Random Thoughts..
Saturday, March 01, 2003
Of cabbages and kings � Or why Shared Source is not for you
Sankarshan Mukhopadhyay [sankarshanm@softhome.net]
"The time has come," the Walrus said,
"To talk of many things:
Of shoes--and ships--and sealing-wax--
Of cabbages--and kings--
And why the sea is boiling hot--
And whether pigs have wings."
[Through The Looking Glass: Lewis Carroll]
�Over the last few years there has been increasing interest in the multiplicity of software models. Much of this has focused on Open Source Software (OSS)� a label applied to what is in fact a range of models, all of which include the publication of source code. Many of Microsoft's customers and partners have asked us about our source code philosophy and how it compares to other models in the industry today � specifically the OSS model used for such software as the Linux operating system. Microsoft has heard our customers' requests, and we have been studying the OS S model.�
[www.microsoft.com/licensing/sharedsource/philosophy.asp]
Since November 2002, the Microsoft publicity spiel- manufacturing machine has been on the move trying to 'educate' its customers, both existing and potential as to how its Shared Source philosophy is the way out in the clutch of licensing models available and prevalent in the commercial market. What this article proposes to establish is that the licensing paradigm/philosophy so gloriously championed by Microsoft is not a competitor to Open Source Software (hereinafter referred to as OSS) model and neither does a customer benefit from alliance and allegiance to such constrictive model based on restricted and conditional rights.
An overview of the licensing models in vogue is required for any discussion on the above. Thus, although not proposing to be exhaustive, the following definitions are to be adhered to throughout the article (for further information link to www.flora.ca/russell/drafts/license.html for a synopsis of the models).
Shared Source and Open Source are available in different flavors, but the licences in vogue can be generally classified as five different philosophies based on source, which can be defined as:
� Public Domain � everyone has access (help yourself), there are no implicit conditions/strings attached;
� BSD-like (or �CopyCentre�) � everyone is granted right of access to the source, but the acknowledgement of authorship is required;
� GPL-like (or �Free Software�, �CopyLeft� or �Software Libre�) � everyone is granted right of access to the source but distribution of binaries makes it compulsory for the source to be distributed (or at least a commitment of providing access to the source when asked for);
� Shared Source � Microsoft owns it, but you can have a peek if you meet certain stringent conditions, although you generally can't change it or compile it;
� Closed source (or �Proprietary�) � the creator/author owns it, and the sale transaction is based on mutual commercial considerations
These five flavors thus represent a reasonably broad spectrum of control, ranging from none by the author, unrestricted use by the client (Public Domain) to total control by the author, limited rights to run binaries for the client (Closed). And although Shared Source is still proprietary, it manages to apparently tread the fine line between GPL and Closed Source. However, the GPL model of licensing is designed to (protect and) promote the code itself, as opposed to the author's rights to it. This can be analogous to a free-sampling mechanism for the author leading to a future commercial transaction.
http://www.microsoft.com/licensing/sharedsource/ describes Shared Source as "a source-licensing framework that makes source code broadly available while preserving the intellectual property rights". The Shared Source model is a result of Microsoft's 'learning and understanding' of the OSS model and applying them to their business domain. By means and through its Shared Source model, Microsoft aims to allow communities (of customers) a window of opportunity to share the secrets of its code while at the same time maintaining the intellectual property rights required to ensure a monopolistic hold on the business.
A strong and vibrant matrix exists between software and technological usage and the organizations existing in a social setup. This software ecosystem (as defined by Microsoft) consists of the government, the academic institutions, the R&D facilities, the business & commercial community. The Shared Source program aims to empower the communities by providing access to leading development models, improve feedback mechanisms, nurture a healthy industry and protect software/intellectual property rights. Noble aims, yet unfortunately not served due to the nature of conditions imposed by the Shared Source program. Microsoft terms GPL as viral. However, the most controversial and damaging aspect of its own Shared Source program can lead to a different conclusion.
The Shared Source program contains a Non-Disclosure Agreement. Effectively put it prevents a software developer (involved in the Shared Source program)to work in a similar non-Microsoft project. Thus, Shared Source does 'taint' or infect software development process much more effectively and the model is even more stringent than commercial proprietary licensing paradigm. The rights granted by the Shared Source program are:
� Licensees may read and reference the source code but may not modify it;
� Licensees may debug their internal applications that run on top of Windows using Windows debugging tools to make calls into the Windows source code;
� The license term is one year.
Thus, as can be seen from above, the model effectively limits the user/customer under the Shared Source model to be a tester under the licensing agreement, without the ability to modify/apply own fixes. It does not change the vendor-centric model of software development, yet adds stringent conditions that manage to stifle growth. Shared Source leaves the client almost completely deprived of control, Open Source, especially GPLed Free Software, gives the client a great measure of control
i. All the different versions of Shared Source explicitly reject the notion of redistribution or sharing of with third parties, a scenario absent in OSS model.
ii. At a commercial or governmental level, the Shared Source program forbid modification to the code, thus preventing access to solve problems. This read-only access does not in any way help in bug fixes and/or patch development as such activity is solely the right of Microsoft. With open source, such restrictions on the right to implement fixes are completely absent. The OSS model, being based on a globally distributed active and vibrant developer community, leads to a wider access to knowledge without strings attached.
iii. Shared source licenses include a requirement that the licensor agree to treat Microsoft's code as confidential proprietary data. It follows that any developer, once he has seen shared source code, can be enjoined under trade-secrecy law from any activity that Microsoft considers competitive with its code.
Shared source, therefore, behaves like a virus. Thus being part of a Shared Source program ensures that projects/developer teams need to be shielded from being exposed to the knowledge that comes as a part of the package. Intermingling of such knowledge with existing products/projects can lead to violation of copyright and IPR laws leading to subsequent lawsuits. Since IPR laws more often than not do not offer protection to monopolistic knowledge bases, the Shared Source model actually restricts and hinders software development. On the other hand, no such problems exist with OSS and this is well suited and adapted to the current practices of software development.
TRUSTED COMPUTING & DIGITAL RIGHTS MANAGEMENT
Said I trust you but I lied!
By Sankarshan Mukhopadhyay [sankarshanm@softhome.net]
Pre-amble
Recent reports available with news sites and also published in the Economic Times of India suggest that Microsoft [hereinafter referred to as MSFT] will be pushing through the Windows Rights Management Architecture & Services [WRMA & WRMS] by the 1st week of March, 2003. In the light of such an event, this article proposes to establish the fallacy of the Trusted Computing paradigm as made available in public document(s) from TCPA [www.trustedcomputing.org]
What is the TCPA ?
TCPA stands for the Trusted Computing Platform Alliance, an initiative led by Intel. Their stated goal is `a new computing platform for the next century that will provide for improved trust in the PC platform. TCPA is an industry working group formed at sometime in October 1999 with some heavyweight members like IBM, HP-Compaq, Intel and MSFT, to deliver a set of hardware and operating system security capabilities that customers can use to enhance the trust and security in their computing environments via the TCPA Main Specification Revision 1.1 developed by the PC industry platform, operating system application, and technology vendors. The TCPA has developed a Main specification version 1.1 that will help simplify and accelerate the deployment, use, and manageability of security capabilities on computers. TCPA PC Specific Information Specification version 1.0 to assist in the PC specific implementation of trusted computing.
Core functional issues of the TCPA Specifications
There are two areas addressed in the v1.1 are
1) Traditional security feature building blocks such as persistent storage, platform authentication (signing of data), and H/W random number generation;
2) New capabilities such as platform integrity metrics (self-inspection of the BIOS, master boot record, and OS loader in the PC) and anonymous/multiple identities to better address privacy concerns in computing.
The TCPA has defined a general purpose Trusted Subsystem that can be incorporated into a platform, the first focus being the PC.
Trusted Computing Requires Transactions and Computing Devices to be:
I. Trusted � acting in a recognized and attestable manner
II. Reliable � readily available for transactions and communications, as well as prepared to act against viruses and other intrusions
III. Safe � able to stop unwanted intervention or observation
IV. Protected � sharing information with only those who are authorized
V. Private � providing users a way to manage their privacy
What does TCPA offer?
As per the stated aims, a TCPA-enabled system offers a low cost standardized means of embedding security functionality in a platform, which means that improved levels of security can become ubiquitous, hence enabling and encouraging the development and use of applications and services that use security. Another such benefit is improved control of access to data. Previously such access has depended upon authorization or authentication. After TCPA-enabling such access can also be linked to the state of the software in the platform. This enables the denial of access to data if 'rogue software', such as a virus, is introduced into a platform, because such introduction necessarily changes the software state of the platform. Other traditional features of the Subsystem, such as persistent storage and signing, are supposed to improve many applications and services such as Public Key Infrastructure (PKI) deployments and interactions, Web browsers using SSL, and email use of S-MIME among others.
Ubiquitous security in platforms encourages the development and use of security services. PKI related security processes, such as digital signature and key exchange, are protected through the secure TCPA subsystem. Access to data and secrets in a platform could be denied if the software environment in the platform is changed (by a virus, for example). Critical applications and capabilities such as secure email, secure web access, and local protection of data are thereby made much more secure when on a TCPA platform.
�The capabilities provided by a TCPA compliant platform will benefit both business and consumers and are being defined to be independent of a focus on specific market segments.�: a TCPA handout
What does TCPA actually mean ?
But in simple terms what does TCPA offer and/or do? TCPA and the consequent Digital Rights Management (DRM) provides a computing platform/environment where it makes it nearly impossible to tamper with the applications, and where these applications can communicate securely with the vendor. The obvious implication of such a scenario is digital rights management and new niche areas of monopolistic business opportunity. The WRMS & WRMA strategies as envisaged and implemented by MSFT only lend credence to the fact that TCPA & DRM would be a dual-purpose technology. Ostensibly meant to protect content production centers protect their intellectual property, it can also make the computer lock itself up at a software level if a level of 'trust' defined intrinsically is breached.
Palladium
The Microsoft Content Security Business Unit in a preliminary whitepaper ideated on the concept of 'Palladium'. The model was supposed to be
"Palladium" is the codename for an evolutionary set of features for the Microsoft� Windows� operating system. When combined with a new breed of hardware and applications, these features will give individuals and groups of users greater data security, personal privacy, and system integrity. In addition, Palladium will offer enterprise customers significant new benefits for network security and content protection.
Although now available as the WRMS, the basic concept in the implementation and functionality of the system remains more or less the same. Integrating hardware and software platforms to incorporate and embed 'trust' in the computing environment. The mechanism of working of the concept is widely published and available on the Internet. A Google [www.google.com] search with strings that include 'TCPA, Palladium, WRMS, DRM' etc throws up relevant results. The TCPA website itself has a brochure that documents the proposed system. Ross Anderson has compiled a detailed FAQ that addresses among other things the implications of the system. A PCQuest[February 2003] feature article, available at www.pcquest.com also explains how Palladium works. It is noteworthy that MSFT have now rejected the proposed codename of Palladium and have packaged some features of the same within WRMS.
How does Palladium work ?
Even though it will not be recognized as Palladium as such, the article uses the term in a generic way to indicate Trust-based Computing scenarios as envisaged by TCPA and MSFT.
Palladium is based on a
"closed-sphere-of-trust" [that] binds data or a service to both a set of users (logon) and to a set of acceptable applications.
Functionally dependent upon the concept of a Trusted Operating Root (TOR), the TOR does not simply open the vault/application domain; the TOR will only open a particular vault, and only for a small list of applications, that have been authenticated at a prior level. Being based on the strategy of 'enhancements' to the existing OS platforms from MSFT, it acts as a sandbox for interaction between 'trusted applications' and the system so as to prevent information leakage and aggressive and intrusive trespass. Although some commentators seems to find a similarity with the model of the JavaVM , Palladium is related to it only by means of the sandbox-ing concept. The MSFT whitepaper itself mentions that current non-Palladium software applications will find such a feature of no use unless a "Trusted Agent." Component is incorporated.
Even within the TCPA, it is of the belief that the Palladium system is more aimed at DRM than TCPA. And certainly with its overt emphasis on 'rogue software' and insistence of 'security agents', it is MSFT's strategic business push towards enforcing digital rights.
So what does it mean for the OpenSource Initiative ?
The TCPA architecture as well as MSFT's Palladium initiative places emphasis on 'trusted software'. Proprietary software applications have for a long time managed to prevent easy access to content created using these applications, by changing the data format. Consider MS-Word's proprietary data format and the ever continuing attempts to read data in such format. However, the emphasis on signed trusted software applications ensure that it might just be impossible to open such documents in a Palladium enabled setup. As of now, Palladium is an opt-in feature, but with other MSFT technologies it is not far off that to ensure proper functioning of the computer, Palladium would be mandatory to be turned on.
Ross Anderson's FAQ sums it up when he outlines possible scenarios for abuse of the TCPA
�One of the worries is censorship. TCPA was designed from the start to support the centralized revocation of pirate bits. Pirate software will be spotted and disabled by Fritz [the on-board chip] when you try to load it, but what about pirated songs or videos? And how could you transfer a song or video that you own from one PC to another, unless you can revoke it on the first machine? The proposed solution is that an application enabled for TCPA, such as a media player or word processor, will have its security policy administered remotely by a server, which will maintain a hot list of bad files. This will be downloaded from time to time and used to screen all files that the application opens. Files can be revoked by content, by the serial number of the application that created them, and by a number of other criteria. The proposed use for this is that if everyone in China uses the same copy of Office, you do not just stop this copy running on any machine that is TCPA-compliant; that would just motivate the Chinese to use normal PCs instead of TCPA PCs in order to escape revocation. So you also cause every TCPA-compliant PC in the world to refuse to read files that have been created using this pirate program.
This is bad enough, but the potential for abuse extends far beyond commercial bullying and economic warfare into political censorship. . . .
But now, TCPA and Palladium have placed at risk the priceless inheritance that Gutenberg left us. Electronic books, once published, will be vulnerable; the courts can order them to be unpublished and the TCPA infrastructure will do the dirty work. . . .
So after the Soviet Union's attempts to register and control all typewriters and fax machines, TCPA attempts to register and control all computers. The implications for liberty, democracy and justice are worrying.�
Ross further opines that :
TCPA will undermine the General Public License (GPL), under which many free and open source software products are distributed. The GPL is designed to prevent the fruits of communal voluntary labour being hijacked by private companies for profit. Anyone can use and modify software distributed under this licence, but if you distribute a modified copy, you must make it available to the world, together with the source code so that other people can make subsequent modifications of their own.
You will still be free to make modifications to the modified code, but you won't be able to get a certificate that gets you into the TCPA system. Something similar happens with the linux supplied by Sony for the Playstation 2; the console's copy protection mechanisms prevent you from running an altered binary, and from using a number of the hardware features. Even if a philanthropist does a not-for-profit secure GNU/linux, the resulting product would not really be a GPL version of a TCPA operating system, but a proprietary operating system that the philanthropist could give away free. (There is still the question of who would pay for the user certificates.)
People believed that the GPL made it impossible for a company to come along and steal code that was the result of community effort. This helped make people willing to give up their spare time to write free software for the communal benefit. But TCPA changes that. Once the majority of PCs on the market are TCPA-enabled, the GPL won't work as intended. The benefit for Microsoft is not that this will destroy free software directly. The point is this: once people realise that even GPL'led software can be hijacked for commercial purposes, idealistic young programmers will be much less motivated to write free software.
Thus in conclusion, given that it aims at revoking the fundamental freedom � the freedom of expression and the freedom to impart knowledge, it is imperative that a concerted movement based on advocacy and awareness is created. As a system that has within its power to upset the economic balance of many a society as well as constricting the computing power to a chosen few, the TCPA and Palladium system does provide more domains of power to abuse than actually use the immense possibilities thrown up by system. Content management and protection is the area that all content-generating centres try and implement, but rights restriction using an ambiguous sounding procedure as Digital Rights Management is clearly aiming at something more. Restrictive practices are and were followed for hardware components without the general public being aware of them.For example, there are printers that actually degrade the resolution (silently) if the cartridge is not original.Cellphones have been known to drain battery power if the battery is a fake. Yet striking at the heart of human endeavor to impart and structure knowledge and information by restricting the right of usage means DRM could aptly be described as 'Digital Restriction Management'.
Where is the notion of 'trust' if the computing platform decides for the end user which application does not breach its level of security ?