April 18, 2024

Archives for October 2002

Fritz's Hit List #27

Today on Fritz’s Hit List: talking dog collars.

These devices allow you to record a brief audio clip on your dog’s collar, so that your dog can be returned to you if it wanders off. Since these devices record (possibly copyrighted) audio in digital form, they qualify for regulation as “digital media devices” under the Hollings CBDTPA. If the CBDTPA passes, any newly manufactured talking dog collars will have to incorporate government-approved copy restriction technology.

Fight piracy – regulate dog collars!

[Thanks to Sean Lytle for suggesting this item.]

Schoen vs. Stallman on "Trusted Computing"

Seth Schoen raises two interesting issues in his response to Richard Stallman’s essay on “trusted computing.” (To see Seth’s posting, click here and scroll down to the “Trusted computing” heading.)

Stallman says

[Trusted computing] is designed to stop your computer from functioning as a general-purpose computer.

Schoen responds:

Neither of these concerns is applicable at all to Palladium (as Microsoft has described it to us) or to TCPA (as the TCPA has specified it and as it has been implemented). While Microsoft could be misleading us about Palladium, the TCPA specification is public and implementations of it have already been made.

It’s possible that some other trusted computing system could have such a misfeature, but the design of TCPA and Palladium doesn’t require these properties at all, as far as I can tell, and they seem to be more or less independent.

Schoen is right here – Palladium and TCPA do not do what Stallman says it does. Stallman seems too eager to blame Microsoft for the sins of others.

The conversation then moves on to the connection between Palladium and the Hollings CBDTPA. The Hollings bill mandates that some kind of “trusted computing” restrictions be made mandatory in essentially all digital devices. But what kind of restrictions would be mandated?

Stallman implies strongly that the CBDTPA would mandate the use of Palladium. Schoen disagrees, saying that he is “not convinced that something like Palladium is the infrastructure contemplated by the CBDTPA.”

Here I don’t know who is right. The CBDTPA is cleverly constructed so that it doesn’t say what it is mandating – it leaves that to be decided later, either by the FCC or by a vaguely-specified industry consortium. This gives CBDTPA advocates a way to dodge hard questions about the bill’s effects, by invoking a hoped-for perfect technical solution that is just around the corner. Given the track record of copy restriction and its advocates, I think we should insist on taking a test drive before we buy this used car.

Fritz's Hit List #26

Today on Fritz’s Hit List: the ceremonial bugle.

This device, which is inserted into the horn of a military bugle and plays “Taps,” was developed by the U.S. military for use in military funerals for which no trained bugler is available. Because it plays “Taps” from a digital recording, this device qualifies for regulation as a “digital media device” under the Hollings CBDTPA. If the CBDTPA passes, any newly manufactured ceremonial bugles will have to incorporate government-approved copy restriction technology.

Fight piracy – regulate military bugles!

[Thanks to W. S. Higgins for suggesting this item.]

Costs of a GPL Ban: An Example

Many people have criticized the recent proposal from some congressmen to ban the use of the GNU Public License (GPL) on federally funded software projects. There’s one disadvantage of this proposal that I haven’t seen discussed. I’ll illustrate it with a real example.

Brent Waters and I are currently doing research on a method for improving certain cryptographic operations. (I’ll spare you the details, which don’t matter here.) As part of this project we wanted to build a proof-of-concept implementation, by modifying the code of an existing state-of-the-art encryption package to add our improvement to it. We surveyed the packages that are out there and chose a package called GPG as the only viable starting point for our implementation.

At this point, there are three things that can happen:
(1) we don’t write any code,
(2) we add code to GPG but don’t release that code, or
(3) we add code to GPG and release that code under the GPL.
Anything else is prohibited by GPG’s license, which is dictated to us by the authors of GPG.

Number (3) is clearly the best choice for us, for other researchers, and for industry. But if a GPL ban were in place, we would be forced to choose (1), or possibly (2).

I want to emphasize that we did not pick GPG because we wanted to create GPL’ed code. We chose GPG because it was the only product that both (a) offered the required features and (b) had a license that allowed us to create and distribute modified versions of the source code.

It’s rare for a software researcher to create an entirely new piece of software from scratch. Our scenario, where researchers build on a large, existing product, is much more common. In situations like ours, the effect of a GPL ban often would be to ensure that no code is released at all. Surely this can’t be what the congressmen had in mind.

Fritz's Hit List #25

Today on Fritz’s Hit List: digital church bells.

These systems play church bell noises from digital recordings, so they qualify for regulation as “digital media devices” under the Hollings CBDTPA. If the CBDTPA passes, any newly manufactured digital church bells will have to incorporate government-approved copy restriction technology.

Fight piracy – regulate church bells!

[Thanks to Matthew C. Watkins for suggesting this item.]