[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Why TPM+Parallel Distribution is non-free

Don Armstrong wrote:

 On Tue, 10 Oct 2006, Terry Hancock wrote:
> Prohibiting TPM *distribution* is fine under DFSG.

 No, it's not. Prohibiting TPM distribution is quite clearly a
 restriction on a field of endeavor.
Since distribution is always a use, then *any* distribution requirement is a use restriction in the broadest sense of the term.
Thus, by this logic, GPL, LGPL, and even BSD are "restrictions on a field of endeavor".
I claim this is absurd, given that these licenses are foundational examples of "DFSG freedom". So I reject the idea that limitations on form of distribution are automatically limitations on use.
The user has the freedom to apply TPM to a work in order to use it. AFAIK, that's all he needs. If a TPM tool for the platform exists and the encryption key exists, then he has no problem. 

After this, I have to ask, which terms are you arguing *are* DFSG free?
1) TPM-distribution is allowed, so long as there is a parallel distribution of an equal or better version of the work without TPM, and there is a publically available key and encryption tool for converting the non-TPM work to TPM in order to play on the platform 

OR
2) TPM-distribution is allowed under all circumstances, so long as there is a parallel distribution of an equal or better version of the work 

?


My reply is necessarily different depending on which you are arguing for:
If it's #1, then there is only one practical concern, which is where the application of TPM occurs.
In that case, I would argue that it needs to happen at the end-user, because that's the only way to truly prove both that the non-TPM work is "equal or better" than the TPM work, AND it's the only way to prove that the keys and encryption tools are available.
And when I say "available", I mean at least zero-cost, and preferably free as well.
The one real complaint I've seen against this scenario is based on the idea that having the end user apply TPM is too *expensive* because the key-application tool or key costs money. In my opinion, this situation is non-free to begin with, and should be rejected. This retains the platform owner's monopoly control over who is allowed to make derivatives of works.
If it's #2, then you are explicitly requiring permission for the "DRM Dave" scenario of a platform monopoly being imposed on all derivative works.
In this scenario, the platform owner essentially hijacks the author's work and sell it to a captive audience. He denies that audience the freedom that the license is explicitly there to protect.
I think we can be pretty clear that CC isn't going to accept that and I certainly hope that the Debian project will show the same commitment to freedom (an ironic situation, IMHO). 


> This is exactly what the Aug 9 draft of CCPL3.0 says:
>
> """ You may not impose any technological measures on the Work that
> restrict the ability of a recipient of the Work from You to
> exercise their rights granted under the License """

 The critical aspect here is that parallel distribution does not cause
 the rights of a recipient of the work to be restricted; they retain
 all abilities that they had originally and gain additional ones
 (namely, being able to run the work on a TPM-inflicted device.)


No. They already have that freedom in CCPL3.0.  Problem solved.
Only the distributor has to think about the license terms as they exist (the quote above is strictly from the requirements to *distribute*). 


> The requirement is needed to ensure that copyleft preserves the
> freedoms granted by the content's author.

 No, they're not. They're a lazy means of hacking in a small bit of
 copyleft protection into licenses by outlawing legitimate uses.


Provide an example of a *use* that is restricted (there are none).
Only improper distribution, specifically designed to obstruct end-user freedoms (i.e. TPM) is prohibited. 

> Any

 attempt via licensing to deal properly with TPM and or DRM must
 necessarily address the need for free software works to be capable of
 running on such a device when the end user desires it.


Yes. And that's been dealt with.


 There are two choices: You either 1) allow parallel distribution 2)
 require distribution of keys or information needed to deploy modified
 versions to the device.
CCPL3.0 chooses #2. The end user loads the TPM'd content onto the device, applying the TPM at that point.
This is a practical and complete way of *enforcing* the requirement that keys (and any other information or tools needed) is available to the user. 


 Whether or choosing to do 2) has the pratical effect of not allowing
 the use on TPM devices is a separate issue; it in itself does not
 outlaw their use or distribution. [It just minimizes their
 effectiveness.]


Fine.  Still good with CCPL3.0.


 If you're seriously interested in discussing how to do copylefted TPM
 and DRM properly, I strongly suggest reading my position statement
 from committee D on the first discussion draft of the GPL


URL please?

Cheers,
Terry

--
Terry Hancock (hancock@AnansiSpaceworks.com)
Anansi Spaceworks http://www.AnansiSpaceworks.com
Reply to: