[Discuss] Govt Source Code Policy

[richard.pieri at gmail.com (Rich Pieri)]

On 4/4/2016 7:15 PM, Mike Small wrote:
> There's no irony here. I like the idea of a GPL with provisions not
> granting equal rights to scumbags who spy on environmental orgs and
> black lives matter activists or to people who manufacture weapons. But
> it's easy to see the mess that would result if everyone had their pet
> restriction added in. They struck the right balance, as usual IMO. So to
> the degree the FBI exercises their right to mess with software they come
> into possession of it's cool they're granted such rights.

That's not how the GPL works:

https://www.gnu.org/licenses/gpl-faq.en.html#NoMilitary

Q: I'd like to license my code under the GPL, but I'd also like to make
it clear that it can't be used for military and/or commercial uses. Can
I do this? (#NoMilitary)

A: No, because those two goals contradict each other. The GNU GPL is
designed specifically to prevent the addition of further restrictions.
GPLv3 allows a very limited set of them, in section 7, but any other
added restriction can be removed by the user.


So you could add a restriction that ISIS members can't use your GPL code
-- and ISIS members would be within the terms of the GPL to remove that
restriction and use it anyway.


> And obviously the GPL wasn't "carefully crafted" to permit someone to
> take your device and get at your data. I mean, maybe in the 80s rms had
> said something that seems funny now about passwords, but today the FSF
> is promoting use of encryption.

GPLv3 was designed to be a bullet-proof license that prevents TiVo and
other companies from restricting your use of their devices. This applies
equally to the FBI per the #NoMilitary question. That the FBI's purpose
is to compromise a user's data is irrelevant to the GPL.


On to some of your other questions:

> Not sure I'm understanding you. First off, the FBI as a criminal
> enforcement agency is themself excempt from the DMCA:
> https://www.law.cornell.edu/uscode/text/17/1201

It's a matter of getting the information necessary for circumventing the
DRM. With the GPL the jailbreak information is readily available to
everyone. Without the GPL the FBI have to search for vulnerabilities and
work out how to exploit them on their own. Or, you know, go to some
pirate jailbreak site and download a jailbreak tool -- but I'll shortly
address why they didn't do this first.

> Remember also again that Apple would not need to fear being out of
> compliance with the GPL on software they're the sole copyright owner
> of. You'd need some other copyright holder up the chain of what they're
> distributing for that to matter when they violated that clause with a
> DMCA suit.

Incorrect. Apple would still be in violation of the GPL. Whether or not
the FSF would call them on it is an interesting question. They ignore
Allwinner's and Rockchip's repeated willful violations but Apple are big
enough that the publicity might be worth it.

> Then how much effect are DMCA civil suits really going to have on
> dissemination of exploits?  About as much as copyright law has had on
> the availability of movies with the copy protections stripped off I
> should think.

There can be no DMCA takedown notices or lawsuits if the User Product
contains GPLv3 works "protected" by DMCA provisions. Section 3 sees to that.

> And besides, as was puzzling all along in this case, the FBI is no
> doubt perfectly capable of coming up with their own exploits or
> hiring someone to quietly do so.

Even though the FBI are exempt from the DMCA they still must follow
procedures. Which means a formal request to Apple to assist. Which Apple
turned into an advertisement for Apple.

Also, having the vendor do the work is safer. Fewer risks of
irreversible damage that might compromise data recovery efforts.

-- 
Rich P.