Is TPM bad for Open Source? (#c32)

It’s been argued that TPM and bill C-32 are bad for Free/Libre Open Source Software development. Is that true? If so, why? If not, why not? Personally, I don’t think so, and I’ll tell you why.

Let’s first have a look at what you can legally do under C-32:

30.6 It is not an infringement of copyright in a computer program for a person who owns a copy of the computer program that is authorized by the owner of the copyright, or has a licence to use a copy of the computer program, to

(a) reproduce the copy by adapting, modifying or converting it, or translating it into another computer language, if the person proves that the reproduced copy

(i) is essential for the compatibility of the computer program with a particular computer,

(ii) is solely for the person’s own use, and

(iii) was destroyed immediately after the person ceased to be the owner of the copy of the computer program or to have a licence to use it; or

(b) reproduce for backup purposes the copy or a reproduced copy referred to in paragraph (a) if the person proves that the reproduction for backup purposes was destroyed immediately after the person ceased to be the owner of the copy of the computer program or to have a licence to use it.

30.61 It is not an infringement of copyright in a computer program for a person who owns a copy of the computer program that is authorized by the owner of the copyright, or has a licence to use a copy of the computer program, to reproduce the copy for the sole purpose of obtaining information that would allow the person to make the program and any other computer program interoperable.

Now, I am not a lawyer, but when I read this, I take it to mean that, under section 30.6 of the bill, software – even proprietary software – may be adapted for the purpose of interoperability. In fact, it may even be “translated into another computer language” – i.e. disassembled – for the purpose of interoperability (either with a computer or with another computer program). This allows for a rather large set of possible reverse-engineering practices to be legal under this bill.

41.12 (1) Paragraph 41.1(1)(a) does not apply to a person who owns a computer program or a copy of one, or has a licence to use the program or copy, and who circumvents a technological protection measure that protects that program or copy for the sole purpose of obtaining information that would allow the person to make the program and any other computer program interoperable.

(2) Paragraph 41.1(1)(b) does not apply to a person who offers services to the public or provides services for the purposes of circumventing a technological protection measure if the person does so for the purpose of making the computer program and any other computer program interoperable.

(3) Paragraph 41.1(1)(c) does not apply to a person who manufactures, imports or provides a technology, device or component for the purposes of circumventing a technological protection measure if the person does so for the purpose of making the computer program and any other computer program interoperable and

(a) uses that technology, device or component only for that purpose; or

(b) provides that technology, device or component to another person only for that purpose.

(4) A person referred to in subsection (1) may communicate the information obtained under that subsection to another person for the purposes of allowing that person to make the computer program and any other computer program interoperable.

(5) A person to whom the technology, device or component referred to in subsection (3) is provided or to whom the information referred to in subsection (4) is communicated may use it only for the purpose of making the computer program and any other computer program interoperable.

(6) However, a person is not entitled to benefit from the exceptions under subsections (1) to (3) or (5) if, for the purposes of making the computer program and any other computer program interoperable, the person does an act that constitutes an infringement of copyright

(7) Furthermore, a person is not entitled to benefit from the exception under subsection (4) if, for the purposes of making the computer program and any other computer program interoperable, the person does an act that constitutes an infringement of copyright or an act that contravenes any Act of Parliament or any Act of the legislature of a province.

Again, not being a lawyer, I take this to mean that if I were to make a media player with the intention of being interoperable with, say, iTunes – which would require me to break the DRM/TPM on iTunes files, I would be allowed to do so (unless the iTunes licence says otherwise, which it does). Similarly, a library that allows me to crack CSS on a DVD would be legal if provided for the purpose of making a media player interoperable with the closed-source variants, as long as I don’t infringe any copyrights while developing my media player.

I should say that by far most open source software doesn’t consist of media players: there are enormous amounts of code that has nothing to do with TPM and is still open source software. Also: I don’t see an “industry vs. open source” movement here (at least not on the industry’s side, nor on the government’s side): open source software is widely used by, and developed by, the software industry. The industry has as big a stake in Free/Libre Open Source Software as the students and hobbyists that are up in arms against it. Need I remind you that Intel, IBM, Google, Red Hat, etc. are all corporations who have invested heavily in Linux and other open source technologies?

I don’t see any legitimate activities in the software development business that would be seriously hampered by this bill.

About rlc

Software Analyst in embedded systems and C++, C and VHDL developer, I specialize in security, communications protocols and time synchronization, and am interested in concurrency, generic meta-programming and functional programming and their practical applications. I take a pragmatic approach to project management, focusing on the management of risk and scope. I have over two decades of experience as a software professional and a background in science.
This entry was posted in Opinions. Bookmark the permalink.

10 Responses to Is TPM bad for Open Source? (#c32)

  1. TPM is bad for opensource says:

    [this comment was edited as follows: the quoted texts were formatted with blockquote tags]

    I cannot distribute computers with VLC on them so that my customers can play DVD movies using their DVD drives, that’s a legitimate activity that is banned. It is pretty clear and we have letters from Clement’s office to suggest it is illegal.

    I am not a lawyer and I think you’re being very optimistic.

    I’ve attached an email discussion from the framers of the bill with a constituent. They give the lawyerly response of if CSS is a TPM and libdvdcss is meant to circumvent CSS then libdvdcss would be seen as a tpm-breaker and illegal to distribute. This can further translated because they say that in US Courts CSS was a TPM.

    So to translate further from lawyer speak, libdvdcss is meant to break TPM. Therefore libdvdcss and software that uses it breaks TPM and would illegal.

    So there you have it, the framers of the bill essentially argue against your position.

    This letter could also be admitted as evidence of the purpose of the bill itself.

    Also if you want to see what James Moore et al. think about Google go on twitter and see his discussion with Cory Doctorow where James Moore strikes against Google.

    Here’s an excerpt from Tony Clement’s office:

    Do you know if CSS would be a TPM?
    Bill C-32 implements the international standards set out in the 1996 World Intellectual Property Organization (WIPO) Internet treaties, which require protection of “effective technological measures” used by copyright owners to prevent unauthorized use of their work.

    Accordingly, whether CSS, or any technology, would be captured by the TPM provisions would depend on whether it meets the definition of TPM in the bill, specifically whether it effectively protects a work. It is worth noting that courts in other countries have already examined this question (including the US, which found that CSS was an effective TPM). It would be up to Canadian courts to interpret whether CSS is a protected TPM in Canada.

    Do you know if libdvdcss would be illegal under C-32?
    Under C-32 it would be illegal to sell or distribute devices that are designed primarily to circumvent a TPM. To determine if libdvdcss falls under this provision, a court would need to determine (i) that CSS is an effective TPM (as discussed in question 1) and (ii) whether libdvdcss is designed primarily to circumvent the CSS TPM.

    Erik Waddell
    Director of Communications
    Office of the Honourable Tony Clement

    http://ossguy.com/?p=662

    And from C-32

    http://www2.parl.gc.ca/HousePublications/Publication.aspx?DocId=4580265&Mode=1&Language=F&File=72#16

    “technological protection measure” means any effective technology, device or component that, in the ordinary course of its operation,

    (a) controls access to a work, to a perform- er’s performance fixed in a sound recording or to a sound recording and whose use is authorized by the copyright owner; or

    (b) restricts the doing — with respect to a work, to a performer’s performance fixed in a sound recording or to a sound recording — of any act referred to in section 3, 15 or 18 and any act for which remuneration is payable under section 19.

    • Hi again (could you leave a name next time, so I now what to call you?),

      The primary purpose of VLC is to play media – not to break TPM. In order to be interoperable with other, similar media players, it has to be able to read the same formats, including CSSed DVDs. In order for that to be possible, it needs to use a tool to read CSSed DVDs.

      If you own a DVD with CSS protection on it (or are licensed to use a DVD with CSS protection on it) you can “circumvent a technological protection measure within the meaning of paragraph (a) of the definition “technological protection measure” in section 41” in order to “[circumvent] a technological protection measure if [you do] so for the purpose of making the [VLC] and any other computer program interoperable and (…) [use] that technology, device or component only for that purpose“.

      I don’t see this as being optimistic: this is what the law says. Again, I am not a lawyer but I think this is in line with both the spirit and the letter of the bill. I don’t see this bill as an attack on open source software.

      If I’m wrong, the bill needs to be fixed.

  2. I think this debate should be framed more as “TPM is a barrier for interoperability” rather than speaking only about open source. TPM is a trick meant to limit the usage of a work so it can run only on a specific set of devices, devices that must conform to what the lock maker wants. The user might not have signed to what the lock maker wants, and might not know about those terms, but has no choice to abide to those terms since the only devices or the software he can use to view the work must be approved by the lock maker, others are illegal to use. That is, if digital locks are granted broad protection by law.

    I also doubt the software interoperability clause would apply to playing music, videos and other things generally not considered as “software”. It seems more like the intent is to be able to adapt a particular software on a different computer.

    • I think this debate should be framed more as “TPM is a barrier for interoperability” rather than speaking only about open source. TPM is a trick meant to limit the usage of a work so it can run only on a specific set of devices, devices that must conform to what the lock maker wants. The user might not have signed to what the lock maker wants, and might not know about those terms, but has no choice to abide to those terms since the only devices or the software he can use to view the work must be approved by the lock maker, others are illegal to use. That is, if digital locks are granted broad protection by law

      You might want to read the bill: this isn’t what it says and, so far, I know of no-one that has claimed this particular line either. As I understand it, hardware compatibility is not an issue.

  3. Zygo says:

    The exception does allow you to make an open-source DVD player if you have a properly licensed DVD player, but you have to prevail in court on two points:

    1. DVDs are computer programs, and
    2. Your DVD player is not in itself a prohibited TPM circumvention device.

    You can also make an open-source DVD player if you have a license for a DVD encoder, or you wrote one yourself, and you didn’t infringe any copyrights or patents or illegaly acquire any trade secrets to do it. You can then write an open-source DVD player that interoperates with your DVD encoder. This doesn’t work for other media formats where the TPM is based on asymmetric crypto, since you can’t write an encoder for those unless you can get a private key without signing away your rights to release open-source player software. Good luck with that.

    Open source software on an iPhone is prohibited by the Apple developer SDK agreement and iTunes app store policy, and by the TPM in an iPhone which doesn’t allow users with unmodified phone firmware get their software from anywhere else unless they purchase proprietary software from Apple and build the open source software themselves.

    • Open source software on an iPhone is prohibited by the Apple developer SDK agreement and iTunes app store policy, and by the TPM in an iPhone which doesn’t allow users with unmodified phone firmware get their software from anywhere else unless they purchase proprietary software from Apple and build the open source software themselves.

      Half of iPhoneOS (or iOS as it’s called now) is open source and many applications on it are open source as well..?

    • A word on assymetric cyphers, btw: assymetric cyphers are very computing-intensive in that even encrypting or decrypting a relatively small amount of data takes a lot of CPU cycles. It is not an effective way to encrypt large amounts of data. What is usually done, therefore, is to encrypt a symmetric key with the assymetric cypher, and use a symmetric cypher to encrypt the data.

  4. Pingback: Is TPM bad for Open Source? Absolutely! « Zygo's Unimaginatively-Named Blog

  5. TPM is bad for opensource says:

    RLC, you may call me T4FLOSS if it makes life easier, I try to post without identity and without ego.

    * Performances are not software

    Based on Mr. Fortin’s comment and my reading I believe:
    in copyright law and in this copyright law they view software and performances as different things. So I suspect a file that is primarily a video will be considered a performance and thus not viewed as software. Since a performance is not normally software I think one can assume that you wouldn’t interoperating with software thus I don’t think the section you quoted would be valid.

    Here’s what Michael Geist says:
    http://www.michaelgeist.ca/content/view/3244/369/

    The interoperability provisions do not help address this issue, since DVDs may not be considered computer programs and many of the circumventing programs have functionality beyond playback of commercial DVDs. The net effect, as noted by the Canadian Software Innovation Alliance, is that Bill C-61 erects an enormous barrier to open source software adoption, thereby harming innovation and a competitive marketplace. The solution – as proposed by the Computer and Communications Industry Association in 2000 – is to create an exception the substantially broadens the interoperability exception.

    * If you’re right, what does this bill actually do?

    To further hammer in this point I think you should consider what does this bill actually do if it allows you to circumvent TPM for interoperability reasons, and those reasons include reading and playing videos from DVDs. So if I can do that to a DVD, why can’t I do it to other TPM’d works. I think if you follow this further you see that either bill does what you’re suggesting it does, allows to write and distribute and use TPM breaking software or it plainly doesn’t. Now why would they include all these provisions about TPM in the first place if you could just break them and why in 41 was any circumvention plainly banned if they were going to let any competitor walk in and decrypt the TPM protected software, performances and audio recordings?

    * The spirit of the bill is to criminalize TPM circumvention, especially for audio and performances (video)

    So based on those 2 points and the reasoning that Clement’s staff gave ossguy I believe that this bill clearly says we can’t circumvent TPM for personal use on things that aren’t software. I believe it suggests TPM circumvention is only for interoperability with other software (in this class there are other exceptions I realize).

    * Interoperability

    This bothers me. Does anyone have the definition of interoperability that they actually mean?

    Here’s one which is more your interpretation:
    http://en.wikipedia.org/wiki/Interoperability

    the ability of two or more systems or components to exchange information and to use the information that has been exchanged.

    Summary:
    * Interoperate/interoperability
    * What does the bill actually do if TPM interoperability spreads out so far
    * I’m not sure you can interoperate with non-programs (works performances are not necessarily software)

    So we’re basically stuck til we have the interoperability definition, but based on comments by the Bill Framers I’d suggest they have a dim view of what interoperability means.

    • Hi T4FLOSS,

      So we’re basically stuck til we have the interoperability definition, but based on comments by the Bill Framers I’d suggest they have a dim view of what interoperability means.

      I guess we are.

      If I’m right, the bill outlaws piracy, but not legitimate use and not the development of open source software. If I’m wrong, it needs to be fixed.

      Thanks 🙂

      Ronald

Comments are closed.