GPL 3 to Take Hard Line on DRM 574
sebFlyte writes "ZDNet is reporting that Eben Moglen, the FSF's lead lawyer and the co-authour of GPL3, has explained that DRM is 'fundamentally incompatible' with the aims of the FSF and will be given short shrift in the latest version of the free software licence, which bans the use of 'digital restrictions' in GPL3 governed software. In his words: 'I recognise that that's a highly aggressive position, but it's not an aggression which we thought up. It's a defence related to an aggression which was launched against the people whose rights are our primary concern... We don't want our software used in a way which batters the head of the user to please somebody else. Our goal is the protection of users' rights, not movies' rights.'" We discussed the new GPL on Monday.
Linus' thinking (Score:2, Interesting)
Wonderful (Score:5, Interesting)
DRM (Score:1, Interesting)
Security ramifications? (Score:3, Interesting)
why is this necessary? (Score:3, Interesting)
I'm not so sure this is a good idea. (Score:4, Interesting)
First of all, let me state for the record that I loathe DRM.
That said, I'm not sure this is a good idea. What they're saying is that there is absolutely, positively no good use for DRM, and there never will be, in free software.
To me, there's a huge difference between free software and free content, and it seems to me that this stance in GPL3 is essentailly saying that if you want to make the former, you've got to embrace the latter as well. It seems to me that it is forcing developers who would otherwise want to release their software under GPL3 to unnecessarily put restrictions (no DRM) on the content (i.e. the data) that their code may use, and I just can't see that as a good thing. What if Microsoft started programming Word so that you could never save a document that contained profanity? To me, this is pretty much the same thing. It bans the use of digital restrictions on the content? I thought the GPL was about freedom, but now it's imposing some of the very restrictions that it has traditionally railed against!
I've thought for some time that if there were some way for free software to somehow manage to be able to protect DRM'ed content without compromising the freeness of the software code itself, that organizations such as the **AA would be at least a little more willing to work with the community instead of being so hostile. I think that one of the reasons they're so belligerent right now is because even though the open source community is right about a lot of things, they're also generally insistent that the industries give away their content for free. In other words, the two sides are both extremist points of view, with no one willing to meet somewhere in the middle.
This article shows that those who wrote the GPL3 are simply digging in on one of the extremist sides, which will undoubtedly force the content industries to dig in yet further and commit further atrocities to harm consumers. The shame of it is that in the end, it is the users who will suffer. The content is owned by the content industry, after all, and if it is not conducive to them to work within the GPL3, they will simply not work within the GPL3, end of story. That means that all GPL3 software users and developers will forever needlessly be relegated to either continuing to operate within the fringe or living without popular content.
Re:What does GPL have to do with DRM? (Score:2, Interesting)
The idea was born out of the various incompatible UNIX'es which were all proprietary and therefore able to lock people in. Run a Sparc box? Get your OS from Sun. Don't like the OS? Too bad, you can't change it or replace it, etc...
The GPL3 being aggressive against DRM is a sane move I think. As a developer I have a right to license my software as "not for use in Japan" if I wanted. I could just as easily say "not for use with software that uses DRM".
And frankly I don't see anything negative about it. DRM is bullshit anyways, never will protect the producer and only violates the users ability to enjoy the product as they should be able to.
Tom
DRM based on trust? (Score:5, Interesting)
Re:Sony fiasco related? (Score:5, Interesting)
Andy Oram [onlamp.com] had a nice blog entry on the whole topic, in particular, towards the bottom: The GPL is swell. I can agree that abdicating freedom through the use of proprietary software is stupid. Deeming the sale of such "unethical" seems subjective. More generally, fretting about the motives of others seems a collosal distraction. I dunno.
I wonder if the Free Software and Open Source communities don't have greater effect in combination than either would have had in isolation.
I also wonder if the chief benefactor of all the theological thumb-wrestling isn't sitting in Redmond.
Re:why is this necessary? (Score:5, Interesting)
And here's a post from linus [iu.edu] on the kernel mailing list (thread "flame linus to a crisp") talking about DRM in the linux kernel.
So there you go GPLed DRM.
Sorry, no. (Score:5, Interesting)
The basis of rights (Score:4, Interesting)
I'm not sure that the word "rights" should be used anymore, the meaning is lost.
To me, rights are something every person is born with -- inherent, God-given, natural, you call it what you want. I believe we are born as human, we have these rights -- American, Afghani, Zimbabwian. I believe the initial U.S. Constitution as very good about naming SOME of the rights that we're born with (no government can tell us what to say, which religion we practice if any, they can not search our body or our house without very specific details laid out to a public witness, they can't quarter troops in our homes, they can't make us testify against ourselves, etc, etc). These rights are the people's, all the people's, and they're not to be abridged by any government. These rights are also ours on our property to modify in respect to others (you have none of these freedoms when you are on my land).
The entire copyright issue is very complex for most people -- many loopholes and priviledges given to some but not others. I don't like unequal rules when they are put in the law. I especially don't like unequal rules that no one can understand with a lawyer. As some know here (and I really don't want to debate it on this forum), I am against copyright in every form -- I believe that once you have a physical item in your hands, you can do with that physical item what you want -- copy it, modify it, call it your own. The physical item is "protected" by inherent property rights as long as the original owner keeps it with him. It is like gold or diamonds. The minute they sell or barter away the physical item, it is now the new owner's item to do with as they please. PHYSICAL property can be protected, but intellectual property is thought, it is action, it is processing, updating and recreating.
Now we get to fair use. First, we the People give government the ability to lay down a monopoly rental to another person or corporation -- copyright. We let them control how we use a specific item, who we use it with, and what we can and can't do. This is a law, with force being used if we ignore it. Then we give "the People" the right to work around this rented monopoly, given some very peculiar reasoning. Copyright was intended to be useful for 7 years (which can be doubled) in order to further the arts -- it was not there to necessarily protect a profit or a demand complete control forever.
This is my big problem with "rights" today -- we can give them up and have to walk a very complicated path, but we also get some parts back in order to try to fix that complicated path but it just ends up being even more complicated.
If you won't agree with me that freedom is better than tyranny, how about you folks who love big government mandate a state-paid lawyer to follow around anyone who wants one, so we can live without the fear of jail or fines?
Re:My problem with DRM... (Score:3, Interesting)
You may write a book, a darn good book. OK?
You publish it on your page, in PDF format with mega-ultra-super-l33t DRMcryption. If someone wants to have it then it will cost $xx.yy (you put your price).
Then, you tell the people this: "My time an effort to write this book was ZZ hours + NN HeadBangs. So after I recover $KKKK.KK I will make the book available without all the hazzles(DRM). " you could even make it free, as you have earned what you thought was right.
That way, people that really want to read your book, will buy it. And, after you have earned what you wanted for that book you would not care for what people do with it.
Well, as I said, it seems feasible... maybe if you change PDF for MP3 (or a DRMd WMV) a musician could do that, sell its music via iTunes, and make a public statement, "after selling NN number of [virtual] CD's the improved version will be offered to people that buy the song" and then, you just put a
Sounds fair to me.
Feels overbroad (Score:3, Interesting)
That said, I think this is a mistake.
Under GPLv3 can I crate a xen node0 and tie it with hardware DRM so only that hypervisor boots? That's the path to a secure node0?
Could I use DRM type technology to avoid leaking client data I'm required to collect at my place of business?
What people forget is that DRM technology can be used in many ways. To destroy privacy and restrict rights, or to insure privacy and protect rights.
I can think of lots of areas (patents) that the GPL could have been improved / touched-up other than taking the hard DRM line.
Re:Linus' thinking (Score:5, Interesting)
I don't think, however, that GPLv2 expresses the FSF's political views in the same was that GPLv3 does. GPLv2 restricts only the ways that derivative works can be distributed (they must be distributed with source). GPLv3 also appears to restrict the function of your derivative works (they cannot be used for DRM). And I think it means that using GPLv3 on your own servers to facilitate DRM is also not allowed (might be wrong on that one though) which would make it an end-user license.
GPLv2 expresses FSF's views on software distribution, while GPLv3 expresses FSF's views on software function. There is a big difference, and it could cause a lot of problems in the Free Software community. I can't say I agree with the changes in GPLv3, as someone that often waffles between preferring BSD-style licenses and GPLv2-style ones.
Re:My problem with DRM... (Score:5, Interesting)
As a writer, I'd like to be paid for my work. I'd rather not make it easy for people to redistribute my work without compensating me.
Here's another writer's view on the issue [baen.com]. The whole essay is worth reading, but his second-to-last paragraph sums it up pretty well:
And Eric Flint and other authors are putting their money where their mouth is: The Baen Free Library [baen.com] offers full, unabridged novels for free download, in multiple formats, with no DRM. Once they've gotten you hooked with that, the Baen Webscription [webscription.net] site offers books for sale, for low prices, also in multiple formats and with no DRM.
Baen has also put CDs in the backs of several recent hardcover releases, containing other books from the same author, books from other authors that readers may like to try, plus high-resolution copies of cover artwork (without the book title or other text -- just the art). The CDs not only include no DRM, but they also have a statement printed on the label that *encourages* the sharing of the content with friends and family. Baen does ask that you don't distribute the content to the whole world, but has never sued anyone over it. There was one fan of David Weber's Honor Harrington series who put the full text of all of the Harrington books on his web site. Jim Baen found out about it, but rather than threatening a lawsuit, he simply sent the fan an e-mail and explained how the fan's actions were counterproductive and damaging. The fan promptly took the material off-line.
Baen has also recently started doing something new, too. They're now offering "Advance Reader Copies" of new books. These are unproofed versions of books that are going to be released in coming months. Serious fans buy them both because they don't want to wait for the release and also because there's something cool about reading their favorite authors' work in it's "raw, unpolished" form -- it's basically straight from the author's word processor. The advance copies start out at $15 and decline in steps as the publication date approaches. After release, of course, you can buy the final version for about $4.
Oh, and everything is in multiple formats, with absolutely no DRM.
This is innovation in publishing, and this is the sort of thing that can build a sufficiently large and loyal fanbase so that piracy is simply irrelevant.
According to Jim Baen, the experiment has been extremely successful and profitable. Not only has it increased the sales of their current top authors, it has also allowed them to publish -- and profit from -- lots of their back catalog that would otherwise be impossible to publish.
I know that I, personally, have spent *way* too much money on Baen books over the last two or three years. If there are others like me, and I'm sure there are, it's no wonder Baen is doing well.
Re:Security ramifications? (Score:1, Interesting)
On a single user system you own, sure. But what about genuinely multiuser systems, where permissions have been used for years, to say, stop the new temp from deleting the core system files, or reading the salary database in the payroll department? I really am scratching my head to draw a bright technical line between DRM and ACLs and permissions and so on. Hell, the basic idea of login/password is that you have ownership and rights over some digital stuff and not over others. And in fact Stallman's early personal dislike of even the concept of permissions -- which the overwhelming majority of us demand as the basic element of security and privacy in any shared system -- may be why Stallman thought attacking allDRM is okay. To quote from Sam Williams' biography of Stallman, Free as in Freedom (emphasis added):
In the mid-1970's [at the MIT AI Lab] more and more faculty members began calling for a file security system to protect research data. Most other computer labs had installed such systems during [the] late 1960's, but the AI Lab, through the insistence of Stallman and other hackers, remained a security free zone.
Now, that might be be okay for hackers in an academic setting, working on computers that weren't relied on for much more than research purposes, but today, well, everybody who's ever expected, say, their email not to be readable by everybody else using the same system has expected some kind of DRM to protect their data, even if not called, or thought of, as such. Stallman's coming from a very different place than most of us, a place where login/password was seen as some new-fangled, beauracratic, unnecessary restriction, instead of the basic coin of the networked world. And think about it: think how people here have railed about how inadequate Microsoft's initial single-user model for Windows was so inappropriate when PCs started getting on the Internet in a big way, how unix was so much better, because it had things like permissions and other security built in to the OS, and think about what might be different if Stallman's view of file-permissions had dominated beyond the AI Lab in the 1960s and 70s. Stallman's views may have evolved since then, and he may indeed have a way of untangling permissions, etc, from the kind of DRM we associate with DVDs, etc, but I'm going to need help seeing that.
Exactly - but what is the basis of rights (Score:4, Interesting)
The Creator doesn't give anybody any rights. They can't be inalienable because they don't exist. Does the lamb have a right not to be eaten by the lion? The caveman by the bear? The woolly mammoth not to be slain by the caveman? Nope. Quite the contrary. The setup in the natural world is carefully designed or naturally evolved (take your pick) to confer benefit to the strong, the clever, and the ruthless. Everywhere there is competition for scarce resources.
If the whale is to have a right not to be processed by man for food and other products, it can only be because man chooses to confer and protect this right. No deity has ever done so.
The baby born with a heart defect has no right to life conferred by nature or Creator. Without man's interest and intervention, it will die quickly.
If man is to enjoy rights, it can only be because man promulgates and protects these rights.
Knowledge "wants" to be free in a metaphysical sense, but it's not going to happen without the efforts of men to undo the efforts of other men to chain knowledge.
Re:Shooting yourself in the foot? (Score:3, Interesting)
I don't know who gave you that idea, but software is very much copy protected still, and it even gets more and more agressive. I don't recall what the name is, Starforce something maybe, is on many games and probably other applications - my brother recently could not install his legally bought and paid for, expensive game because it detected that he had Daemon Tools installed.
Here at work, we have 25ish installations of Maya that won't run unless a license server is present on the network - if the machine dies, everybodys Maya instantly closes without saving... and so on.
There's probably some software that simply refrains from using any technical measures, and that is the smart thing to do - all protections (except online subscriptions) get circumvented anyways, so all they are doing is throwing money away, right into the pockets of the people developing consumer-hostile addons. Copy protection never works and only hurts the legitimate users, but that hasn't stopped many. It's still very common. Just like DRM...
Great Firewall of China? (Score:1, Interesting)
Re:Restricting Use? (Score:4, Interesting)
I see your point, but it's also an important feature of the GPL that you cannot used GPL'd software to lock a customer into a single vendor's product (since you must supply the source and allow forks). What else is DRM except lock-in?
Re:GPL3 players for DRMed media illegal then? (Score:3, Interesting)
A misconception so far is that you CAN'T use it for DRM... you can. [obviously, otherwise you couldn't encrypt passwords, use SSL or many other things we do everyday.. those are all "DRM" too] People must have the real source [but not necessaraly the keys to the files] and if they use it to figure out the key for your DRM'd files you can't sue them for "breaking the lock."
This puts DRM in the same class as SSL or RSA... the source is open, your're more than welcome to TRY to break it if you can.... But just like intruding on a private SSL connnection would be illegal so would distributing the files after you unlock them. essentially it's not that big of a deal.
The GPL HAS to say something against DRM (Score:4, Interesting)
I could use GPLed software and create a DRM program with it. Normally, everybody can modify it, right?
Well, perhaps not : as it is a protection measure, I can try to sue everybody that does modify it under the DMCA, claiming that any modification to my software lessens the protection, and therefor infringes the DMCA (IANAL, so I'm not sure if this could succeed). So, by declaring my software to be a DRM, I could basicly prevent anybody from modifying it.
Worse, not only I, but if it is a general purpose DRM system, any author of content protected by this DRM could sue you if you modify the software.
The DMCA creates a huge mess : normally illegal actions done with software (even if it is modified GPL-software) are, of course, illegal. But with the DMCA, modifying software itself can be illegal, even if no other illegal act is commited (exemple : excercising fair use rights).
So, the GPL would like to say that modifying (and using) GPLed software is never illegal in itself, only if another illegal act is commited.
Why I'm against the form choosen in the GPLv3 : it only adresses the DMCA in it's current form (and even then, I'm not sure, if it will stand up in court), but with a new law, modifying GPLed software can become illegal again. And the licence will always be behind the law.
Re:My problem with DRM... (Score:2, Interesting)
If I can't see any better strategy to achieve that goal, then yes I feel I should support it.
Throwing up your hands and saying "Well, I dunno boss" doesn't achieve anything. Ideas like the Baen Free Library are alternatives, "carry on as we are, but with no DRM" is not an alternative. Though FWIW I'm not sure how well the Free Library would work if there was some piece of technology that made reading eBooks as convenient and pleasant as normal paper books.
There are many forms of DRM that prevent enough piracy to satisfy the content publishers or creators. This should be obvious - billions of dollars are spent on developing and maintaining these systems and it's done because they provide a measurable return on investment.
Spyware authors are creating security issues, let's not duck that fact, otherwise it's like saying banks are creating robbery issues. And recently an anti-virus firm was found to use rootkits too - does this mean that anti-virus tools are inherantly bad?
So what is your proposed alternative?
As a developer who writes both commercial and free software, I'd definitely put DRM on my creations if I were to release them commercially, because I've seen very compelling figures from a variety of software houses that make it clear it would be a good investment. Give me an alternative that allows me to keep my program proprietary and sold retail.
Re:Security ramifications? (Score:3, Interesting)
The intent of permissions vs. the intent of CSS is not the issue. The issue is whether or not all DRM is bad. You're making an interesting case that would allow people to distinguish between good DRM and bad DRM (and so perhaps engage in useful lobbying against the later), but not that permissions are instrinsically technically seperate from DRM -- as you point out, your argument for differentiation substantively relies on "legal issues" not technical ones. In my examples of Apple above concealing the root instructions and CSS keys becoming available, not a bit of software has changed, but they've still swapped places on the good/bad divide due to factors entirely external to the software. Thus attempting to 'hardcode' anti-DRM language into a universal software license seems problematic, and more a relic of AI Lab thinking, circa 1970, than something appropriate for the networked world.
Re:Shooting yourself in the foot? (Score:3, Interesting)
Start?
If Microsoft start screaming "The new GPL prohibits all use of DRM type software on ANYTHING you make", then Microsoft may well kill off a lot of them Linux machines.
OSS opponents have always spouted FUD like "if you use Linux then the FSF zealots will make you release all your code"; this would be no different.
Of, GPL, DRM and DMCA (Score:4, Interesting)
It's brilliant, really.
I'm split on the issue... (Score:3, Interesting)
* Music: Music has existed since the dawn of civilisation. Those who enjoy music enough will continue to produce it whether or not people will pay them handsomely for their efforts. If they no longer make more money in a day than a surgeon in the emergency room makes in a whole year, well, somehow I find it hard to feel sorry for them.
* Software: Some software needs can be met with open source software. More specialist "unsexy" software will again continue to be needed. Whoever needs it enough can enter into a contract with someone to develop it, under as strict a set of safety standards as is necessary for things like aircraft and nuclear reactors if needs be. Isn't the vast majority of all software written for internal use? If this software gives you a critical edge over a competitor it can be protected as a trade secret instead.
* Books: Same as music, even moreso. Anyone with a word processor can potentially be an author, although if you look at the volume of utter drivel on say fanfiction.net it might become a bit hard to sort the wheat from the chaff for a while. Again, better to have geniunely good material float to the top than have the usual pop crap pushed down everyone's throats because it's a lazy man's substitute for taste.
* News: Tricky. "the blogosphere" these days is mostly about juvenile navelgazing, and I personally would certainly not rely on it. Still, if News Corp et all fell into the dust, if something big caught on fire I imagine many people would be giving consistent reports of the fact within minutes online, as opposed to front page articles of who's fucking who in the celebrity world as we usually have (although we wouldn't see quite so many celebrities in the first place; see above).
* Cinema: There are lower barriers to entry these days thanks to powerful commonplace audio/video hardware and the obscene computing power of a medium-sized pile of desktop PC's these days. Still, this could be tricky. You would need some sort of wealthy societies to bankroll massive cinematic productions. You wouldn't get too many projects like Lord of the Rings springing up because a bunch of people down the pub with 1000 of their highly qualified mates decided it might be fun to set up tons of production equipment and render farms down in New Zealand for a laugh...
On balance though I'm having trouble seeing the benefit of copyright other than the fact that it makes a small group of people with an arguably marginal contribution to society disproportionately rich. Considering the recent abuses of the copyright lobby (DMCA and such) we do seem to be making some ridiculous "tradeoffs" as of late.
Re:My problem with DRM... (Score:5, Interesting)
DRM is more than a technical measure these days. It is also a legal measure. You can be charged with a crime for distributing a DRM crack (e.g. Skylarov, DVD Jon), even if the DRM is hopelessly insecure from a technical perspective.
Furthermore, cracking DRM takes time and needlessly wastes resources. Lots of users don't know how to get the cracks. Plus the cracks typically only run on systems with well-documented operating systems. To my knowledge no one has released an iTunes DRM crack that actually runs *on the iPod*. So even if DRM is cracked on desktop computers, it can still render a lot of portable devices nearly useless if the original vendor turns evil.
The way I see it, the worst examples of DRM (I would not include iTunes in that group) constantly harass users, even if they're easily circumvented. Imagine if books had DRM, for example: your hardback books would lock themselves shut unless you plugged them into the phone line for a few seconds to open them. Even if there was an easy hack, you'd still be paying the publishing company to put that crap in the book in the first place.
My point is: DRM places an economic and legal burden on consumers even if it's easy to circumvent.
Re:here's a thought ... (Score:3, Interesting)
Nothing has changed here. In the past, there would have been an argument in court about this. Now there is no doubt at all. Certain forms of DRM make it impossible for a downstream recipient of the code to legally rebuild a usable version of GPLed software. The DMCA means that the downstream recipient who tries to get around this could be prosecuted for trying to circumvent a technical protection measure. The new formulation in GPLv3 simply clarifies that this is incompatible with the aims of the licence, so if you want to incorporate DRM into someone else's GPLed code, you are acknowledging that your DRM does not constitute a TPM so someone who tries to break it doesn't fall foul of the DMCA. There is a lot of hysteria about this, which is not justified in my opinion. DRM backed by the DMCA was always incompatible with the goals of the GPL. In the past they might have had to go to court to argue that the goals of the licence make it clear that DRM is in violation of licence; after GPLv3 there can be no doubt about this issue and it would not require a trip to court to establish the fact. (I am not a lawyer).
Re:MOD PARENT UP (Score:3, Interesting)
I think though I can imagine non-evil situations where it would be good for even an Administrator to accept 3rd party restrictions on data: for example, a distributed computing project where the 3rd party project mangers wanted to guard against data tampering or duplication. SETI@home solved this problem in other ways, for example by leveraging its huge user base to process blocks multiple times, but you could imagine that DRM might help with that. Or giving researchers limited access to medical data: after an ethics committe approves their project, a research team could be sent a DRM'd copy of $Hospitals complete medical records to data mine, but they can't pass those records on to another unapproved group, except in piecemeal fashion, or perhaps access could be automatically expired at the end of the investigation, reducing the likliehood of a privacy leak.
I guess what I'm trying to say is that even trying to specify non-technical effects and ends might prove horribly difficult and perhaps better suited to other forums, such as legislative efforts, than the GPL.
I think it's also worth noting that at CES, there was a panel of congressmen discussing digital rights issues, all of whom happened to be Republicans, and all of whom seemed to agree the DMCA was flawed, in that it didn't accomodate Fair Use properly, and were thinking about legislative changes, so the GPL v.3 language may end up being moot anyway.