Brian W. Carver -- Share Alike

Arguments Against Software Patents

Brad Templeton writes on his blog, Brad Ideas, that software and hardware are the same thing and so it bothers him that some would allow patents on hardware but disallow them for software. What follows is the comment I posted on his blog.
--
I like your idea for filtering out some of the bad patents.

You're also right that some people simply say, "we should not allow patenting of software." I would like to put forward a couple arguments for that conclusion, rather than simply state it. Then I also have a question for you.

A few arguments against software patents off the top of my head:

0. Since software is already afforded copyright protection, which lasts the life of the author plus seventy years, software production is already adequately incentivized. To additionally provide patent protection to software drastically skews the bargain with the public that all "exclusive rights" bargains seek to achieve and instead provides the software developer with an unnecessary windfall.

1. Software patents have a disparate negative impact on the development of Free software, which for other public policy reasons we would prefer to promote. Free software developers, unlike proprietary software developers, are typically fiscally unable or philosophically unwilling to license patented software techniques. The benefits that Free software provides to both businesses and individuals are worth more to the public than providing a monopoly right to a software patent holder.

2. Software, by its very nature, is susceptible to fewer techniques for achieving its ends than are many other industries. Consequently, where in other industries one can "design around" a patented technique in order to achieve the same end and to thereby compete in the market with the patent holder, "designing around" in the software world is often much more difficult or impossible. There is often simply one or only a few reasonable or efficient ways to accomplish a given software task and if patented, unreasonably enormous amounts of software would be infringing or require licensing.

3. Software cannot be distinguished from mathematical algorithms, and we have traditionally not allowed the patenting of mathematical algorithms because we recognize how stifling to innovation such a practice would be.

4. The software and computer industries advance at a pace totally unlike other industries where we offer patents. Consequently, providing a 20-year patent term for software has a totally different impact in its industry than such a term does in other industries. This is not an argument for the abolition of software patents, but instead suggests that if we are to have such patents, they should perhaps only last two to five years. (How much software do you have from 1984 that really needed to be protected by patents these last twenty years to serve as an adequate incentive for its authors to produce it? None.)

Question: This isn't the first time I've heard a knowledgeable person disclaim any distinction between hardware and software. But, just as you're dissatisfied with those who provide no arguments for not allowing software patents, I can't accept this lack of distinction without a persuasive argument. Do you have one? It seems to me that there are several principled distinctions between the two.
--
(I should have also noted that another way to avoid the inconsistency that troubles him is to abolish patents altogether. This would probably be a better course than allowing software patents, so far as I can tell.) For rhetorical effect it would probably also have been a good idea to include Bill Gates' famous quotation:

"If people had understood how patents would be granted when most of today's ideas were invented and had taken out patents, the industry would be at a complete standstill today."

We're headed that way now.

Hack/Mod Art at Whitney Biennial

Making good use of my spring break, I visited New York City last Saturday and went to the Whitney Biennial. There were a number of interesting pieces, but the geek in me was most intrigued by two hacks/game mods on display.

The first was a Mario Bros. cartridge hacked to remove everything but the clouds. The artist's web site is very interesting as he explains carefully how he did this, giving the source code, which is in hex. At the Whitney the clouds were projected onto two walls in all their 8-bit glory and a stereo in the corner played a familiar Mario Bros. tune.

Also of interest was the demo of Velvet-Strike which is "counter-military graffiti for Counter-Strike." As you may know, Counter-Strike is a popular first-person shooter game that people play online in a massively multi-player environment. Velvet-Strike explains how you can put anti-war graffiti on the walls, ceilings, or floors in the game. Other online players will then be able to see these sprays. It's less of a "hack" because it is accomplished by replacing a default graphic file with one of the alternative sprays provided on the Velvet-Strike site. One spray of interest depicts two Counter-Strike soldiers embracing. Also on the site are "Intervention Recipes" that describe various ways people can collaborate to thwart the purposes of the game.

There may have been other hack art at the Whitney that I missed, as my friends and I were short on time and went through each floor in about a half-hour.

This type of art raises interesting legal issues. Hacking a Mario cartridge that is your personal property is probably legal, although it just might violate the terms of service. I can imagine similar hacks that might circumvent copy controls in violation of the DMCA. Velvet-Strike might also violate the terms of service for using the Counter-Strike servers. If anyone has a pointer to these TOS or if people are aware of more such art, please provide a link in the comments section. I'd greatly enjoy finding out about more of this kind of thing.

EFF's Trusted Computing Class

On Saturday, January 24, 2004, I attended an all-day class on Trusted Computing hosted by the Freedom Technology Center in Mountain View, CA. The class was taught by the Electronic Frontier Foundation's Staff Technologist, Seth Schoen.

You could get the basic flavor of the class by reading Seth's articles, Trusted Computing: Promise and Risk and Give TCPA an Owner Override. He is writing a book on Trusted Computing, and spent the day taking us through his outline in detail.

This was an excellent class because of Seth. He is able to explain extremely technical hardware specifications to someone who is not an electrical engineer or even a computer scientist. He also has a balanced view of Trusted Computing, and took the time to point out the possible benefits of this technology along with the potential abuses.

We began with a discussion of some of the basic problems of computer security. Example: Presently, it is difficult, if not impossible, to know with certainty whether your computer is doing what you think it is doing and only what you think it is doing. That is, if you've ever left your computer physically unattended on your desk, or if you've ever been on the internet or a network without a completely patched system, or even if the manufacturer of your computer installed your O/S for you, then for all you know you could right now be infected with a boot sector virus that starts prior to your O/S, takes control of key features of the O/S and systematically fools any anti-virus software (or other security tool) that subsequently runs. The problem is probably worse if you need to know with certainty that a remote computer you wish to communicate with has not been compromised.

We also discussed the security problem that Roman poet and satirist, Juvenal, noted as long ago as the first century A.D. "Who will watch the watchers?" Your anti-virus program and indeed, any other security tool, can be compromised just like a regular application can and then cheerily report that all is well. The basic upshot of this preliminary background was that current computer security poses some fairly intractable problems.

Enter Trusted Computing. The amazing thing about these chips is that, if implemented as planned, I think they would actually do something to solve some of these very hard security problems discussed above.

The next four hours or so were spent detailing the four different initiatives out there that fall under the heading of Trusted computing. They are TCPA (now known as TCG), Intel's LaGrande, AMD's SEM, and Microsoft's Palladium (now known as NGSCB). This was probably the most valuable part of the day, because understanding how this stuff works and why one might be motivated to design it in this way is necessary in order to begin to think of alternative methods of design that might achieve similar ends with less potential for abuse or to discuss it intelligently at all.

We spent a lot of time looking at the four main features of trusted computing which are:

1. Sealed Storage
2. Attestation
3. Secure I/O
4. Memory Curtaining

One key thing that I do not think is widely known is the extent to which all of this hardware is walled off from the rest of the machine. It will be touted as an "opt-in" system, so that if you do not want to use the trusted computing chip (the TPM), you need not. You can continue running Linux, BSD, or OS X and nothing has changed. It's true that the TPM could conceivably be running nefarious programs that report on you, but the design is such that these reports would be sent through the regular part of your computer where you maintain control. So, a firewall or other software on that side could detect any uninitiated actions of the TPM.

Of course, lots of things are "opt-in" in name, but in practice, given other considerations, you can be left with little real choice. This is a big problem I will save for later. The point is that the story is not as simple as many Slashdot posters frame it. It's not "Microsoft wants to crush Linux and so they are going to force a chip down consumer's throats that will make it impossible to install a non-MS O/S." In fact, the only TPM that you can buy right now comes in an IBM laptop that runs Linux! You can read a fairly technical article about this.

But there is the potential for abuse. Since that's what everyone wants to hear about, here's the scoop on that. This architecture makes problems that we have now, which can be worked around (sometimes only through extreme measures by super-geeks) truly insurmountable.

1. Software Lock-in
2. Software tethering to a single computer
3. Prevention of Software Inter-operability
4. Forced DRM restrictions
5. Forced Upgrades/Downgrades
6. Total Elimination of Software Reverse Engineering
7. Truly Undetectable Spyware/Adware
8. Hardware Lock-in

But what I really learned is that these potential abuses are not really the problem. This stuff is coming and I don't think we're going to stop it. The real problems are 1) Microsoft's 90%+ market domination and 2) Consumer Apathy. Because the potential abuses mentioned above only truly become frightening when combined with these additional realities. When so many people use a Microsoft OS and when so many people do not care about or understand most of the potential abuses listed above, then we get a far more greater likelihood that these potential abuses will become real abuses.

I think our best defense temporarily is that IBM and Sun are members of the TCG, and given their interests in operating systems other than Windows, they are not going to do something that would allow for in principle or in practice O/S lock-in. The fact that so many internet servers run on other O/Ss also make it difficult to imagine that non-MS O/Ss could be kicked off the internet, for instance. (This could happen if your ISP's router had a TPM chip and a policy requiring all connecting computers to prove they were running the latest Windows OS with all patches applied.)

Personally, I think the fact that such an architecture makes reverse engineering of software in principle impossible is enough reason to scrap the whole thing. I doubt most people care so much about reverse engineering though. The only avenue I see for motivating wide-spread consumer concern is to hammer on the very real possibility of undetectable spyware. Sadly, many people don't even care about their privacy, so this may not work either.

When our audience is the industry and not consumers, then Seth's proposal of an owner override to attestation becomes a pretty great idea. It defeats some of the benefits of the architecture, but also prevents some of the abuses.

Overall, I think framing the question this way might be best: Do we want to continue to have computers over which the individual has total control or do we want to have computers where we give up part of our control to the hardware itself/a third party? The thing about total individual control is that individuals are sometimes up to no good or are too lazy/uninformed to keep their systems secure and so some harm comes from giving them total control over their computers. But, the best argument here might be: That's OK. We simply prefer to live in a world where we control our computers. Even if ceding some of that control brought us better security in some instances, we might simply say: So what?

Cringely on e-Voting

Cringely argues that the best solution to e-Voting is Canada's pencil and paper method. I agree that this has a number of advantages. But Cringely makes the same mistake that so many make when thinking about this issue: he fails to think about the disabled voter at all.

We have a principle regarding voting: A person should vote without any assistance or interference from any other person.

Why is this a good principle? Well, we want people to vote privately so that they vote their conscience, not what the other person might want them to vote. We don't want people to be strong-armed into voting for someone they didn't want to vote for. We don't want anyone to know who someone else voted for. And so on. This makes sense.

Now take the blind voter and the voter with extreme fine motor skill difficulties. How can we preserve their privacy and allow them to vote without interference in a paper and pencil system?

The blind voter, if they can read braille, could be given an alternate ballot that they would be able to read on their own. But already, the paper and pencil solution that Cringely advocates has been abandoned in part. The blind voter using a touchscreen system can wear headphones that audibly confirms her selections.

How about a voter who cannot manipulate a pencil well enough to put their X in the spot next to their candidate? It's not clear that there is a solution for these voters within the paper and pencil regime that doesn't involve a third-party filling out the ballot for them. However, many of these who could not use a pencil, might be able to use a touchscreen.

It's difficult, but not impossible to handle the touchscreen voting machine security issues. You do the following:

1. All software used must be open source and reviewed by a diverse committee of computer software experts.
2. The compilation of the software must be supervised by similar experts using an open source compiler on neutral hardware.
3. The touchscreen machines should be a hybrid-type that prints an optical scan card, visually and audibly verifiable by the voter.
4. The optical scan machine should be manufactured by a different company than the one making the touchscreen machines.
5. When the optical scan machine counts the ballot it should be audibly (and perhaps visibly) verifiable by the voter.
6. The printed optical scan ballot should have a perforated paper receipt that merely allows a voter to match his receipt to his ballot. It would not indicate his votes. (For instance, the optical scan ballot would have #366450 printed both on the ballot and the torn off receipt.)
7. The optical scan ballot itself would be placed in a locked box at the polling location and they would be hand counted in re-counts.
8. A certain percentage of random recounts would be mandatory.
9. The physical security of the polling location and the voting machines would be guaranteed from the time of software compilation until the end of vote counting.

Complex, yes, but achievable. The question then becomes whether guaranteeing the privacy of those with motor skill disabilities justifies the expense of the above system. If not, then perhaps I'd agree with Cringely (with the proviso of alternative braille ballots). If on the other hand it does justify the expense, then I believe the above system is our best e-voting solution.

Here are the reasons for each of the above:

1. The software has to be open source so that we know that Diebold and friends are not writing software that counts inaccurately, whether on purpose or accidentally.
2. The compilation has to be supervised because even good clean code can be modified to behave differently with various compilation flags and tricks that have been demonstrated.
3. The touchscreen prints an optical scan card so that there is a paper trail that a human can read, both for verification at that moment by the voter and later for recounts. It also provides visual verification for most voters and audible verification for the blind.
4. The optical scan machine is manufactured by a different company so that those printing the ballots cannot design an optical scanner that systematically misreads the ballot. It's an added check in the system.
5. To know that the optical scan machine is accurately counting the vote, the voter should be able to see or hear it counting her vote, as an added confirmation at the polling location. Visibly for most voters and for privacy, and audibly for the blind.
6. The ballot has a detachable paper receipt so that if there is ever any question about a particular ballot, that ballot can be matched up with that voter, who can then confirm their vote.
7. The paper ballots are hand recountable so that we don't have to trust the machines if they appear to be making mistakes.
8. Random mandatory recounts force the software makers to be honest, because their mistakes or fraud will be caught.
9. The physical security of the machines is guaranteed because all the above is useless if you allow crooks physical access to the machines at any stage in the process.

Make sense? The positive to Cringely's paper and pencil system is likely low cost, but it adds problems for the disabled and increases the time until results are available. The positives for the hybrid e-voting system I just described are the nearly instantaneous results and the maximizing of unfettered access for the disabled. It's downside is likely high cost. But I'm not sure that hiring all these partisan vote counters doesn't cost a chunk of change too. I'm assuming Cringely is putting that cost on the parties rather than citizens at large. If so, we just need to know the actual costs of each system so that we can make an informed choice.

FCC to Put an End to General Purpose Computers?

Slashdot readers know of the potential threats of Palladium/Trusted Computing and of the "Fritz chip", and a past Slashdot piece even warned of the MPAA's push to have the FCC implement a so-called "broadcast flag". Now the Washington Post reports that the broadcast flag will soon be a reality. The soon-to-be-passed FCC Rule Would Control Digital TV Copies and The Post says that none of the five FCC Commissioners have led a public campaign against the broadcast flag. Apparently, the FCC needs to hear a little more clearly that consumers don't want the fundamental technology in their computers, digital televisions, or digital video recorders altered to only read content approved by the MPAA. Not to mention the forced-upgrade we'll endure when our old DVD players refuse to play the new "flagged" media. Luckily, the EFF's Action center has made it easy for you to tell the FCC to reject the MPAA's broadcast flag. Do it now! (This was a Slashdot submission of mine.)

Death of the e-book?

BarnesandNoble.com affiliates received the following e-mail today:

Dear Barnes & Noble.com Affiliate,

As of September 9, 2003, Barnes & Noble.com will no longer sell
eBooks. Please remove all links to the eBooks Page or any individual
eBooks from your site. Any links from your site to our eBooks area
that are not taken down will be redirected to the Barnes & Noble.com
home page.

If you have any questions please email
affiliatehelp@barnesandnoble.com

Sincerely,

The Barnes & Noble.com Affiliate Team

Is this the end of an era or will someone realize that crippled e-books with DRM restrictions on copying and usage are not what consumers want?

Digital Rights Management (DRM)

If, unlinke me, you manage to do something other than read technology news, then you might not know that Digital Rights Management software (and even hardware) is being rapidly crammed down your throat. Besides being insulted by not being informed about this or given a choice, why should you care? David Weinberger (of JOHO the Blog) has an article in Wired on DRM that makes a mighty fine argument. (Link from Doc)

For me, this is also one of the primary reasons I use Free Software alternatives to Microsoft products. Microsoft builds this stuff into its Media Player, its Operating System, and is hoping to get even more control over your computer by building these controls right into the hardware you'll buy. Black boxes that we cannot understand are not good for technology innovation. We need the freedom to tinker to advance. Besides that, if I buy a piece of hardware it should be mine to do with what I like. I do not need a monopolistic software company telling me where I can go today. I'll be my own tour guide, thank you.

Intuit (makers of TurboTax) learned how much customers hate DRM the hard way and is dropping DRM from all its software. People didn't like being spyed on or having their machines slow down so that these draconian controls could hamper honest customers. The simplest way for the average person to take a stand on all such issues is by sending some money to the EFF who always makes it a point to stand up for the public interest on these issues. Educate yourself about these issues, because they're the ones that'll really bother you once it's too late. Or worse, they'll silently stifle creativity without us being any the wiser.

Sony AIBO Robot Dog Soccer Competition

The Washington Post has an article about teams of college students who program Sony AIBO Robotic Dogs to play soccer against each other in teams of four. While Beckham's job is not yet jeapordized, the cool thing from an AI perspective is that "once the humans flip the switch, the robots are on their own." They compete in RoboCup whose stated goal is to "by the year 2050, develop a team of fully autonomous humanoid robots that can win against the human world soccer champion team." RoboCup also has competitions with wheeled soccer bots (of varying designs) and have a humanoid league in which the Honda ASIMO appeared. The students in the above article are preparing for the four-legged international championship coming up in July of 2003 in Padua, Italy. (This was an accepted Slashdot submission of mine that turned out to be a dupe!)

Siva Vaidhyanathan on Cultural Democracy

Readers may recall a Slashdot interview with Siva Vaidhyanathan, Professor at NYU, and author of Copyrights and Copywrongs. Vaidhyanathan is working on a new book, The Anarchist in the Library, and was interviewed on the blog, Eyeteeth. This is a brilliant and amazing interview where Vaidhyanathan discusses how creative communities share, the DMCA, the American industrial production of culture, the USA Patriot Act, the importance of libraries and librarians, and the policies of the FCC. It is a must-read for those who care about the future of creative and democratic culture. (Thanks to BoingBoing for the pointer.)

Update 4/24: This was a Slashdot submission of mine and was accepted as part of Slashback. (Third bolded item from the top.)

Pre-Installed Linux Laptops

Regular Slashdot readers know from a previous story that they can get a cheap desktop with Mandrake, Lycoris, or Lindows pre-installed from Wal-Mart.com, and the more savvy readers might know about Linux desktops from Pogo Linux or Penguin Computing. But, if you wanted a laptop with Linux pre-installed I only knew of Emperor Linux and their cheapest laptops are about $2000.00, not what your average fiscally-minded geek has in mind. Now, PC Club, who operates retail stores primarily in the Western United States, is offering Red-Hat pre-installed on a laptop that starts at $899. It is rare to hear of a physical retailer where you could walk in and play with a laptop with Red Hat on it and then take it home. In doing research for this, I also found Los Alamos Computers, who will pre-install Debian, Slackware, Mandrake, SuSE, or Red Hat on a Laptop that starts under $1000! They also will deliver your computer running the file-system of your choice, and pre-install Apache and Samba if you request it. Wow! I also found Qli Linux willing to install all of the above, plus Gentoo or Xandros on their laptops. Things seem to be getting better for those who'd like to buy mobile hardware with Linux on it already ready-to-go. I'd be pleased to hear of other low-cost laptops with Linux pre-installed like those from Los Alamos Computers and Qli. While PC Club offers me a local retailer, I get the impression that these other guys are Linux experts and so the service down the road will be much more enjoyable. (This was a Slashdot submission, but they rarely post my stories. They have selected each of these in the past though.)

Google Censorship?

Why is this category, which used to contain 50 sites, now missing from Google? Spooky.

Update: It looks like the category has been moved here, but if you didn't know to look for it, you'd never know it was there.