[Fsfe-uk] Explanation of Tivosiation and problems - comments sought

[Ciaran O'Riordan]

I'm writing a blog entry about Tivoisation, how it works, what problems it
causes, and how it can be blocked.  I plan to put it on line on Monday, but
any comments would be welcome.  My main concern is whether it is easily
understandable.

==================
To think about what free software licences should do about
tivoisation, we have to understand what problems we're trying to
prevent, and how it works - so that we can find a way to make it not
work.

1. How tivoisation works
2. Controlling your own computer
3. Sustaining the free software movement
4. What does discussion draft 2 of GPLv3 say
5. What do we have to think about

==How tivoisation works==

Tivoisation is a way of giving someone a computer whose software can
be upgraded but which will refuse to run any software that isn't first
authorised by the manufacturer.

To implement tivosiation, a manufacturer must do three things:

1. Put a chip in the computer which will check any software before it
   is run and which will only allow the running of software if an
   authorised digital fingerprint is found.

2. Inject that certain digital fingerprint into each version of their
   own software.

3. Don't tell their customers the fingerprint.

By doing this, the manufacture can still publish new versions of the
software in the future.  It just has to inject the secret fingerprint
and then publish the software and users will be able to run it.

However, if the user tries to use a modified version of the software,
or tries to run some third-party software, the computer will refuse to
function fully, or will simply not run the software at all.


==Controlling your own computer==

There are two reasons why free software licences should block
tivoisation.  The first is that tivoisation prevents users from having
control of their own computer.

We can see the importance of this by looking at the first company to
do tivoisation: the Tivo.  The Tivo is a tivoised computer which runs
GNU+Linux.  The software in the Tivo includes spyware which gathers
information about the user and automatically sends that information to
Tivo.

The GPL ensures that Tivo owners can get a copy of the source code,
but because of tivoisation, any effort to modify the software and use
it will fail.  Being able to get a copy of the source code is not
enough in this case.


==Sustaining the free software movement==

The second reason why free software licences should prohibit
tivoisation is that tivoisation burns the environment in which free
software flourishes.

By making computers non-programmable, tivoisation makes free software
users non-programmers.  Normally, when our software spreads, we gain
more developers as some of the users will know how to program, and
they will make small or large changes, and many will publish their
improvements so that everyone, including the non-programmers, can
benefit from the general ability of the community to modify the
software.

With Tivoisation, the ability of the community to choose the direction
the software develops in is inhibited, and the link between the spread
of our software and the growth of our developer community is cut.  If
a million people bought Tivos, there would be an extra million
GNU+Linux users in the World, and we would gain zero developers.

This is unfortunate, to any degree, but it can also become
particularly problematic if it becomes widespread.

If we accept this behaviour from hardware manufacturers, we will get
more of it because hardware manufacturers won't turn down the
opportunity to have more power over their customers.  If Tivoised
computers become the norm and the era of programmable computers fades
into history, free software development will be in trouble.


==What discussion draft 2 of GPLv3 says==

Of the three components of tivoisation mentioned above, item #3 is the
problematic one.  If manufacturers implement #1 and #2, but told each
customer the (possibly unique) digital fingerprint and how the
customer can include it in software, then there would be no problem.

Allowing items #1 and #2 is important because they can be used for
security purposes.

So, discussion draft 2 of GPLv3 blocks item #3 by saying that when you
are required to distribute a program's source code, you must include:

  ...any encryption or authorization keys necessary to install and/or
  execute modified versions from source code in the recommended or
  principal context of use...

This only applies to people distributing hardware plus software where
the hardware is configured as in step #1 above.  If you are just
distributing software, then the number of keys that are necessary to
install and/or execute the software is zero.  So this language only
applies to a small number of hardware manufacturers, probably less
than ten.

That sentence I've quoted is from the definitions of "Corresponding
Source" in discussion draft 2 of GPLv3.  Richard Stallman has said
that in discussion draft
==================



-- 
Ciarán O'Riordan __________________ \ http://fsfeurope.org/projects/gplv3
http://ciaran.compsoc.com/ _________ \  GPLv3 and other work supported by
http://fsfe.org/fellows/ciaran/weblog \   Fellowship: http://www.fsfe.org