Controversy over GPLv3 draft reflects the 'incompatibility' of DRM with open source

Controversy over GPLv3 draft reflects the 'incompatibility' of DRM with open source

Summary: Yesterday, after a long public comment period, the Free Software Foundation (FSF) released a second draft proposal for version 3 of the GNU General Public License (the GPL).  With many of the public comments focusing on the way the initial draft may have over-reached in its restrictions on the mixture of Digital Rights Management (DRM) technology with GPL-licensed software, the second draft looked to assuage those concerns with toned-down language.

TOPICS: Open Source

Yesterday, after a long public comment period, the Free Software Foundation (FSF) released a second draft proposal for version 3 of the GNU General Public License (the GPL).  With many of the public comments focusing on the way the initial draft may have over-reached in its restrictions on the mixture of Digital Rights Management (DRM) technology with GPL-licensed software, the second draft looked to assuage those concerns with toned-down language.  CNET's Stephen Shankland reported:

The Free Software Foundation has revised provisions concerning the thorny area of digital rights management in a new draft of the General Public License released Thursday....The approach in the second draft of GPL version 3 "only directly restricts DRM in the special case in which it is used to prevent people from sharing or modifying GPLv3-covered software," the foundation said in a statement. "GPLv3 does not prohibit the implementation of DRM features, but prevents them from being imposed on users in a way that they cannot remove."....The foundation didn't bend on the overall thrust of the new DRM provision: Manufacturers of a device that incorporates GPL software may not use that software unless they extend the software's full freedoms to users.

Shankland goes on to report on the specific language and what it means:

The license also says if some form of digital key is required for software to be installed or to run--even if that key is in hardware--it must be included in the software as well so that users can run modified versions the software....Source code that must be supplied with GPL software must include "any encryption or authorization keys necessary to install and/or execute modified versions from source code in the recommended or principal context of use," the second draft said. "The fact that a present in hardware that limits its use does not alter the requirement to include it in the corresponding source."

But, despite efforts to address the concerns raised during the public comment period, controversy has already erupted over the second draft as Linus Torvalds and others are already voicing opposition.  Torvalds is known to many as the father of Linux -- probably the most popular software to ever be licensed under the GPL and, as an operating system, Linux is the most likely of all GPL-licensed software to appear side-by-side with DRM technologies.  Wrote Shankland in a subsequent report:


The second draft of a revised General Public License has been released, but Linus Torvalds--founder and leader of the best-known software project governed by the GPL--remains unconvinced of its merits....Whereas the GPL version 2 was a basic "quid pro quo" arrangement that required anyone modifying source code to make the changes public, the draft of GPLv3 extends much further, Torvalds argued....GPLv3 "basically says, 'We don't want access just to your software modifications. We want access to your hardware, too,'" Torvalds said. "I don't think it's my place as a software developer to judge how hardware works around it.......Say I'm a hardware manufacturer. I decide I love some particular piece of open-source software, but when I sell my hardware, I want to make sure it runs only one particular version of that software, because that's what I've validated. So I make my hardware check the cryptographic signature of the binary before I run it," Torvalds said. "The GPLv3 doesn't seem to allow that, and in fact, most of the GPLv3 changes seem to be explicitly designed exactly to not allow the above kind of use, which I don't think it has any business doing."

Torvalds isn't alone in his criticisms. Accroding to Shankland's first report:

"I'm not sure the changes in the DRM provisions address a lot of the criticisms of draft 1 about the FSF using this document to try to extend control to the systems the software is run on," said Edward Naughton, an intellectual property attorney with Holland & Knight. "Notwithstanding the comments that accompany the draft, the language still seems to reach to hardware platforms. That strikes me as a real reach."

Now comes the question of whether or not the Free Software Foundation and those who disagree with it will just have to agree to disagree.  That's because, when you boil this issue down to its very essence, DRM is incompatible with true open source.  DRM is about locking something up. Open source, at least FSF style, is about making things free.  Any practical examination of how the two may work together under the hood reveals one major problem that only Sun appears to have come close to solving (and even then, it's not pure open source). The idea behind DRM is to protect the copyrights of content publishers by putting digital locks on that content -- locks that can only be removed by software that those publishers trust. That's because once the lock is removed, it's up to the software what happens next. For example, the software may enable a song to be played back. Or, it may enable a song to be burned to a CD 5 times.  But the software doesn't copy an unlocked version of the song to Bittorrent on the Internet. 

In the case of DRM schemes from companies like Apple and Microsoft, content publishers like the various record labels trust that Apple and Microsoft will, in the playback software and devices (eg: iTunes, iPods, Windows Media Player, etc.) they make, respect their wishes once the content is unlocked. Apple and Microsoft can assure this because no one but Apple or Microsoft has the source code to their playback technologies. But, if the playback (or "reader" in the case of text) software is open source-based, then open source developers are free to change what happens next (after the content is unlocked). Naturally, content publishers who favor DRM aren't comfortable with this idea because there are no guarantees that open source developers will respect their copyrights in whatever "happens next" once the locks are removed. 

This incompatibility between DRM and the freedom of open source developers to tinker with the inner workings of software is in many ways responsible for the current state of the industry where, with no truly open DRM technology to turn to as a widely supported industry standard, content publishers have little choice but to go with closed proprietary solutions that are themselves incompatible with each other (ie: DRM technologies from Apple and Microsoft).  The net result is producing an untenable situation where, once consumers make investments in content from one source (eg: Apple's iTunes Music Store), they will forever have no legal choice but to use Apple's playback technologies (today, that's the iTunes software, iPods, and a couple of phones from Motorola) or to throw away the hard dollar investment in the content they've purchased the rights to and start over.

In Project DReaM, Sun is attempting to deal with the problem with a framework where open source software is first certified to respect the wishes of copyright holders before it is given the keys to unlock DRM-protected content.  Once the source code is certified, the binary product of that source code (the actual software) is digitally signed and from that point forward, so as long as the digital signature remains in tact (proving the software hasn't been hacked), that software is allowed to remove the locks off of DRM-protected content.  Critics of the approach argue that the idea of certifying software to make sure it only does certain things is the equivalent of placing restrictions on what open source software developers can do which is the antithesis of open source software.  This is true.  But Sun response also holds water. With no other solutions on the table, what's better? The Projeect DReaM approach or the closed proprietary approaches that open source developers can t touch at all? The third answer is to get rid of DRM which I personally would love to see happen.  But, as long as the entertainment industry continues to insist on some form of protection for its content, DRM isn't going to go away any time soon. 

And thus, the impasse the industry is at, on that's characterized by the FSF's poster child for the position it's staking out.  That poster child is the TiVo recorder which operates on pretty much the same principle that Project DReaM does.  To the extent that TiVo recorders are appliances running an embedded version of Linux, the GPL's original author Richard Stallman has objected to the way TiVo uses Linux in its personal video recorders in a way that checks for a correctly digitally signed version of the code.  PVRs like TiVo already serve as "DRM clients" to the various cable TV providers and there have been isolated cases where cable operators have remotely operated the DRM levers resulting in the deletion or disabling of progams that were saved ("recorded") by customers.  By requiring a version of Linux that's digital signed by the manufacturer of a PVR, content publishers (eg: movie studios) and providers (eg: cable networks) are assured that software developers can't replace the operating system and thereby take control over "what happens next" once content that's delivered to the box has its DRM protection removed.

Fundamentally, as I have written before,  the word open (as in "open standards" or "open source") is, as far as I can tell, irreconcilably incompatible with DRM.   I trust that with all the brilliant technical and legal minds at Sun, if they best they can come up with is something in the middle where the code is open source, but the system isn't 100 percent open, then that's the also the best the FSF can hope for if it is going to assuage the DRM concerns in any way. Either that, or the FSF and those who want more liberal terms for DRM in the GPLv3 will have to agree to disagree.  For source code licensed under GPLv3, that impasse could affect adoption and community involvement.  Or, alternatively, licensors can do what Linus Torvalds is doing with Linux -- stick to GPLv2.

Lastly, although it has nothing to do with the DRM, HP apparently objects to the most recent draft of the GPL as well (not that the Free Software Foundation concerns itself with the interests of large commercial vendors).  Accordng to Shankland:

One major company still isn't satisfied. Hewlett-Packard, which sells Linux servers and is involved in the GPLv3 revision process, wants changes to how GPLv3 treats patents...."HP had hoped that the second draft would clarify the patent ease concern that mere distribution of a single copy of GPL-licensed software might have significant adverse intellectual property impact on a company," said Christine Martino, vice president of HP's Open Source and Linux Organization, in a statement. "Unfortunately, the concern lingers in draft 2."

Topic: Open Source

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • The DRM Debate is Backwards

    All the above does is highlight the fact that the entertainment industry does not listen to its customers. Why is there all this squabble over a technology that is loathed by consumers? The solution to the DRM problem is to open up competition in the entertainment industry, so that like in many other industries, companies realize that it is the consumer who dictates what companies are allowed to do ? not the other way around.
    P. Douglas
    • There's the rub

      DRM is designed to close off the industry to would-be competitors--and [i]that's[/i] what America's new socialism is all about.
      • Socialism?

        Sorry, it's what capitalism is about. Capitalism abhors a free market. When capitalists talk about a "free market" they mean free of government control, NOT free of control by big business. Monopolies and cartels have always been the capitalist way. Even Cuba permits one person and family businesses, capitalism sees big business crushing small businesses as soon as they become any sort of a threat. Read the book. (Capitalism, by K. Marx)
  • DRM is not there to prevent copyright infringement

    The main purpose of DRM is not to prevent copyright infringement nor to prevent piracy. The main purpose of DRM is to give the publishers rights which they don't have under copyright law.

    CSS is a good example. CSS is used to enforce Region Encoding on DVDs. What CSS does is scrambles the playback if you try to [b]Play[/b] a DVD in a region in which it is not encoded. Copyright law does not give the right holder the exclusive right to control playback. CSS does not prevent ripping, making an exact copy of the DVD. CSS prevents playing the DVD.

    Every DRM scheme ever introduced to date has been broken and you know what? The Media companies could care less.

    You know why?

    [i]Although it doesn't stop piracy, this level of DRM may be good enough for most labels. It helps to instill a belief in the public that they can only do with their media what their media allows them to do (as opposed to exercising fair use rights, which may prove more broad than DRM restrictions). This type of thinking will enable media companies to better monetize their core products by selling them multiple times?movies on DVD, then again on Blu-ray, then once more for PSP, maybe a fourth time for your iPod, and a couple bucks for the privilege of time-shifting.

    DRM need not be complicated to accomplish this. Even simple and highly-breakable encryption schemes have thrown up a legal barrier (courtesy of the DMCA) that will deter many average Americans from backing up their DVD collection (and then buying Finding Nemo a second time when the toddler sticks the disc in the toaster)[/i]

    That is the true purpose behind DRM.
    Edward Meyers
    • Well said

      That's exactly why this whole problem begun. Media companies will want more control on what people do with the content they supply, to enable new ways to get paid. All digital rights management does is put a barrier of sorts to keep your average Doe "honest" and paying for his "dose" of content. And with DMCA-like legislation, they can enforce these "rights" they make up, beyond what copyright says.

      the above is my opinion only and it's probable some point could be missunderstood, since I'm not a native speaker.
      • Corps want protection against the people & "Democracy" is the sheepskin (NT

        Vily Clay
  • David I enjoy reading your columns, but...

    Please send them through the editorial staff before publishing them. Your grammatical errors are atrocious and detract from your arguments and journalistic cred.
    • Guilty as charged

      It's partially my fault. When I stare at the screen for so long... I can't see errors that easily jump out at me a day later. I apologize and will work harder to publish cleaner posts.
  • DRM has ZERO customer bennefit

    DRM provides for ZERO enhancements in a customers expierience with the product and in more and more cases, blocks/hinders/punishes and in general makes life a LOT harder for customers who do nothing wrong. Simple DRM like what the have in "Plays for Sure...(some of the time, when I will let you)" is already flaky.

    The industry is working from three false assumptions.
    1) EVERYONE wants to purchase their wares DESPITE DRM infection.
    2) DRM software is written correctly. I believe absolutely in anyones inability to create flawless software. When Blue-Ray takes off and Fox add's their proprietary DRM on top of the MPAA DRM, well, it will be fun to watch.
    3) DRM is accepted. In general, it is not even KNOWN by the general consumer. Usually, it is problems that bring DRM to a person's attention, and they get really pissed at that point. There will be a backlash.

    MS loves DRM because they can LOCK out access to DRM infected content access from both Linux and Applle. Apple loves DRM because, same reason. The RIAA/MPAA love DRM because they get to charge over and over and over again. Sony loves DRM, well, not sure why, they could have saved tens/hundreds of millions never doing any of it.

    And as already mentioned, DRM=$ grab. Nothing, absolutely nothing, more. So to me, the only real controversy is from the makers of DRM saying, if we can't trip you off the same way we can with Mac and MS, we won't let you buy our content. It amazes me the arrogance of this group, but eventually, enough people will say OK, I WON'T buy your crap that they will DRM themselves right out of bussiness.

    • That's the crux, isn't it

      We either let them suck the money out of our pockets or we refuse to buy. Don't know where you live, but in the US it boils down to "he who has the gold... rules." That would be the RIAA sharks and their ilk. The politicians represent them, not us, so don't look in that direction for a change.

      I wish I had confidence that you're right and that those who refuse their DRM (I won't buy music from an RIAA member either, for the same reason) will eventually produce an impact. Unfortunately, the only time refuseniks seem to make a difference is when the software developers are completely incompetent, as in the Sony case. Otherwise, it seems, the sheep don't really mind being shorn; they only bleat when it causes real discomfort. It's probably simpy what most sheep are used to.
      • Live in San Antonio

        I have a network of 34 friends and families who are Linux online (some dual boot for games). I would say that I have steered well over 10 people away from DRM MP3 purchases (i.e avoid Itunes, MTP based players, etc). All know how to rip their CDs in Linux and none of them miss the online music purchase experience. in the big scheme, it may not make a difference, but I will keep trying. Even contacted AllOfMP3 to see if they will get artist's permission to sell their tunes in Russia to North American customers if they get a cut of 25c or more per song.

        Seems the RIAA can't stop AllOfMP3 offering DRM free content. I haven't purchased from them yet, because the Artist gets nothing. I told them I would buy from them IF they gave the artist more money and they charged more.


        P.S. I don't believe the quality of DRM software will go up anytime soon.
        • Thanks for the tip

          I didn't know about AllOfMp3. When I buy CDs these days I tend to buy directly from an artist's site when I can, even if it costs a bit more, for the same reason you refuse AllOfMP3 - the artist gets to make a bit from the sale. Most artists don't make a cent from RIAA member sales (a little known fact, and certainly not one you'll hear from our politicians). If AllOfMP3 would pay the artists, I'd gladly buy from them. Thanks for that tip - I think I'll write them a similar note.
          • Musician's have never made money off recordings

            Not from a musical standpoint at least. Most musicians that make money off recordings do so by getting into the recording business and starting their own recording label.

            Where the money is for the musicians is in the performance. Always has and probably always will be.
    • DRM isn't about customer benefit, it's about revenue protection

      what about revenue protection? say you're a content provider, you want as many people to be able to play your content as possible, but you don't want people who haven't paid for it to copy it illegally. so what do you do?

      i have no problem with DRM, AS LONG AS it doesn't affect content playability. unfortunately apple does inhibit that. but the concept in itself of protected data is sound and if you intend to make money with content, or anything that you don't want people pirating, DRM is a fantastic idea cause you know what? the RIAA/MPAA using DRM means that people have to pay for the products that their artists spent money creating.

      you may be used to getting everything for free on the internet but as a musician and a programmer i like the idea that i may be able to write something that people won't be able to just steal after i've sunk my time and money into it.
    • Microsoft loves DRM

      Because they know they can sell it even though they also know it won't work to protect against copyright infringement.

      This just a simple task of giving the customer what they want but no what they need. Not that Microsoft could provide the entertainment industry with what the need and that's good wack up side the head of those in charge for making stupid descisions.
  • DRM is going to be a barrier to acceptance of GPL software in the market

    The normal consumer market doesn't give a rat's *ss about open source geek desires, they care if it works with their iPod and their Sony entertainment system. If the GPL prevents them from connecting their toys then guess who will lose in the market place, it will not be Apple.
    • The key word is works

      DRM is in general, poorly written, badly tested and affects far too many legitimate customers when it fails to work. In theory, "plays for sure" actually does play for sure, however, Iriver for one, SanDisk for another caved in and now PROVIDE tools to change MTP based MP3 players back into UMS that truly does just "play for sure" due to customer demand.

      For these people, NOT being able to purchase DRM infected content was less important.

      I have read many accounts where Ipod software gets confused and blocks access to the ipod when the "5 computer counter" flaw strikes.

      I do agree, for now, DRM is a barrier to marketplace acceptance on the desktop, but eventually, DRM is doomed. It will go kicking and screaming, but the wasted money on a flawed product that provides no customer bennefit and doesn't actually work won't survive the marketplace.

      What they don't concede is that it has already failed, they have lost (RIAA/MPAA) and the $35 Billion annual sales now down to $11 billion yearly is not all due to piracy, it is their refusal to adapt to a changing market and offer the people what they want.

      As much as I would like to see OpenSource mainstream on the desktop, that has never been the reason for OpenSource, it is about freedom, and I applaud all efforts to keep it that way. Besides, Linux on the desktop outside the US is large and getting larger every day. The time will come when Linux users are too large a user base to ignore, and they will sell DRM free content or spiral more quickly into the ground.

      • The RIAA says it won

        I read somewhere that the RIAA posted its own version of that ridiculous "Mission Accomplished" poster seen in the background when Bush role-played being a flyboy after the Iraq invasion. RIAA says pirate downloads are now "level" so they've won their war. Mission accomplished.

        Right. That $35 billion vs $11 billion throws kind of a new light on the victory, doesn't it.

        I have a large CD-based and legal-download-based music collection. NONE of it comes from RIAA companies except older stuff that predates their war against their own customers. Maybe I was wrong in an earlier post - maybe people refusing to buy from such companies really do make a difference.
      • I'll believe it when I see it.

        GPL will lose the DRM fight because it is not compatible with the media industry and that will not change until the artists embrace a non-DRM approach and there is a snowball?s chance in hell of that ever happening. The Red Hot Chili Peppers or U2 are never going to be willing to give it away for free, as far as they are concerned the music industry has been losing billions for years due to dishonest people people copying their work without paying for it. If everyone was honest then there would be a DRM in the first place.

        If you want to use freeware software then that is your choice, but you do not choose for these artists and you have no right to choose for them. If you don?t want to pay for it then you don?t need to listen to it.
    • Or, Those of us who believe that we OWN our equipment

      will only use Open Source Products and the sales of DRMed products will be much lower than would be the case without DRM.

      For some people ethical choices come first.
      Update victim