BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] Govt Source Code Policy
- Subject: [Discuss] Govt Source Code Policy
- From: smallm at sdf.org (Mike Small)
- Date: Mon, 04 Apr 2016 23:15:22 +0000
- In-reply-to: <5702D47C.3010104@gmail.com> (message from Rich Pieri on Mon, 4 Apr 2016 16:54:20 -0400)
Rich Pieri <richard.pieri at gmail.com> writes: > On 4/4/2016 4:05 PM, Mike Small wrote: >> That's a bit weak. You would only be liable if you in fact did not erase >> your backups and had some. So their definition would stand on a >> hypothetical present fact (that backups exist) and a hypothetical future >> action (that the victim doesn't destroy them) for the hypothetical "you" >> the license references. > > We know that backups do exist because we know the device had previously > been synched with iCloud and those backups were not erased. We'd need a lawyer here but I don't think you get to go specific when interpreting the definitions of the license in general. i.e. I can't see a legal interpretation of the GPL that makes the meaning of convey conditional on the particular licensee's circumstances. You'd have a kind of Schrodinger's license in that case. >> But for the sake of argument let me concede the point. Let's say Syed >> Farook's phone had had GPLed Apple system software on it. It would have >> been Farook who would be breaking the GPL by not passing on the >> "authorization info" as he "conveyed" this GPLv3ed iPhone software to >> the FBI. This possibility wouldn't have prevented or disincentivized >> Apple from using the GPLv3 + autodestruct. > > There are two possibilities here. > > One is that this information is generic to all of that device model. In > this case all the FBI would need to do is have an agent buy an iPhone > and request the information. In this case the FBI would not need Apple > to sign their custom GovtOS in order to avoid wiping the device. Generally people argue that in the long run, not depending on security by obscurity forces people to make systems that work as intended even when attackers have the benefit of source code. The FBI can buy versions and be free to mess with them and see how they work, but so could academic and industry security researches with the results being made available so Apple could try again better next time. > > The other is that the DRM is uniquely keyed to the device. In this case > the FBI might actually need Apple's intervention if said information > were not in the employer's possession and not in Farook's effects, right? > > Wrong. > > Every or nearly every version of iOS, including the version on Farook's > employer's iPhone, has vulnerabilities that can be exploited in order to > run unsigned versions of the operating system. GPL Part 3 prohibits > using laws like WIPO as protection which means the dissemination of > exploits cannot be prevented or suppressed by those laws. In this case > the FBI would legally have the information necessary to circumvent the > DRM and thus still would not need Apple to sign their custom GovtOS in > order to avoid wiping the device. > Not sure I'm understanding you. First off, the FBI as a criminal enforcement agency is themself excempt from the DMCA: https://www.law.cornell.edu/uscode/text/17/1201 Remember also again that Apple would not need to fear being out of compliance with the GPL on software they're the sole copyright owner of. You'd need some other copyright holder up the chain of what they're distributing for that to matter when they violated that clause with a DMCA suit. Then how much effect are DMCA civil suits really going to have on dissemination of exploits? About as much as copyright law has had on the availability of movies with the copy protections stripped off I should think. And besides, as was puzzling all along in this case, the FBI is no doubt perfectly capable of coming up with their own exploits or hiring someone to quietly do so. > I have to admit: it's been entertaining watching you GPL adherents try > to punch holes in your own favorite software license in order to prevent > the FBI from hypothetically doing what it was carefully crafted to > explicitly permit. There's no irony here. I like the idea of a GPL with provisions not granting equal rights to scumbags who spy on environmental orgs and black lives matter activists or to people who manufacture weapons. But it's easy to see the mess that would result if everyone had their pet restriction added in. They struck the right balance, as usual IMO. So to the degree the FBI exercises their right to mess with software they come into possession of it's cool they're granted such rights. And obviously the GPL wasn't "carefully crafted" to permit someone to take your device and get at your data. I mean, maybe in the 80s rms had said something that seems funny now about passwords, but today the FSF is promoting use of encryption. -- Mike Small smallm at sdf.org
- Follow-Ups:
- [Discuss] Govt Source Code Policy
- From: richard.pieri at gmail.com (Rich Pieri)
- [Discuss] Govt Source Code Policy
- References:
- [Discuss] Govt Source Code Policy
- From: richard.pieri at gmail.com (Rich Pieri)
- [Discuss] Govt Source Code Policy
- Prev by Date: [Discuss] Apple FUD?
- Next by Date: [Discuss] Govt Source Code Policy
- Previous by thread: [Discuss] Govt Source Code Policy
- Next by thread: [Discuss] Govt Source Code Policy
- Index(es):