Re: Confinement (even with TPMs) and DRM are not mutually exclusive

[Marcus Brinkmann]

At Wed, 07 Jun 2006 01:27:52 -0400,
"Jonathan S. Shapiro" <address@hidden> wrote:
> > The security you speak of, as far as I understand (but I agree with Marcus
> > it's better to be specific, so I will be) is the security of programs 
> > against
> > users owning them (where owning means the program received all its
> > capabilities and the initial code image from that user).  This will never
> > work.
> 
> Bas:
> 
> >>From a purely technical perspective, this statement appears (to me) to
> be wrong. It is very clearly possible to technically achieve DRM. Not in
> an absolute sense, but in the sense that the cost to break it is too
> high to be practical. This is the only sense in which *anything* is
> *ever* secure, and it is a sufficient basis for commerce.
> 
> If you perceive a technical reason why what you say is true, I would be
> interested to know it.

As Bas echoes here what I said earlier, let me respond.  Information
that is not kept private can not be "owned" in any sense of the word.
As Thomas Jefferson put it, "If nature has made any one thing less
susceptible than all others of exclusive property, it is the action of
the thinking power called an idea, which an individual may exclusively
possess as long as he keeps it to himself; but the moment it is
divulged, it forces itself into the possession of every one, and the
receiver cannot dispossess himself of it."

Or, to go back in time even more, it was already understood and
expressed by no less than St. Augustinus, 400 years AD, in the context
of teaching and writing:

 "For if a thing is not diminished by being shared with others, it is
 not rightly owned if it is only owned and not shared."

("Omnis enim res, quae dando non deficit, dum habetur et non datur,
  nondum habetur, quomodo habenda est."

 Book I, Chapter 1 "De doctrina christiana" "Corpus Christianorum",
 "Series latina", Vol. 32, p. 6, lines 10-11. Written 397 AD by Saint
 Augustinus.)

Any bit of information only needs to see the light of day once to be
free forever, unless you use police-state like political and legal
means to control the population.  This is why any DRM mechanism can
not work in principle.  In practice, this means that information will
be "freed" by two mechanisms: By overcoming the hurdles of DRM once,
and then liberating the restricted content forever, or by simply
accessing the content under authorization in the first place, and then
leaking it to non-authorized parties.

This is stronger than the anecdotal story of the military official who
puts the monitor on the scanner to make a screenshot (today he would
use a digital camera).  It's a deep understanding that the very nature
of information makes it unsuitable for the philosophy of "ownership".
In the very sense of the word, proprietarizing information is
"perverse", it is against its very nature.

One can try to create and uphold a regime of power that violates the
very nature of its object.  It's bound to fail, but for a limited
amount of time one can try to do so.  And cause major harm on the way.

Thanks,
Marcus