[Fsf-friends] Interesting speech by RMS

[fjsylvester]

hi friends,

I found this speech by RMS on the net I forgot the url from were I saved
it on my pc.



Can you trust your computer?

                 By Richard Stallman - 
                 Who should your computer take its orders from? Most
people think their computers should obey them, not obey someone else.
With a plan they call "trusted computing," large media corporations
(including the movie companies and record companies), together with
computer companies such as Microsoft and Intel, are planning to make
your computer obey them instead of you. Proprietary programs have
included malicious features before, but this plan would make it
universal. Proprietary software means, fundamentally, that you don't
control what it does; you can't study the source code, or change it.
It's not surprising that clever businessmen find ways to use their
control to put you at a disadvantage. Microsoft has done this several
times: one version of Windows was designed to report to Microsoft all
the software on your hard disk; a recent "security" upgrade in Windows
Media Player required users to agree to new restrictions. But Microsoft
is not alone: the KaZaa music-sharing software is designed so that
KaZaa's business partner can rent out the use of your computer to their
clients. These malicious features are often secret, but even once you
know about them it is hard to remove them, since you don't have the
source code.

In the past, these were isolated incidents. "Trusted computing" would
make it
pervasive. "Treacherous computing" is a more appropriate name, because
the plan is designed to make sure your computer will systematically
disobey you. In fact, it is designed to stop your computer from
functioning as a general-purpose computer. Every operation may require
explicit permission. The technical idea underlying treacherous computing
is that the computer includes a digital encryption and signature device,
and the keys are kept secret from you. (Microsoft's version of this is
called "palladium.") Proprietary programs will use this device to
control which other programs you can run, which documents or data you
can access, and what programs you can pass them to. These programs will
continually download new authorization rules through the Internet, and
impose those rules automatically on your work. If you don't allow your
computer to obtain the new rules periodically from the Internet, some
capabilities will automatically cease to function.

Of course, Hollywood and the record companies plan to use treacherous
computing for "DRM" (Digital Restrictions Management), so that
downloaded videos and music can be played only on one specified
computer. Sharing will be entirely impossible, at least using the
authorized files that you would get from those companies. You, the
public, ought to have both the freedom and the ability to share these
things. (I expect that someone will find a way to produce unencrypted
versions, and to upload and share them, so DRM will not entirely
succeed, but that is no excuse for the system.)

Making sharing impossible is bad enough, but it gets worse. There are
plans to use the same facility for email and documents -- resulting in
email that disappears in two weeks, or documents that can only be read
on the computers in one company.

Imagine if you get an email from your boss telling you to do something
that you think is risky; a month later, when it backfires, you can't use
the email to show that the decision was not yours. "Getting it in
writing" doesn't protect
you when the order is written in disappearing ink. Imagine if you get an
email from your boss stating a policy that is illegal or morally
outrageous, such as to shred your company's audit documents, or to allow
a dangerous threat to your country to move forward unchecked. Today you
can send this to a reporter and expose the activity. With treacherous
computing, the reporter won't be able to read the document; her computer
will refuse to obey her. Treacherous computing becomes a paradise for
corruption.

Word processors such as Microsoft Word could use treacherous computing
when they save your documents, to make sure no competing word processors
can read them. Today we must figure out the secrets of Word format by
laborious experiments in order to make free word processors read Word
documents. If Word encrypts documents using treacherous computing when
saving them, the free software community won't have a chance of
developing software to read them -- and if we could, such programs might
even be forbidden by the Digital Millennium Copyright Act.

Programs that use treacherous computing will continually download new
authorization rules through the Internet, and impose those rules
automatically on your work. If Microsoft, or the U.S. government, does
not like what you said in a document you wrote, they could post new
instructions telling all computers to refuse to let anyone read that
document. Each computer would obey when it downloads the new
instructions. Your writing would be subject to 1984-style retroactive
erasure. You might be unable to read it yourself.

You might think you can find out what nasty things a treacherous
computing application does, study how painful they are, and decide
whether to accept them. It would be short-sighted and foolish to accept,
but the point is that the deal you think you are making won't stand
still. Once you come depend on using the program, you are hooked and
they know it; then they can change the deal. Some applications will
automatically download upgrades that will do something different -- and
they won't give you a choice about whether to upgrade. 

Today you can avoid being restricted by proprietary software by not
using it. If
you run GNU/Linux or another free operating system, and if you avoid
installing proprietary applications on it, then you are in charge of
what your computer does. If a free program has a malicious feature,
other developers in the community will take it out, and you can use the
corrected version. You can also run free application programs and tools
on non-free operating systems; this falls short of fully giving you
freedom, but many users do it.

Treacherous computing puts the existence of free operating systems and
free applications at risk, because you may not be able to run them at
all.Some versions of treacherous computing would require the operating
system to be specifically authorized by a particular company. Free
operating systems could not be installed. Some versions of treacherous
computing would require every program to be specifically authorized by
the operating system developer. You could not run free applications on
such a system. If you did figure out how, and told someone, that could
be a crime.

There are proposals already for U.S. laws that would require all
computers to support treacherous computing, and to prohibit connecting
old computers to the Internet. The CBDTPA (we call it the Consume But
Don't Try Programming Act) is one of them. But even if they don't
legally force you to switch to treacherous computing, the pressure to
accept it may be enormous. Today people often use Word format for
communication, although this causes several sorts of problems (see
http://www.gnu.org/philosophy/no-word-attachments.html). If only a
treacherous computing machine can read the latest Word documents, many
people will switch to it, if they view the situation only in terms of
individual action (take it or leave it). To oppose treacherous
computing, we must join together and confront the situation as a
collective choice.

For further information about treacherous computing, 

see http://www.cl.cam.ac.uk/users/rja14/tcpa-faq.html.

To block treacherous computing will require large numbers of citizens to
organize. We need your help! The Electronic Frontier Foundation
(www.eff.org) and Public Knowledge (www.publicknowledge.org) are
campaigning against treacherous computing, and so is the FSF-sponsored
Digital Speech Project (www.digitalspeech.org). Please visit these Web
sites so you can sign up to support their work. You can also help by
writing to the public affairs offices of Intel, IBM,HP/Compaq, or anyone
you have bought a computer from, explaining that you don't want to be
pressured to buy "trusted" computing systems so you don't want them to
produce any. This can bring consumer power to bear. If you do this on
your own, please send copies of your letters to the organizations above.

Postscripts:

1. The GNU Project distributes the GNU Privacy Guard, a program
That implements public-key encryption and digital signatures, which you
can useto send secure and private email. It is useful to explore how GPG
differs from treacherous computing, and see what makes one helpful and
the other so dangerous. When someone uses GPG to send you an encrypted
document, and you
use GPG to decode it, the result is an unencrypted document that you can
read, forward, copy, and even re-encrypt to send it securely to someone
else. A treacherous computing application would let you read the words
on the screen, but would not let you produce an unencrypted document
that you could use in other ways. GPG, a free software package, makes
security features available to the users; they use it. Treacherous
computing is designed to impose restrictions on the users; it uses them.

2. Microsoft presents Palladium as a security measure, and claims that
it will
protect against viruses, but this claim is evidently false. A
presentation by Microsoft Research in October 2002 stated that one of
the specifications of Palladium is that existing operating systems and
applications will continue to run; therefore, viruses will continue to
be able to do all the things that they can do today. When Microsoft
speaks of "security" in connection with Palladium, they do not mean what
we normally mean by that word: protecting your machine from things you
do not want. They mean protecting your copies of data on your machine
from access by you in ways others do not want. A slide in the
presentation listed several types of secrets Palladium could be used to
keep, including "third party secrets" and "user secrets" -- but it put
"user secrets" in quotation marks, recognizing that this is not what
Palladium is really designed for. The presentation made frequent use of
other terms that we frequently associate with the context of security,
such as "attack," "malicious code,"  "spoofing," as well as "trusted."
None of them means what it normally means. "Attack" doesn't mean someone
trying to hurt you, it means you trying to copy music. "Malicious code"
means code installed by you to do what someone else doesn't want your
machine to do. "Spoofing" doesn't mean someone fooling you, it means you
fooling Palladium. And so on.

3. A previous statement by the Palladium developers stated the basic
premise that whoever developed or collected information should have
total control of how you use it. This would represent a revolutionary
overturn of past ideas of ethics and of the legal system, and create an
unprecedented system of control. The specific problems of these systems
are no accident;they result from the basic goal. It is the goal we must
reject. http://www.cl.cam.ac.uk/users/rja14/tcpa-faq.html.

Copyright 2002 Richard Stallman
Verbatim copying and distribution of this entire article is permitted
without royalty in any medium provided this notice is preserved.


regards,
sylvester