Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
Should Open Source respect access control?

By Paul Johnson in MLP
Mon Mar 12, 2001 at 01:46:21 PM EST
Tags: Freedom (all tags)
Freedom

This article originally appeared in Linux Today, but its so short that I'll reproduce the whole thing here:


Adam Langley asks:

Xpdf is a free (GPLed) PDF reader which respects Adobe's lame "copy-protection" bits in PDFs where the reader refuses to allow printing or copying etc.

I've written a patch to uncripple xpdf, should Debian apply it?

This is an interesting question, and it doesn't just apply to xpdf. You have the issue of legitimate fair-use versus the wishes of the copyright holder. And in the USA you also have the DMCA.

When the deCSS lawsuit hit the fan there were some who argued that since the CSS crypto was so pitifully weak it did not constitute an "effective" method of locking up the content and was therefore fair game. The judge (correctly IMHO) rejected this argument on the grounds that "effective" did not refer to the difficulty of circumvention. By analogy, suppose I tied my front door shut with string and someone cut the string to gain entry. They are just as guilty of breaking and entering as someone who uses a sledgehammer.

But this argument cuts both ways. A simple "if" statement in an open source program is just as legally "effective" as the strongest encryption. So suppose, for example, that the LiViD project were to produce a DVD player which respected all the DVD copy protection stuff, even down to the region control codes. At that point it would no longer constitute a circumvention device under the DMCA, even though the "if" statement would be trivial to find and remove. (Of course IANAL).

So what about xpdf? It would appear that this patch would effectively make xpdf into an access control circumvention device, and hence make it illegal under the DMCA.

What do you think?

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Poll
Should open source respect copy control bits?
o Yes 50%
o No 42%
o Rusty! 7%

Votes: 52
Results | Other Polls

Related Links
o This article
o Linux Today
o Adam Langley
o LiViD project
o Also by Paul Johnson


Display: Sort:
Should Open Source respect access control? | 22 comments (21 topical, 1 editorial, 0 hidden)
Backwards (4.00 / 4) (#1)
by hardburn on Mon Mar 12, 2001 at 09:04:20 AM EST

The judge (correctly IMHO) rejected this argument on the grounds that "effective" did not refer to the difficulty of circumvention. By analogy, suppose I tied my front door shut with string and someone cut the string to gain entry. They are just as guilty of breaking and entering as someone who uses a sledgehammer.

More like someone used a string to keep you out of your house, and then charged you for breaking and entering when you cut the string.

If we were to take this ruling to a logical extreme, you might get this.


----
while($story = K5::Story->new()) { $story->vote(-1) if($story->section() == $POLITICS); }


True, but irrelevant (none / 0) (#5)
by Paul Johnson on Mon Mar 12, 2001 at 10:30:22 AM EST

What you say is true, but does not affect the point I was making. Whether the DMCA is an unjust law or not, the effectiveness of the "if" statement still applies. In my analogy its the same as that piece of string requiring a policeman to get a search warrant before entering. The point is that it doesn't matter how flimsy the property enforcement mechanism is, it still has the full weight of the law behind it.

Paul.
You are lost in a twisty maze of little standards, all different.
[ Parent ]

EFF and licensing (1.71 / 7) (#2)
by MrAcheson on Mon Mar 12, 2001 at 09:37:00 AM EST

Well there is one small problem with not adhering to Adobe's copying control. I believe Adobe technically owns the PDF format. IANAL, but if you do something they don't like xPDF, they may have cause to go after you. If your code is GPLed then I believe the FSF technically owns it. Hence Adobe can go after the FSF. This would be a bad thing. Keep in mind that IANAL though.


These opinions do not represent those of the US Army, DoD, or US Government.


Wrong (4.00 / 3) (#3)
by Paul Johnson on Mon Mar 12, 2001 at 09:47:08 AM EST

No, they can't go after the GPL merely for owning the copyright on something. DMCA lawsuits cover "trafficing" rather than ownership.

Having said that, the existence of this patch would make an interesting test case.

Paul.
You are lost in a twisty maze of little standards, all different.
[ Parent ]

That's not how the GPL works! (4.00 / 2) (#9)
by tnt on Mon Mar 12, 2001 at 11:16:32 AM EST

You said:

If your code is GPLed then I believe the FSF technically owns it. Hence Adobe can go after the FSF.

That is not true. Just because the FSF created the GPL, does not mean they own all the code released under the GPL. (Go and read the licenese.)

Whoever is the copyright holder on that piece of software (released under the GNU GPL) owns it. Now some people and companies (that release software under the GNU GPL) will add the FSF as a copyright holder, so that the FSF does infact own that software. But you have to take those extra steps to have that effect. [If you want an example, go and take a look at the software Red Hat writes; they add the FSF as a copyright holder.]



--
     Charles Iliya Krempeaux, B.Sc.
__________________________________________________
  Kuro5hin user #279

[ Parent ]
FSF (3.00 / 3) (#10)
by klamath on Mon Mar 12, 2001 at 11:17:18 AM EST

If your code is GPLed then I believe the FSF technically owns it.
No! The FSF does not own code that is GPL'd. The GPL is just a license, and does not imply anything about the FSF. The vast majority of GPL'd code is not owned by the FSF.

You're confusing the GPL with something else: if you contribute a patch to an official GNU project (something like GNU Emacs or I believe GCC), the FSF want you to hand over the copyright for your contribution to them, so that they legally own all the code in their products. This allows them to be able to legally defend it from copyright enfringements (namely violations of the GPL).

Also, I believe the PDF standard is officially open, although Adobe don't like people using it other than themselves. I think people writing apps that read/write PDFs are fine.

[ Parent ]

Re: FS (none / 0) (#16)
by eLuddite on Mon Mar 12, 2001 at 02:12:29 PM EST

No! The FSF does not own code that is GPL'd.

This is true but ...

The original author of xpdf went to the trouble of adding copy protection to his work. Whoever modifies the original work to remove this protection will presumably be acquired by Adobe as a target. What to do?

Well, you can transfer your copyright over to the fsf which is something that they like and encourage because they are the keepers of the flame and have the lawyers to prove it.

So at this point someone either has to (a) respect the original author's code; (b) have the courage of their convictions; (c) fend that courage off to the FSF.

---
God hates human rights.
[ Parent ]

The thing that always bugs me... (4.00 / 1) (#6)
by regeya on Mon Mar 12, 2001 at 10:36:51 AM EST

To be blunt, I think that the laws on such things should be similar to the approach insurance companies take with break-ins. (Yeah, I know, I'm comparing law to the actions of private companies. Forgive me. :-)

Let's take two people, both get their cars broken into. Person A has fairly substantial damage to their car. Their driver-side window has been broken out so that the thief can gain entry to the car. Further, the steering column has been absolutely wrecked by the thief because the owner used one of those ridiculous Claw devices. And lastly, the detachable-face radio has been smashed. In this hypothetical situation, the insurance company pays for the damages.

Person B leaves their car unlocked, their keys in the car, and leaves the radio in the passenger-side seat with easy-to-unplug plugs to make things convenient for the thief. Reasoning? Well, Person B doesn't want their windows smashed, the steering column wrecked, and/or the radio damaged by a thief. And further, The Law is on their side, as theft is theft is theft, right? Well, yes, but Person B gets nothing from their insurance company, because while The Law is indeed on their side, insurance companies would rather your car get totalled by a thief than for you to make the car desirable to a thief.

So, really, if it's that simple to defeat (in other words, the client program determines for itself if somethings copyable/printable) then I would hope that nothing could be done to those applying the patch. Not a perfect world, though.

[ yokelpunk | kuro5hin diary ]

Argument could be used on damages (none / 0) (#7)
by Paul Johnson on Mon Mar 12, 2001 at 10:47:46 AM EST

I think that this argument could be used to argue down damages. Take deCSS again. Suppose that the Supremes finally decide against 2600. At that point the MPAA will presumably waffle on about irrepairable damage to an industry worth billions of dollars. But this can be punctured by saying "If CSS was so valuable, why didn't you spend a few thousand dollars making it secure?".

Of course, IANAL.

Paul.
You are lost in a twisty maze of little standards, all different.
[ Parent ]

Basic Unix Design Philosophy (4.50 / 4) (#8)
by the Epopt on Mon Mar 12, 2001 at 10:59:41 AM EST

The primary design philosophy of the Unix-oid operating systems has long been "lots of small, single-(or few-)purpose utilities that can be piped together." Thus, I would suggest that xpdf and mp3 players and so on all respect copy control bits faithfully.

And that we have a contest for the smallest/most elegant/cutest/whatever copy-protection-bit-toggler utility. We can then play whack-a-mole with such small utilities of questionable legality without interfering with the distribution of our larger applications.
-- 
Most people who need to be shot need to be shot soon and a lot.
Very few people need to be shot later or just a little.

K5_Arguing_HOWTO
I concur ... (4.00 / 1) (#12)
by yojimbo-san on Mon Mar 12, 2001 at 11:55:44 AM EST

Not only would a "protected PDF" de-protection program work in this context, you would then also be free to use more featured (commercial?) PDF programs as well.

This way, we would leave the existing software alone (it isn't broken, it complies to the standards for that data type).

We then ask ourselves if we should be distributing a program whose sole purpose is in assisting us in gaining access to an expression of data.

A DePDFCP (Decrease PDF Copy Protection) program certainly would not assist anyone in copying a restricted PDF ... :-)


Quick wafting zephyrs vex bold Jim
[ Parent ]
This is actually pretty hard (none / 0) (#21)
by Paul Crowley on Sun Mar 18, 2001 at 06:37:23 PM EST

If you set the "no print" flag, all of the content is encrypted, and the "no-print flag" is embedded in the key. But it's not encrypted as one big stream; instead, each little bit of data is encrypted separately. The easiest way to remove copy protection would be to produce a decrypted version of the file, but to do that you have to parse the entire file format and individually decrypt each chunk of data. It's not a simple or small thing to do.

By comparison, if you already have a program that can display PDFs, telling it not to honour the flag is the easiest thing in the world.
--
Paul Crowley aka ciphergoth. Crypto and sex politics. Diary.
[ Parent ]

I wouldn't... (4.50 / 2) (#11)
by joto on Mon Mar 12, 2001 at 11:17:53 AM EST

I think it is better to sneak the patch in slowly. It would be better if the patch had already existed for one or two years before putting it into the main distribution, since the change wouldn't be so drastic. That would also buy you some sort of plausible deniability of Adobe or someone else chooses to go after you.

It would also be better if the patch at least in some way made the user aware of that he might be conducting some actions of a questionable ethical nature. E.g. a popup:

The author of this file has decided to restrict printing. If you want to print it anyway, we won't stop you, but in might not be the ethical thing to do. Are you sure you really want to print this file? [OK] [Cancel]
or something like this:
The author of this file has decided to restrict printing. If you want to print it anyway, you can restart xpdf with the option --override-all-security, and you will not see this dialog-box again. [Ok]
Perhaps the --override-all-security option could result in the first alternative, in order to really be "helpful".

But anyway, I wouldn't rush anything into the Debian distribution (not that they have a history of that anyway...)

In some cases, there's a reason... (none / 0) (#17)
by WWWWolf on Tue Mar 13, 2001 at 05:11:12 AM EST

The author of this file has decided to restrict printing. If you want to print it anyway, we won't stop you, but in might not be the ethical thing to do. Are you sure you really want to print this file? [OK] [Cancel]

There are, of course, real reasons why "no print" flags are used in some of our PDFs.

"The author of this file has decided to restrict printing. Are you sure you want to abuse the government's (really small) education budget by printing this 200-page file? (Remember: The Computer Center knows you did it, punk.) [Yes] [Er, no.] [Launch LyX so I can write a nice letter to the Ministry of Finance.]"

=)

-- Weyfour WWWWolf, a lupine technomancer from the cold north...


[ Parent ]
2 programs (none / 0) (#14)
by rebelcool on Mon Mar 12, 2001 at 01:15:35 PM EST

clearly, the "legal" version should be the distributed one. However, eventually someone else will make a decrippled version available, so it might as well be you. So while the legal one should be distributed mainstream, might as well make a separate one available for people who want to use it, though they'll have to consciously look for it.

COG. Build your own community. Free, easy, powerful. Demo site

It is a good question (none / 0) (#15)
by RangerBob on Mon Mar 12, 2001 at 01:42:43 PM EST

I have some friends who have a small area group here. One day, they found some of their stuff up on Napster and were furious. They weren't really furious about the fact that it was up there. They don't really mind if people can get their music for free. What made them so angry is that no one asked them if they could put it up there.

How does this apply to access control? Well, maybe the original author of the document had a reason to do things like not want it easily printable or copyable. I've thought about doing something simliar because I've caught people plagiarizing some of my research work. The author might also not realize that it's set up that way. Either way, as an author, I'd rather someone ask me first. As I just posted for another article, I personally don't mind if people quote my work or use it in something else, but I think they should at least show some courtesy by asking first. I think that people forget things like this a lot of times.

And I also discount the "information wants to be free" silliness. If that were the case, why can't I get anyone to give me personal information like credit card numbers, social security numbers, and bank accounts? It's all just information, after all :)

is there a difference? (none / 0) (#18)
by jxxx on Tue Mar 13, 2001 at 06:52:02 AM EST

I see this as the manifestation of two opposing views.
1- that things such as information stored on a computer
represent totally new ideas, and rules applied to older
tech, such as books can not be cleanly applied

2- that such a thing as described above represents an
evolution/mutation, and that old rules can be applied

Physical space has some rules similar to write-protect bits.
Photo copy shops in the US have signs stating that US currency can only be copied at <=.075 or >=1.5 the original
size. This is enforced by legions of soldiers.

How does Adobe's army measure up?

Anyone know if Google respects access control? (none / 0) (#19)
by Toojays on Wed Mar 14, 2001 at 05:46:50 AM EST

I only noticed this today, but I searched for something on Google, and it seems that Google does in fact crawl PDF files. Not only that, but you can download a PDF-to-text converstion done by Google if you don't want the PDF file. The only information I could find about this on Google itself is here.

Does anyone know whether or not Google refuses to index/convert PDF files which the author doesn't want converted?



No (none / 0) (#20)
by dabadab on Wed Mar 14, 2001 at 06:45:53 AM EST

Access control is a pain in the ass.
WEAK access control is an insult.
If I want to be insulted I run fortune with the appropiate options.
--
Real life is overrated.
A point about definitions (none / 0) (#22)
by Pogue Mahone on Wed Mar 28, 2001 at 09:23:37 AM EST

Paul Johnson writes:
The judge (correctly IMHO) rejected this argument on the grounds that "effective" did not refer to the difficulty of circumvention.

That's correct, but maybe not for the reason you think. If you read the DMCA closely, you'll find that the term "effective technological measure" is defined, for the purposes of the Act, to be just about any attempt to control access. There can then be no defence using the normal English definition of "effective".

I think one should be very careful using house and lock analogies. To anyone technical it's a ridiculous analogy, but the MPAA are using it because of its emotional appeal to Joe Sixpack. When was the last time you made several thousand copies of your house and sold them to anyone who wanted one?

A better analogy would be if you sold tickets to look around your house. How do you think your customers would feel if they turned up to find that the door was tied shut and they were only allowed to peek through the windows.


--More--

Should Open Source respect access control? | 22 comments (21 topical, 1 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!