Subject: Re: DRM-incompatible licenses
From: "Stephen J. Turnbull" <turnbull@sk.tsukuba.ac.jp>
Date: Wed, 05 Apr 2006 18:51:29 +0900

>>>>> "Pedro" == Pedro de Medeiros <pedro.medeiros@gmail.com> writes:

    Pedro> On 4/4/06, Stephen J. Turnbull <turnbull@sk.tsukuba.ac.jp>
    Pedro> wrote:

    >> circumvent!  It only prevents GPLv3-ed code from having the
    >> additional DMCA-granted power to protect documents that the
    >> would-be reader doesn't have access to in the first place.

    Pedro> In other words, not allowing GPLv3ed code to be used for
    Pedro> privacy protection.

That's not true.  If privacy protection works, it works.

What I'm talking about is something like suppose somebody discovers a
way to recover the private key from the public key, and starts reading
people's PGP-protected mail as it passes through the MX.  Since that
mail is automatically copyrighted, this is an access circumvention per
DMCA, and that person has committed a crime under the DMCA.  You don't
even need to show that he has done so; you just need to show that he
has a program that does the job.

This would apply to mail sent through an employer's system, for
example.  The employer can refuse to relay the mail, he can bust your
chops for misuse of company resources, but if he reads that mail he's
in trouble.

    >> Untangled, from the user's point of view the anti-DRM provision
    >> weakens privacy protection, not copy protection.

    Pedro> So it looks like GPLv3 is trying to screw up people's
    Pedro> privacy to protect the programmers instead.

It would be fair to read what I wrote that way, but it's unfair to
actually apply it to the authors of the GPLv3.  (They have my
apologies.)  They're not "trying", and it doesn't "screw up", it
merely "weakens".

    Pedro> What about a device that accidentally removes -- maybe by
    Pedro> being used in a different way -- digital protection?

You'd need to ask a lawyer.  However, the devices that are illegal are
those that

(1) are written on purpose to circumvent, or
(2) have no commercial use other than to circumvent, or
(3) are marketed as capable of circumventing.

(Note, I've used absolutes for simplicity but the law actually using
phrases like "limited commercially significant use", etc.)

There was a case where a hacker wrote a tool to decode font
attributes.  He was threatened by one of the big foundries, but since
there was an important commercial use (to remove restrictions
automatically placed by a font creator tool from fonts he intended to
be free), they eventually backed down.

http://www.andrew.cmu.edu/user/twm/embed/dmca.html

I believe this shows that you don't have to make money to be
commercial (but IANAL, etc).

    Pedro> What about interoperability? From the implementation pov,
    Pedro> it might break privacy protection. Has it become illegal?

No, no.  The point of the DMCA is to make it illegal to circumvent.

If the technology is good enough, you don't need the DMCA.  The reason
the DMCA is considered necessary is that it's a "theorem" that there's
no such thing as unbreakable copy-protection.  See below.

    >> And it is not obvious to me that the DMCA prohibits trafficking
    >> in circumvention devices if the purpose is to allow copying of
    >> legal copies of free documents that happen to be restricted by
    >> DRM, either.  Of course, you'd risk getting busted for it, and
    >> even if you won that would be expensive and annoying.

    Pedro> Are you talking about something in special or just
    Pedro> digressing?

I'm thinking of the following case.  Suppose that you have a free
program and a proprietary program on the same disk.  The whole disk is
protected by a measure.  I think that the user of the free program has
the right to decode the whole disk to get at the free program.  (Of
course he's still liable under copyright if he copies the proprietary
program, but he hasn't violated the DMCA in my opinion.)

    Pedro> Well, being busted for copying free documents because they
    Pedro> carry DRM restriction would require someone to sue them not
    Pedro> because of the content, but because of the circumvention
    Pedro> per se.

Exactly!  That is ALL the DMCA does.  It makes willful circumvention
of access control per se a crime, and any circumvention of access
control a copyright infringement.  It also makes willful manufacturing
or distributing a technique for circumvention of access or copying
control a crime, and any distribution an infringement.

It explicitly says it does not change the scope of copyright in any
way.  (You might think that with DRM it's harder to exercise fair use,
for example, but that's beside the point---DRM will exist whether or
not we have the DMCA.  What the DMCA does is to give DRM special
status when it is used.)

    >> It is not easy to get this right.  The FDL, phrased by Eben
    >> Moglen, who we had better hope is one of the best free software
    >> lawyers in the business, says "You may not use technical
    >> measures to obstruct or control the reading or further copying
    >> of the copies you make".  This means that you may not encrypt
    >> copies on your own disk.  You may not chmod o-r.  That's nuts,
    >> of course, but that's what the English says.  So the FSF is in
    >> the position of denying that its legal document means what it
    >> clearly says.  Uh-oh.

    Pedro> But isn't that appliable only in the context of
    Pedro> distributing code? For instance, if you encrypt your hard
    Pedro> drive, you are not doing it to distribute anything.

No.  *Any* copying is governed by copyright, and you *must* have a
license to copy others' works.  So if your license is poorly worded,
the user *must* come back and get explicit permission to do what you
really wanted them to be able to do in the first place.

And if one clause says "you can make any copies you want" and another
one says "you may not make encrypted copies", then the more
restrictive interpretation seems likely to be upheld.  (Note that if
you say "there's a contradiction, throw both out" you end up with pure
copyright---which says "no copies".)  I'm not a lawyer, just guessing
here.  But remember that the owner's interpretation is likely to be
upheld, so you're at risk if you assume that the broad permission
overrules the narrow prohibition.

    Pedro> That if the copyright holder is not being deceived by the
    Pedro> same holes GPLv3 might have... :)

    Pedro> But it is a draft, right? Things might improve...

Any ambiguous wording will improve, a lot.

However, what I worry about (like Bernard Lang) is whether the GPLv3
will become the accepted "standard copyleft" to succeed GPLv2.
Regardless of who is correct in our thread with Norbert Bollow,
clearly Norbert likes the new provisions, while I at least dislike
them.  I'm not alone.  So, there's potential for a split here.  And
will Linux "upgrade" its license?  Etc, etc.

There are also issues for industry support.  Large companies with many
patents may be willing to use the GPLv2 with its implicit patent
license of unclear extent.  But under GPLv3, you must grant a very
broad license, and if the code is ever published, to the whole world.

    Pedro> Maybe Linus Torvalds has just agreed not to sue. :)

But that's exactly what a copyright license is!  An agreement not to
sue.

    Pedro> I will have a look. Is [Larry Rosen's book] GNU FDL? (I
    Pedro> usually buy books, even if they are under FDL, but just
    Pedro> after I have a look at it and if it is really interesting.)

No, the electronic version is Academic Free License (Larry's own
permissive license), I think, although the printed version is
proprietary.  The URL is http://www.rosenlaw.com/, IIRC.

    >> Another useful book is Andrew St. Laurents's "Understanding
    >> Open Source and Free Software Licensing" from O'Reilly.

    Pedro> This one is probably not under GNU FDL. ;)

That depends on what Mr. St. Laurent wanted.  O'Reilly will use a
proprietary license for the printed book, true, but at the author's
request they often permit electronic distribution under other terms.


-- 
Graduate School of Systems and Information Engineering   University of Tsukuba
http://turnbull.sk.tsukuba.ac.jp/        Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
        Economics of Information Communication and Computation Systems
          Experimental Economics, Microeconomic Theory, Game Theory