Retracting the term ownership (was: Re: Separate trusted computing designs)

[Marcus Brinkmann]

At Thu, 31 Aug 2006 09:53:36 -0400,
"Jonathan S. Shapiro" <address@hidden> wrote:
> 1. It would be helpful to have a URL to refresh my memory. Better still,
> if it is truly a reference essay for Hurd, put it on the Wiki!

Actually, I plan to write it up as a paper, but that has to wait,
unfortunately.

The URLs are

http://lists.gnu.org/archive/html/l4-hurd/2006-05/msg00184.html
http://lists.gnu.org/archive/html/l4-hurd/2006-05/msg00232.html
http://lists.gnu.org/archive/html/l4-hurd/2006-05/msg00324.html

> Some of the critical term definitions that you have adopted do not, in
> my view, correspond to conventional usage, and I therefore find it
> impossible to adopt (or even remember without explicit conscious effort)
> your definitions. Your definition of "ownership" is one example (see
> below). I have no objection to the concept that I think you are trying
> to capture. My problem is that I am unable to form any persistent
> binding between the word "ownership" and that concept, because to me
> ownership is a legal term that means something quite different.

I accept that criticism.  We have uncovered something that is very
difficult to get right, because the existing terminology does not map
well to the "trusted computing" use case.  Let me explain.

There is a distinction made in German law between the "owner" of an
item and the "possessor".  I may be in possession of an item because I
acquired it unlawfully, or because I found it (the owner lost it), or
because I contracted it for a purpose.  I assume similar concepts
exist elsewhere, too.

As you point out, the term ownership doesn't fit, because one retains
the ownership of the computer even during a contract.  I got this
partly correct in my essay, but got it wrong several times as well,
and on the mailing list.  I apologize for that, and I retract it.

On the other hand, the term "possession" also doesn't fit, because I
may be in possession of all the physical parts of the hardware and
still not be able to exercise the kind of control I am interested in.

The term "control" is a band-aid that we can use to communicate what
we mean, given that we have a rough understanding of the information
flow model that's involved in the typical use case.  However, the term
begs for a rigorous definition and analysis.

I may have fallen into a trap by proprietizing the nature of the
encrypted key on the "trusted computing" chip, while at the same time
argueing against the proprietization of information.  That's a neat
one!  It's a quite serious blow to the way I present my core argument,
and the first real challenge that has come up.  I am very grateful for
this.  I will have to think about how to correct this.

[...]

> In the same way, the TiVo box can be used by the owner for its original
> purpose, and the owner is welcome to *attempt* to adapt it at their own
> risk.

It is my understanding that the DMCA (and the EUCD implementations
here in Europe) may make this illegal if anti-circumvention measures
are applied by the vendor.  Is that wrong?

Thanks,
Marcus