TCPA, DMCA, DRM, GPL, Palladium, ... ?
What does it all mean and why should I care?

-draft-

Brian Wiese

Ok, I just spit out quite a few acronyms there, and you may know most of them, they are: "Trusted Computing Platform Alliance", "Digital Millennium Copyright Act", "Digital Rights Management", and Microsoft's version of the Trusted Computing Platform – called "Palladium". This presentation is not ment to be a comprehensive discussion on all or any of these technologies, but this is simply and open discussion to create and share some awareness on these critical issues at hand. I do not pretend to know all of the details here, but have just done a little research, and I invite you all to add in your own comments as we move along. If you have a comment to share with the rest of us, just please raise your hand to get my attention. I know several people in this room who perhaps know more on some of the details than even I.

So lets begin...

Well, all of these acronyms... this title, what does it all mean? What does this all have in common? I'll be blunt, this is about the rising clash and perhaps final battle between open-source (sharing) systems versus proprietary (closed) ones. This is about the move from the individual owning and controlling their (computer system), to a system where the user literally leases its use, while it is controlled and operated by a "trusted" party. This is about the end of the computer environment as we know it today.

First, let's take a look at the Richard Stallman's proposed "Right to Read" scenario from 1997. This was theorized look into the future, it has been quite accurate.

Read: The Right to Read

1983 - GNU / GPL – Free Software Foundation and Richard Stallman

GNU = Gnu is Not Unix (recursive acronym), GNU Public License. To understand GNU/GPL, some background information is necessary. First an introduction to some of the free software philosophy from the GNU Project creator and visionary Richard Stallman. RMS was a hacker in the MIT artificial intelligence lab in the 1970's. These were the original purist hackers (not today's connotation – see the jargon file) who pushed the limits of intellectual challenge to make computers do amazing things.

There he had a run in with the evils of proprietary software and Non Disclosure Agreements (NDAs), as the software wasn't free anymore. The lab received a new laser printer from Xerox, but it jammed frequently and had flaws in the code that RMS wanted to fix. Unfortunately, the software was in binary form only and source code was protected under NDA, Xerox wouldn't give him the code. He also found someone at CMU had the code, but couldn't release it under NDA. RMS felt he was a victim here from attaining "generally useful information" and made his life harder. This hurt his hacker ego in the search for useful knowledge and fixing things, and lead him to formulate his philosophy on software and to form the GNU project.

http://www.gnu.org/philosophy/

Free software is a matter of freedom: people should be free to use software in all the ways that are socially useful. (think of Free as in "freedom/liberty", not free beer/cost – could still charge money) Software differs from material objects--such as chairs, sandwiches, and gasoline--in that it can be copied and changed much more easily. These possibilities make software as useful as it is; we believe software users should be able to make use of them.

More precisely, it refers to four kinds of freedom, for the users of the software:

• The freedom to run the program, for any purpose (freedom 0).

• The freedom to study how the program works, and adapt it to your needs (freedom 1). Access to the source code is a precondition for this.

• The freedom to redistribute copies so you can help your neighbor (freedom 2).

• The freedom to improve the program, and release your improvements to the public, so that the whole community benefits. (freedom 3). Access to the source code is a precondition for this.

The Free Software Movement was founded in 1984, but its inspiration comes from the ideals of 1776: freedom, community, and voluntary cooperation. This is what leads to free enterprise, to free speech, and to free software.

The GNU Project was conceived and announced to the world in 1983 as a way of bringing back the cooperative hacker spirit that was popular in the early days – to make cooperation possible once again by removing the obstacles imposed by the owners of proprietary software. He simply aimed to create their own completely "free" (as in freedom) operating system, or "die trying of old age".

http://www.gnu.org/events/rms-nyu-2001-summary.txt

Also, GPL license states that free software will always remain free. If GPL'd code is used or modified into the creation of a new program, that program must now also become shared and free, under a GPL license. This license could be seen as the opposite of a "copyright", and often times GPL'd code is called "copyleft".

Not everyone is a programmer
----------------------------

RMS starts out his presentation with an analogy one might use to explain free
software to a person who is not technically savvy: sharing recipes. "Some of
you may not ever write computer programs, but perhaps you cook," the analogy
goes, "and, if you use recipes, you've probably had the experience of getting
a copy of a recipe from a friend who's sharing it." This quality of sharing is
very close to the principle upon which the free software movement is based:
that useful information, specifically the code from which publicly distributed
programs are built, should be available to everyone. Continuing the
comparison, once you own a copy of a recipe, you are free to change it to suit
your individual tastes, to "add some mushrooms, 'cause you like mushrooms",
for example. This is another principle of free software: that one should be
able to make changes to the code of a program as desired. If you cook for
friends from this modified recipe, they may like your creation and then ask
for the new recipe. As with distributing modified free software, you share it
with them because "that's the way to be a decent person".

Now the punch line: if recipes were like proprietary, non-free software, then
this story would be far different. Suppose the recipe were given to you as a
black box, the insides of which you could not change, but which would produce
the same dish exactly as your friend had made it. Then you might not be able
to change the dish to your liking and thus could never share with your friends
a modified (hopefully better) version of that dish. Non-free software is based
on a value system "in which common decency towards other people is prohibited
or prevented", one which opposes the system of sharing that people commonly
use and understand with recipes.

Many people consider RMS as a radical – and he is, many either love him or hate him, but no one can say he's not unique.

For more information, please see:

http://www.gnu.org

1998 – DMCA (Digital Millenium Copyright Act)

The Digital Millennium Copyright Act of 1998 has been the largest reform of U.S. copyright in history, and was pressured by the Motion Picture Association of America and other Record Recording labels – to update copyright for the digital age, and promote is adoption into the World Intellectual Property Organization treaties. The law calls harsh for punishments for circumventing copyright protection schemes, holds Internet Services Providers legally liable for the information that passes over their networks, and provides for notice and take down procedures.

Several important legal cases have been brought up now over the past couple of years that this law has been in effect.

Jon Johansen, a Norwegian teenager, had his computers searched and seized as he (with the help of 2 others on the Internet) created a utility called DeCSS to circumvent the Content Scrambling System security of a DVD he owned to access the information so that he could play it on his own GNU/Linux computer. The decoding of a DVD's CSS protection, was only provided to certain DVD drive manufactures to embed in their players. The same decryption code was also available in Windows DVD-decoder software such as WinDVD, which was reverse engineered since this software was not available or made for the GNU/Linux operating system among others.

The MPAA saw this not as fair us (a kid playing a DVD on his computer, of which both he owned), but as a pirate tool that would be used mostly if not solely for the copying of DVD movies, and the MPAA's intellectual property.

2600, the hacker quarterly magazine and website, was sued by the Motion Picture Association of America for not only hosting the DeCSS utility, but also for linking to it on other websites on the Internet. Suddenly it was not illegal to "link" to content on the Internet. The chilling effects on free speech do not end there.

At the 2001 Defcon 9 conference, Dimitry Skylarov, a Russian programmer for the company Elcomsoft, gave a presentation on the insecurity of the Adobe e-book reader software. Essentially, his program (legal in Russia) circumvented the security measures to read e-books without all of the usage restrictions. He also tried to sell this software while at the conference. He was promptly arrested by the FBI after the conference, and was not able to return home to his wife and family until 5 months later. After much public pressure, Adobe dropped their charges against Skylarov, but the federal prosecution was already underway. He is now awaiting a visa to return back to the U.S.A. (which is being denied by the U.S. Embassy in Russia) to complete his trial.

Also, numerous other academic researchers have been silenced, or pressured into silence by threats and references to the DMCA from copyright holders. The future of computer security research is as at stake here, as much of the vulnerabilities that are discovered and patched in software – come from reverse engineering, which is now mostly illegal except for some small allowances. Many technical leaders from around the world also voiced concern at holding the USENIX conference (among other technical security conferences) in the United States, where foreign researchers may be thrown in jail.

By outlawing the circumvention of copy-protection technologies, no matter how weak they may be (Cesar-cypher), this has set the stage now for future limitations. Already, the practice of computer security research has been considered to require some certification and accreditation with a code of ethics – otherwise the act would be illegal. The use of security research tools (that may be used for good or evil) were also under consideration for being outlawed. Many security researchers have even taken their work into the underground and stopped revealing their findings to the world, as they are "Censored by the DMCA". Also recently, Red Hat Linux released a patch for it's operating system, but could not tell any U.S. Citizens what the flaw and patch does and how it worked, under fear of the DMCA.

Anyway you put it, the DMCA has had some far reaching effects (many unintended) and chilled free speech severely. Currently the U.S. Copyright Office is currently asking for suggestions and comments on how the law should be changed until December 18^th.

1999, October – TCPA (Trusted Computing Platform Alliance)

The Trusted Computing Platform Alliance was created in 1999 as a joint effort by IBM, Intel, Microsoft, Compaq and HP, it now has over 150 participants. The goal of the project is to install trust into computer systems from the hardware to the application level, and authenticate this trust among computers connecting over networks. The program is not intended to be platform or processor specific, and it's purpose is to provide an assurance of security for the system, not to provide a Digital Rights Management capability.

The TCPA calls for a hardware based tamper resistant module that would be embedded on computer motherboards, and act as the trusted processor for managing the encryption keys of user keys and endorsement key, that the TPM itself is genuine. These keys will be used to decide which instructions can and cannot be implemented.

Lucky Green gave a presentation on this at the Defcon 10 conference in August of 2002. (go over slides and discuss) www.cypherpunks.to Even though this is planned to be an 'opt-in' technology, the pressure to use it as it becomes pervasive would become extremely tough, as it would be required to work with certain content.

http://www.trustedcomputing.org

2002, March – CBDTPA (Consumer Broadband and Digital Television Promotion Act)

This is the main bill that threatens GNU/Linux and the open source movement the most. It calls for mandatory copy protection schemes on all computing devices that may process copyrighted material (read: about everything). This is the law being pushed by the entertainment industries so that they will be able to weild their power and control over their intellectual property, even after they sell it to you. This bill has also pushed the mandating of all future televisions to be digitally enabled, thus giving the broadcasters more Digital Rights Management on how and when you may view the broadcasts, make recordings, and re-broadcasts, etc... The wording in this document makes strides to outlaw systems that are not embedded with Digital Rights Management.

2002, July – Palladium: Microsoft's "Trusted Computing" Platform

Palladium is Microsoft's riskiest venture yet as a Digital Right's Management Operating System, it is expected to either take of tremendously, or fail miserably – for several 100 million deployments are necessary before it will even have any affect. This is why Microsoft isn't stabbing at this project alone, but has the help of chip makers and motherboard BIOS designers, and of course the big media industries who want to tap into the digital age, while still holding on the ability (or a heightened ability) to regulate how their contents are distributed and used. New computers and software required.

With the DMCA in place, and Microsoft's monopoly with ever pervasive EULAs, this project would finally give ownership of your computer (at possibly the entire Internet) basically to Microsoft. The project has been kept quite for the last few years as Microsoft talks things over with Intel, AMD, and motherboard manufacturers, but the news that is out says it will basically put a cop into your computer of who you must ask permission before you can perform any operation on your computer.

An article in Newsweek by Steven Levy, plays off the Palladium project as a way to solve almost all of our security problems – distributing fine control over how users process objects, and says that the user would set the policies, not Microsoft – but this isn't entirely true, as the platform calls for updated certificates of what is allowed. With this foundation set it is only a matter of time before

Also, a big threat to this roll-out is getting people to trust Microsoft, as even they admit it will roll-out with bugs, until probably version "2.0 or 3.0". Microsoft has been giving educational briefings to industry, security, government and civil liberties groups to prepare them for this. There is a potential downside to this of course, and it does expand the Microsoft monopoly (Palladium will only run on Windows of course) while excluding many operating systems and people. Hopefully while UNIX and the open sources systems get a deeper grip on the industry, this program would prove ineffective – though Microsoft is pushing their sever-side systems and Unisys more and more. Hewlett Packard is said to be producing a Trusted Platform compatible HP Linux, thought it most certainly will still be the open source equivalent of GNU/Linux, whose licensing is incompatible with this kind of project (where the software is not "free" as in freedom).

It is expected to first start off and get its roots in place where it is needed, in financial, medical, and government organizations. Greatest of all – it doesn't trust users, only applications and hardware. User authentication may be incorporated later – but that is how DRM will not be accurate. One person, 5 computers?

2002, August – Lucky Green and Palladium

After initial revelation of Palladium at the 11^th USENIX conference, Peter Biddle, program manager for Palladium, said that he did not see how Palladium could be used to fight piracy or enforce software licenses. He said the scope behind Palladium was to "secure digital entertainment content". Shortly thereafter, cypherpunk Lucky Green quickly filed for 2 defensive patents that described how Palladium would enforce software licensing, of which he has no intention of implementing – but to just prevent Microsoft from implementing these features.

Now Microsoft is in a quandary, if they do enable software license enforcement through Palladium, they may be sued since the copyright is owned by someone else, or, if Microsoft does develop the technology and apply for the same copyright, we will know what was up all along. Green's idea for "improvements to known technologies" are patentable, but if Microsoft could prove it had the idea first and implemented it, they may get the patent.

This is still just a minor detail to Palladium.

2002, July – Lawrence Lessig, "Free Culture"

At the 2002 O'Reilly Open Source Convention in San Diego, Lawrence Lessig, a Stanford Law professor specializing in copyright issues and Internet society, made a presentation entitled "Free Culture". The presentation looks at the copyright extension terms over history and how it appears Mickey Mouse will never be free.

Copyright terms are extended every time Mickey is about to be free. Lessig calls for a "free culture" much like Stallman's "free software" where more and more things are brought into the Public Domain, and away from copyright or even fair use. Public domain used to be huge, all that there was. Now that that is mostly gone, all we are left fighting for is what is left of "fair use".

2002, September – Intel Launches LaGrande

Intel made a tiny public release that they are working on a project code named LaGrande that they will integrate into their processors to thwart attack to steal data on computers. It was announced this will work in conjunction with Microsoft's Palladium, and that Intel has contracted Verisign to provide for the embedded digital encryption certificates on the project. This will provide a safe/secure computing environment for e-commerce and more as it will provide trusted vaults and paths for computer instructions in the processor hardware.

2002, October – Zoe Lofgren, "Consumer Protection Bill"

Now in the final days of the congressional session, California Democrat representative Zoe Lofgren proposed the "Digital Choice and Freedom Act of 2002". Though it may not pass now, it will plant itself for consideration next year. This act would amend the DMCA so that consumers could bypass protection mechanisms to legally use the work, and would replace restrictions on shrink-wrap licenses.

Lofgren says, "Right now, it is the entertainment industry versus the technology industry, and the consumers are watching from the sidelines." He is speaking up for consumers, and hoping to provoke at least a debate on these issues being pussed so heavily by the media industries, such one bill for mandatory copy protection computers (CBDTPA) and one that would allow intellectual property owners to 'attack' or disrupt other computers believed to be housing their IP.

2002, October – Stallman on "Treacherous Computing"

Computers should obey their owners, not someone else, but Microsoft and others are trying to make computers obey them instead of you. Proprietary means, that the user is at a disadvantage, and a proprietary Trusted Computing could just as well be called "Treacherous Computing" as the computer will disobey you, over someone else, every operation may require explicit permission. This Treacherous Computer would download new authorization rules, and should you miss a new update – your computer may cease to function. Upgrade or die, there will be no option.

Treacherous computing will be used for DRM, and make sharing impossible (even among computers all owned by you! Even the possibility of there still being 'unencrypted' versions is not an excuse for this system. It will simply force 'sharing' deeper into the underground. Even worse than music, documents and email may disappear, a real 'disappearing ink' for computers – easy enough. This would lead to a paradise for corruption where history could cease to exist.

Treacherous computing outlaws competition, even proprietary Word documents cannot be opened by competing word processors without laborious experiments – which would be outlawed by the DMCA. Also, once you are hooked – they've got you, no turning back, no choice to free software (its gone, not an option), and upgrading is mandatory. Today, you still have a choice, to run free software and the GNU/Linux operating system, where "you" can be in charge of what your computer does. In the future, when free operating systems are outlawed – even telling someone how to use GNU/Linux would be a crime.

The laws are already in progress of being made to prohibit old computers. The CBDTPA (Consume but don't try programming act) would mandate this, and even if this doesn't pass, the pressure to accept would be enormous – (like gas in your car) take it or leave it.

“I never agree with RMS. Even when I come close to agreeing with him, I think he goes so far from reality that I end up disagreeing with his end point. Unfortunately, I think this time he is perfectly on target.”

“After reading this, I can see a time in the very near future when we Linux users will become thought criminals, criminals because we choose to think as free people, not as $laves to M$ and Big Brother.

In the USSR typewriters and copiers had to be registered with the State. If you were caught with and unregistered typewriter or copier you would get a bullet in the back of the head from your friendly local KGB agent.”

“trust is earned, not assigned”

"I guess I'll have to go back to the paper and pen."

---------------------

What can you do:

Share your voice with the United States Senate, Committee on the Judiciary by filling out a comment form like many already at:

http://judiciary.senate.gov/special/feature.cfm

Support the Electronic Frontier Foundation: http://www.eff.org

Support the American Civil Liberties Union, which also fights for these causes under Cyber-Liberties: http://www.aclu.org

and of course, write your Congressional leaders. Exercise your vote at the ballot polls and at the cash register. One recent counter to this has been the motion by Californian Democratic representative Zoe Lofgren, who has proposed Digital Choice and Freedom Act of 2002. This would actually counter some of the DMCA to allow consumers to bypass securty protections on items they plan to use legally, would limit "shrink-wrap" licenses, and provide for sharing and making backup copies of digital works.

"Consumers need a voice in this debate," Lofgren said in a statement. "Right now, it is the entertainment industry versus the technology industry, and the consumers are watching from the sidelines."

References:

Bowman, Lisa M. New consumer-protection bill introduced. October 2, 2002

http://news.com.com/2102-1023-960531.html

Coursey, David. MS: Why we can't trust your 'trustworthy' OS. July 01, 2002 http://www.zdnet.com/filters/printerfriendly/0,6061,2873149-10,00.html

Coursey, David. MS's Palladium: What the hell is it? (Here's what!), July 09, 2002 http://www.zdnet.com/filters/printerfriendly/0,6061,2873826-10,00.html

Green, Lucky. (slides from Defcon X presentation:Trusted Computing Platform Alliance: The mother(board) of all Big Brothers) http://www.cypherpunks.to

Rojas, Pete. Can a Hacker Outfox Microsoft?, October 18, 2002

http://www.wired.com/news/print/0,1294,55807,00.html

Kay, Russel. Copy Protection: Just Say No, September 04, 2000

http://www.computerworld.com/news/2000/story/0,11280,49358,00.html

Levy, Steven. The Big Secret, June 24, 2002 http://cryptome.org/palladium-sl.htm

Matthews, Matt. Stallman Condensed. May 2001.

http://www.gnu.org/events/rms-nyu-2001-summary.txt

Numerous references from: http://www.anti-dmca.org, Richard Stallman and http://www.gnu.org,

author unknown:

Intel selects Verisign for mobile security http://www.theregister.co.uk/content/54/27061.html

DMCA

http://www.educause.edu/issues/dmca.html

(news articles related to this topic as referenced on news.brianwiese.net )

RMS's Right to Read[1] short story gives the Orwellian future that is before us.

More technology educating politics, previous -bad- laws as compiled by AOTC[2]
Another good article on yahoo[3] about "loosing control" of your computer.
Updated: You should definately check out the GNU[4] website and deep into it's philosophy. Also, in relations to Richard Stallman with the same "free software', 'free culture' ideas... is Lawrence Lessig[5]. He presented a talk at the Open Source Convention about a free culture[6] (see flash video!) and went in depth to explain public domain, copyright, and fair use over the years. Our society is no longer 'free'. Even RMS has something to say about reevaluating copyright[7]. I think we should.
Here[8] is more info on the SSSSCA?/CDBTPA, bill that would outlaw current computers and GNU/Linux as well as other open source projects.

Well, Robert Cringely has got it all figured out again.. his TCP/MS or the transformation of the Internet into MSN (m$ owning the Internet) .. is all right here, in their Palladium design. Read it here: PBS - The Pulpit[9]
Spread awareness and support anti-dmca.org[10]
Richard Stallman calls MS Trusted Computing = Treachery Computing[11]
What is Palladium[12]? It can't[13] be trusted.
Can Lucky Green[14] save us from Palladium by beating them to the copyright[15] on software license restrictions with DRM and such?
Omg, long tech analysis[16] of Palladium.

Let Congress know what you think about DRM legislation[17] - controlling what you can and cannot copy.

Check out current legislation[18] in Congress now, and Write to Congress!![19]
Visit the ACLU[20] and see what they are fighting for in the cyber-liberties arena, support them.
Also lend support to the Electronic Frontier Foundation[21] and take part in their Action Alert[22] to tell your representatives what you think of these issues. See the Intellectual Property/Fair Use section on the main page.

What this boils down to is - who do you want to run your computer .. You? or Microsoft? (and other parties)

[1] http://www.gnu.org/philosophy/right-to-read.html

[2] http://www.aotc.info/archives/000152.html#000152

[3] http://story.news.yahoo.com/news?tmpl=story&ncid=528&e=1&cid=528&u=/ap/20021103/ap_on_hi_te/controlled_computing

[4] http://www.gnu.org/

[5] http://lessig.org/

[6] http://cyberlaw.stanford.edu/lessig/freeculture/

[7] http://judiciary.senate.gov/special/feature.cfm

[8] http://www.politechbot.com/docs/cbdtpa/

[9] http://www.pbs.org/cringely/pulpit/pulpit20020627.html

[10] http://anti-dmca.org/

[11] http://newsforge.com/newsforge/02/10/21/1449250.shtml?tid=19

[12] http://www.zdnet.com/anchordesk/stories/story/0,10738,2873826,00.html

[13] http://www.zdnet.com/anchordesk/stories/story/0,10738,2873149,00.html

[14] http://www.cypherpunks.to/

[15] http://www.wired.com/news/technology/0,1282,55807,00.html

[16] http://wintermute.homelinux.org/miscelanea/TCPA%20Security.txt

[17] http://judiciary.senate.gov/special/feature.cfm

[18] http://thomas.loc.gov/

[19] http://www.congress.org/

[20] http://www.aclu.org/Cyber-Liberties/Cyber-LibertiesMain.cfm

[21] http://www.eff.org/

[22] http://action.eff.org/subscribe/