[wilhelmtux-discussion] FC: Bush administration's position on open-source seems... flexible (fwd)

Alex Schroeder alex at emacswiki.org
Son Feb 2 11:41:12 CET 2003


Alex Schroeder <alex at emacswiki.org> writes:

> Seltsam, muss mir die Seite wirklich nochmal anschauen.  Aber gerade
> im letzten c't haben die Leute das bestätigt, was ich auch vermute --
> wenn man ein OS verwendet, welches den TCP nicht verwendet, dann hat
> man auch keine Nachteile.  Somit:  Wer Software von einer Firma kauft,
> die den TCP will, muss selber schauen...

Ich bleibe bei dieser Aussage.  Habe zB. untenstehende Passage auf
http://www.againsttcpa.com/tcpa-faq-en.html gefunden.

Also alles nur Panik mache?

Der Schlüssel ist folgender Abschnitt:

    "The result is a PC booted into a known state with an approved
    combination of hardware and software (whose licences have not
    expired). Control is then handed over to enforcement software in
    the operating system - this will be Palladium if your operating
    system is Windows."

Ok, trifft für mich also nicht zu.  Wenn Linux die Info des Fritz Chip
nicht verwendet, habe ich kein Problem.

Das einzige wirkliche Problem an der ganzen Geschichte ist *völlig
unabhängig* vom Fritz Chip!  Das Problem ist der langsame Verlust
unser "Fair Use" Rechte -- also Fotokopieren für den Eigengebrauch,
beispielsweise.  Da kann ich nur die beiden Bücher von Lawrence Lessig
empfehlen, die es sicher auch in deutscher Übersetzung gibt (Code is
Law und Future of Ideas).

Lawrence Lessig schafft es, die Probleme der Copyright Durchsetzung
mittels Software herauszuarbeiten, ohne ein einziges Mal das Wort TCP
zu verwenden.

Alex.

    4. How does it work?                                                    
                                                                            
    TCPA provides for a monitoring and reporting component to be mounted in
    future PCs. The preferred implementation in the first phase of TCPA is a
    `Fritz' chip - a smartcard chip or dongle soldered to the motherboard.  
                                                                            
    When you boot up your PC, Fritz takes charge. He checks that the boot   
    ROM is as expected, executes it, measures the state of the machine; then
    checks the first part of the operating system, loads and executes it, 
    checks the state of the machine; and so on. The trust boundary, of      
    hardware and software considered to be known and verified, is steadily  
    expanded. A table is maintained of the hardware (audio card, video card 
    etc) and the software (O/S, drivers, etc); Fritz checks that the        
    hardware components are on the TCPA approved list, that the software    
    components have been signed, and that none of them has a serial number 
    that has been revoked. If there are significant changes to the PC's     
    configuration, the machine must go online to be re-certified. The result
    is a PC booted into a known state with an approved combination of       
    hardware and software (whose licences have not expired). Control is then
    handed over to enforcement software in the operating system - this will 
    be Palladium if your operating system is Windows.                       
                                                                            
    Once the machine is in this state, Fritz can certify it to third        
    parties: for example, he will do an authentication protocol with Disney 
    to prove that his machine is a suitable recipient of `Snow White'. This 
    will mean certifying that the PC is currently running an authorised     
    application program - MediaPlayer, DisneyPlayer, whatever. The Disney   
    server then sends encrypted data, with a key that Fritz will use to     
    unseal it. Fritz makes the key available only to the authorised        
    application and only so long as the environment remains `trustworthy'.
    For this purpose, `trustworthy' is defined by the security policy       
    downloaded from a server under the control of the application owner.    
    This means that Disney can decide to release its premium content to a   
    given media player application in return for a contract that the        
    application will not make any unauthorised copies of content, will      
    impose a certain set of conditions (including what level of security has
    to be set in TCPA). This can involve payment: Disney might insist, for  
    example, that the application collect a dollar every time you view the 
    movie. In fact, the application itself can be rented too, and this is of
    great interest to software companies. The possibilities seem to be     
    limited only by the marketers' imagination.