The Fellowship / Fellows / marcus / Weblog / Linus got it wrong on DRM

Linus got it wrong on DRM

Marcus Brinkmann

Friday 10 March 2006

Linus Torvalds commented on the GPLv3 draft's anti-DRMprovision at forbes.com:

You seem to disagree with Free Software Foundation on the issue of digital rights management. Can you explain?

A lot of commercial companies want to do some really bad things with DRM. So people dislike DRM and want to make it harder to do. But the silly thing is that DRM really is just technology, and like most everything else, the badness comes not from the technology, but from what you use it for. There are actually valid uses of the exact-same technology, even if it ends up being called something different ("privacy rights," "security," what-not).

What are a few examples of valid uses?

The actual technology is exactly the same technology that allows you to encrypt your "dear diary," where you tell your diary all your most secret fears and all the heinous thoughts you had that you would never act out, but that you don't want people to even know you thought. At that point, it's not DRM anymore, it's privacy. See? It's technically pretty much the same thing. It's just what you use it for, and it goes under different names. The basic technology is about encryption, public and private keys and so on.

It sounds soothing, doesn't it? It's just technology, you can use it for good stuff and for bad stuff. So let's get over it, right? Not right. Linus Torvalds got it dead wrong, and here is why: DRM requires a different technology from the one protecting your diary. The difference matters. While in the diary example, you would retain complete control over the diary, and the computer it is stored on (your personal machine), in the DRM case the control over your computer is taken away from you.

Technically, this is done by inserting a "trusted chip" in every computer. The word "trusted" does not mean that you can trust it. It means that this component is relied on by various entities to enforce their security policies. In other words: A "trusted" component is the one that can actually break your security policy (for example, if it has a bug or is compromised). Which entities rely on this chip for their security policies? And which security policies can be implemented with this chip that can not be implemented without it? Here is where Linus is confused.

A multi-media company that wants to deploy a DRM solution will rely on this chip to enforce their content access restrictions. For this, the whole system, from the boot loader to the media player, needs to cooperate in implementing these restrictions. What the "trusted chip" allows the multi-media company to do is to find out remotely that your computer runs an operating system which implements these restrictions correctly. This process is called remote attestation. For this, the "trusted chip" contains a private key, which is built into the chip, and is never disclosed. This private key is used to bootstrap an encrypted communication channel. Furthermore, the chip calculates hash sums of the operating system software, which are sent over the encrypted channel. Because the user does not have access to the private key, he can not fake the information provided by the "trusted chip" to the content provider.

Once the content provider has verified that your computer contains a "trusted chip" and runs a verified operating system, it will provide your computer with the encrypted multi-media content. Only your computer can access this content, and it will only do so in a way that access to it remains restricted. For example, you may be able to play the media file exactly once, afterwards it is invalidated and deleted. This means that the operating system that runs on your computer conspires with the content provider to keep you away from their data.

This is one of the "very bad things" that "a lot of commercial companies want to do". Linus Torvalds claims that you would want to use exactly the same technology to protect your diary, but there is a fundamentally flaw in his analysis. Although you could use this technology to protect your diary, it's completely unnecessary, because you can protect your diary with simpler mechanisms that do not take your freedom away.

The difference is that in the diary example, you, the owner of the machine, want to enforce a security policy in software that runs on your own computer. There is a very simple way to do this: Just install the right software. There is no need to put a key into your computer that you don't know. There is no need to put a "trusted chip" into the system at all. Because you have full control over the hardware, you decide which software it runs, and what this software does. It would only be different if you would want to keep your diary on your friends computer. Now, hands up, who wants to keep their diary on a computer owned and controlled by somebody they don't trust? I don't see any hands. Nobody? Right. I guessed so.

It is for this reason that the Chaos Computer Club (CCC) in Germany asked for a change to the TCP specification, which would make the private "root key" of the "trusted chip" retrievable by the machine owner. Such a change would make all the bad uses of the hardware impossible, while it would still allow you to protect your diary completely. The anti-DRM provision in the GPLv3 has a similar effect: It disallows all the bad uses of DRM, while it retains the possibility to write and distribute software that protects your diary.

It is hard to tell if Linus Torvalds is genuinely confused, or is just playing down the difference, hoping that nobody will notice. There is a behavioural pattern exhibited by people defending DRM and "trusted computing": They point to illegitimate examples to defend a technology which will be used primarily to oppress and exploit people. More importantly, there is a fundamental reason that it will be used primarily to oppress and exploit people: Because it was designed to do just that. It is not neutral technology. Claiming that it is neutral technology is playing politics, in a disingenuous manner.

This work is licensed under a Creative Commons Attribution 2.5 License.

Comments

My reply to your reply :)

shane

Tuesday 14 March 2006

I replied to Marcus on my page. It's at https://www.fsfe.org/en/fellows/shane/communicating_freely/a_reply_to_a_comment_on_drm

For what it's worth, I think that the issues raised here over the last couple of days are very important. They raise a lot of concerns and positive aspects regarding GPLv3 and DRM. Perhaps the key thing is that they show how people can talk about these issues by addressing each other clearly, and replying point-by-point to issues raised.

This Internet is an amazing thing, but sometimes discussions on important issues get 'slashdotted.' As much as I love the way Slashdot, OSNews etc. provide a community forum, I am disappointed in the lack of constructive dialog generated. I was thinking it might be a good idea to create a formal article about GPL and DRM from what we (FSFE fellows) have been saying, and use it to channel people through to the official GPLv3 website (http://gplv3.fsf.org/).

In reply to shane

marcus

Monday 13 March 2006

I posted my reply to shane as a comment to his blog entry about it.

I'm glad you posted about DRM, it's an important topic

shane

Saturday 11 March 2006

I'm glad that many discussions are appearing around DRM. I think there is a lot that needs to be said on this subject, and it's our duty to be at the forefront of this process. One way or another, DRM will have a huge effect on the entire digital sphere in the coming months and years. This blog entry is a very interesting read. I don't agree with all the points, but I think you raise some legitimate concerns. One of the clearest messages in your article is that DRM - as currently appearing in things like trusted computing chips - has the real and scary potential to take away end user freedom. In this sense you are absolutely right that DRM is a weird and unacceptable thing, because it basically involves allowing companies to decide how we live our lives.

The one thing I want to raise is that you equate the "trusted chip" (trusted computing) with DRM. Trusted computing in this form is not DRM. It is a method of applying DRM. Digital Rights Management can be anything related to digital rights management. Trusted chips are an important technology, and one that is already on many computers, but it's just one technology. I think your article is in danger of confusing trusted computing chips with DRM itself (a confusion of concept and implementation).

Linus Torvalds does not claim that you would want to use exactly the same technology to protect your diary. He is saying that fundamentally the same technology is used for both personal protection and DRM. To quote, he said the "basic technology is about encryption, public and private keys and so on." I guess that if we can fault him for anything, it's for being too general. Perhaps this is because he made it pretty clear he wants to keep clear of dictating the implementation of DRM. Again, to quote him: "I don't want to make my software be "activist." I try to make it technically as good as possible and let that part speak for itself. I don't want it to make politics."

Gosh, this is a heated topic. There is a good reason for it being heated: if DRM is indeed allowed in the form that many companies want, we'll lose freedoms we have enjoyed for generations. On the other hand, if we don't work out some way for businesses to sell digital goods without losing their market after shipping a couple of copies, economics problems will appear. We have to discuss and discuss this issue, and look at it from all sides.

Short Movie about TCPA

Saturday 11 March 2006

For all who don't know about this short movie about tcpa:
here you can download it.