The Right, but not the Requirement, to Read

Posted by Ken Y-N on July 2nd, 2008 at 08:45am

The Ask Apache web site recently re-published Richard M Stallman’s “The Right to Read”, a slide down the slippery slope to DRM hell. There is an update from RMS himself which reveals that although he has the right to read the Trusted Computing Group’s specifications, he has not chosen to exercise this right.

I’ll quote the relevant parts in full:

One of the ideas in the story was not proposed in reality until 2002. This is the idea that the FBI and Microsoft will keep the root passwords for your personal computers, and not let you have them.

The proponents of this scheme have given it names such as “trusted computing” and “palladium”. We call it “treacherous computing”, because the effect is to make your computer obey companies instead of you. This was implemented in 2007 as part of Windows Vista; we expect Apple to do something similar. In this scheme, it is the manufacturer that keeps the secret code, but the FBI would have little trouble getting it.

This is completely wrong in so many ways and indicates that he either has not looked at the Trusted Computing Group specifications or chooses to mislead his audience. I suspect a bit of both, quite frankly.

What Microsoft keeps is not exactly a password in the traditional sense; no person ever types it on a terminal. Rather, it is a signature and encryption key that corresponds to a second key stored in your computer. This enables Microsoft, and potentially any web sites that cooperate with Microsoft, the ultimate control over what the user can do on his own computer.

The first two sentences also apply to GPG (the open source version of PGP) and the final sentence is a massive strawman leap of logic. While a key stored within a Trusted Platform Module can be manipulated remotely, there is to the best of my knowledge no such facility implemented within Vista to automatically and remotely load a key pushed by Microsoft.

Vista also gives Microsoft additional powers; for instance, Microsoft can forcibly install upgrades, and it can order all machines running Vista to refuse to run a certain device driver. The main purpose of Vista’s many restrictions is to make DRM that users can’t overcome.

Refusing to run drivers is part of the standard certificate-based architecture that even FireFox supports, although Vista uses certificates for executables, not just web site access. In addition, the last sentence is another strawman.

Read the full story, if you must, here.

Tags: richard m stallman