Subject: Re: DRM-incompatible licenses
From: "Stephen J. Turnbull" <turnbull@sk.tsukuba.ac.jp>
Date: Wed, 05 Apr 2006 02:59:32 +0900

>>>>> "Pedro" == Pedro de Medeiros <pedro.medeiros@gmail.com> writes:

    Pedro> On 4/4/06, Stephen J. Turnbull <turnbull@sk.tsukuba.ac.jp>
    Pedro> wrote:

    >> I'm surprised that you are willing to cooperate with a company
    >> which directly aids and abets censorship for commercial
    >> advantage.  (I don't disapprove, I am surprised.)

I'm referring to your email provider, Google, which agreed to help
China censor "harmful propaganda" in return for permission to locate
servers in China.

The point being that these issues are complex and you never know when
conditions you didn't know about, or changing conditions, will make
them relevant to you.

    Pedro> How come? Copyright law still accounts the existence of
    Pedro> fair use protected by the government, right? How can DRM
    Pedro> exist in such a model, as it is incompatible with fair use?

As I understand it, fair use is not a positive right, prohibiting DRM.
It is a negative right, ie, a limitation on the degree to which the
copyright owner may use the courts to impose restrictions.  It doesn't
say that the copyright owner must enable fair use copying, nor what
the quality of those copies should be.  (Eg, take a screen shot rather
than copy the PNG, analog rather than digital copies of music, etc.)
Only that if your unlicensed copy is covered by fair use, he can't sue
you.  The DMCA doesn't change that, explicitly saying that fair use
continues to be a defense to allegations of illegal copying, even if
you must circumvent a technological measure to make the fair use copy.

    Pedro> "Copyright law has been defined in terms of general
    Pedro> definitions of infringement in any concrete medium. This
    Pedro> classic approach focussed such law on whether or not there
    Pedro> is infringement, rather than focus on particular
    Pedro> engineering techniques."

DRM is not a particular engineering technique.  It is any effective
means to prevent copying.  If you break a lock and copy the documents
contained in the locked box, you are violating the anti-circumvention
provisions as far as I can see.  (Well, maybe not, since it does refer
to "digital".  But I haven't found any language in the DMCA that
defines "technological measure" to *exclude* locked boxes. :-)

    Pedro> This confirms what I think. Do you have any evidence to
    Pedro> support what you just wrote (or are you a lawyer)? :)

You mean in the following?

    >> What the license ends up fighting is the use of privacy
    >> protection, because it can be used to circumvent the intent of
    >> the license.  In order to limit the severe damage (especially
    >> to the FSF's reputation) that a blanket prohibition of the use
    >> of GPLed software in privacy protection would cause, the term
    >> "DRM" which has a specific meaning in U.S. copyright law is
    >> used to try to restrict the field of application to commercial
    >> uses of privacy protection (but without saying that).

According to the DMCA, *circumvention of copy protection* is *not*
illegal.  (In a summary document, it is explained this is intended to
allow fair use copying.)  Circumvention of *access protection* *is*
illegal.  What is privacy protection but prevention of access?  So the
DRM provision doesn't help people who wish to copy documents they have
legal access to anyway, at all!  They're already allowed to
circumvent!  It only prevents GPLv3-ed code from having the additional
DMCA-granted power to protect documents that the would-be reader
doesn't have access to in the first place.

Untangled, from the user's point of view the anti-DRM provision
weakens privacy protection, not copy protection.

From the hacker's point of view, it does affect both, since
"manufacturing" or "offering to the public" a circumvention device is
a crime for both access and copying.  In other words, you can only
hack the device for yourself, and not give copies to other people.
(As I understand it, "manufacturing" implies "for sale", so
"inventing" is not the same as "manufacture".  IANAL, and none of
Google, Wikipedia, or Wex came up with a specific definition for
law.)

To be honest, this is probably the important motivation: to protect
hackers working on GPLv3'd security code from being charged under the
DMCA "anti-trafficking" provisions.  So I have to take back the
comment about "because privacy protection can circumvent the intent of
the GPL."  I still believe, as argued above, that the anti-DRM
provision weakens privacy protection more than it weakens copy
protection.

And it is not obvious to me that the DMCA prohibits trafficking in
circumvention devices if the purpose is to allow copying of legal
copies of free documents that happen to be restricted by DRM, either.
Of course, you'd risk getting busted for it, and even if you won that
would be expensive and annoying.

Of course the inference about the FSF's intention in referring to DRM
rather than the (apparently) more general "technical means to obstruct
reading or copying" is speculation; I am not the FSF's lawyer or
executive.

And no, I'm not a lawyer at all.  So what?  I'm not giving anybody
legal advice.

    >> It may be possible to write this clause to target only those
    >> uses of privacy protection that the free software movement
    >> deems unacceptable, but it's not going to be easy, and any
    >> given wording can easily be frustrated by new legislation or
    >> court decisions.

    Pedro> If some new security measures implement -- among other
    Pedro> things -- restrictions to the user or owner of the
    Pedro> computer, just have the license consider the whole thing
    Pedro> illegal.

No.  As you phrase it, SSH, GPG, and IPSec are disallowed by the
license (whatever that might mean), because they can be used to
protect network traffic from the user or owner of the relay hosts.

It is not easy to get this right.  The FDL, phrased by Eben Moglen,
who we had better hope is one of the best free software lawyers in the
business, says "You may not use technical measures to obstruct or
control the reading or further copying of the copies you make".  This
means that you may not encrypt copies on your own disk.  You may not
chmod o-r.  That's nuts, of course, but that's what the English says.
So the FSF is in the position of denying that its legal document means
what it clearly says.  Uh-oh.

And what if somebody with less respect for privacy than the FSF should
decide to interpret the FDL literally, and sue you for doing chmod o-r
on their document licensed under the FDL?  See below:

    Pedro> Can't it also be argued what is acceptable based on the
    Pedro> spirit and intention of the license? (I know this works
    Pedro> sometimes for laws...)

Yes, but *whose* spirit and intention?  For a full discussion, see
Larry Rosen's book "Open Source Licensing", but the gist of the matter
is that basically the copyright owner (not the author of the license)
determines what the license means.  However, if the licensee gets the
impression from the owner that certain uses are permitted, and relies
on those permissions, then a court might very well rule in favor of
the user.

In other words, courts expect the owner to tell the user up front
what's permitted, and if the user can show the owner said nothing and
the words in the license seem to permit it, too bad.  (Again, see
Rosen's book, this is not a very coherent explanation).  You don't
want to rely on "spirit and intention", you want precise language in
the license itself.

For a concrete example, consider the use of proprietary binary kernel
modules with the Linux kernel.  Linus Torvalds doesn't like them, but
he's made it very plain that he doesn't consider them a violation of
his copyright.  The FSF took strong exception to his statements,
though, because it undermines their position on the extent of a
derivative work in software.  I don't recall how that got resolved,
but the only thing I can find stating this is posts by Torvalds;
there's no special permission statement making an exception to the GPL
in the Linux distribution that I can find, just the GPL.

So AFAIK Torvalds's interpretation applies to Linux, while the FSF's
applies to the HURD, because that's what the respective copyright
owners want.  (Larry Rosen takes a completely different position on
the FSF's claims in his book, but you should read it if you're
interested.)

Another useful book is Andrew St. Laurents's "Understanding Open
Source and Free Software Licensing" from O'Reilly.

-- 
Graduate School of Systems and Information Engineering   University of Tsukuba
http://turnbull.sk.tsukuba.ac.jp/        Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
        Economics of Information Communication and Computation Systems
          Experimental Economics, Microeconomic Theory, Game Theory