[svlug] FW: EFF alert on SSSCA
Seth David Schoen
schoen at loyalty.org
Fri Mar 8 23:32:55 PST 2002
Crawford Rainwater writes:
> In case some folks have not heard, the hearings for
> the SSSCA are back in motion again in DC. One potential
> and very possibly interpretation of this bill would
> mean that Linux would need to be copyrighted and have a
> "source key" (like those wonderful MS OEM license keys
> we all love) to some extent, if not completely. As
> a result, and in my opinion, this could harm the creative
> development of open source software which I believe to
> be one of the foundations of the Linux community.
Linux is already copyrighted. So is this message, unfortunately.
There's no way for me to get rid of this copyright unless I assign it
to someone else.
The specific way that technology mandate legislation like the SSSCA
threatens free software is by limiting the right to provide technology
with "user-serviceable parts", including software. They threaten to
require particular aspects of technology to be devised with an aim of
preventing end-users from modifying them.
A narrower proposed mandate which demonstrates this is the proposed
rules from the Broadcast Protection Discussion Group.
Here the idea is that certain technologies (in this case, demodulation
and decoding of an over-the-air digital television broadcast) may only
be done in a tamper-resistant way. It seems pretty clear to us that
this is incompatible with a free software implementation. (There are
two ways we could use "incompatible" here: first, the implementation
could be done in hardware and it could just be impossible to make free
software interoperate with it; second, the implementation could be
done in software, and it could be made illegal to publish the
software. In the first case, free software drivers are prevented from
taking advantage of particular features of a device, or perhaps from
communicating usefully with a device at all. In the second case,
_some_ specific pieces of free software are banned outright.)
None of these proposals seems to be a general attempt to outlaw free
software. But to the extent that there are technologies which have to
be done in a modification-resistant way and to the extent that those
technologies are mandated by law, the scope in which free software and
free hardware are useful will shrink.
One example of the kind of thing some copyright holders have in mind:
you could imagine a sound card which had a watermark detector built
in. Whenever the sound card detected a particular watermark in any of
its input, it would enter a "protected" mode, and cause its output on
the PCI bus to become encrypted. For unwatermarked audio input, the
output on the PCI bus would be cleartext, as normal.
In this case, in order to get the keys to decrypt the "protected"
audio data, you would have to sign an NDA and pay a license fee to a
licensing agency. In addition, you'd have to agree that any software
you wrote using those keys would be "tamper-resistant" and would also
faithfully respect the policies set by each copyright holder (which
might be recorded in another watermark). Certainly DRM vendors have
already designed technologies like this. An SSSCA-like law could
provide that nobody was allowed to manufacture a sound card unless the
sound card responded to these watermarks in this way.
Then Linux systems wouldn't be able to make use of the watermarked
sound at all, unless you obtained an add-on piece of proprietary
software which could decrypt the "protected" stream but also
faithfully abided by all of the wishes of each copyright holder, and
prevented you from getting a decrypted version inside of a free
software application, or even within the kernel. All other audio
applications would be totally unaffected; you could write an OSS or
ALSA driver for the new sound card, and it would work as normal, until
you tried to record some sound from a source containing a watermark.
At that point, the recording would simply fail, or what you recorded
would sound like static.
The exact amount of functionality that you wouldn't be able to access
from free software depends on how broad the mandates ended up.
Computer companies, to the extent that they accept that there will be
some affirmative SSSCA-like mandates, are trying to keep them as
narrow as possible. But that doesn't mean that they're looking out
for free software.
Proprietary software can meet "compliance and robustness rules" like
BPDG's like using obfuscation, even though computer scientists would
argue that obfuscation isn't providing real security. Free software
can't use obfuscation; it's against _our_ rules.
Seth David Schoen <schoen at loyalty.org> | Reading is a right, not a feature!
http://www.loyalty.org/~schoen/ | -- Kathryn Myronuk
More information about the svlug