|
NZ Asks Questions About DRM; Also, the XML Farce |
![](http://www.groklaw.net/images/speck.gif) |
Monday, June 13 2005 @ 03:56 PM EDT
|
You know how when you learn a new word, you suddenly notice it everywhere? That's happening to me with DRM. Now that the Apple-goes-Intel story has put it on my radar, I am noticing details I probably never would have focused on before. And the more I focus, the worse it looks. New Zealand's government is pointing out that if documents are written in DRM format, particularly in proprietary DRM formats, there are privacy and accessibility issues, particularly in the future. Believe it or not, I had never thought about privacy issues with DRM. It's counterintuitive, if you are not a programmer, because people use DRM *for* privacy, precisely to control who can have access to documents. But if the vendor wrote the proprietary DRM method used, obviously they have access to your document. Poof. No more privacy. And they can block you from your own documents if they feel like it. If the vendor is Microsoft, now how secure do you feel? That is what has New Zealand worried. And they are reaching out to other governments: The State Services Commission is helping creating an international community of government agencies to tackle the IT industry's introduction of digital rights management.Concern in government circles has been raised over long-term access to data which may have been created using DRM-based software.
Is there anyone left in the world that trusts Microsoft?
And there is another worry New Zealand is expressing: losing access to the documents, being tied to one vendor, in order to continue to have access to the older documents. Here's an excerpt from the article: The Trusted Computing Platform Alliance, or TCPA, was formed by Compaq, HP, IBM, Intel and Microsoft in April of 2003 to try to protect intellectual property rights. However, concern has been raised that it gives the IT vendors access to and, in some cases, control over data created by end users.
In 2003 the Centre for Critical Infrastructure Protection (CCIP), part of the New Zealand's Government Communications Security Bureau (GCSB), released a discussion document about the platform, warning that Microsoft was moving away from non-proprietary rights management software and that could lead to problems in the future.
“Before an organisation implements a technology or product that is designed to restrict access to their resources, they should assess the risk of them losing access to the resources themselves or being tied into a solution that could restrict their future options to one technology or vendor,” the document says.
While the government studies the issue, in the meanwhile, they won't use DRM in MS products: In November 2003, the e-government unit advised agencies not to enable DRM features in Microsoft's Windows Server 2003 and Office 2003 because of privacy and security concerns. Millar says that advice stands today.
Sounds like good advice to me. Microsoft may think they are being so clever with all their strategic tricks, but there is a factor I think they underestimate. That factor is this: people don't like what they see. They know that if a company is willing to pull dirty tricks on others, it will do it to them too. And there are quite a few folks who bought Windows XP and found out that Microsoft is, in fact, willing to lock people out of their documents. Here are some grim bits from the XP Home EULA: 1.2 Mandatory Activation. The license rights granted under this EULA are limited to the first thirty (30) days after you first install the Software unless you supply information required to activate your licensed copy in the manner described during the setup sequence of the Software. You can activate the Software through the use of the Internet or telephone; toll charges may apply. You may also need to reactivate the Software if you modify your computer hardware or alter the Software. There are technological measures in this Software that are designed to prevent unlicensed use of the Software. Microsoft will use those measures to confirm you have a legally licensed copy of the Software. If you are not using a licensed copy of the Software, you are not allowed to install the Software or future Software updates. Microsoft will not collect any personally identifiable information from your Workstation Computer during this process. . . .
2.1 Digital Rights Management. Content providers are using the digital rights management technology contained in this Software ("DRM") to protect the integrity of their content ( "Secure Content") so that their intellectual property, including copyright, in such content is not misappropriated. Portions of this Software and third party applications such as media players use DRM to play Secure Content ("DRM Software"). If the DRM Software's security has been compromised, owners of Secure Content ("Secure Content Owners") may request that Microsoft revoke the DRM Software's right to copy, display and/or play Secure Content. Revocation does not alter the DRM Software's ability to play unprotected content. A list of revoked DRM Software is sent to your computer whenever you download a license for Secure Content from the Internet. You therefore agree that Microsoft may, in conjunction with such license, also download revocation lists onto your computer on behalf of Secure Content Owners. Microsoft will not retrieve any personally identifiable information, or any other information, from your computer by downloading such revocation lists. Secure Content Owners may also require you to upgrade some of the DRM components in this Software ("DRM Upgrades") before accessing their content. When you attempt to play such content, Microsoft DRM Software will notify you that a DRM Upgrade is required and then ask for your consent before the DRM Upgrade is downloaded. Third party DRM Software may do the same. If you decline the upgrade, you will not be able to access content that requires the DRM Upgrade; however, you will still be able to access unprotected content and Secure Content that does not require the upgrade. . . .
8. ADDITIONAL SOFTWARE/SERVICES. This EULA applies to updates, supplements, add-on components, or Internet-based services components, of the Software that Microsoft may provide to you or make available to you after the date you obtain your initial copy of the Software, unless we provide other terms along with the update, supplement, add-on component, or Internet-based services component. Microsoft reserves the right to discontinue any Internet-based services provided to you or made available to you through the use of the Software.
9. UPGRADES. To use Software identified as an upgrade, you must first be licensed for the software identified by Microsoft as eligible for the upgrade. After upgrading, you may no longer use the software that formed the basis for your upgrade eligibility. So they can and do control access already. And you must agree to allow them access to your computer in order to accept the EULA and use the software. They are given, by the EULA, the right to download software to your computer without notifying you. They can collect information and share it with other companies, but they promise it won't be "personally identifiable", as if that means anything in a digital age. Terms can change at any time, of course. If one of their upgrades doesn't work, you still have no right to use the earlier version. LinuxAdvocate.org has a plain English version of the EULA. Their version isn't legal, in the sense that you shouldn't rely on it, but it's helpful to clear up the legalese. Now imagine you are a government agency. You are tasked with making sure the documents the government has can be accessed and read a hundred years from now. Do you want to do a deal like that EULA? Do you want your documents in the control of a company that would write a EULA like that? It's kind of like an experience I had over the weekend. I went to visit a relative in an assisted living facility, actually to help decorate the new unit for her. As I was leaving, and beginning to break up the boxes in the hall to put them in the garbage, an aide from across the hall engaged me in conversation. She wanted the boxes for herself, which was fine, and then she told me that if my relative ever needed an aide, I could bypass the agency the facility recommends and hire her personally. I could get her through the agency also, but I'd save "plenty money" by doing a deal with her directly. Thanks, I said. Then I went back in the apartment and told everyone her name and that I advised never to use her for anything, because she would likely steal everything not nailed down. After all, I reasoned, if she will steal from the agency, with whom she no doubt has a contract, why wouldn't she steal from us? It's comparable with Microsoft. People have eyes and ears. They see the tricks being implemented against FOSS and the GPL. They see the XML standards farce being played out now (do read the comments on that page as well). Sun's Simon Phipps has some remarkably plain words on the subject: Defining "Open Standard", Simply
I was going to write a long piece about Microsoft's announcement that they are copying all the design points of the OASIS OpenDocument format and using it in the next version of Office, but I don't need to because Stephen O'Grady has. I asked a whole load of European Commission folk about it this week and no one is fooled -- they want a genuinely open standard, please.
An open standard is one which, when it changes, no one is surprised by the changes. Admittedly I'm not surprised when Microsoft repeatedly and apparently arbitrarily changes its interfaces and formats and jerks developers around but I meant "not surprised" in the sense that the change process was open to involvement and contribution by all, not in that way. The OASIS process by which OpenDocument was defined is such a process and indeed Microsoft, being an OASIS member, did visit and could have easily steered the format to suit their legacy needs -- the format is in fact vendor-neutral. Instead they chose to read the overview and then re-implement it. Microsoft's announcement is here and their excuse here: "We have legacy here," Jean Paoli, Senior Microsoft XML Architect, told BetaNews. "It is our responsibility to our users to provide a full fidelity format. We didn't see any alternative; believe me we thought about it. Without backward compatibility we would have other problems."
"Yes this is proprietary and not defined by a standards body, but it can be used by and interoperable with others. They don't need Microsoft software to read and write. It is not an open standard but an open format," Paoli explained. Dear Massachusetts: What have we done? Look how Microsoft makes use of the Open Format idea to keep the lid tightly shut, proprietary and not defined by any standards body. Why is that desirable to anyone but Microsoft? By the way, the best account on Open Document formats and why open is good is IBM's Bob Sutor's personal blog entry, "Open Documents Formats: 'Open' must be more than a marketing term." Here's one of his prescriptions, a list of things we can do if we care about openness: "Insist that any XML document format you use is available under a license that does not restrict how it can be used or how it can be implemented. Get this in writing and insist that the license is completely clear on these points. If it prevents implementation under the GPL, for instance, tell the provider that it is unacceptable." People watched the trial in the US v. Microsoft, and they read the emails and heard what they believed were dishonest answers. People are not stupid. It almost didn't matter what the government did or didn't do. People saw. They know now. You can't buy public opinion. Not that Microsoft's PR agency doesn't give it their all. But we saw the trial. We know now. We know now, and Microsoft will never have a good name with us, not without completely overhauling its behavior over a long stretch. And with the latest moves against FOSS and the GPL, it's obvious that Microsoft has not changed its ways, just its target. It wants to be an overbearing monopoly, so they wish to get laws passed to enable them to do what current laws won't let them do, like their proposal that patents law in the US be changed to "first to file" instead of first to invent. Here's the plain English version of that proposal: Microsoft can afford to file for patents. FOSS programmers often can't or don't. Duh. I believe Microsoft will do whatever it takes to keep FOSS out. They don't care what people do, so long as Linux and the GPL don't get to do it too. That puts them at odds with governments, who very much like GNU/Linux and want to include it in their choices. Governments also have a duty to guarantee full access to documents a hundred years from now. Do you trust Microsoft to make sure that will happen? For that matter, do you trust that Microsoft will still exist a hundred years from now? If not, what happens to all those locked-up documents now? If they are in a proprietary format to boot? (You probably want to worry about your music collection too, now that I think of it.) See what I mean? When it comes to Microsoft, it's like that aide. Normal people don't feel comfortable doing business with such a creature, not if they have a choice. And the thing is, thanks to Richard Stallman, Linus Torvalds, and thousands of good-hearted and skilled volunteers all over the world, the world does now have a choice.
|
|
Authored by: Nick_UK on Monday, June 13 2005 @ 04:09 PM EDT |
As always said, "Trusted computing" is immediately
"untrustworthy computing".
As an aside, reading the RMS talk (link on the left), I
see he started the GNU operating system project in 1984...
Orwell that ends well, I hope.
Nick
[ Reply to This | # ]
|
|
Authored by: SpaceLifeForm on Monday, June 13 2005 @ 04:10 PM EDT |
UTAH Internet Anti-pr0n law to be challenged.
http://www.acluutah.org/pr060905.htm
[ Reply to This | # ]
|
- Gentoo Linux founder Daniel Robbins sells soul to Microsoft - Authored by: Anonymous on Monday, June 13 2005 @ 07:42 PM EDT
- "Innovation: The Impossible Dream? - Not if we fight hard against software patents." - Authored by: Anonymous on Monday, June 13 2005 @ 08:12 PM EDT
- "Top 10 most common intellectual property rights mistakes during venture capital due diligence" - Authored by: Anonymous on Monday, June 13 2005 @ 08:38 PM EDT
- HR 2795 - Authored by: meshuggeneh on Monday, June 13 2005 @ 09:35 PM EDT
- "Qualcomm buys Vesuvius Inc." - Authored by: Anonymous on Monday, June 13 2005 @ 09:59 PM EDT
- "Open future is written in the stars" - Authored by: Anonymous on Monday, June 13 2005 @ 11:04 PM EDT
- In 2000 Microsoft tried to convert Hotmail from Unix to Window$ - Authored by: Anonymous on Tuesday, June 14 2005 @ 03:07 AM EDT
- OT: SCO Partner News June 2005 Issue - Authored by: Anonymous on Tuesday, June 14 2005 @ 04:46 AM EDT
- FT story : "EU to probe 'lax' patent regulations" - Authored by: Anonymous on Tuesday, June 14 2005 @ 06:51 AM EDT
- Sun Micro to start publishing Solaris source code - Authored by: Anonymous on Tuesday, June 14 2005 @ 09:06 AM EDT
- User Friendly Cartoon Strip - on SCO - Authored by: TiddlyPom on Tuesday, June 14 2005 @ 12:51 PM EDT
- "Sun details server management, DRM goals with Microsoft" - Authored by: Anonymous on Tuesday, June 14 2005 @ 08:49 PM EDT
- "The slow road to Windows XP" - Authored by: Anonymous on Tuesday, June 14 2005 @ 09:52 PM EDT
- According to the Yankee Group, Linux now accounts for 20 per cent of the worldwide servers. - Authored by: Anonymous on Tuesday, June 14 2005 @ 10:19 PM EDT
- Another auto supply chain leaving SCO for linux - Authored by: Anonymous on Tuesday, June 14 2005 @ 10:32 PM EDT
|
Authored by: Anonymous on Monday, June 13 2005 @ 04:16 PM EDT |
The problem is not Microsoft. The problem is the government that introduced the
legislation that prevents user legally doing anything about it.
CrazyEnginner[ Reply to This | # ]
|
|
Authored by: dyfet on Monday, June 13 2005 @ 04:18 PM EDT |
I recall this charming article Richard
once wrote to explain about DRM and the right
to read. It seems a natural
compliment to this topic.
[ Reply to This | # ]
|
|
Authored by: inode_buddha on Monday, June 13 2005 @ 04:19 PM EDT |
Some say that something similar is already happening, according to this slashdot article. --- -inode_buddha
Copyright info in bio
"When we speak of free software,
we are referring to freedom, not price"
-- Richard M. Stallman [ Reply to This | # ]
|
|
Authored by: tiger99 on Monday, June 13 2005 @ 04:40 PM EDT |
If any. [ Reply to This | # ]
|
|
Authored by: tiger99 on Monday, June 13 2005 @ 04:51 PM EDT |
from teh NZ article: "Millar's unit is working on a set of principles to
guide government departments and agencies in handling DRM issues and will be
issuing advice on how to set firewalls to reject DRM files. He expects those
principles to be ready by early 2006." Reject them at the firewall! Great
idea, and maybe the same for anything else which is tainted by the influence of
the Vile Monopoly. Emails originating in Outlook, for example. Now that would
really cut down on both spam and viruses. [ Reply to This | # ]
|
|
Authored by: Bas Burger on Monday, June 13 2005 @ 04:53 PM EDT |
When I was younger I worked for a while in the archives of the University of
Amsterdam. I learned a few things there, one thing I learned was anticipating on
the future as best as can. jobs like that let's you create vision.
Now you ask, what has that to do with DRM? I tell you now, DRM is the nightmare
come true for archivers, librarians, acheologists and anthropologists in a
direct sense, it will make their work imposible to persue. But don't be
mistaken, your child or grand child's thesis is dependent on the information
available. Unless that kid is born in a rich family, it cannot buy the
information needed to get a successfull life.
DRM is winners talk, it's about returning to the social situation of before WW2
where rich had all oportunity and poor could go to hell. You say, so what? I say
that within 2 generations everything goes stagnant with rich people partying
around while nobody else is able to keep things running. In the end the whole of
society will suffer badly including the precious rich.
Apart from that, DRM will slam back into society's face more than badly in a
practical sense. Here I talk about the implications such as DRM protected virii,
worms, zombies and botnets:
http://www.groklaw.net/comment.php?mode=display&sid=2005061214161076&tit
le=Sorry+but+I+have+to+correct+you+a+bit...&type=article&order=&hide
anonymous=0&pid=326773#c326787
DRM will eat fairly large chunks from our collective memory, the very thing that
brought us believes, science, better living conditions (lucky ones among us),
human rights.
For me the people that want DRM are the same that burned the library of
Alexandria. Cultureless creatures...
Bas.[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, June 13 2005 @ 04:54 PM EDT |
Remember that Microsoft Logo of old? I still own a Microsoft button I got at a
trade show that says "Who do you trust Today"?
PJ wrote... "do you trust that Microsoft will still exist a hundred years
from now", most certainly any succesor to Microsoft and any twisted
proprietary format would attempt to hold hostage any user trying to use that
format or any derived from product... Like SCOx is today. SCOx does not own
UNIX they think they do "on paper" but, they don't, yet they are still
trying to extort fees from Linux users by taking LINUX users to court and making
them pay court fees. It's the old pay court fees or our cheaper license fees
game. Any succesor to Microsoft would pay out the same game!
Who do you trust TODAY?
It better be who you will trust TOMORROW.
[ Reply to This | # ]
|
|
Authored by: Kevin on Monday, June 13 2005 @ 04:55 PM EDT |
The EULA is best explained in plain English by
the User Friendly
comic strip for 2
April 2005, followed by the next week or so of strips, up through 9
April.
--- 73 de ke9tv/2, Kevin (P.S. My surname is not McBride!) [ Reply to This | # ]
|
|
Authored by: rocky on Monday, June 13 2005 @ 04:58 PM EDT |
Oh, that was good of you, PJ to call that neighbor a thief without proof. You
say she "no doubt has a contract". You don't have any idea about any
contract she may have or if it contains any exclusivity requirements that would
not allow setting up their own jobs outside of the agency. I doubt it was an
exclusive contract. The aides like her would sign up with an agency like that
because it is a central point of contact that would bring them more work, and
they are willing to pay a commision to the agency for whatever work they bring,
but I don't think they would agree to a contract that prohibits them from taking
any other work on their own.
Either way, neither you nor I know anything about her contract, so that was
irrisponsible of you to assume her offer was breaking a contract, and that she
was therefore a habitual criminal. Don't let your assumptions run away with
you.[ Reply to This | # ]
|
- When you're clocked in, you're working for the person who signs your paycheck. - Authored by: Anonymous on Monday, June 13 2005 @ 05:55 PM EDT
- What do you know about the aide contract? - Authored by: alisonken1 on Monday, June 13 2005 @ 06:07 PM EDT
- What do you know about the aide contract? - Authored by: Anonymous on Monday, June 13 2005 @ 06:15 PM EDT
- What do you know about the aide contract? - Authored by: ENOTTY on Monday, June 13 2005 @ 06:28 PM EDT
- I agree - too many assumptions there - Authored by: Anonymous on Monday, June 13 2005 @ 06:37 PM EDT
- What if that person really wasn't doing anything wrong? - Authored by: Anonymous on Monday, June 13 2005 @ 07:02 PM EDT
- What do you know about the aide contract? - Authored by: Tsu Dho Nimh on Monday, June 13 2005 @ 08:21 PM EDT
- What do you know about the aide contract? - Authored by: Anonymous on Monday, June 13 2005 @ 09:09 PM EDT
- SCO call IBM thieves without proof and it's wrong - Authored by: Anonymous on Monday, June 13 2005 @ 10:14 PM EDT
- What do you know about the aide contract? - Authored by: blacklight on Monday, June 13 2005 @ 11:33 PM EDT
- What I know about placement contracts and the Little Red Hen.. - Authored by: artp on Monday, June 13 2005 @ 11:40 PM EDT
- Doing the "Right Thing" - Authored by: golding on Monday, June 13 2005 @ 11:43 PM EDT
- What do you know about the aide contract? - Authored by: fxbushman on Monday, June 13 2005 @ 11:53 PM EDT
- What do you know about the aide contract? - Authored by: Anonymous on Tuesday, June 14 2005 @ 12:30 AM EDT
- This thread is ridiculous - Authored by: RedBarchetta on Tuesday, June 14 2005 @ 01:48 AM EDT
- Ross Perot said it best - Authored by: Anonymous on Tuesday, June 14 2005 @ 02:03 AM EDT
- What do you know about the aide contract? - Authored by: Reliant on Tuesday, June 14 2005 @ 10:48 AM EDT
- My girlfriend is a CNA and you hurt my little feelers... - Authored by: trox on Tuesday, June 14 2005 @ 02:29 PM EDT
- Thank you - Authored by: avdp on Tuesday, June 14 2005 @ 03:42 PM EDT
- I agree - Authored by: avdp on Tuesday, June 14 2005 @ 03:18 PM EDT
- Been there, done that - Authored by: Anonymous on Tuesday, June 14 2005 @ 03:26 PM EDT
|
Authored by: cbc on Monday, June 13 2005 @ 05:11 PM EDT |
If you looked at this link (The RAW Problem) in the news on the right
of the Groklaw Home page, you begin to get some idea of what some of the
problems with secured formats are. Who has the keys to this media? How long
will they share them? We really need standards and laws on these issues so that
there is a common level of understanding and expectation.
[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, June 13 2005 @ 05:24 PM EDT |
Text files.. [ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, June 13 2005 @ 05:47 PM EDT |
...you don't need DRM. Strong encryption will suffice.
engineer_scotty[ Reply to This | # ]
|
|
Authored by: moonbroth on Monday, June 13 2005 @ 05:48 PM EDT |
As always, when governments mull over the virtues of MicroSoft vs. Open Source,
I recall the words of Peruvian Congressman David Villanueva Nuñez and smile...
Cheers,
Nick [ Reply to This | # ]
|
|
Authored by: Dr.Dubious DDQ on Monday, June 13 2005 @ 06:05 PM EDT |
...or at least, that's my cynical take on this
blog
posting by MS's Brian Jones.
It sounds like the stated (and
actually plausible, I
think, though I'm too cynical to think that's the whole
reason) reason they didn't go with OpenDoc is because
there supposedly wasn't
a good way to cram proprietary
crud left over from e.g. Excel 6.0 files (or
whatever)
into it to "preserve" the original document. [ Reply to This | # ]
|
|
Authored by: star-dot-h on Monday, June 13 2005 @ 06:23 PM EDT |
Just so you know, this is the same section of the NZ government that has
funnelled hundreds of millions of dollars into Microsoft's pockets for
government wide licences. At grass roots government level it gives the
appearance of being a "free deal".
As NZ tax payers, we are not allowed to know exactly how much our government
has put into MS, it is "commercially sensitive". Talk about DRM, this
is TPRM (tax payers rights management" and totally anti-competitive.
If SSC is so worried about DRM they should ditch MS, it is as simple as that,
they just look like silly hand wringing hypocrites at the moment.
---
Free software on every PC on every desk[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, June 13 2005 @ 06:29 PM EDT |
Microsoft's approach to XML sounds like their approach to JAVA. They were just
optimizing the standard to work better with their products. Sun still has a bad
taste in their mouth about that.[ Reply to This | # ]
|
- JAVA - Authored by: Anonymous on Monday, June 13 2005 @ 11:34 PM EDT
- JAVA - Authored by: Wol on Tuesday, June 14 2005 @ 03:51 AM EDT
|
Authored by: Jude on Monday, June 13 2005 @ 06:38 PM EDT |
Before an organisation implements a technology or product that is designed to
restrict access
to their resources, they should assess the risk of them
losing access to the resources themselves
or being tied into a solution
that could restrict their future options to one technology or
vendor.
I'd say that vendor lock-in is a primary design goal of
Microsoft's DRM plans.
Maybe they don't say so in public, but I'd bet almost
anything that it's what
they gloat about in closed-door meetings.
[ Reply to This | # ]
|
|
Authored by: llanitedave on Monday, June 13 2005 @ 07:54 PM EDT |
I'm not sure the "First to File" rule for patents is necessarily a bad
thing. It hinges on one caveat:
If an inventor publishes an invention, but for one reason or another doesn't or
can't file for a patent, the invention automatically becomes "prior
art". In that case, no one else could patent it either. The only way
"first to file" makes a difference is if the first to invent did not
publish her idea, and there is then no way to prove which came first.
If the above statement is not true, then I agree that "first to file"
is a bad step. Otherwise, I think it may be more of a help to OSS than a
hindrence.
---
Of course we need to communicate -- that goes without saying![ Reply to This | # ]
|
|
Authored by: John Hasler on Monday, June 13 2005 @ 08:04 PM EDT |
...they wish to get laws passed to enable them to do what current
laws won't let them do, like their proposal that patents law in the US be
changed to "first to file" instead of first to invent. Here's the plain English
version of that proposal: Microsoft can afford to file for patents. FOSS
programmers often can't or don't.
While I am not sure I am in
favor of first to file, I don't think it works the way you think it does.
Published prior art would still invalidate patents. The difference is that the
decision would turn on the comparison of the publication date with the filing
date, rather than with the murky concept of the date of
invention.
First to file would also eliminate the extremely expensive
interference proceeding, where two inventors file for the same invention and the
patent office must determine who first reduced the invention to practice and who
was or was not diligent. [ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, June 13 2005 @ 08:57 PM EDT |
But if the vendor wrote the proprietary DRM method
used,
obviously they have access to your document.
Most of
these systems involve encryption algorithms and
keys. If the encryption
algorithm is secure, being it's creator
does you no good at all in defeating it.
It's having the key which
was used in a given instance that counts.
Your
statement is a little like saying that the inventers
of DES (Data Encryption
Standard) can read everything encrypted
by it. That is simply not the
case.
To a first approximation, NOTHING is obvious about
systems
involving encryption. In fact, many of the results/characteristics
are counter
intuitive in the extreme, and "obviousness" will usually get
you the wrong
answer. [ Reply to This | # ]
|
|
Authored by: gleef on Monday, June 13 2005 @ 09:14 PM EDT |
Believe it or not, I had never thought about privacy issues with DRM. It's
counterintuitive, if you are not a programmer, because people use DRM *for*
privacy, precisely to control who can have access to documents. But if the
vendor wrote the proprietary DRM method used, obviously they have access to your
document. Poof. No more privacy. And they can block you from your own documents
if they feel like it.
There are even more privacy issues than that
with DRM:
- First off, when you publish a document using most DRM
formats, it includes a digital signature whether you want it to or not. This
signature can be used to identify the author. Usually, for government
documents, this isn't a problem, we want to know who is responsible for the
documents that govern our lives; but what about situations with strict
confidentiality issues, such as intellegence work? Outside of government work,
DRM makes anonymous and pseudonymous content generation more difficult
- Even
worse, some DRM protocols require a person authenticate against a (typically
vendor-controlled) central registry (eg. Microsoft Passport) to access a
document. This means the vendor can track who accesses which document. This is
completely unacceptable for most documents produced by most democratic
governments.
- Next, as you say, you cannot count on being able to protect a
DRM document from the makers of the DRM protocol. This could potentially give
whoever pens the standard a huge power advantage.
- Next, most DRM protocols
have serious security flaws in them. DRM is (to varying degrees) effective at
reducing casual unauthorized access to a document, but cannot be relied upon to
actually secure data. Think of it like a typical lock on a door, it will keep
your neighbor's kid from walking in uninvited, but it won't stop a professional
burglar.
- And, as both you and the New Zelanders note, any DRM system risks
authorized users being unable to access their data.
So, in summary,
DRM makes it so the government no longer knows for sure who can and cannot see
the document, but the vendor might know. This should give any thoughtful
government pause. [ Reply to This | # ]
|
|
Authored by: Anonymous on Tuesday, June 14 2005 @ 12:06 AM EDT |
"After all, I reasoned, if she will steal from the agency, with whom she no
doubt has a contract, why wouldn't she steal from us?"
this one sits
hard, PJ. And you legally oriented too.
A) 'no doubt' has a contract.. NO
Doubt?? or are you 'punishing' her on your presumption?
B) Need a contract
prevent her from getting her own work?? Many people, needing many small jobs to
make ends meet, use temp agencies to add to their possible work sources.. I,
myself, did it for years.. Admittedly the tech field, but the same concept. The
major stipulation I remember was one requiring a certain time to pass before I
would work directly for a company they had introduced me to. I could, however,
look around for further work on my own from contacts I made within that
job.
Also, a contract is (roughly) defined as an agreement between equals
(a part of the governments job being to maintain that equality). In the present
business atmosphere, do you find even the pretense of 'equality' to exist? Given
the actions of our leaders in gov & bus (Cheney, Frist, Lay, (as in Ken)
etc..) I'll bet that girl is giving more than fair work for her pay.
I am thinking you wronged that girl. It was your choice to not take her up on
her offer.. but to tell others your opinion (potentially preventing her from
finding further employment (what MS/SCO are trying to do to Linux??)) was most
wrong.
Disclaimer.. nay, Claim!
be it known that I am a great fan
of Linux, FLOSS in general (based on the need for transparency in all things)
& of Groklaw. PJ is doing a great service for the world as a whole (how's
That for praise ;-))! But a slip is still a slip. That girl needs work (&
appears willing to perform it), and, what we don't like about MS/SCO's actions
relates to other places in the world we live in. Certainly we need to make sure
we are not guilty, even if on a smaller scale.
Other than that,
another good article. Thanks, PJ, for the info & your time. It IS important
that Data Standards be both Open & Standard. The more reasons that people
have pointed out to them, the more likely they are to realize the trap companies
like MS & SCO are attempting to create.
thanks for the 'plain
english EULA'.. I'm passing it on to my less fortunate (they haven't discovered
the joys of using Linux yet ;-)) friends.[ Reply to This | # ]
|
|
Authored by: iraskygazer on Tuesday, June 14 2005 @ 01:49 AM EDT |
There is an incideous issue that lurks behind the DRM wall. Within some DRM
standards, an author has the ability to completely disable the document via a
time stamp set within the document. In the end a document can be rendered
completely inaccessible. Where then does that leave us in the future when the
document should become public domain?[ Reply to This | # ]
|
|
Authored by: chiark on Tuesday, June 14 2005 @ 03:55 AM EDT |
PJ, I have to take issue with your conjecture and conclusion in this article:
<i>But if the vendor wrote the proprietary DRM method used, obviously they
have access to your document</i>
For one thing, the source article doesn't raise this possibility. It raises the
possibility of being tied over a barrel and at the mercy of the vendor to be
able to merely read the content you created...
More seriously, using proprietary DRM <B>does not mean that the vendor can
access your document</B>. And there's definitely no "obviously"
about it. A proprietary DRM mechanism could, for example, be based on standard
cryptographic process with extensions for DRM. Think of using public/private
key encryption to sign a certificate, with appropriate trust chains in place...
If the appropriate keys are not used, the content cannot be unlocked. End of
story. The vendor could build in a back door, but this would be a fantastically
stupid thing to do, as it means that to break the whole DRM, all someone has to
do is find the back door.
"Security through obscurity is not security" is the mantra that even
the daftest institutions are waking up to. Releasing a DRM with a back door
waiting to be found would be commercial suicide when the backdoor was found.
They could seek legal protection under DCMA, or whatever, but the lid would be
off the DRM's pandora's box.
DRM stands a chance, IMHO, if the lemming public queue up to buy products with
it embedded. Apple transitioned the MP3 player from geek gadget to mainstream
chic, and the majority of users are still clueless as to the legality of ripping
etc. When they come across a rip-protected CD, they'll just accept that they
can't rip it and shrug their shoulders...
People need to be pro-active against DRM, and labels need to realise that DRM
will never work: P2P will always have a copy of whatever people want on it, and
DRM only makes it nigh on impossible for the end user to do what they want with
their legally licensed content. It takes one copy to be seeded on P2P, and DRM
for that content is just an annoyance.
But back to my point: Proprietary DRM does not give vendors a way of viewing
your content, and if any vendor tries to pull that stunt I would imagine their
DRM implementation would be dead in the water.[ Reply to This | # ]
|
|
Authored by: ccsaxton on Tuesday, June 14 2005 @ 04:32 AM EDT |
Just a quick note...We all agree that Microsoft is trying to rip off the world
so lets not waste our time with trolls who try and defend Microsofts's actions
or any other similiar corporation. What do we do to stop this?
The first thing is to get those patents dropped...without REAL action they won't
be...Why not get something rolling that will stop the patents...Can we not rally
together with something that is going to hurt the pockets or corporations
legally until they stop this patent stupidity?[ Reply to This | # ]
|
|
Authored by: DaveJakeman on Tuesday, June 14 2005 @ 06:04 AM EDT |
The best thing to do with DRM is get it out in the open. DRM has only one
effect on consumers that understand its full implications: it scares them.
There's FUD for thought. FUD that Microsoft have already shot themselves in the
foot with.
DRM is one thing, but DRM controlled by an untrustworthy proprietary monopolist
is quite another. Let's make DRM widely known and talked about. Then we'll get
a few more Peruvian governments and a faster and irreversible adoption of Open
Source.
---
Should one hear an accusation, first look to see how it might be levelled at the
accuser.[ Reply to This | # ]
|
|
Authored by: Anonymous on Tuesday, June 14 2005 @ 08:45 AM EDT |
Shareholders. [ Reply to This | # ]
|
|
Authored by: bb5ch39t on Tuesday, June 14 2005 @ 09:15 AM EDT |
PJ asked Is there anyone left in the world that trusts Microsoft? The
answer is "yes". My company is dedicated to moving everything to Windows on
Unisys servers. That is mainly our "legacy" zSeries work, but will likely
include the Sun work later on. The reason given is that Windows is just so much
cheaper than zSeries software (true statement). And if we are 100% Windows,
there will not be any interoperability problems at all. Don't mention Linux
or *BSD. "They don't have any support!" [ Reply to This | # ]
|
|
Authored by: lgrant on Tuesday, June 14 2005 @ 10:46 AM EDT |
Here is a real-life example of the problem...
Adobe used to have a product called "Type On Call." For a small fee,
you would purchase a CD that had the complete set of Adobe type faces on it, all
encrypted. When you wanted to buy a type face, you would call an 800 number and
place your order, and they would give you the unlock key for your type face, and
you could instantly have it without having to download it. (This was more
important back when downloads were slow.) So far, so good.
The unlock keys were tied into some disk-specific characteristic, so whenever
you re-installed Windows, you had to call the unlock center, and they would fax
you a new set of keys, corresponding to your new installation. This was a bit
of a pain, since back then (Windows NT), I had to reinstall Windows fairly
often, but it was OK.
After I finally got a somewhat stable Windows installation, and didn't have to
reinstall for a year or two, I needed to install Windows again. Although I
saved all my user data, I didn't save the Windows font directory; there was no
need to, since I could get the Adobe fonts off the CD again.
This time, when I called Adobe to get a new set of unlock keys, I found out that
they had discontinued the Type-On-Call program. So there was no way to get a
new set of unlock keys, and the unlocked versions in the Fonts directory were
gone, since I had wiped the disk.
I had bought a *bunch* of Adobe type faces--all gone! This is why I no longer
buy type faces from Adobe.
(And now when I buy type faces--from other vendors--I install them on my Linux
box, and use them with Scribus, which I am much happier with than I used to be
with Adobe PageMaker.)
Be well...
Lynn Grant[ Reply to This | # ]
|
|
Authored by: Anonymous on Tuesday, June 14 2005 @ 11:02 AM EDT |
I just love DRM. When I put a Fox DVD in my player I get a lecture on "This
DVD is not for rental. If you have rented it...." and the invitaltion to call a
non-free number. I can't skip this. Just like the nice new anti-piracy rant that
has appeared on DVDs I've purchased. Fortunately the DVD DRM is weak and broken
years ago so when I grow too irritated of all the nonsense the distributors are
forcing on me I can rip my movies to new DVDs without all the nonsense. Then
I'll be able to put my disks in my player and just watch the movies. Which is
what I wanted to do when I handed over my cash.
DRM: giving consumers
what they don't want. [ Reply to This | # ]
|
|
Authored by: Anonymous on Tuesday, June 14 2005 @ 12:22 PM EDT |
Conspiracy theory: M$ has tacit approval and support
from the current Administration to help spy on everyone
using M$ software.
[ Reply to This | # ]
|
|
Authored by: Anonymous on Tuesday, June 14 2005 @ 12:32 PM EDT |
I want to comment on one small aspect of the discussion above. Although most of
the concerns are valid, the idea that agreeing to a particular DRM scheme makes
your data vulnerable to the vendor of that DRM doesn't hold water. Whatever DRM
the software (or hardware) implements, there is nothing to stop the end-user (in
this case, the NZ government) from adding their own encryption first. That way,
even if the vendor takes advantage of their "ownership" of the DRM to
attempt to peer into private end-user documents, they still run headfirst into
the end-user's encryption.
Incidentally, this is very similar to one of the arguments that was used against
the Clipper chip in the mid-90s. In that case, the argument was that even if the
US Government managed to get Clipper (with its known back door) into
telephones, etc., there was nothing (technologically speaking, anyway -- legally
is a different question) to stop two parties from adding their own layer of
encryption on top of that. So the back door would essentially be of zero added
benefit in spying on skilled users.
In short, many of the concerns above are valid, but the worry about privacy
invasion by the vendor of the DRM is not one of them.
-HJ[ Reply to This | # ]
|
|
Authored by: geoff lane on Tuesday, June 14 2005 @ 12:50 PM EDT |
There is often a legal requirement to keep legal documents for seven years or
more. Imagine the problems when all your documents are "protected"
with a non-open DRM or with hardware assisted DRM.
Over 7 years the average office may upgrade their hardware and software 2 or 3
times. Each time both h/w and s/w MUST support the DRM you have used to
"protect" your files.
Thus, a scheme that is supposed to protect your data is actually locking you
into a specific hardware and worse, software technology. A lockin method that
even Microsoft must smile about while they spin wildly to the media about how
their scheme will protect "IP".
---
I'm not a Windows user, consequently I'm not
afraid of receiving email from total strangers.
[ Reply to This | # ]
|
|
Authored by: Anonymous on Tuesday, June 14 2005 @ 01:48 PM EDT |
Either now I am just getting it, or maybe we are overlooking the big
picture.
The point is as follows: Microsoft has received a patent on
aggregating XML data into a single file.
Now it's nice that Microsoft is
using XML as a file format, but I think we are missing something:
In the
following Infoworld article, by Oliver Rist:
http://www
.infoworld.com/article/05/06/09/24OPenterwin_1.html
Oliver refers to a
description by Jean Paoli, senior XML architect, as follows:
"Paoli
describes the new format in several steps. First, it defaults to an XML schema
already available in Office 2003. It's just a lot smarter about it. The new file
format will save pieces of every document in several files and then stick the
whole package into a single Zip-compressed package file. Paoli's example was a
PowerPoint file in which the file's descriptive metadata is saved in one
document, whereas the images and accompanying text get saved in other files.
Office 12 will organize all these files and drop them into a Zip
package."
Now it may be possible to read these documents "royalty
free", but if I am using an non-MS product, I don't think I will be permitted to
create such a document. But that's not all. Stop and think a minute. If every
one of those pieces of those documents has it's own DRM control, then you better
be paying all your taxes to all the entities controlling those DRMs. Otherwise
I won't be able to read the document. Don't forget the granularity they are
applying with the DRM, such as read once, do not forward and so on. Remember
with Microsoft's bright vision of the future, those pieces can reside anywhere,
not just on your computer.
So why should I care, just use FOSS and scrap
the MS stuff. Not so easy.
http:
//www.infoworld.com/article/05/05/19/HNoffice12details_1.html
In this
article from Infoworld By Scarlet Pruitt, IDG News Service, we have:
"IT
complexity will be addressed with features that centrally define expiration and
archival policies for content, and tools to help meet regulatory compliance and
reporting standards, according to Capossela. "
In otherwords if we
don't conform, we might have big brother breathing down our necks, courtesy of
knee jerk reactions to Enron and Choicepoint, etc.
Finally we have this
beautiful little gem, courtesy of Computerworld as reported by Scarlet
Pruitt.
http:/
/www.computerworld.com/printthis/2005/0,4814,101749,00.html
'..."Gettin
g business applications to use Office as a front end is superimportant to
Microsoft. It really locks people into Office," said Michael Silver, an analyst
at Gartner Inc. It also could push users to upgrade Office more frequently if a
third-party application vendor supports only certain versions of the Microsoft
software, Silver said. ...'
'...Dwight Davis, an analyst at Summit
Strategies Inc. in Boston, said Microsoft keeps proving that there are good
reasons to use a rich client rather than a Web browser interface in many
cases....'
So now we understand why Microsoft has no more desire to do
any more work with Internet Explorer. You won't be accessing the web from a
browser, but from your Microsoft Office.
Also consider, if you are going to
include bits and pieces from virtually anywhere in your document, that would
explain why Microsoft is so alarmed about Google, which also provides the
ability to find anything anywhere.
Contrary to the concern here on
Groklaw that the next big challenge FOSS will come from software patents,
perhaps the real concern should be control over our data. The use of Software
Patents to kill FOSS is only a small incidental piece to the grand scheme of
things.
Perhaps the smart thing to do would be to take half a step back
and ask yourselves, which software patents being applied for and granted will
remove control from me of my data.
Again, DRM technology and copyright
laws are only a part of the equation. The question is how do they fit into the
grand scheme?
Now if you really want to be encouraged, consider the
following. The US government passed into law the requirement that to fly on a
plane, ride a bus, ride a train, or be licensed to have a car, you must have a
driver's license or state ID card with electronically readable biological
identifying characteristics.
This CNET article by Declan McCullagh was
posted on May 6. The law has since been passed by the house and the senate and
signed by President Bush.
http://news.com.com/FAQ+How+Real+ID+will+affect+you/2100-1028_3-5697111.htm
l
This may be an RFID chip. This must be put into place by 2008. The
United Kingdom is trying to pass similar legislation.
While it might
not be mandated by law, can you envision a DRM provision that to read an article
you must log in with your state ID card? OK, maybe this last is a bit of tin
hat.[ Reply to This | # ]
|
|
Authored by: Anonymous on Tuesday, June 14 2005 @ 03:06 PM EDT |
What a great article - I like the part " 9. UPGRADES. To use Software
identified as an upgrade, you must first be licensed for the software identified
by Microsoft as eligible for the upgrade. After upgrading, you may no longer use
the software that formed the basis for your upgrade eligibility."
so even after I upgrade and I keep the lower powered computer for say my
daughters education stuff I am not legally suppose to - for a product I already
paid for?
What crap - I was thinking of consolidating my three machines and getting an
Apple - but now I am brought back to reality and will stick with my three
machines running Linux.
Apple may not be as dirty as microsoft but I would just be following a different
piper and would be forced to upgrade on their terms and not mine.
Man if the car industry did this consumers would be outraged. Say you bought a
1998 car and the manufacturer has revamped your model for 2005 and said it is
not suporting or making parts for you old 1998 car - even though I can still
drive it and use it regularly - it's just if it breaks I am SOL and will forced
to buy a new one - but then I wouldn't even be able to use the old one because I
upgraded to the new model. I would be forced to just destroy the old car
because who would buy it anyway since you won't be able to get parts for it.
what bs - I am so thankful for Open Source and I don't know what got into into
me thinking of getting rid of my Linux boxes.
[ Reply to This | # ]
|
|
|
|
|