Re: Why TPM+Parallel Distribution is non-free
Don Armstrong wrote:
On Tue, 10 Oct 2006, Terry Hancock wrote:
> Prohibiting TPM *distribution* is fine under DFSG.
No, it's not. Prohibiting TPM distribution is quite clearly a
restriction on a field of endeavor.
Since distribution is always a use, then *any* distribution requirement
is a use restriction in the broadest sense of the term.
Thus, by this logic, GPL, LGPL, and even BSD are "restrictions on a
field of endeavor".
I claim this is absurd, given that these licenses are foundational
examples of "DFSG freedom". So I reject the idea that limitations on
form of distribution are automatically limitations on use.
The user has the freedom to apply TPM to a work in order to use it.
AFAIK, that's all he needs. If a TPM tool for the platform exists and
the encryption key exists, then he has no problem.
After this, I have to ask, which terms are you arguing *are* DFSG free?
1) TPM-distribution is allowed, so long as there is a parallel
distribution of an equal or better version of the work without TPM, and
there is a publically available key and encryption tool for converting
the non-TPM work to TPM in order to play on the platform
2) TPM-distribution is allowed under all circumstances, so long as there
is a parallel distribution of an equal or better version of the work
My reply is necessarily different depending on which you are arguing for:
If it's #1, then there is only one practical concern, which is where the
application of TPM occurs.
In that case, I would argue that it needs to happen at the end-user,
because that's the only way to truly prove both that the non-TPM work is
"equal or better" than the TPM work, AND it's the only way to prove that
the keys and encryption tools are available.
And when I say "available", I mean at least zero-cost, and preferably
free as well.
The one real complaint I've seen against this scenario is based on the
idea that having the end user apply TPM is too *expensive* because the
key-application tool or key costs money. In my opinion, this situation
is non-free to begin with, and should be rejected. This retains the
platform owner's monopoly control over who is allowed to make
derivatives of works.
If it's #2, then you are explicitly requiring permission for the "DRM
Dave" scenario of a platform monopoly being imposed on all derivative works.
In this scenario, the platform owner essentially hijacks the author's
work and sell it to a captive audience. He denies that audience the
freedom that the license is explicitly there to protect.
I think we can be pretty clear that CC isn't going to accept that and I
certainly hope that the Debian project will show the same commitment to
freedom (an ironic situation, IMHO).
> This is exactly what the Aug 9 draft of CCPL3.0 says:
> """ You may not impose any technological measures on the Work that
> restrict the ability of a recipient of the Work from You to
> exercise their rights granted under the License """
The critical aspect here is that parallel distribution does not cause
the rights of a recipient of the work to be restricted; they retain
all abilities that they had originally and gain additional ones
(namely, being able to run the work on a TPM-inflicted device.)
No. They already have that freedom in CCPL3.0. Problem solved.
Only the distributor has to think about the license terms as they exist
(the quote above is strictly from the requirements to *distribute*).
> The requirement is needed to ensure that copyleft preserves the
> freedoms granted by the content's author.
No, they're not. They're a lazy means of hacking in a small bit of
copyleft protection into licenses by outlawing legitimate uses.
Provide an example of a *use* that is restricted (there are none).
Only improper distribution, specifically designed to obstruct end-user
freedoms (i.e. TPM) is prohibited.
attempt via licensing to deal properly with TPM and or DRM must
necessarily address the need for free software works to be capable of
running on such a device when the end user desires it.
Yes. And that's been dealt with.
There are two choices: You either 1) allow parallel distribution 2)
require distribution of keys or information needed to deploy modified
versions to the device.
CCPL3.0 chooses #2. The end user loads the TPM'd content onto the
device, applying the TPM at that point.
This is a practical and complete way of *enforcing* the requirement that
keys (and any other information or tools needed) is available to the user.
Whether or choosing to do 2) has the pratical effect of not allowing
the use on TPM devices is a separate issue; it in itself does not
outlaw their use or distribution. [It just minimizes their
Fine. Still good with CCPL3.0.
If you're seriously interested in discussing how to do copylefted TPM
and DRM properly, I strongly suggest reading my position statement
from committee D on the first discussion draft of the GPL
Terry Hancock (hancock@AnansiSpaceworks.com)
Anansi Spaceworks http://www.AnansiSpaceworks.com