You know how when you learn a new word, you suddenly notice it everywhere? That's happening to me with DRM. Now that the Apple-goes-Intel story has put it on my radar, I am noticing details I probably never would have focused on before. And the more I focus, the worse it looks.
New Zealand's government is pointing out that if documents are written in DRM format, particularly in proprietary DRM formats, there are privacy and accessibility issues, particularly in the future. Believe it or not, I had never thought about privacy issues with DRM. It's counterintuitive, if you are not a programmer, because people use DRM *for* privacy, precisely to control who can have access to documents. But if the vendor wrote the proprietary DRM method used, obviously they have access to your document. Poof. No more privacy. And they can block you from your own documents if they feel like it. If the vendor is Microsoft, now how secure do you feel? That is what has New Zealand worried. And they are reaching out to other governments:
The State Services Commission is helping creating an international community of government agencies to tackle the IT industry's introduction of digital rights management.
Concern in government circles has been raised over long-term access to data which may have been created using DRM-based software.
Is there anyone left in the world that trusts Microsoft?
And there is another worry New Zealand is expressing: losing access to the documents, being tied to one vendor, in order to continue to have access to the older documents. Here's an excerpt from the article:
The Trusted Computing Platform Alliance, or TCPA, was formed by Compaq, HP, IBM, Intel and Microsoft in April of 2003 to try to protect intellectual property rights. However, concern has been raised that it gives the IT vendors access to and, in some cases, control over data created by end users.
In 2003 the Centre for Critical Infrastructure Protection (CCIP), part of the New Zealand's Government Communications Security Bureau (GCSB), released a discussion document about the platform, warning that Microsoft was moving away from non-proprietary rights management software and that could lead to problems in the future.
“Before an organisation implements a technology or product that is designed to restrict access to their resources, they should assess the risk of them losing access to the resources themselves or being tied into a solution that could restrict their future options to one technology or vendor,” the document says.
While the government studies the issue, in the meanwhile, they won't use DRM in MS products:
In November 2003, the e-government unit advised agencies not to enable DRM features in Microsoft's Windows Server 2003 and Office 2003 because of privacy and security concerns. Millar says that advice stands today.
Sounds like good advice to me. Microsoft may think they are being so clever with all their strategic tricks, but there is a factor I think they underestimate. That factor is this: people don't like what they see. They know that if a company is willing to pull dirty tricks on others, it will do it to them too. And there are quite a few folks who bought Windows XP and found out that Microsoft is, in fact, willing to lock people out of their documents. Here are some grim bits from the XP Home EULA:
1.2 Mandatory Activation. The license rights granted under this EULA are limited to the first thirty (30) days after you first install the Software unless you supply information required to activate your licensed copy in the manner described during the setup sequence of the Software. You can activate the Software through the use of the Internet or telephone; toll charges may apply. You may also need to reactivate the Software if you modify your computer hardware or alter the Software. There are technological measures in this Software that are designed to prevent unlicensed use of the Software. Microsoft will use those measures to confirm you have a legally licensed copy of the Software. If you are not using a licensed copy of the Software, you are not allowed to install the Software or future Software updates. Microsoft will not collect any personally identifiable information from your Workstation Computer during this process. . . .
2.1 Digital Rights Management. Content providers are using the digital rights management technology contained in this Software ("DRM") to protect the integrity of their content ( "Secure Content") so that their intellectual property, including copyright, in such content is not misappropriated. Portions of this Software and third party applications such as media players use DRM to play Secure Content ("DRM Software"). If the DRM Software's security has been compromised, owners of Secure Content ("Secure Content Owners") may request that Microsoft revoke the DRM Software's right to copy, display and/or play Secure Content. Revocation does not alter the DRM Software's ability to play unprotected content. A list of revoked DRM Software is sent to your computer whenever you download a license for Secure Content from the Internet. You therefore agree that Microsoft may, in conjunction with such license, also download revocation lists onto your computer on behalf of Secure Content Owners. Microsoft will not retrieve any personally identifiable information, or any other information, from your computer by downloading such revocation lists. Secure Content Owners may also require you to upgrade some of the DRM components in this Software ("DRM Upgrades") before accessing their content. When you attempt to play such content, Microsoft DRM Software will notify you that a DRM Upgrade is required and then ask for your consent before the DRM Upgrade is downloaded. Third party DRM Software may do the same. If you decline the upgrade, you will not be able to access content that requires the DRM Upgrade; however, you will still be able to access unprotected content and Secure Content that does not require the upgrade. . . .
8. ADDITIONAL SOFTWARE/SERVICES. This EULA applies to updates, supplements, add-on components, or Internet-based services components, of the Software that Microsoft may provide to you or make available to you after the date you obtain your initial copy of the Software, unless we provide other terms along with the update, supplement, add-on component, or Internet-based services component. Microsoft reserves the right to discontinue any Internet-based services provided to you or made available to you through the use of the Software.
9. UPGRADES. To use Software identified as an upgrade, you must first be licensed for the software identified by Microsoft as eligible for the upgrade. After upgrading, you may no longer use the software that formed the basis for your upgrade eligibility.
So they can and do control access already. And you must agree to allow them access to your computer in order to accept the EULA and use the software. They are given, by the EULA, the right to download software to your computer without notifying you. They can collect information and share it with other companies, but they promise it won't be "personally identifiable", as if that means anything in a digital age. Terms can change at any time, of course. If one of their upgrades doesn't work, you still have no right to use the earlier version. LinuxAdvocate.org has a plain English version of the EULA. Their version isn't legal, in the sense that you shouldn't rely on it, but it's helpful to clear up the legalese.
Now imagine you are a government agency. You are tasked with making sure the documents the government has can be accessed and read a hundred years from now. Do you want to do a deal like that EULA? Do you want your documents in the control of a company that would write a EULA like that?
It's kind of like an experience I had over the weekend. I went to visit a relative in an assisted living facility, actually to help decorate the new unit for her. As I was leaving, and beginning to break up the boxes in the hall to put them in the garbage, an aide from across the hall engaged me in conversation. She wanted the boxes for herself, which was fine, and then she told me that if my relative ever needed an aide, I could bypass the agency the facility recommends and hire her personally. I could get her through the agency also, but I'd save "plenty money" by doing a deal with her directly.
Thanks, I said. Then I went back in the apartment and told everyone her name and that I advised never to use her for anything, because she would likely steal everything not nailed down. After all, I reasoned, if she will steal from the agency, with whom she no doubt has a contract, why wouldn't she steal from us?
It's comparable with Microsoft. People have eyes and ears. They see the tricks being implemented against FOSS and the GPL. They see the XML standards farce being played out now (do read the comments on that page as well). Sun's Simon Phipps has some remarkably plain words on the subject:
Defining "Open Standard", Simply
I was going to write a long piece about Microsoft's announcement that they are copying all the design points of the OASIS OpenDocument format and using it in the next version of Office, but I don't need to because Stephen O'Grady has. I asked a whole load of European Commission folk about it this week and no one is fooled -- they want a genuinely open standard, please.
An open standard is one which, when it changes, no one is surprised by the changes. Admittedly I'm not surprised when Microsoft repeatedly and apparently arbitrarily changes its interfaces and formats and jerks developers around but I meant "not surprised" in the sense that the change process was open to involvement and contribution by all, not in that way. The OASIS process by which OpenDocument was defined is such a process and indeed Microsoft, being an OASIS member, did visit and could have easily steered the format to suit their legacy needs -- the format is in fact vendor-neutral. Instead they chose to read the overview and then re-implement it.
Microsoft's announcement is here and their excuse here:
"We have legacy here," Jean Paoli, Senior Microsoft XML Architect, told BetaNews. "It is our responsibility to our users to provide a full fidelity format. We didn't see any alternative; believe me we thought about it. Without backward compatibility we would have other problems."
"Yes this is proprietary and not defined by a standards body, but it can be used by and interoperable with others. They don't need Microsoft software to read and write. It is not an open standard but an open format," Paoli explained.
Dear Massachusetts: What have we done? Look how Microsoft makes use of the Open Format idea to keep the lid tightly shut, proprietary and not defined by any standards body. Why is that desirable to anyone but Microsoft?
By the way, the best account on Open Document formats and why open is good is IBM's Bob Sutor's personal blog entry, "Open Documents Formats: 'Open' must be more than a marketing term." Here's one of his prescriptions, a list of things we can do if we care about openness:
"Insist that any XML document format you use is available under a license that does not restrict how it can be used or how it can be implemented. Get this in writing and insist that the license is completely clear on these points. If it prevents implementation under the GPL, for instance, tell the provider that it is unacceptable."
People watched the trial in the US v. Microsoft, and they read the emails and heard what they believed were dishonest answers. People are not stupid. It almost didn't matter what the government did or didn't do. People saw. They know now. You can't buy public opinion. Not that Microsoft's PR agency doesn't give it their all. But we saw the trial. We know now.
We know now, and Microsoft will never have a good name with us, not without completely overhauling its behavior over a long stretch. And with the latest moves against FOSS and the GPL, it's obvious that Microsoft has not changed its ways, just its target.
It wants to be an overbearing monopoly, so they wish to get laws passed to enable them to do what current laws won't let them do, like their proposal that patents law in the US be changed to "first to file" instead of first to invent. Here's the plain English version of that proposal: Microsoft can afford to file for patents. FOSS programmers often can't or don't. Duh. I believe Microsoft will do whatever it takes to keep FOSS out. They don't care what people do, so long as Linux and the GPL don't get to do it too.
That puts them at odds with governments, who very much like GNU/Linux and want to include it in their choices. Governments also have a duty to guarantee full access to documents a hundred years from now. Do you trust Microsoft to make sure that will happen? For that matter, do you trust that Microsoft will still exist a hundred years from now? If not, what happens to all those locked-up documents now? If they are in a proprietary format to boot? (You probably want to worry about your music collection too, now that I think of it.)
See what I mean? When it comes to Microsoft, it's like that aide. Normal people don't feel comfortable doing business with such a creature, not if they have a choice. And the thing is, thanks to Richard Stallman, Linus Torvalds, and thousands of good-hearted and skilled volunteers all over the world, the world does now have a choice.