap out the software once the session is set up. Hardware based checksumming might help speed up this signature process. BSD has such a software signature built in as well. The user agrees to allow the server to re-check/audit the validity of the client software on its leisure on a predefined interval,that way the server administrator and users can agree on a set of security levels that are appropriate for the given application performance requirements. 3. The user uses this session to request content that is sent securely to him/her. The content is encrypted with an agreed upon encryption standard that will prevent the user from viewing the content. Only the client software session, given an authentication token from the provider and from the client will be able to for one time be able to decode the content. The software then deletes that content according to the agreed procedure. 4. The user can then view the rastrasterizedge. That image could also be water-marked and Id-ed. The agreement between the content provider and the user may define various rules preventing the removal of the various security water-marks. Of course the user can take that one raster and distribute it illegally. There is nothing that any of the DRM DRM do to prevent that. You see, this is a consent based security system that requires no freedoms are removed from the user. The content provider reserves the right to refuse delivery of content to any other version of the software, the client however has the freedom to modify this software and submit it to content providers for certification. I think such an consent based content management is much saner than using non-free file formats and non-free software. What do you think? ===== James Michael DuPont http://introspector.sourceforge.net/ __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com -- license-discuss archive is at http://crynwr.com/cgi-bin/ezmlm-cgi?3
