The article Wired News: The Long Arm of Longhorn will be of interest to anyone concerned about outsiders determining what you can and can’t do with data on your PC. It’s something I’ve been meaning to write about for some time now as I had come across a couple of websites that talked about Microsoft’s intent to add secure digital rights management to Longhorn (the codename for the next version of Windows XP) and the possible implications of it for users. It seems that even Microsoft isn’t sure if this will help or hurt public acceptance of their next OS.
The Next Generation Secure Computing Base, referred to internally at MS by the codename Palladium, is a hardware/software solution that is intended to realize the goal of a true tamper-proof computing environment. This can be good and bad.
NGSCB is essentially an encryption and permission management system. It can encrypt keyboard strokes or data being sent from a computer, as well as incoming streaming video or audio.
NGSCB also allows the owner or creator of a document, file or application to determine what can be done with it. Users won’t be able to modify application code or alter the contents of documents if the owner has opted to block such activities. Users will be prevented from making copies of digital media if the owner so chooses. And users might not be able to forward or print e-mail or files without permission.
Separate permissions can be set for individual users, or conceivably for different purchase plans—perhaps a 50-cent MP3 wouldn’t be burnable or transferable to other devices, while a $1 copy of the same tune would be.
“This is scary stuff,” said a developer who asked that his name be withheld. “I could see a lot of people sticking with their old computers, operating systems and media players to avoid all this permission crap. Any geek who does use Windows is going to stick with Windows 2000; most of them are already not thrilled with XP anyway.”
The good news is that it’ll make things such as viruses and spyware programs a lot harder to implement as the OS would see them as unauthorized and stop them before they could start up.
The bad news is that it allows for outside control over copyrighted materials on your PC. Downloaded music files, for example, can have permissions defined by the creator of the file that determines what you can and can’t do with it. Perhaps you can only play it once for free. Then for 50 cents you can play it as much as you want on your PC. Or for a full $1 you can play it as much as you want on your PC and copy it to one other secure device such as your portable MP3 player or perhaps be allowed to burn it to CD. Audio, Video, Software, etc. would be configurable to enforce restrictions on their use by you as a user. It could virtually eliminate piracy under that version of Windows. That in itself is not necessarily a bad thing, but it presents an opportunity for abuses you might not have considered.
Take for example Microsoft Office. There are a lot of pirated copies of Office installed on a lot of people’s PCs even among people who otherwise buy most of the software that they use. The reason is simple: It’s a $400 package. Microsoft realizes this so they want to be able to “rent” Office to you instead of selling it. This is part of why Microsoft spent so much cash trying to push the roll-out of broadband so there’d be an easy way to deliver it to folks. So, you sign up to rent Office at a cost of, say, $20 a month and one month you forget to pay the rental bill. Not a problem for Microsoft as this new computing environment would allow them to “shut off” your access to Office on your PC. Fair enough, right? They could take it a step further, though, and shut off access to all the files you created with Office as well. That presentation you needed for work the next day? Yeah, well, that’ll be unavailable until you pay your bill even if you take it in and try to use it on your copy of Office at work. Oh, and don’t even think of trying to switch to Corel’s Word Perfect and have it convert the file or, even worse, something like OpenOffice.org.
Now that’s just one of several—admittedly—worst-case scenarios that may never happen, but the point still stands that it could happen. NGSCB for the first time allows copyright holders to dictate to end users just what they can and can’t do with their programs and files. If Microsoft puts a clause in their End User License Agreement that states they have the right to control your access to files that you create using their software then they could easily and legally do the nightmare scenario presented here. Would they put in such a clause? Would you be surprised if they did?
And if Senator Fritz Hollings gets his way with a bill called the Consumer Broadband and Digital Television Promotion Act that he introduced March of last year, the chip will be mandatory by law in all digital devices and all software from that point on would have to have the embedded copy-protection schemes approved by the federal government to be legal.
Legal experts said on Friday that the CBDTPA regulates nearly any program, in source or object code, that runs on a PC or anything else with a microprocessor.
That’s not just Windows media players and their brethren, as you might expect. The CBDTPA’s sweeping definition of “any hardware or software” includes word processors, spreadsheets, operating systems, compilers, programming languages—all the way down to humble Unix utilities like “cp” and “cat.”
“The definition will cover just about anything that runs on your computer—except maybe the clock,” said Tom Bell, a professor at Chapman University School of Law who teaches intellectual property law.
According to the CBDTPA, any software with the ability to reproduce “copyrighted works” may not be sold in the United States after the Federal Communications Commission’s regulations take effect. Even programmers who distribute their code for free would be prohibited from releasing newer versions—unless the application included federally approved technology.
Anyone violating the CBDTPA would be subject to statutory damages ranging from $200 to $25,000 per violation. An irked content owner would have a quiver of legal arrows to aim at a violator: Search warrants, impounding or destruction of equipment used in the illegal activity, plus attorney’s fees, reimbursement for lost profits and actual damages.
That’s not all. Anyone who ignores the CBDTPA’s prohibitions—and does it for “commercial advantage or private financial gain”—would face the same criminal penalties that once threatened the Russian hacker Sklyarov: up to a $500,000 fine and five years in prison.
R. Polk Wagner, who teaches intellectual property law at the University of Pennsylvania, says that free software developers could risk criminal charges—even if no cash transactions are involved.
“The law has taken people who give it away for free to be sellers for some purposes,” Wagner says. “If you give it away on a site that has ads, or if you’re doing it for reputational value, you’re probably still falling in the commercial category.”
Fortunately Holling’s bill is having a rough time gaining support outside of obvious organizations such as the MPAA and the RIAA, but with Intel designing a chip for PCs that is essentially what Fritz wants anyway does it really matter if the bill ever makes it into law?
Go read both articles as they give a bit of an overview on the whole concept. Once I track down the sites I came across earlier I’ll make another entry that talks about this even more.