Re: Retracting the term ownership (was: Re: Separate trusted computing designs)

[Jonathan S. Shapiro]

On Thu, 2006-08-31 at 18:59 +0200, Marcus Brinkmann wrote: 
> > In the same way, the TiVo box can be used by the owner for its original
> > purpose, and the owner is welcome to *attempt* to adapt it at their own
> > risk.
> 
> It is my understanding that the DMCA (and the EUCD implementations
> here in Europe) may make this illegal if anti-circumvention measures
> are applied by the vendor.  Is that wrong?

First, let us be clear that the DMCA issue is a separate issue from the
TPM issue. The two interact, but they can also be considered separately.

Second, I have not read the EUCD regulations, so don't assume that what
I say will apply to that.


As I understand matters, you are correct, but not absolutely correct.
DMCA does not prohibit me from adapting the device to a new purpose in
general. It specifically prohibits me from making adaptations that would
circumvent the encryption measures of the original device.

DMCA does not prohibit me from removing the encryption chip, or from
using the existing encryption chip in a way that does not circumvent the
original protections. DMCA does not prevent me from re-burning the flash
of the linksys media device (DSM-320).

Alert: The following paragraphs do not attempt to consider "moral
outrage" in connection with DMCA.


The DMCA prohibitions are approximately comparable to prohibitions
concerning my main electric box in my house. By law, only a licensed
electrician can connect new power wiring to the box. The analogy is not
perfect, because there is nothing comparable to a "DMCA Circumvention
License" (well, maybe there is: the research exception). The point that
I am trying to make is that in both cases there are regulatory
constraints on the lawful actions of the owner. There are also laws
involving proper use of a car, or (in many jurisdictions) fireworks, or
storage of flammable or toxic substances.

Given this, it seems to me that our objection to DMCA cannot be grounded
in the theory that regulation per se narrows freedoms. Regulation
certainly *does* narrow freedoms. Ideally (and in all of the cases I
have mentioned *including* DMCA) it seeks to establish or restore a
balance of interests among parties. Individual freedom is sacrificed for
the sake of this rebalancing of interests.

Our objection to DMCA must instead be based on the fact that it
compromises fundamental freedoms in an *unbalanced* way:

1. It enables the balkanization of public material.
2. It makes no distinction between circumvention of lawfully "owned"
   content vs. circumvention involving public domain material
   where control is being improperly asserted. That is: it criminalizes
   acts that are cannot rationally be considered criminal on any
   common sense basis.
3. It operates on a doctrine of "presumed guilt" -- an unsubstantiated
   complaint against a website can force the ISP or server provider
   to block it or shut it down, and there is no effective recourse
   against fraudulent complaints.
4. In some implementations -- notably many digital cameras -- it
   denies copying authority even to the *creator* of a work.
5. It effectively (through technical means) defies the quid pro
   quo that has been embodied in copyright law. [Current copyright
   durations are a disgrace, but they *are* an attempt at a
   quid pro quo.] This is *especially* bad in combination with (2).

This list is certainly not exhaustive.

On all of these grounds, DMCA is bad law. It is a hammer that has been
applied with excessive force to protect the interests of a small number
of individuals at the cost of denying many valid interests of society at
large. In my opinion, this is true even if we do NOT begin with the
assumption that digital information should in principle be free to copy
once published.


I do not believe that the same is true for TPM. The problem with TPM is
that the one widely publicized application is DRM. In discussions on
this list, we have identified a number of scenarios where TPM protects
the interests of the *customer*. TPM per se is merely a mechanism for
mechanically embedding certain contract terms. Some of those contracts
are socially bad, some are socially neutral, and some are socially
positive. There does not appear to be any technical means for
differentiating among these.

But arguing against TPM because of the single example of DRM does not
strike me as a sound approach. In principle, it is a good thing that
parties to a contract should be able to verify compliance. DRM is an
unfortunate perversion of this technical capability.


shap