Feeds

Linus Torvalds blesses DRM, and nothing happens

Can we just talk about something else, please?

  • alert
  • submit to reddit

The smart choice: opportunity from uncertainty

Last week Linus Torvalds said share denial technology, or DRM (Digital Rights Management) is OK. He did so on a linux kernel mailing list and so anticipating the reaction, with the Subject line: Flame Linus to a crisp!, he wrote:

"I'm going to just hunker down for some really impressive extended flaming, and my asbestos underwear is firmly in place, and extremely uncomfortable."

Continuing the dramatic costume theme, Linux IDE subsystem guy Andre Hedrick entered, first warning, with a gothic flourish, that:

"Like fire, control DRM/CPRM and you receive benefits. Let it run wild and you will be burned."

Before leaving us with this reminder:

"PS: If this turns into a flame fest, the absolute seriousness of this issue will be lost. I have rented a blowtorch and flamethrower, and [am] prepared to destroy people who attempt to make this messy. One of the last things I will do before stepping to the side, will be to resolve this issue in a constructive way. So if it turns nasty, I am here for the long haul."

So we were in for a reet, really good game of Dungeons and Dragons. An epic battle. Only, it didn't happen.

Linus added:

"The technology itself is pretty neutral, and I'm personally pretty optimistic."

He regretted the demands, but weighed up the responsibilities and concluded:

"Unfortunate? Yes. maybe my moral sense is lacking, but I just can't see myself saying 'no, you can't use Linux for [encoding satellite TV streams]'".

Torvalds reminded us that it isn't the duty of open source software to protect open hardware - ie, the x86 platform, which is where most Linux users are today.

This subsequent bit from Linus is important:

"But such a 'make the machines be something the _users_ can trust' is 100% indistinguishable from a technical standpoint from something where you "make the machine something that Disney Corp can trust". There is _zero_ technical difference. It's only a matter of intent - and even the intent will be a matter of interpretation."

Which is correct, but where this leaves the GPL after all this has eventually been decided someplace else, at some point, is more than collateral damage.

Hedrick didn't throw down any more bolts of lightning, and they all wandered off and starting about strange things like 'how does this affect Quake?', which is a barmy thing to be talking about at such a historic moment.

Before Larry McVoy stepped in again to tell us how great his Bitkeeper software is. Again.

"The rockets go up - who cares where they come down?"

Which does sound like what we heard from the TCPA lot, who were sensitive to echoes of Tom Lehrer's famous disclaimer for the rocket scientist:

"Who cares where they come down, that's not my department, says Werner von Braun."

TCPA folks adopt the argument that it's "technology neutral" and honest guv, don't ask us about the morality of all this, we only work here.

The issue that brought this to the fore has been the embedded Linux contingent, who have been caught playing fast and loose with the GPL before, but who do stand a good chance of working Linux into entertainment playback devices or gateways, such as set top boxes and handhelds. These guys are working for pretty reactionary companies, and with things getting tough, these companies are looking to get something for nothing, as they do in tough times.

So they might want to pull stunts such as "can we use free Linux in our boxes to carry encrypted content and violate the GPL without anyone noticing?"

It's only a couple of months since Transmeta itself incorporated DRM support into its processors, so we were wondering how long it would be before Linus Made A Statement.

And now we have A Statement. Linus says he has faith that the public won't buy crappy DRM services which restrict their rights, such as the service Steve Jobs launched on Monday for his Apple computers. Just as dongles failed, DRM media and systems will fail, he said, because no one will buy them. (We remember hearing the same sort of argument from the EFF at about the time that CPRM on ATA, and copy-protected CDs were being introduced.)

So - why is it so quiet in here, we asked Alan Cox.

Cox told us that one way or another, this was an issue that would be decided in court.

"Really the question is 'can you use GPL'd code in a signed system'. The answer is a legal not a technical one and nobody can change that. It may be that future GPL versions take a clearer line on it (as GPLv2 did with patents) but for current code the situation is simply 'Ask your lawyer'."

Yes, but what happens then?

Andre Hedrick, who has not let us down yet, asks:

"How they do they deal with digital signing a kernel for use in an embedded environment - violating the GPL - without imposing restrictions on the GPL?"

"DRM is a media lock; interfaces aren't copyrightable - so the GPL won't help you there."

And if it comes to a lawsuit, who gets it in the ass?

"Is Linux a sum of its parts, or are its parts separate?"

In other words, who gets sued, and what are the implications? These are pretty big questions, and no one seems to be asking them.

The important thing to remember is that the GPL is a social construct, rather than a legal construct, which has never been tested in court. Its authority derives from consensus, not from the random fancies of a Judge. Throwing the GPL to the legal system now does seem to expose the Movement to an enormous amount of risk. Are we all aware that this is happening, and do we all appreciate the risk involved?

Larry McVoy did have a nice summary which, although he may have been talking about patent implications, resonates here:

Me: Action A is leading to reaction B which you don't want.
You: Action A is perfectly legal, etc., etc.
Me: It's not about whether it is legal or not, it's about reaction B.
You: Action A is perfectly legal, etc., etc.
Me: Reaction B is what you don't want, it's behaviour A which is the cause.
You: Action A is perfectly legal, etc., etc.
Me: You keep missing the point about the reaction B.
You: Action A is perfectly legal, etc., etc.
Me: Err, umm, how many times do I have to tell you it is the reaction that is what you want to avoid?
You: Action A is perfectly legal, etc., etc.
Me: Sigh.

Next in this series: Steve Jobs blesses DRM, and nothing happens. ®

Related Story

Of TCPA, Palladium and Werner von Braun .

Securing Web Applications Made Simple and Scalable

More from The Register

next story
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
DARPA-derived secure microkernel goes open source tomorrow
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
Put down that Oracle database patch: It could cost $23,000 per CPU
On-by-default INMEMORY tech a boon for developers ... as long as they can afford it
Google shows off new Chrome OS look
Athena springs full-grown from Chromium project's head
Apple: We'll unleash OS X Yosemite beta on the MASSES on 24 July
Starting today, regular fanbois will be guinea pigs, it tells Reg
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.