Open Sources 2.0/Open Source: Competition and Evolution/Why Open Source Needs Copyright Politics

From WikiContent

< Open Sources 2.0 | Open Source: Competition and Evolution
Revision as of 19:06, 5 May 2008 by Docbook2Wiki (Talk)
(diff) ←Older revision | Current revision (diff) | Newer revision→ (diff)
Jump to: navigation, search
Open Sources 2.0

Wendy Seltzer

Some programmers and businesspeople draw a distinction between "Free Software" and "open source." Free Software is political, they say, and open source is pragmatic. Free Software developers want to recode the world; open sourcers just want to write good code. This distinction is, of course, exaggerated. Many people adopt these labels for their own reasons; some switch between them depending on audience or context. But even the most apolitical of open source developers and users should be concerned by the copyright battles waged right now. The copyright law being made and enforced today will impact the software we can develop and use for decades, and its impact reaches far beyond commercial media.

Imagine, for example, that you'd like to build an open source home multimedia server. Nothing fancy yet, just a place to play music, watch the occasional DVD, and record television programs—one machine to replace the menagerie of devices nesting in your media center. Easier developed than cleared legally. Technically, you (or others willing to share with you) will be able to meet the challenges with Moore's Law-fast processors, ever-cheaper massive storage capacities, and clever user interfaces. The legal obstacles are harder to hack. Start with the music. If you have standard CDs, you're all set: plenty of Free programs let you play them from the CD drive, rip them to Ogg, FLAC, or MP3 (with a nod, perhaps, to the patent licensors at Fraunhoffer). Try to connect to a streaming service or purchase music online, and things get tricky. Apple's iTunes, the "new Napster," and Rhapsody all lack open source clients, and none would be happy with reverse engineering to write one that plays the music they sell encrypted or by subscription.

Yet music is the easy part. Want to write a player for DVDs you've purchased or Netflixed? Because only closed source implementations have been licensed to decrypt the DVD's files, any DVD player you write is liable to be deemed a "circumvention" by the movie studios and courts, even if the only features you write match those of WinDVD or the standalone player under the TV. Television, then; recording over-the-air broadcasts shouldn't be too hard, since those are unencrypted. Watch out for the digital television transition and the broadcast flag, though. Unless public interest groups' challenge succeeds, the FCC's broadcast flag rule will ban open digital TV tuners that can be used with open source software. The only ones who will be able to play will be those making closed hardware or proprietary software decoders. You'll encounter these obstacles before you even try to take any of your media off the server to exchange with friends or family.

OK, but say for a moment that you have no interest in multimedia. Leave that minefield for another day and move on to business networks or productivity software. Even there, copyright law intrudes. Your security analysis of a system's encryption might be limited by what media companies have preemptively claimed as "technological protection measures;" your selection of replacement parts or add-on modules could be dictated by copyright-based tying more than fitness for use; your ability to interoperate depends on whether reasonable interpretations of the law prevail over some vendors' extreme copyright claims.

Like a group of once-healthy cells grown out of control, copyright law has metastasized to threaten the system of creativity it was once helping to support. No longer a "limited monopoly" to encourage creativity and dissemination of creative works to the public, copyright has become a blunt tool of exclusion, chilling development of software, among other creative endeavors. And so the fight to restore balance to copyright law cannot be dismissed as mere politics. Unless users and developers of open source software join the copyfight, they will find the new reality of copyright law restricting not just their freedom to play blockbuster movies, but also their core freedoms to write and run independent and interoperable software.

Contents

From Movable Type to MovableType

A balanced copyright law is enshrined in the U.S. Constitution: "to promote the progress of science and useful arts," Congress was empowered to grant authors exclusive rights "for limited times." The monopoly created was limited in time and scope. The first copyright law gave authors a 14-year term, renewable once, to publish and vend maps, charts, and books. Copyright protected original expression for a short time, while leaving others free to build around that expression (translations and dramatizations, for example), and then to recycle works entirely from the public domain once copyright expired.

Copyright law has changed with the introduction of new technologies. New means of reproduction often first challenge the copyright framework, then establish themselves as new creative tools for authors and their public audiences alike. At the turn of the last century, printers bought single copies of sheet music and punched holes into rolled paper to program "piano rolls" for then-new player pianos. Composers and music publishers sued, seeking to rein in this appropriation. When the courts held that punched paper didn't "copy" inked notes, Congress updated the law with a compromise—not to ban player pianos or mechanical reproduction, but to permit anyone to produce piano rolls if they paid a "mechanical license" royalty for every roll sold. As the player piano market grew, more music reached more people, and more composers got paid for creating it.

The pattern has repeated itself many times since. Songwriters and performers denounced radio until both found that it could promote sales. Movie studios deplored the videocassette recorder, saying Sony's Betamax would be the "Boston Strangler" to their industry. When they failed to shut Sony down, however, the industry converted its peril into a profit center, finding that viewers with home recorders were potential customers for rentals and sales of appropriately priced videotapes. Meanwhile, the Supreme Court's ruling that technology makers would not be liable for users' copyright infringements so long as their devices were "capable of substantial noninfringing use" fueled a technology boom. The public and the creators shared the benefits of new technology—the public could record movies from television to videotape; studios could sell or rent videocassettes more easily than reel-to-reel.

Despite making it through these earlier transitions, the entertainment companies haven't stopped fighting technological change and the competitive threats it represents. The MP3 player is a slightly more convenient cassette deck, and the weblog is just the next step forward from the typewriter and mimeograph. This time, however, the entertainment industry has swayed many in Congress and the courts to the view that "digital is different," and induced them to change the law in ways that are different and dangerous.

This expansion of copyright's control interferes with open source development. The changes manifest themselves in layers, most notably overassertion of protection for code itself; excessive protection of other copyrighted content that code is dealing with; and misuse of copyright to control markets and maintain cartels in technologies of distribution or manipulation of code and content. Together, the copyright layers build a shell around not only proprietary code, but also around culture and innovation.

Copyright in Code

Copyright protects original expression in code, as it protects any other "original works of authorship fixed in any tangible medium of expression." Some developers use that protection to enforce the openness of their code, as with the GNU General Public License (GPL); others use it to reinforce a proprietary distribution model. But while copyright protects code's creative expression, it does not protect the functions, methods, or procedures that expression implements. Thus, even for closed code, a programmer remains free to study interfaces and functionality, free to interoperate or replace that code with his own.

Situated as it is in an environment filled with proprietary software and poorly documented interfaces, open source development frequently relies on reverse engineering to fit in. Anyone who has used Samba to bridge Windows and non-Windows networks has benefited from Andrew Tridgell's reverse engineering of the Windows protocols for network services; anyone who exchanges files to read and write them in OpenOffice.org rather than Microsoft Word appreciates the reverse-engineering-derived ability to edit files in Microsoft Word format.

Courts have long held that reverse engineering, the practice of examining something and taking it apart to figure out how it works, is a fair use, not an infringement of copyright. Even when programs are released only as closed, binary code, programmers can often discover a great deal about them by watching their operation or the file formats they use, or by disassembly. Reimplementing those discoveries in new code comports with copyright too. So, companies have been protected in taking apart a video game console to build a console emulator (Sony v. Connectix) or disassembling a game to build a new one compatible with the console (Sega v. Accolade). If someone builds a better mousetrap after examining those that exist, copyright law will not stop her from deploying it.

At least that's the black-letter law. In practice, though, many copyright holders try to extend copyright's limited monopoly to block reverse engineering, through a combination of copyright, contract, and anticircumvention. For example, Blizzard, maker of the popular Starcraft and Warcraft video games, claims that all players have "agreed," through click-wrap licenses they encounter before the programs run, to a contract that prohibits reverse engineering the Blizzard games. This contract plus copyright, Blizzard asserts, prevents anyone from interoperating without permission.

The bnetd project began when a group of programmers became frustrated by the poor performance of Blizzard's battle.net server for multiuser play of the games they had bought. Instead of putting up with the frequent downtime and rampant cheating on Blizzard's server, they started work on their own open source game server. By watching the communications between game and server, the bnetd programmers were able to reverse engineer their own compatible server, which they set up to give owners of Blizzard games an alternate place to meet, and made the source available for others to join the effort. The public got another option for playing Starcraft, and another reason to buy Blizzard games.

Blizzard rewarded the bnetd team's creativity with a lawsuit claiming, among other things, copyright infringement and breach of the click-wrap contract. The team had not seen any of Blizzard's source code, much less copied it, as they reimplemented uncopyrightable functionality, but that didn't stop Blizzard from pulling out the copyright sword. Copyright's lack of protection for functionality is deliberate and sound innovation policy—the public benefits from being able to choose among competing implementations of functionality, be they game servers or network services—yet Blizzard follows in the steps of many trying to get around copyright's limits with contract claims.

Blizzard was trying to limit the code others could produce, to extend the copyright protection on its own code. But many of those pulling out copyright's swords aren't trying to protect code, but other copyrighted content touched by—or that they're afraid will be touched by—code. These efforts, assertions of secondary liability, anticircumvention regimes, and attempts to impose technology mandates, all limit open source developers' ability to produce new code, to learn from old code, and to compete in the market with proprietary code.

Secondary Liability

Copyright law has not been strictly limited to the direct infringers, but may be extended to those who "contribute" to the infringement in an ongoing relationship with the infringer, or with special-purpose equipment suited only for infringement. Thus, the proprietor of a hall, who looks the other way while paying guests listen to unlicensed music, can be held vicariously liable for the infringing public performance, and the seller of tapes of a length precisely timed for copying particular copyrighted albums could be held contributorily liable for the subsequent infringing use. Extended too far, however, secondary liability chokes off innovation.

Twenty years ago, the Supreme Court rejected Universal and Disney's "unprecedented attempt to impose copyright liability upon the distributors of copying equipment" with the ruling that manufacturers of devices "capable of substantial non-infringing use" could not be held secondarily liable. The MGM v. Grokster lawsuit, an attack by all the major record labels and movie studios against Grokster and Streamcast, maker of the Morpheus filesharing software, is nothing short of an all-out assault on the Sony standard.

The studios argue that Grokster and Streamcast should be liable because many users of the peer-to-peer software infringe copyrights—notwithstanding that many others transfer public domain works from Project Gutenberg or the Internet Archive; freely licensed works including open source software and Creative Commons-licensed media; or government works. They argue that the producers of software should be held liable for its "predominant" or "principal" use. Their standard is unworkable both to an entrepreneur financing an untested product and to an open source developer releasing software, any of whose users could adapt it to an unintended, infringing purpose.

Under the Betamax standard, makers of multiuse devices such as the VCR could thus offer them to the public without fearing that they might be held liable if customers misused them to infringe copyrights. With this assurance, hardware makers built components with open interfaces, including CD and DVD burners and massive hard drives, without fearing that someone might put the Plextor on the copyright hook by using that CD burner for large-scale copyright infringement. They built copying devices to transfer content. Software makers, too, have safely offered highly configurable and open source software with relative confidence that their users' configurations won't land them in hot water. The studios' proposed redefinition threatens that freedom to innovate.

Grokster is thus much bigger than peer-to-peer. An expansion of copyright liability, with a "predominant use" test, would make it safer to produce limited-purpose, non-user-modifiable devices and software than open hardware and open source software, regardless of the intent of the developer.

If secondary liability for those who "contribute" to infringement in some ill-defined way weren't enough, the entertainment industry is likely to return to Congress with pleas of renewed urgency to pass the INDUCE Act, which stalled last term. That proposed bill would add yet another level of indirect liability: "inducing" infringement of copyright would extend beyond those who made the tools, to those who explained how to make them work. Watch out that your documentation isn't too thorough!

Anticircumvention

The next stage of copyright expansion beyond direct infringement is the anticircumvention and antitools provisions of the Digital Millenium Copyright Act (DMCA). In the real world, these provisions do little to stop hard-core piracy, but they present a serious barrier to open source compatibility.

Section 1201 of the DMCA prohibits "circumvention" of technological protection measures controlling access to copyrighted works, and it bans manufacture, distribution, and trafficking in devices, products, components, or services that are promoted for, primarily useful for, or designed for circumvention of technological protection measures. Now, a copyright holder who employs a technological lock, such as simple encryption of content, gains the ability to control who and what programs or devices can unlock it, as part of the new right to control "access" to a protected work.

This is an important functional change from the world of printed books or even CDs, where anyone who purchased or borrowed the physical item had the right to use it as she chose—read the last chapter first or play the CD in the car or the computer. Someone who wants to develop a new shuffle mode for CD playback, or a new ripper with better compression for transfer to a portable music player, can do so without seeking permission from the recording companies. It's the misuse of those tools—say, to copy CDs and sell the copies without authorization, that can be pursued as an infringement of traditional copyright.

Under the new anticircumvention regime, however, those who control copyrights can take their control much further. Thus, copyright holders say, and courts have agreed, anyone who develops a decoder for an encrypted format without a license is producing circumvention tools in violation of the DMCA. So, groups of copyright holders, who couldn't individually control markets, join together in licensing cartels backed by the magic of the DMCA, by which they control not only copyrights but also the surrounding player technologies.

And so it is with digital video discs. Movie studios and consumer electronics and technology companies developed the content scrambling system, a.k.a. CSS, applied it to DVDs, and declared it to be a technological protection measure. By forming the DVD Copy Control Association to license the CSS specification as a trade secret on restrictive terms, they sealed themselves a nice cartel, simultaneously protecting themselves against disruptive innovation in video players from outside of the establishment and walling off their copyrighted works against fair use copying.

The CSS encryption was trivially easy to break, once Jon Johansen and some German programmers set their minds to it. But that's beside the point, since the law protects even weak technological protection measures with the full panoply of anticircumvention and antidevice prohibitions. Even weak measures set up the law's sharp division between licensed access and unlicensed circumvention. Thus, with DeCSS and its successor code, anyone can play or rip a DVD on any platform, but with DMCA, no one can lawfully do so in the United States, or even develop code for DVD playback, without a license from the DVD-CCA.

Kaleidescape is a small company with a rich clientèle—owners of hundreds of DVDs willing to pay nearly $30,000 for a DVD jukebox to organize and store them all. Kaleidescape built this machine—a computer filled with massive hard drives onto which customers could rip their DVD movie collections. For its efforts to help the movie industry's best customers get more out of their purchases, Kaleidescape earned itself a lawsuit from the DVD-CCA, claiming Kaleidescape had breached its contract licensing the not-so-secret DVD trade secrets.

Kaleidescape's system, which allows the creation of persistent digital copies of the content of DVDs and allows copying of the CSS copy protection data, is not designed in a manner and does not include features clearly designed to effectively frustrate efforts to defeat the copy protection functions....For these reasons, Kaleidescape has breached the CSS license.

Without that license, even if similar information could be derived from reverse engineering and publicly available information, using it to enable DVD "access" and playback would be labeled circumvention.

As the movie studios have done with DVDs, record labels and software companies have done with multiple incompatible formats for streaming and downloadable music: Windows Media, Janus, Apple's FairPlay. Many of these have succumbed to reverse engineering of varying degrees of sophistication, from "burn it to CD and rerip," to "run it through a simulated sound-card driver," through cryptanalysis (much of it from Jon Johansen, again).

Yet, like CSS, none of the music protection measures is licensed on terms that permit open source development, nor could they be. Open source is incompatible with both their stated aim, to prevent "piracy" of content, and the unstated underlying goal of technology control. Since the essence of open source is user modification, users could easily modify in or out any particular features—and the first to go would likely be the restrictions of digital rights management (DRM) and barriers to interoperability. Even if open source version 1.0 incorporated all the restrictions of proprietary clients, numerous versions 1.0.1 would likely disable them. Thus, anticircumvention regimes lock open source out of mainstream development of entire classes of applications to interact with these copyright cartels' media.

Of course, it's not just open source developers who need reverse engineering. Consider RealNetworks' attempt to sell music that would play on the popular iPod. Real could have transcoded downloads into standard MP3, which play on the iPod, but Real (or its record-label-relations department) wanted to include DRM on the files. So, it reverse engineered Apple's FairPlay format, in a move Real called Harmony, to encode Real files for the iPod. Apple fought back with legal and technical threats. Along with intimations that it might use the DMCA, Apple issued a statement that said, "We strongly caution Real and their customers that when we update our iPod software from time to time it is highly likely that Real's Harmony technology will cease to work with current and future iPods." Real wasn't threatening to infringe copyrights, but to give customers a way to interchange their iPods for other devices. Once again, DRM is market protection, not copy protection.

The Threat to Research

Again in the DMCA, copyright bleeds beyond entertainment media and content. Here, it also chills research into encryption that may be used to secure copyrighted works, regardless of whether that research touches entertainment content directly.

When the Secure Digital Music Initiative (SDMI) invited programmers to "attack" security technologies they were promoting to control digital music, Princeton computer science professor Ed Felten and his team stepped up to the challenge. They broke the security and prepared a scientific paper analyzing the weaknesses of digital audio watermarking. By scrutinizing these implementations, they could help the public, and particularly those considering watermarks to protect their own materials, to evaluate the security of watermark technologies.

But when the Felten paper was accepted for presentation at a computer security conference, its authors were threatened with a lawsuit from the Recording Industry Association of America (RIAA) and SDMI's technology providers. RIAA and the technology companies claimed that even the scientific analysis of flaws in security technology "would subject [the] research team to enforcement actions under the DMCA and possibly other federal laws." The RIAA suggested that the paper and conference presentation fell under the DMCA's antidevice prohibition, which bans offering to the public "any technology, product, service, device, component, or part thereof," designed or marketed for circumvention or having only limited commercially significant other purposes. Facing legal pressure on conference organizers and researchers, the team withdrew the paper.

While Professor Felten and his team ultimately published a version of the paper, "Reading Between the Lines: Lessons from the SDMI Challenge," they were forced to strip out technical detail. With the vague anticircumvention threat hanging, the authors felt they had to omit code samples that could be construed as aiding circumvention—even though that code would have helped other researchers and developers to understand the watermarks' weaknesses better and to learn from SDMI's errors in building their own security systems.

The work of the Felten team never infringed copyright. The researchers did not copy a single piece of music without authorization, nor even produce tools that enabled others to do so directly. And yet, they were caught up by the DMCA's vagaries because their paper—intended to educate other researchers and developers of security systems—might also have provided "part" of a tool for circumventing a copyright control. Will the same hurdles rise before someone who builds a tool to strip accidental copy protection from fonts he himself has created; security researchers who find vulnerabilities in network software they analyze; someone describing hardware modifications to make the Xbox a more general-purpose device? So far, the answer has been "yes" for Tom Murphy, SNOsoft, and Bunnie Hwang.

For those who are attracted to open source development because of its opportunities to learn from and share with others, this antiresearch aspect of the DMCA should be particularly troubling: research is being chilled precisely because it teaches too much, because its teaching might be misused. Of course, closing systems doesn't stop them from having security flaws, or even prevent those flaws from being discovered, and it does block some of the most effective information sharing around better security. Both the teaching that open source developers depend on to improve their programs and the teaching of open source code itself are at risk.

Further, the DMCA has been used in attempts to block competitive interoperability of devices including printer toner cartridges and remote control garage door openers, as manufacturers add little scraps of code to devices and hope to leverage its "protection" into market control. Though those arguments have been rejected so far, it's unlikely we've seen the last of them.

Technology Mandates

The final layer of copyright's expansion, so far, is to technology mandates, where an entire technology is redesigned by government fiat in the name of copyright protection. Senator Ernest "Fritz" Hollings proposed one of these in 2002 that would have required every "digital media device," including the personal computer, to be redesigned to protect copyrighted content. While the "Fritz chip" never came to be, a smaller version has been foisted upon us in the form of the Broadcast Flag, an FCC rule set to take effect July 1, 2005.

With the government eager to get broadcasters off the valuable analog spectrum and onto digital transmissions, movies studios threatened that they wouldn't allow their content to be broadcast digitally in the clear, and warned that there would be no transition without their "high-value" content. The FCC didn't want to abandon the notion of unencrypted over-the-air television broadcasts, but it did want to give the studios their "protection," so it put the restrictions into the hardware. At the studios' recommendation, the FCC adopted a rule that adds a "flag" to these unencrypted broadcasts and then requires every receiver to watch for the flag and output flagged content only to "compliant" devices or in low resolution. Only devices that can implement DRM in a manner "robust against user modification" will be deemed compliant.

The Broadcast Flag rule enforces copyright on communications through the devices that receive them:

We conclude that in order for a flag-based content protection system to be effective, demodulators integrated within, or produced for use in, DTV reception devices ("Demodulator Products") must recognize and give effect to the ATSC flag pursuant to the compliance and robustness rules....This necessarily includes PC and IT products that are used for off-air DTV reception.

Instead of focusing on infringing uses of TV broadcasts (taping a show and selling copies, for example), this new kind of regulation puts the government in the business of redesigning products that might be used to infringe. In the process, it locks out many noninfringing uses, innovative technologies, competitive products, and open source developers. Building a device for time-shifting, pausing live TV, remotely scheduling recordings, and watching shows at double speed doesn't infringe copyright, but because the hardware/software to enable those capabilities isn't "robust," it is sacrificed to illusory copyright protection. Because these collateral harms are unavoidable, technology mandates should be a last resort, not a predictive strike against hypothetical danger.

The result of this rule is restriction on open source even greater than encryption would have been. Open source can implement encryption, but it can't offer "robust[ness] against user modification." Pre-flag, you could get an HDTV tuner card for a PC, pair it with open source software such as MythTV, and build your own digital video recorder to compete with TiVo. Post-flag, TiVo must use government-approved "robust" technologies to lock down its hardware and software, and open source will be shut out from access to the high-definition signals entirely.

Under the Broadcast Flag regime, market participants, bound up in the welter of licensing and preapproval requirements, can't offer the products users want. Where the market fails to provide fair-use-enabling technologies, the robustness rules prevent end users from correcting the problem. Absent technology mandates, users dissatisfied with commercial options can and do write their own software alternatives and often share them in open source. In a world of restricted, robust hardware, users are limited to the options the commercial market provides: the fully capable hardware HD tuner card can't be manufactured. Consumer-driven innovation is cut off when users can't tinker with existing technologies or develop new ones that challenge market leaders.

What About That Media Server?

Copyright in its historical form benefits open source developers. Along with the general public, they benefit from the incentive to creativity and the support copyright gives to open source distribution models. Copyright as special-interest law, however, hurts open source development, because the special interests are those of closed markets and closed content. DRM can't stop piracy, but it can prevent anyone from Betamaxing another industry, commercializing disruptive technology development without content-industry sanction. Where the entertainment industry can't stop infringement, it attacks openness instead, and the "honest person" loses.

Whether you want to build a media server or an embedded network device, you'll likely run across the snares of copyright law. It's time to peel back the layers of copyright protectionism and return copyright to its original purpose: "to promote the progress of science and useful arts."

Personal tools