Linux.com

Eben Moglen, chief counsel for the Free Software Foundation, is succinct: "SSSCA is a deliberate attempt to destroy free software."

Moglen believes that the industries behind the drafting of the SSSCA want to control information from the beginning to the end of every event chain. "The content industries want to make a leakproof pipe that leads from their production facility directly to the eyeball and eardrum of the consumer."

That pipeline must not be broken apart by any technology that is under the user's control, he says. "If the computer closest to your eyeball and eardrum has a free software operating system, the whole rest of the pipe doesn't matter: sound on its way to the sound card, or video on its way to the screen, can be copied or sent anywhere by the OS kernel.

"So the content industries cannot -- so long as they adhere to their present obsolete business models -- tolerate the existence of any user-modifiable operating system for computers. Period."

And that's what's behind Disney's and other corporations' campaign contributions to Hollings and their subsequent "urging" that Hollings, the chairman of the Senate Commerce Committee, draft the Security Systems Standards and Certification bill, which states in part that "it is unlawful to manufacture, import, offer to the public, provide or otherwise traffic in any interactive digital device that does not include and utilize certified security technologies." And while Disney interests may be completely aware of the subtleties behind the SSSCA, Hollings may be unaware of the chain of effects this could set off. "Although I cannot comment on the technical acuity of Senator Hollings," says Pat Stakem, a NASA consultant who works with FlightLinux, a version of Linux that's running on unmanned space flights, "there have been problems in the past with oversight and unintended consequences when a highly technical issue is legislated."

This isn't the first time that Hollings has sponsored highly technical legislation and tried to rush it through Congress. It is ironic that it came at a time when Hollings appeared to be on the other side of big business, fighting for stricter Internet privacy laws. Back in July, Hollings was testifying at another Congressional hearing in favor of more privacy legislation, as opposed to the self-regulation that the Information Technology Industry Council (ITIC) favors. ITIC is populated by big tech companies that normally are at odds with each other, like IBM, Microsoft, AOL, Amazon.com, Compaq, and Dell. At that hearing, Hollings said, "Where did self-regulation get us?" as he urged Congress to take swift action on new laws for privacy. Now that draft bill has disappeared, and Hollings seems to have switched sides, getting into bed with the anti-privacy, anti-freedom corporate interests.

Hollings and company have turned deaf ears on requests for more information from NewsForge and from at least one lawyer we spoke to. A representative from the office of Scott Draughon, an attorney who specializes in technology law and policy, contacted Hollings office to request a draft of the bill and was rebuffed by one of his staff, who told her, "attend the hearing."

But according to a report at WebNoize, that hearing may not be completely open. "Non-profit public interest groups haven't been invited to the hearing, which has motivated them to take action," the report written by Mark Lewis states. The Electronic Freedom Foundation issued an alert and is conducting a letter writing campaign to try to stop the progress of the draft bill, calling it DMCA2, in a comparison to the restrictive digital copyright legislation that landed Dmitry Sklyarov behind bars earlier this year when he gave a presentation on e-Book unencryption techniques at DefCon.

The Association for Computing Machinery's (ACM) Public Policy Committee is also trying to persuade Hollings and company of the dangers of the bill. "We urge you to recognize that there are many legitimate uses of technology that would be impaired by additional copyright-protection measures," states a letter addressed to Hollings from Barbara Simons and Eugene Spafford of ACM. "Already, we have seen an unintended chilling effect on computer security research by the DMCA. Any law along the lines of the SSSCA might well have more far-reaching and damaging effects, particularly as our nation attempts to enhance the security of our infrastructure and prevent acts of terrorism."

Simons and Spafford list some of their objections to the legislation:

• Colleges, universities and trade schools throughout the United States would no longer be able to teach advanced computer science and computer engineering.
• The acts of writing basic operating system software or assembling simple computer systems in classes or as assignments would be against the proposed law.
• Research in computer security and protection would be further curtailed, as any such research would be required to be done on (and not interfere with) whatever technology is imposed by this law. However, malicious actors do not need to be so concerned. This has significant national security implications.
• Researchers and hobbyists seeking new uses for innovative technology might well find their experimentation and prototypes to be criminal under this law.
• Devices as disparate as electronic cameras, wrist watches, electric pianos, televisions, ATM machines, cell phones, home security systems, and medical equipment (among many examples) all process and display information electronically. Under the proposed legislation, all would be required to support anti-copying protocols. In most such cases, this is absurd and will raise costs unnecessarily.
• Inclusion of anti-copying technology in general purpose equipment -- including real-time computing devices used in traffic control, air flight control, medical equipment, and manufacturing -- adds to their complexity and potential for failure. Unexpected interactions with other code, and accidental activation of protection protocols cannot be ruled out in every case, and in many venues the potential for damage is extreme.
• Photocopy machines, telephones and VCRs are now digital in form and can copy information. Forcing adoption of anti-copying protocols on those machines will change accepted modes of use, at best, and may render them unusable for their intended purposes.
• Other countries will not have similar requirements in their laws and may actively fear the imposition of anti-copy technologies; this will put U.S. products at a competitive disadvantage with other products manufactured elsewhere in the world. At a time when electronics manufacturers in other countries are seeking an advantage over U.S. firms, this could be catastrophic for the U.S. electronics industry.
• In addition, the draft version of SSSCA would have significant negative impacts on foreign technology imports, such as the Linux operating system, in direct violation of our obligations as a participating member of the World Trade Organization.

Spafford testified before the House Committee on October 10 at the Full Committee Hearing on Cyber Security, saying, "Legislation that is scheduled to be introduced into the Senate, the Security Systems Standards and Certification Act (SSSCA), may further restrict what research is conducted in information security. Legislation against technology instead of against infringing behavior can only hurt our progress in securing the infrastructure."

Though Spafford, Simon, and FSF lawyer Moglen are well aware of the dangers of SSSCA, other key elements may only now be waking up to the potential consequences of such broad legislation. Draughon, who specializes in D.C. doings in technology, was unaware of the draft and requested a copy from me when I contacted his office. Government agencies that use Linux and other Open Source software are also largely ignorant of SSSCA, including the Army, Navy, and the NSA, and have not been prepared to discuss the issue with NewsForge.

FlightLinux's Stakem was willing to take a look at the draft and share his initial impressions. "If the legislation, which appears to be driven and influenced by big content-providers, does affect Open Source distribution, then we need to take a long hard look." But Stakem is not overly concerned about potential danger to Open Source. "We have to make it [the source code] freely available, but [the GPL] doesn't say it can't be encrypted.

"There is a need to reform intellectual property laws to bring them more into sync with new, unforeseen realities. Unfortunately, those who can affect those changes don't necessarily understand the issues."

The Navy is preparing to experiment with Open Source software, "particularly Linux," and has signed a Cooperative Research and Development agreement with the Open Source Software Institute (OSSI). But are they aware of the dark clouds gathering around that scenario? John Weathersby, the director of the OSSI says, "SSSCA is typical of a reactionary bill proposal. It is stimulated from one side of the spectrum. But it represents a work in progress."

Weathersby believes that the Open Source community has to take the saying "eternal vigilance is the price of freedom" to heart. "I see issues like SSSCA as growing pains that we must wrestle with as we outgrow our protective shell and realize that we are part of a larger more complex economic picture.

"I don't see how it can be adequately enforced. It's like trying to hold back the tide; you can do it for a while, but then the open market, like Open Source software, will find its equilibrium."

Stakem thinks that perhaps the SSSCA will exempt government usage from its restrictions, but Moglen says there is no such exemption in the current text of the bill. "But it's not only about specific applications government might write. If SSSCA prohibits the Linux kernel, prohibits the Hurd kernel, prohibits any system with enough openness to permit users to modify its basic behavior, the ability of one federal agency to publish one applications program more or less wouldn't make the slightest difference.

"The software monopolist and the entertainment oligopolist are discovering that this can be the beginning of a beautiful, but socially obnoxious and oppressive friendship."

Share    Print    Comments