[DMCA-Activists] Stallman: Can You Trust Your Computer?

[Seth Johnson]

> http://www.nyfairuse.org/analysis/trech.comp.xhtml


Can you trust your computer? 

-By Richard Stallman -

Who should your computer take its orders from? Most people
think their computers should obey them, not obey someone
else. With a plan they call "trusted computing," large media
corporations (including the movie companies and record
companies), together with computer companies such as
Microsoft and Intel, are planning to make your computer obey
them instead of you. Proprietary programs have included
malicious features before, but this plan would make it
universal.


Proprietary software means, fundamentally, that you don't
control what it does; you can't study the source code, or
change it. It's not surprising that clever businessmen find
ways to use their control to put you at a disadvantage.
Microsoft has done this several times: one version of
Windows was designed to report to Microsoft all the software
on your hard disk; a recent "security" upgrade in Windows
Media Player required users to agree to new restrictions.
But Microsoft is not alone: the KaZaa music-sharing software
is designed so that KaZaa's business partner can rent out
the use of your computer to their clients. These malicious
features are often secret, but even once you know about them
it is hard to remove them, since you don't have the source
code.

In the past, these were isolated incidents. "Trusted
computing" would make it pervasive. "Treacherous computing"
is a more appropriate name, because the plan is designed to
make sure your computer will systematically disobey you. In
fact, it is designed to stop your computer from functioning
as a general-purpose computer. Every operation may require
explicit permission.

The technical idea underlying treacherous computing is that
the computer includes a digital encryption and signature
device, and the keys are kept secret from you. (Microsoft's
version of this is called "palladium.") Proprietary programs
will use this device to control which other programs you can
run, which documents or data you can access, and what
programs you can pass them to. These programs will
continually download new authorization rules through the
Internet, and impose those rules automatically on your work.
If you don't allow your computer to obtain the new rules
periodically from the Internet, some capabilities will
automatically cease to function. 

Of course, Hollywood and the record companies plan to use
treacherous computing for "DRM" (Digital Restrictions
Management), so that downloaded videos and music can be
played only on one specified computer. Sharing will be
entirely impossible, at least using the authorized files
that you would get from those companies. You, the public,
ought to have both the freedom and the ability to share
these things. (I expect that someone will find a way to
produce unencrypted versions, and to upload and share them,
so DRM will not entirely succeed, but that is no excuse for
the system.)

Making sharing impossible is bad enough, but it gets worse.
There are plans to use the same facility for email and
documents -- resulting in email that disappears in two
weeks, or documents that can only be read on the computers
in one company.

Imagine if you get an email from your boss telling you to do
something that you think is risky; a month later, when it
backfires, you can't use the email to show that the decision
was not yours. "Getting it in writing" doesn't protect you
when the order is written in disappearing ink.

Imagine if you get an email from your boss stating a policy
that is illegal or morally outrageous, such as to shred your
company's audit documents, or to allow a dangerous threat to
your country to move forward unchecked. Today you can send
this to a reporter and expose the activity. With treacherous
computing, the reporter won't be able to read the document;
her computer will refuse to obey her. Treacherous computing
becomes a paradise for corruption.

Word processors such as Microsoft Word could use treacherous
computing when they save your documents, to make sure no
competing word processors can read them. Today we must
figure out the secrets of Word format by laborious
experiments in order to make free word processors read Word
documents. If Word encrypts documents using treacherous
computing when saving them, the free software community
won't have a chance of developing software to read them --
and if we could, such programs might even be forbidden by
the Digital Millennium Copyright Act.

Programs that use treacherous computing will continually
download new authorization rules through the Internet, and
impose those rules automatically on your work. If Microsoft,
or the U.S. government, does not like what you said in a
document you wrote, they could post new instructions telling
all computers to refuse to let anyone read that document.
Each computer would obey when it downloads the new
instructions. Your writing would be subject to 1984-style
retroactive erasure. You might be unable to read it
yourself.

You might think you can find out what nasty things a
treacherous computing application does, study how painful
they are, and decide whether to accept them. It would be
short-sighted and foolish to accept, but the point is that
the deal you think you are making won't stand still. Once
you come depend on using the program, you are hooked and
they know it; then they can change the deal. Some
applications will automatically download upgrades that will
do something different -- and they won't give you a choice
about whether to upgrade. 

Today you can avoid being restricted by proprietary software
by not using it. If you run GNU/Linux or another free
operating system, and if you avoid installing proprietary
applications on it, then you are in charge of what your
computer does. If a free program has a malicious feature,
other developers in the community will take it out, and you
can use the corrected version. You can also run free
application programs and tools on non-free operating
systems; this falls short of fully giving you freedom, but
many users do it.

Treacherous computing puts the existence of free operating
systems and free applications at risk, because you may not
be able to run them at all. Some versions of treacherous
computing would require the operating system to be
specifically authorized by a particular company. Free
operating systems could not be installed. Some versions of
treacherous computing would require every program to be
specifically authorized by the operating system developer.
You could not run free applications on such a system. If you
did figure out how, and told someone, that could be a crime.

There are proposals already for U.S. laws that would require
all computers to support treacherous computing, and to
prohibit connecting old computers to the Internet. The
CBDTPA (we call it the Consume But Don't Try Programming
Act) is one of them. But even if they don't legally force
you to switch to treacherous computing, the pressure to
accept it may be enormous. Today people often use Word
format for communication, although this causes several sorts
of problems (see
http://www.gnu.org/philosophy/no-word-attachments.html). If
only a treacherous computing machine can read the latest
Word documents, many people will switch to it, if they view
the situation only in terms of individual action (take it or
leave it). To oppose treacherous computing, we must join
together and confront the situation as a collective choice.

For further information about treacherous computing, see
http://www.cl.cam.ac.uk/users/rja14/tcpa-faq.html.

To block treacherous computing will require large numbers of
citizens to organize. We need your help! The Electronic
Frontier Foundation (www.eff.org) and Public Knowledge
(www.publicknowledge.org) are campaigning against
treacherous computing, and so is the FSF-sponsored Digital
Speech Project (www.digitalspeech.org). Please visit these
Web sites so you can sign up to support their work.

You can also help by writing to the public affairs offices
of Intel, IBM, HP/Compaq, or anyone you have bought a
computer from, explaining that you don't want to be
pressured to buy "trusted" computing systems so you don't
want them to produce any. This can bring consumer power to
bear. If you do this on your own, please send copies of your
letters to the organizations above.

Postscripts:

1. The GNU Project distributes the GNU Privacy Guard, a
program that implements public-key encryption and digital
signatures, which you can use to send secure and private
email. It is useful to explore how GPG differs from
treacherous computing, and see what makes one helpful and
the other so dangerous.

When someone uses GPG to send you an encrypted document, and
you use GPG to decode it, the result is an unencrypted
document that you can read, forward, copy, and even
re-encrypt to send it securely to someone else. A
treacherous computing application would let you read the
words on the screen, but would not let you produce an
unencrypted document that you could use in other ways. GPG,
a free software package, makes security features available
to the users; they use it. Treacherous computing is designed
to impose restrictions on the users; it uses them.

2. Microsoft presents Palladium as a security measure, and
claims that it will protect against viruses, but this claim
is evidently false. A presentation by Microsoft Research in
October 2002 stated that one of the specifications of
Palladium is that existing operating systems and
applications will continue to run; therefore, viruses will
continue to be able to do all the things that they can do
today.

When Microsoft speaks of "security" in connection with
Palladium, they do not mean what we normally mean by that
word: protecting your machine from things you do not want.
They mean protecting your copies of data on your machine
from access by you in ways others do not want. A slide in
the presentation listed several types of secrets Palladium
could be used to keep, including "third party secrets" and
"user secrets" -- but it put "user secrets" in quotation
marks, recognizing that this is not what Palladium is really
designed for.

The presentation made frequent use of other terms that we
frequently associate with the context of security, such as
"attack," "malicious code," "spoofing," as well as
"trusted." None of them means what it normally means.
"Attack" doesn't mean someone trying to hurt you, it means
you trying to copy music. "Malicious code" means code
installed by you to do what someone else doesn't want your
machine to do. "Spoofing" doesn't mean someone fooling you,
it means you fooling Palladium. And so on.

3. A previous statement by the Palladium developers stated
the basic premise that whoever developed or collected
information should have total control of how you use it.
This would represent a revolutionary overturn of past ideas
of ethics and of the legal system, and create an
unprecedented system of control. The specific problems of
these systems are no accident; they result from the basic
goal. It is the goal we must reject.

Copyright 2002 Richard Stallman

Verbatim copying and distribution of this entire article is
permitted without royalty in any medium provided this notice
is preserved.


Links:

"Richard Stallman" - mailto:address@hidden 
"www.eff.org" - http://www.eff.org/ 
"www.publicknowledge.org" - http://www.publicknowledge.org/ 
"www.digitalspeech.org" - http://www.digitalspeech.org/ 
"Free Software, Free Society" -
http://www.gnu.org/doc/book13.html