Stallman on Palladium

[voidmain]

http://newsforge.com/newsforge/02/10/21/1449250.shtml?tid=19
 

quote:
Monday October 21, 2002 - [ 04:14 PM GMT ]   Print this Article
Topic - Advocacy

-By Richard Stallman -
Who should your computer take its orders from? Most people think their computers should obey them, not obey someone else. With a plan they call "trusted computing," large media corporations (including the movie companies and record companies), together with computer companies such as Microsoft and Intel, are planning to make your computer obey them instead of you. Proprietary programs have included malicious features before, but this plan would make it universal.

Proprietary software means, fundamentally, that you don't control what it does; you can't study the source code, or change it. It's not surprising that clever businessmen find ways to use their control to put you at a disadvantage. Microsoft has done this several times: one version of Windows was designed to report to Microsoft all the software on your hard disk; a recent "security" upgrade in Windows Media Player required users to agree to new restrictions. But Microsoft is not alone: the KaZaa music-sharing software is designed so that KaZaa's business partner can rent out the use of your computer to their clients. These malicious features are often secret, but even once you know about them it is hard to remove them, since you don't have the source code.

In the past, these were isolated incidents. "Trusted computing" would make it pervasive. "Treacherous computing" is a more appropriate name, because the plan is designed to make sure your computer will systematically disobey you. In fact, it is designed to stop your computer from functioning as a general-purpose computer. Every operation may require explicit permission.

The technical idea underlying treacherous computing is that the computer includes a digital encryption and signature device, and the keys are kept secret from you. (Microsoft's version of this is called "palladium.") Proprietary programs will use this device to control which other programs you can run, which documents or data you can access, and what programs you can pass them to. These programs will continually download new authorization rules through the Internet, and impose those rules automatically on your work. If you don't allow your computer to obtain the new rules periodically from the Internet, some capabilities will automatically cease to function.

Of course, Hollywood and the record companies plan to use treacherous computing for "DRM" (Digital Restrictions Management), so that downloaded videos and music can be played only on one specified computer. Sharing will be entirely impossible, at least using the authorized files that you would get from those companies. You, the public, ought to have both the freedom and the ability to share these things. (I expect that someone will find a way to produce unencrypted versions, and to upload and share them, so DRM will not entirely succeed, but that is no excuse for the system.)

Making sharing impossible is bad enough, but it gets worse. There are plans to use the same facility for email and documents -- resulting in email that disappears in two weeks, or documents that can only be read on the computers in one company.

Imagine if you get an email from your boss telling you to do something that you think is risky; a month later, when it backfires, you can't use the email to show that the decision was not yours. "Getting it in writing" doesn't protect you when the order is written in disappearing ink.

Imagine if you get an email from your boss stating a policy that is illegal or morally outrageous, such as to shred your company's audit documents, or to allow a dangerous threat to your country to move forward unchecked. Today you can send this to a reporter and expose the activity. With treacherous computing, the reporter won't be able to read the document; her computer will refuse to obey her. Treacherous computing becomes a paradise for corruption.

Word processors such as Microsoft Word could use treacherous computing when they save your documents, to make sure no competing word processors can read them. Today we must figure out the secrets of Word format by laborious experiments in order to make free word processors read Word documents. If Word encrypts documents using treacherous computing when saving them, the free software community won't have a chance of developing software to read them -- and if we could, such programs might even be forbidden by the Digital Millennium Copyright Act.

Programs that use treacherous computing will continually download new authorization rules through the Internet, and impose those rules automatically on your work. If Microsoft, or the U.S. government, does not like what you said in a document you wrote, they could post new instructions telling all computers to refuse to let anyone read that document. Each computer would obey when it downloads the new instructions. Your writing would be subject to 1984-style retroactive erasure. You might be unable to read it yourself.

You might think you can find out what nasty things a treacherous computing application does, study how painful they are, and decide whether to accept them. It would be short-sighted and foolish to accept, but the point is that the deal you think you are making won't stand still. Once you come depend on using the program, you are hooked and they know it; then they can change the deal. Some applications will automatically download upgrades that will do something different -- and they won't give you a choice about whether to upgrade.

Today you can avoid being restricted by proprietary software by not using it. If you run GNU/Linux or another free operating system, and if you avoid installing proprietary applications on it, then you are in charge of what your computer does. If a free program has a malicious feature, other developers in the community will take it out, and you can use the corrected version. You can also run free application programs and tools on non-free operating systems; this falls short of fully giving you freedom, but many users do it.

Treacherous computing puts the existence of free operating systems and free applications at risk, because you may not be able to run them at all. Some versions of treacherous computing would require the operating system to be specifically authorized by a particular company. Free operating systems could not be installed. Some versions of treacherous computing would require every program to be specifically authorized by the operating system developer. You could not run free applications on such a system. If you did figure out how, and told someone, that could be a crime.

There are proposals already for U.S. laws that would require all computers to support treacherous computing, and to prohibit connecting old computers to the Internet. The CBDTPA (we call it the Consume But Don't Try Programming Act) is one of them. But even if they don't legally force you to switch to treacherous computing, the pressure to accept it may be enormous. Today people often use Word format for communication, although this causes several sorts of problems (see http://www.gnu.org/philosophy/no-word-attachments.html). If only a treacherous computing machine can read the latest Word documents, many people will switch to it, if they view the situation only in terms of individual action (take it or leave it). To oppose treacherous computing, we must join together and confront the situation as a collective choice.

For further information about treacherous computing, see http://www.cl.cam.ac.uk/users/rja14/tcpa-faq.html.

To block treacherous computing will require large numbers of citizens to organize. We need your help! The Electronic Frontier Foundation (http://www.eff.org) and Public Knowledge (http://www.publicknowledge.org) are campaigning against treacherous computing, and so is the FSF-sponsored Digital Speech Project (http://www.digitalspeech.org). Please visit these Web sites so you can sign up to support their work.

You can also help by writing to the public affairs offices of Intel, IBM, HP/Compaq, or anyone you have bought a computer from, explaining that you don't want to be pressured to buy "trusted" computing systems so you don't want them to produce any. This can bring consumer power to bear. If you do this on your own, please send copies of your letters to the organizations above.

Postscripts:

1. The GNU Project distributes the GNU Privacy Guard, a program that implements public-key encryption and digital signatures, which you can use to send secure and private email. It is useful to explore how GPG differs from treacherous computing, and see what makes one helpful and the other so dangerous.

When someone uses GPG to send you an encrypted document, and you use GPG to decode it, the result is an unencrypted document that you can read, forward, copy, and even re-encrypt to send it securely to someone else. A treacherous computing application would let you read the words on the screen, but would not let you produce an unencrypted document that you could use in other ways. GPG, a free software package, makes security features available to the users; they use it. Treacherous computing is designed to impose restrictions on the users; it uses them.

2. Microsoft presents Palladium as a security measure, and claims that it will protect against viruses, but this claim is evidently false. A presentation by Microsoft Research in October 2002 stated that one of the specifications of Palladium is that existing operating systems and applications will continue to run; therefore, viruses will continue to be able to do all the things that they can do today.

When Microsoft speaks of "security" in connection with Palladium, they do not mean what we normally mean by that word: protecting your machine from things you do not want. They mean protecting your copies of data on your machine from access by you in ways others do not want. A slide in the presentation listed several types of secrets Palladium could be used to keep, including "third party secrets" and "user secrets" -- but it put "user secrets" in quotation marks, recognizing that this is not what Palladium is really designed for.

The presentation made frequent use of other terms that we frequently associate with the context of security, such as "attack," "malicious code," "spoofing," as well as "trusted." None of them means what it normally means. "Attack" doesn't mean someone trying to hurt you, it means you trying to copy music. "Malicious code" means code installed by you to do what someone else doesn't want your machine to do. "Spoofing" doesn't mean someone fooling you, it means you fooling Palladium. And so on.

3. A previous statement by the Palladium developers stated the basic premise that whoever developed or collected information should have total control of how you use it. This would represent a revolutionary overturn of past ideas of ethics and of the legal system, and create an unprecedented system of control. The specific problems of these systems are no accident; they result from the basic goal. It is the goal we must reject.

Copyright 2002 Richard Stallman
Verbatim copying and distribution of this entire article is permitted without royalty in any medium provided this notice is preserved.

Editor's note: This article first appeared in Richard Stallman's new book, "Free Software, Free Society." This is the first time the article has appeared online, and Stallman has added some new material.

[KernelPanic]

Go Stallman!

LINK TO IMAGE

[edit (Calum) - this image was a bit big i think, a lot of our posters are on dialup, so please, people, link to any images that are of any decent size. thanks]

[ October 22, 2002: Message edited by: Calum ]

[edit (Tux) - agreed]

[ October 22, 2002: Message edited by: Tux ]

[Bazoukas]

Thats a VERY nice reading!!!!!!!!!!!!!!

[CaptainCool]

I think it's almost time for me to delete that windoze partition I got.

[voidmain]

And here is the "real" TCPA/Palladium FAQ:

http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html

And a TCPA/Palladium showdown coming up with the top Microsoft Palladium dude and Alan Cox (the lead Linux kernel programmer):

http://www.theregister.co.uk/content/4/27710.html

This outta be fun!

[voidmain]

Yesterday I was flipping through the channels and normally I flip right past TechTV but to my surprise  who did I see? RMS himself! Too bad the segment was just ending and I didn't get to hear him talk. They were just wrapping up and Leo was showing his book. Maybe I should flip through the channels more often just in case they have something interesting on there again.

[edit]
How wierd, just after typing this, I flip to TechTV and they are rerunning the RMS segment. This time I caught the last 90 seconds. Damn! I think that propeller hat would look good on him.

See:
http://www.techtv.com/screensavers/showtell/story/0,24330,3404291,00.html
[/edit]

[ October 22, 2002: Message edited by: void main ]

[MacUser3of5]

Is THAT picture Stallman?

Wow, Ballmer might get competition for the next 'Ugliest Techie Alive' contest. Well, at least Stallman isn't a monkey...  

[Calum]

quote:
There are proposals already for U.S. laws that would require all computers to support treacherous computing, and to prohibit connecting old computers to the Internet. The CBDTPA (we call it the Consume But Don't Try Programming Act) is one of them. But even if they don't legally force you to switch to treacherous computing, the pressure to accept it may be enormous. Today people often use Word format for communication, although this causes several sorts of problems (see http://www.gnu.org/philosophy/no-word-attachments.html). If only a treacherous computing machine can read the latest Word documents, many people will switch to it, if they view the situation only in terms of individual action (take it or leave it). To oppose treacherous computing, we must join together and confront the situation as a collective choice.

For further information about treacherous computing, see http://www.cl.cam.ac.uk/users/rja14/tcpa-faq.html.

To block treacherous computing will require large numbers of citizens to organize. We need your help! The Electronic Frontier Foundation ( www.eff.org ) and Public Knowledge ( www.publicknowledge.org ) are campaigning against treacherous computing, and so is the FSF-sponsored Digital Speech Project ( www.digitalspeech.org ). Please visit these Web sites so you can sign up to support their work.

You can also help by writing to the public affairs offices of Intel, IBM, HP/Compaq, or anyone you have bought a computer from, explaining that you don't want to be pressured to buy "trusted" computing systems so you don't want them to produce any. This can bring consumer power to bear. If you do this on your own, please send copies of your letters to the organizations above.

this i think is the important bit. at long last, i can put my name in with other people who feel the same way.

sign up and do something.

[ October 22, 2002: Message edited by: Calum ]

[Kintaro]

Having a knoledge in electronics, computer science and how pc's work, I take it I would be able to remove there fritz chip. Unless it is put inside the Computer. People could make there own hardware that is put on the Network which would contain there own chip in front of the Fritz Chip, and nor TCPA Servers or the Chip itself would know. Then that chip could emulate calls to the Fritz Chip and the Servers which could say "Yes the MP3 isnt illegal" and not say a word to TCPA servers at all. So if another chip controlling the CPU/Fritz Chip could be established then you could fix the problem even if the Fritz Chip is in the CPU. And what about people who are not on the Internet. Or people like me who play the same MP3's on there player as there PC. TCPA Microsoft and Intel will all fail at this. Nobody will like it. Lets just watch them commit suiside.

I will crack the "Fritz" Chip and trade my ideas with other users of Non-Fritz Appliances. I will not stand for this unless we can elect who is in charge of TCPA. But I will crack it when I get my hands on one.

[Calum]

i am sickened.
i just went to read the stallman article again, so i could print it, and guess what was right in the middle of the page? this:



how fucking offensive.
pathetic.

[Crunchy(Cracked)Butter]

You notice how this is another wonderful US law.

Lets say all these "needed" bills get passed and the US becomes fucked and chained.  Limited with their freedom of uses, creativity and their everyday lives and these all effect the US before other countries adopt these laws.

I cannot see other countries doing this and joining in, once the mainstream public see this happening in the states they are not going to allow this to happen in their countries, it will be harder to implement and carry out.

Already some south american countries are not following the western world because it limits their growth having to buy software over and over again for no practical reason.  Australia is a shining example of what happens when people know what to do  with technology (legal to mod electronic devices over there)and i cannot see them reversing their laws.  I know every country isn't going to take this bending over just so they can like the US.  Alot of countries use to aspire to be like the US, they wanted the freedoms, wealth and everything the USA enjoys, i bet they are not following now.

I just hope something is done before it even comes to that!

[Refalm]

quote:I'm not spamming you. The whole community is spamming you. I'm not responsible for the community.

The internet is build by people who made rules: internetiquette.  Your company has broken those rules!

Refalm.

dquesnel heeft geschreven:

Whatever the Company involvment in TCPA, it does not allow you to spam
us.
Just stop it or measures will be taken.

-----------------------------------------------------------
David Quesnel - nCipher Corporation
Where there is a will, there`s a way
Phone : + 33 (0) 1 55 68 10 88
Mobile : + 33 (0) 6 84 49 00 15
Http://www.ncipher.com/international/french.html


-----Message d'origine-----
De : Refalm [mailto    hidden)] Envoy

[KernelPanic]

You should start sending SMS messages about your dissaproval to his mobile now....
Then he can't escpae the truth, it will be in his back pocket  

[preacher]

They couldnt even teach programming at schools because the second they write a piece of code on their system, it would be unsigned and therefore would not run. If this shit happens, Im grabbing my shotgun and marching on Washington(I mean Redmond, not DC).

[lazygamer]

This rocks! I loved the interview and he wrote an awesome article. Don't forget the Free software song.