FSF Bulletin Issue 1, November 2002

From the Executive Director

by Bradley M. Kuhn

This is the first issue of our new semiannual FSF Bulletin. While our long-time supporters will fondly remember the now-defunct GNU's Bulletin, we hope that this new bulletin will help keep our donors and associate members informed in a new way, now that FSF's activities extend far beyond just the GNU project that we help sponsor.

The last six months have reminded us all that slowly but surely, the mainstream culture is becoming aware of what we in the Free Software Movement have long known — freedom to share and improve information technology is a fundamental right. In early October, the Supreme Court heard arguments in Eldred v.Ashcroft, a case which considers the constitutionality of the “Sony Bono Copyright Extension Act”. Our General Counsel, Eben Moglen, who authored FSF's amicus brief in the case, mentioned to me that he had rarely seen a Supreme Court hearing so widely attended; he barely was able to get a seat himself despite being a member of the Supreme Court bar. We likely won't know the outcome of this case until we're publishing the next issue of this bulletin. However, the excitement and interest surrounding this case bodes well for our movement, regardless of the outcome. The public is beginning to reconsider how copyright law should be used to protect citizens' right to innovate and draw on our shared commons.

Just before the mid-term elections, we saw the next round of attacks in Microsoft's campaign against the GNU GPL. Adam Smith, a Congressional Representative from the state of Washington, who is well-funded by Microsoft lobbying dollars, circulated a “dear colleague” letter discouraging government use of GPL'ed software. Like all the Microsoft attacks of the last eighteen months, it backfired and Smith backpedaled within two weeks. Even though Steve Ballmer has now declared GPL'ed software “enemy number one”, ousting the likes of Oracle and Sun, we still remain the wily adversary. Microsoft so far knows only how to fight competitors like themselves — companies interested in subjugating users by restricting them. For now, Microsoft and other proprietary software companies remain unsure how to oppose a movement whose primary goal is software liberation. Our adept responses to their attacks have kept them off-balance.

However, to keep pace with attacks from Microsoft and the media companies, and to continue our education efforts about software freedom, we do need your support. One new way to support FSF is to take advantage of our new Associate Membership program. In addition to receiving these bulletins, associate members of FSF receive a 20% discount on all FSF merchandise and books, up to five email forwarding address of the form NAME@member.fsf.org, and an invitation to an annual meeting in the Boston area with FSF board members and staff. If you buy a full-year associate membership for $120 by the end of 2002, you'll receive a complimentary copy of RMS' new book Free Software, Free Society. You can join online at http://member.fsf.org/.

In the next few years, we will fight the most defining battles of our movement since its inception in 1984. We won't get the job done alone. Like all the work we've done so far, success will depend on each one of us working together. FSF will need your help to succeed.

The Digital Speech Project Status

by Staff

Update June 10, 2005: The digitalspeech.org domain accidentally expired, so these links now takes you directly to the EFF

The Digital Speech Project (DSP), sponsored by the Free Software Foundation, is putting together a grassroots coalition to defend the public’s right to use technology for its own purposes.

To stop heavy-handed actions of the media companies and our legislature to curtail digital freedom, the DSP has assembled a steering committee made up of activists and concerned individuals from a broad array of backgrounds.

Heading up the committee is Ravi Khanna, FSF's Director of Communications and an experienced human rights activist. Other members of the committee include college students, a Boston-based singer/songwriter, a law professor, a music teacher, a librarian, two radio station executives, an analyst, the executive director of FSF, and the outreach coordinator for the Electronic Frontier Foundation.

It is an eclectic group — a planned microcosm of the grassroots support they hope to achieve. They are convinced that legislation like the DMCA hurts everyone: software developers, technology companies, computer users, authors, artists, musicians, filmmakers, and anyone who benefits from and enjoys a free marketplace for creative expression.

For the past several months the committee has been working on a statement of principles, a condensation of the beliefs and goals of the DSP. With the creation of the statement, committee members hope to come away with a concise, easy-to-grasp snapshot that can be shared with their constituents in the workplace and on college campuses.

In fact, campuses are among the best places to start, according to committee member and FSF executive director, Bradley M. Kuhn:

We dove into the project with vigor earlier this year. We focused on forming campus Digital Freedom groups. A few campus groups, including the Digital Freedom group at the University of Kentucky, have gotten very active.

What I find when I visit these campuses is a growing underground awareness — based mostly (but not exclusively) in the computer science departments — that current notions of copyright law are too extreme and downright harmful. From what I've seen, college students, despite the popular opinion from the mainstream press, don't dismiss the artists' needs when they share music non-commercially online.

In fact, when I lead class discussions on the topic, all the students who speak up say they've considered it carefully, and that they find the current system of music production to be a scam controlled by the publishing companies. They know as well as Courtney Love does that the current regime isn't about the artist; it's about corporate control.

However, Kuhn points out that getting the word out to people who've never thought about digital freedom before takes time.

We formed the committee because we believe that the best approach is to first and foremost build a broad coalition. With that coalition, represented by the committee, we hope to get the interest of funders to provide us the resources to design and execute a strong grassroots campaign.

This month, the committee is expected to approve the Statement of Principles, which should be available on www.digitalspeech.org (now www.eff.org) by the end of the year. This statement will serve as the guiding document for the project as FSF and the committee launch a nation-wide grassroots organizing campaign for digital freedom in 2003.

Anatomy of GPL Violations

by David ‘novalis’ Turner
GPL Compliance Engineer

For the last eight months, I have served as FSF's primary GPL violation investigator and compliance engineer. I work with violation reporters and GPL violators throughout the whole process — from violation confirmation to resolution. After handling more than fifty GPL violations over the past eight months, I have a few observations about the process that will hopefully enlighten FSF's supporters about the GPL enforcement process. (To get the lawyer's perspective, please read Eben Moglen's article.)

Who violates the GPL?

A plurality of GPL violations on FSF-copyrighted Free Software are in the embedded market. Companies often port GCC to new chips or boards and distribute the binaries without releasing source code. The next most common class is firewall vendors. Many small companies, and a few larger ones, make CDs with small GNU/Linux distributions. You stick these CDs into an old PC with a couple of network cards, and you have a firewall. Unfortunately, you often have a GPL violation too.

What are the most common types of violations?

The most common violations are failure by a distributor to include source code or an offer for source code. This comes as no surprise, since, from the point of view of proprietary software companies, it's the most unusual provision in the license. In cases where there is an offer for source code, it's often only open to those who have binaries, rather than to all third parties (as required by GPL Sec 3(b)). Even worse, sometimes when there's an offer for source code, requests for that source are ignored.

Another unusual provision — that no additional restrictions beyond those in the GPL are permitted (Sec 6) — accounts for most of the remaining violations. Corporate lawyers often like to wrap a whole distribution with an End User Licensing Agreement (EULA). Most of the time, such EULAs are incompatible with the GPL, as they attempt to trump the rights that the GPL protects.

How does FSF find out about violations?

We encourage the public to send violation reports to license-violation@fsf.org. Most of our reports are from customers of the GPL violators. Some are from bored hackers, who download demos or read online copies of licenses. A few are from courageous whistle-blowers inside the violating companies themselves. I read all mail to that address and work with the reporters to get details. Once we've confirmed a violation, I write a letter for our executive director to send to the violator.

How do violations get fixed?

Most violators want to cooperate with us and correct the violations. If they don't, a conference call with Daniel Ravicher, our volunteer outside counsel, usually convinces them that it's in their best interest to cooperate in a friendly way. After all, fixing the violation is usually as simple as releasing the source code. When the violation has been large or has gone on for a long time, we ask that previous customers of the product be notified that source code is available. Sometimes, we have to explain the intricacies of how GPL'd code can be distributed alongside proprietary code (and how it can't). Usually, the violator has fixed most of the problems within a month, leaving only minor details.

What happens afterwards?

Once we've confirmed that the company now complies, intends to continue to do so, and has carried out corrective measures for past violations, we formally restore their distribution rights that were lost (GPL Sec 4). In cases where we are concerned about future violations, we ask the company to appoint an internal GPL Compliance Officer, high enough that she oversees the legal situation of all software products for the company. This person becomes FSF's line of communication for all future GPL violations by that company.

We then ask companies to reimburse us for the time we spend on solving their problem. It's in their interest to pay our costs, so that we can pursue their competitors when they violate the GPL. We don't want to ask our donors to continue subsidizing corporate GPL violators, as they have done so far. But still, while we've been asking for such reimbursement for a few months now, no violators have actually moved to reimburse us yet. For now, we must ask our donors help to enforce the license. You can support my work at FSF by making a directed GPL Compliance Lab donation at http://donate.fsf.org/.

Can You Trust Your Computer?

by Richard M. Stallman

Who should your computer take its orders from? Most people think their computers should obey them, not obey someone else. With a plan they call “trusted computing”, large media corporations (including the movie companies and record companies), together with computer companies such as Microsoft and Intel, are planning to make your computer obey them instead of you. Proprietary programs have included malicious features before, but this plan would make it universal.

Proprietary software means, fundamentally, that you don't control what it does; you can't study the source code, or change it. It's not surprising that clever businessmen find ways to use their control to put you at a disadvantage. Microsoft has done this several times: one version of Windows was designed to report to Microsoft all the software on your hard disk; a recent “security” upgrade in Windows Media Player required users to agree to new restrictions. But Microsoft is not alone: the KaZaa music-sharing software is designed so that KaZaa's business partner can rent out the use of your computer to their clients. These malicious features are often secret, but even once you know about them it is hard to remove them, since you don't have the source code.

In the past, these were isolated incidents. “Trusted computing” would make it pervasive. “Treacherous computing” is a more appropriate name, because the plan is designed to make sure your computer will systematically disobey you. In fact, it is designed to stop your computer from functioning as a general-purpose computer. Every operation may require explicit permission.

The technical idea underlying treacherous computing is that the computer includes a digital encryption and signature device, and the keys are kept secret from you. (Microsoft's version of this is called “Palladium”.) Proprietary programs will use this device to control which other programs you can run, which documents or data you can access, and what programs you can pass them to. These programs will continually download new authorization rules through the Internet, and impose those rules automatically on your work. If you don't allow your computer to obtain the new rules periodically from the Internet, some capabilities will automatically cease to function.

Of course, Hollywood and the record companies plan to use treacherous computing for “DRM” (Digital Restrictions Management), so that downloaded videos and music can be played only on one specified computer. Sharing will be entirely impossible, at least using the authorized files that you would get from those companies. You, the public, ought to have both the freedom and the ability to share these things. (I expect that someone will find a way to produce unencrypted versions, and to upload and share them, so DRM will not entirely succeed, but that is no excuse for the system.)

Making sharing impossible is bad enough, but it gets worse. There are plans to use the same facility for email and documents — resulting in email that disappears in two weeks, or documents that can only be read on the computers in one company.

Imagine if you get an email from your boss telling you to do something that you think is risky; a month later, when it backfires, you can't use the email to show that the decision was not yours. “Getting it in writing” doesn't protect you when the order is written in disappearing ink.

Imagine if you get an email from your boss stating a policy that is illegal or morally outrageous, such as to shred your company's audit documents, or to allow a dangerous threat to your country to move forward unchecked. Today you can send this to a reporter and expose the activity. With treacherous computing, the reporter won't be able to read the document; her computer will refuse to obey her. Treacherous computing becomes a paradise for corruption.

Word processors such as Microsoft Word could use treacherous computing when they save your documents, to make sure no competing word processors can read them. Today we must figure out the secrets of Word format by laborious experiments in order to make free word processors read Word documents. If Word encrypts documents using treacherous computing when saving them, the free software community won't have a chance of developing software to read them — and if we could, such programs might even be forbidden by the Digital Millennium Copyright Act.

Since treacherous computing will impose automatically downloaded rules on your work, you cannot be certain that what you write today can be read tomorrow. If Microsoft, or the U.S. government, does not like what you said in a document you wrote, they could post new instructions telling all computers to refuse to let anyone read that document. Each computer would obey when it downloads the new instructions. Your writing would be subject to 1984-style retroactive erasure. You might be unable to read it yourself.

You might think you can find out what nasty things a treacherous computing application does, study how painful they are, and decide whether to accept them. It would be short-sighted and foolish to accept, but the point is that the deal you think you are making won't stand still. Once you come to depend on using the program, you are hooked and they know it; then they can change the deal. Some applications will automatically download upgrades that will do something different — and they won't give you a choice about whether to upgrade.

Today you can avoid being restricted by proprietary software by not using it. If you run GNU/Linux or another free operating system, and if you avoid installing proprietary applications on it, then you are in charge of what your computer does. If a free program has a malicious feature, other developers in the community will take it out, and you can use the corrected version. You can also run free application programs and tools on non-free operating systems; this falls short of fully giving you freedom, but many users do it.

Treacherous computing puts the existence of free operating systems and free applications at risk, because you may not be able to run them at all. Some versions of treacherous computing would require the operating system to be specifically authorized by a particular company. Free operating systems could not be installed. Some versions of treacherous computing would require every program to be specifically authorized by the operating system developer. You could not run free applications on such a system. If you did figure out how, and told someone, that could be a crime.

Editor's note: The full version of this essay is part of Free Software, Free Society: Selected Essays of Richard M. Stallman.

New Title from GNU Press

Free Software, Free Society:
Selected Essays of Richard M. Stallman
Introduction by Laurence Lessig
Edited by Joshua Gay
$24.95 - Hard Cover Edition

The intersection of ethics, law, business and computer software is the subject of this collection of essays and speeches by MacArthur Foundation Grant winner, Richard M. Stallman. It includes historical writings such as The GNU Manifesto, which defined and launched the activist Free Software Movement, along with new writings on current topics such as “trusted computing” and the proposed CBDTPA. Stallman takes a critical look at common abuses of copyright law and patents when applied to computer software programs, and how these abuses damage our entire society and remove our existing freedoms. He also discusses the social aspects of software and how Free Software can create community and social justice.

The introduction is by Lawrence Lessig, the author of two well-known books on similar topics. He is a noted legal expert on copyright law and a Stanford Law School professor.

It isn't that RMS is an idealist, we've plenty of those. And it isn't that he's a brilliant programmer, we have those too. It's rather that he mixes those two with a well thought-out philosophical basis and a pragmatic understanding of the world and people. He takes ideas about freedom and cooperation that many of us share and shows how they can form a consistent world view that has room for the realities of money and business.

— Bil Lewis, computer scientist, multithreaded programming expert