惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

K
Kaspersky official blog
小众软件
小众软件
Engineering at Meta
Engineering at Meta
博客园 - 三生石上(FineUI控件)
WordPress大学
WordPress大学
G
Google Developers Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
V
V2EX
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Google DeepMind News
Google DeepMind News
Security Archives - TechRepublic
Security Archives - TechRepublic
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
C
Check Point Blog
aimingoo的专栏
aimingoo的专栏
罗磊的独立博客
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
MongoDB | Blog
MongoDB | Blog
L
LINUX DO - 热门话题
酷 壳 – CoolShell
酷 壳 – CoolShell
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
H
Help Net Security
Martin Fowler
Martin Fowler
G
GRAHAM CLULEY
Simon Willison's Weblog
Simon Willison's Weblog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
博客园 - Franky
V
Vulnerabilities – Threatpost
云风的 BLOG
云风的 BLOG
博客园_首页
C
Cybersecurity and Infrastructure Security Agency CISA
量子位
Stack Overflow Blog
Stack Overflow Blog
Recent Announcements
Recent Announcements
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
I
Intezer
Scott Helme
Scott Helme
A
About on SuperTechFans
博客园 - 司徒正美
Hacker News: Ask HN
Hacker News: Ask HN
The GitHub Blog
The GitHub Blog
Forbes - Security
Forbes - Security
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
博客园 - 聂微东
人人都是产品经理
人人都是产品经理
The Cloudflare Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Spread Privacy
Spread Privacy
T
Tailwind CSS Blog
S
Security Affairs
宝玉的分享
宝玉的分享

Henri Sivonen’s pages

Parin vuoden tutkimattomuus crates.io: Rust Package Registry Asiakirjatonta toimintaa It’s not wrong that "🤦🏼‍♂️".length == 7 Koulutartuntojen tilastointimenettely Perusteasiakirjoja hallussapitämättä ikärajoitettu Asiantuntijat ja nukkuva vallan vahtikoira Koronapassilausunto Suppealla tietopohjalla ohimeneväksi väitetty Text Encoding Menu in 2021 The Text Encoding Submenu Is Gone An HTML5 Conformance Checker Not Part of the Technology Stack Browser Technology Stack Bogo-XML Declaration Returns to Gecko A Look at Encoding Detection and Encoding Menu Telemetry from Firefox 86 Why Supporting Unlabeled UTF-8 in HTML on the Web Would Be Problematic Rust Target Names Aren’t Passed to LLVM Toimintamalli Activating Browser Modes with Doctype Johtopäätöksiä mallin rakenteesta Tehtävänmäärittelyä kirjoittamatta ja kuolemia laskematta laumasuojamallinnettu Character Encoding Menu in 2014 Erillissuosituksen tarpeettomuudesta yleissuosituksen poikkeukseksi? STM:n maskiaikajana Rust 2021 Oma-aloitteisesti mallinnettu Kokopinovaatimuksin kilpailutettu chardetng: A More Compact Character Encoding Detector for the Legacy Web Varauksia paisutellen tiedotettu Perusteasiakirjoitta tiedotettu Always Use UTF-8 & Always Label Your HTML Saying So IME Smoke Testing The Validator.nu HTML Parser About the Hiragino Fonts with CSS It’s Time to Stop Adding New Features for Non-Unicode Execution Encodings in C++ Rust 2020 The Last of the Parsing Quirks About about:blank Rust 2019 a Web-Compatible Character Encoding Library in Rust How I Wrote a Modern C++ Library in Rust Using cargo-fuzz to Transfer Code Review of Simple Safe Code to Complex Code that Uses unsafe A Rust Crate that Also Quacks Like a Modern C++ Library #Rust2018 No Namespaces in JSON, Please A Lecture about HTML5 Julkisesti luotettu varmenne ikidomainille TLS:ää (SSL:ää) varten -webkit-HTML5 Lists in Attribute Values The Sad Story of PNG Gamma “Correction” If You Want Software Freedom on Phones, You Should Work on Firefox OS, Custom Hardware and Web App Self-Hostablility HTML5 Parser Improvements ARIA in HTML5 Integration: Document Conformance (Draft, Take Two) Schema.org and Pre-Existing Communities Lowering memory requirements by replacing Schematron HTML5 Parsing in Gecko: A Build Introducing SAX Tree NVDL Support in Validator.nu HOWTO Avoid Being Called a Bozo When Producing XML An Unofficial Q&A about the Discontinuation of the XHTML2 WG Thoughts on HTML5 Becoming a W3C Recommendation Four Finnish Banks Training Users to Give Banking Credentials to Another Site Unimpressed by Leopard Sergeant Semantics The Content Sink Inheritance Diagram – 2006-06-30 What is EME? About Points and Pixels as Units The Performance Cost of the HTML Tree Builder Social Media Impression Management The spacer Element Is Gone Openmind 2006 Performance Mistake XHTML and Mobile Devices WebM-Enabled Browser Usage Share Exceeds H.264-Enabled Browser Usage Share on Desktop (in StatCounter Numbers) HTML5 Parser-Based View Source Syntax Highlighting Vendor Prefixes Are Hurting the Web Accept-Charset Is No More Dualroids Writing Structural Stylable Document in Mozilla Editor ISO-8859-15 on haitallinen Hourglass The Scientific Method According to Hixie Maemo Source Code Karpelan lukkovertaus ontuu Digitaalisesta arkistoinnista ARIA in HTML5 Integration: Document Conformance (Draft) XHTML—What’s the Point? (Draft, incomplete) Mac OS X Browser Comparison HOWTO Spot a Wannabe Web Standards Advocate An Idea About Intermediate Language Trees and Web UI Generation Thoughts on Using SSL/TLS Certificates as the Solution to Phishing Bureaucracy Meets the Web Europe Day HOWTO Establish a 100% Literacy Rate What to Do with All These Photos? Charmod Norm Checking Validator Web Service Interface Ideas DTDs Don’t Work on the Web EFFI’s Day in Court
Can Anti-DRM Clauses in Content Licenses be Free?
Henri Sivonen · 2011-12-22 · via Henri Sivonen’s pages

This essay has been written as a required deliverable for the course T-76.5753 Law in Network Society.

The GNU Free Documentation License 1.2 and the Creative Commons 2.5 suite of licenses, the best-known “free” or “open” content licenses, both contain anti-DRM clauses. The Debian community, which is very strict in its interpretation of what is free, tends to consider the anti-DRM clauses in these licenses non-free in terms of the Debian Free Software Guidelines. See the summaries by Manoj Srivastava on the GFDL and by Evan Prodromou on CC. (Of the Creative Commons licenses only Attribution and Attribution-ShareAlike have any chance of being formulated as free.)

Are anti-DRM clauses a good idea? Are the current clauses merely badly drafted and an anti-DRM clause in general could be free? Or is any anti-DRM clause inherently non-free?

The Purpose

Let us consider why anti-DRM clauses exist. The entire purpose of DRM (Digital Restrictions Management according to its opponents) is to incarcerate a work and to deprive the recipient of the work of the freedom to do things with the work without contrived technical barriers. Therefore, DRM is inherently contrary to the GPL-style notion of freedom that requires freedom to be passed on downstream.

Moreover, anti-DRM clauses are also anti-anti-circumvention clauses. Content industry incumbents have lobbied for Draconian anti-circumvention laws that tend to make some part of the process of the circumventing “effective” technical measures a criminal offense and the copyright holder cannot waive his “protection”. This means that entangling a work in DRM puts the recipient at the risk of criminal prosecution if he exercises his freedoms otherwise granted by the license. Putting your neighbor in such a position could be considered unethical. Certainly, it defeats the point of granting a license to modify and redistribute the work.

The Arguments Against

Three arguments have been presented against the anti-DRM clauses of the GFDL and the CC licenses. First, it has been argued that the clauses are worded in such a way that they prohibit encryption or any kind of access control (such as basic HTTP authentication or removing the read permission in a Unix-like file system). The second argument is that the formulations cover private copies. The third argument is that prohibiting the use of DRM even if a copy without DRM is provided alongside the copy with the DRM goes beyond the restrictions of GPLv2 (and GPLv2 is assumed to be about as restrictive as you can get while still being on the free side).

DRM vs. Access Control and Privacy Measures

The first argument seems almost like a straw man. However, since it has actually been presented, it needs addressing. The essence of DRM and the essence of access control are crucial different. The essence of DRM is to let a person see or hear a work while technically preventing him from making a copy. (The technical absurdity of this is protected by law.) Access control or encryption for private communications, on the other hand, either prevents access to the bits or grants access without trying to technically control what happens with the bits once the access has been granted.

The Debian-style notion of freedom does not require one to provide copies of a work to everyone. However, when someone is furnished with a copy, it needs to happen on free terms. Therefore, as far as the first argument goes, an anti-DRM clause could be free if it were worded so that anyone to whom a copy of the work is provided must be given access for all purposes otherwise granted by the license without technical measures intended to curtail some activities. The problem is with the wordings in the licenses that deal with “technological measures that control access or use of the Work” or “obstruct or control the reading” of the work in general instead of scoping the clauses to controls devised against parties who have been furnished with copies or to whom the work has been provided for ephemeral viewing (e.g. by broadcasting or streaming). I believe that as far as the access control argument goes, the licences could be made free by drafting them better.

Private Use

Also, private DRM-infected copies for technical reasons should obviously be allowed in order for a license to be free, because it is generally non-free to restrict what people do with copies they keep to themselves.

Using DRM and Providing Also a DRMless Copy

Being able to rerecord the work or to extract it from a copy without committing a crime (or using a tool the creation or distribution of which is a crime) is essential for exercising the rights provided by the Creative Commons suite of licenses, because the licenses do not guarantee the recipient access to the preferred format of making modifications to the work but instead it is up to the recipient to exercise freedom with the copy she is given. (Since the Creative Commons licenses are intended to be applicable to music and movies and the preferred format for making modifications to these may be over a thousand times larger than the typical distribution versions in byte size, requiring the source to be provided would be impractical.) The GFDL, on the other hand, requires the recipient to be given access to a “Transparent” copy of the work anyway, so the anti-DRM clause of the GFDL is mainly an anti-anti-circumvention clause that mitigates the risk of the recipients of copies to commit a crime and works as a poison pill against DRM-only systems.

Devices that require DRM are not a big problem presently. DVD players will play discs that don’t use CSS, iPods play also DRMless MP3 and AAC files, and Adobe Reader does not require PDFs to be encrypted. Therefore, it would make sense for those who object to DRM and anti-circumvention legislation to produce a large pool of compelling content that comes with an anti-DRM poison-pill clause. That way the pool of such content would work as an incentive against creating devices and player software that refuse to play DRMless content.

Even if a device requires content to be DRM-infected, applying DRM privately e.g. just before transferring content from a desktop computer to a player device would be allowed if the anti-DRM clauses were fixed not to apply to private copies (and one didn’t distribute preloaded players). This might not be possible if the DRM system requires a central authority to sign the files.

What this really boils down to is this: Is a license free if it forbids you from distributing DRM-infected copies even if you provide a DRMless copy of comparable or better quality also? The DRMless copy would most likely be in a different format, but then so is a source CD provided with a printed book. It is well-established that ensuring downstream freedom is free, so the case where only a DRM-infected copy is provided could be prohibited without making the license non-free.

Given enough money anyone can still have a book printed. However, the controllers of the DRM system might refuse to sign or otherwise bless modified works thereby de facto limiting downstream freedom to replace the work with a modified version. Having to go to central authority to exercise freedoms and not being able to apply DRM on one’s own would de facto fail the Dissident Test downstream (and protecting freedom downstream is free), so the discussion needs to be limited to DRM that one could apply on one’s own but distribution of DRM-infected versions is merely for convenience like precompiled binaries for software. (However, just because something is allowed privately does not mean that the results should be distributable. GPL has set the precedent by allowing private derivatives that have proprietary parts.)

Conclusions

So would a ban on relatively useless but still legally dangerous DRM discriminate against certain people or a field of endeavor? Personally, I am inclined to think that it wouldn’t in a way that would be non-free. After all, it is free for the GPL to discriminate against people who make the choice of refusing to accept the GPL and against the field of endeavor of mixing GPL’ed code with proprietary code. At least at present, using a player that requires DRM is in practice a choice that does not correlate with e.g. one’s ethnicity, profession or religion. Also, it is a choice that does not inherently correlate with any field of endeavor, since there is no regulation forcing any field of endeavor to apply DRM to content (even though in the U.S. certain players need to support DRM). This is in contrast with software replaceability regulations in e.g. radio devices.

So yes, I am inclined to think an anti-DRM clause in a content license can be free if it only deals with distributing copies and it does not attack boolean access control but measures that try to restrict the nature of access once some access has been granted. Such clauses may even be a good idea in the sense that they may discourage the creation of DRM-only players.