[Discuss] Govt Source Code Policy

[smallm at sdf.org (Mike Small)]

Matthew Gillen <me at mattgillen.net> writes:

> On 4/3/2016 2:49 AM, Rich Pieri wrote:
>> On 4/2/2016 10:20 PM, Matthew Gillen wrote:
>>> That would satisfy the anti-tivoization and be within the limits of the
>>> GPLv3, while still causing a problem for the FBI in this particular
>>> instance.
>> 
>> Incorrect on both counts. Part 6 prohibits restrictions on consumer
>> devices that prevent or interfere with the continued operation of
>> modified software. Automatically wiping or factory resetting the device
>> definitely constitutes interference.
>
> That is quite debatable.  Auto-bricking the phone would definitely count
> as interfering with the device.  Erasing protected storage that does not
> render the device unusable (even if, for instance, it made it so you
> could never talk to iTunes again), would not necessarily constitute
> interference.

"?Installation Information? for a User Product means any methods,
procedures, authorization keys, or other information required to install
and execute modified versions of a covered work in that User Product
from a modified version of its Corresponding Source. The information
must suffice to ensure that the continued functioning of the modified
object code is in no case prevented or interfered with solely because
modification has been made.

If you convey an object code work under this section in, or with, or
specifically for use in, a User Product, and the conveying occurs as
part of a transaction in which the right of possession and use of the
User Product is transferred to the recipient in perpetuity or for a
fixed term (regardless of how the transaction is characterized), the
Corresponding Source conveyed under this section must be accompanied by
the Installation Information. But this requirement does not apply if
neither you nor any third party retains the ability to install modified
object code on the User Product (for example, the work has been
installed in ROM)."


My reading of this is that Apple has to give their customer control of
their keys or other authorization information in a way that the customer
could make changes and pass those along to someone else, along with
whatever keys and authorization are necessary to install and run the
distributed software (but not the same keys to get at that person's data
on a device they keep), without any autodestruction happening.  When the
FBI takes possession of a person's, especially a late person's, device
and software they aren't being conveyed anything. They've simply taken
hold of someone's device and software.

All Apple using GPLv3 would prevent would be having autodestruction of
the sofware or device when a user willingly (or unwillingly but
actively?) "conveys" the software (possibly modified) to the FBI along
with required authorization information, as they are required to do by
the license.  If the user were under duress he or she could simply
violate the terms of the GPL, give a wrong key and hope the drive gets
effectively erased or the device destroyed. No problem here, yeah? I
mean, what's the thought process, "do I incriminate myself to the feds
or do I not but risk a lawsuit from Apple or some upstream copyright
holder for violating their copyright, having fallen out of protection
from the terms of the GPL."  It's too ridiculous to even think about. I
wish I hadn't written it now.

-- 
Mike Small
smallm at sdf.org