OT Linux Founder Okays DRM, Expects Irate Response
Send this Article
Print this Article Talkback
Related Stories
By James Maguire
NewsFactor Network
April 25, 2003
"I also don't necessarily like DRM myself," Linus Torvalds says, "but I still ended up feeling the same: I'm an 'Oppenheimer,' and I refuse to play politics with Linux, and I think you can use Linux for whatever you want to...."
------------------------------------------------------------------------
Unwire Your Workplace. Enjoy increased productivity and substantial ROI. Get the facts here.
------------------------------------------------------------------------
In a move certain to create controversy within the open-source community, Linux founder Linus Torvalds has stated that digital rights management (DRM) is "perfectly okay with Linux."
DRM includes a number of lock technologies designed to ensure authentication and protect against unauthorized copying. Since one of the guiding ethics of open-source developers is unfettered freedom in the use of software, Torvalds was well aware that his posting would spark a negative reaction.
In his statement, posted on the "Linux-kernel" mailing list, he said he expected to get "flamed" extensively for his approval of DRM: "My asbestos underwear is firmly in place and extremely uncomfortable," he wrote.
Growing Trend
The issue of DRM has become a central concept in software development recently. As a number of court battles mounted by the entertainment industry have failed to control peer-to-peer swapping, proprietary software and hardware developers have introduced more products aimed at defeating unauthorized copying.
Microsoft (Nasdaq: MSFT) recently introduced new DRM software, and the company's Palladium initiative includes incorporating authentication technologies into the core of a computer's system. Microsoft has definitely focused more on DRM in the last few years, Forrester analyst Michael Rasmussen told NewsFactor -- "there's no doubt about that."
But "there's still not much of a market for DRM," says Yankee Group analyst Eric Ogren, and for that reason, he finds Torvalds' announcement strange.
Even Microsoft employees have expressed bewilderment. Ogren told NewsFactor that the reaction among some of his friends at the company is, "Why are you doing this? No one's making a ton of money doing this."
Unpopular Initiatives
To say that DRM initiatives tend to be viewed unfavorably by Linux developers is an understatement. "I do realize that a lot of people want to use the kernel in some way to just make DRM go away, at least as far as Linux is concerned. Either by some policy decision or by extending the GPL (General Public License) to just not allow it," wrote Torvalds.
"I also don't necessarily like DRM myself, but I still ended up feeling the same: I'm an 'Oppenheimer,' and I refuse to play politics with Linux, and I think you can use Linux for whatever you want to -- which very much includes things I don't necessarily personally approve of."
Digital Signature
DRM technology includes a digital signature built into its programming code that it uses to validate the authentication process. Torvalds noted that "it's perfectly okay to sign a kernel image -- I do it myself indirectly every day through the kernel.org."
And, wrote Torvalds, "signing is only the first step: Acting on the fact whether a binary is signed or not (by refusing to load it, for example, or by refusing to give it a secret key) is required too."
Torvalds concluded that "since the signature is pointless unless you use it for something, and since the decision [on] how to use the signature is clearly outside of the scope of the kernel itself (and thus not a 'derived work' or anything like that), I have to convince myself that not only is it clearly okay to act on the knowledge of whether the kernel is signed or not, it's also outside of the scope of what the GPL talks about, and thus irrelevant to the license."
No Hiding Private Keys
As an added point, Torvalds noted that one thing that is clearly not allowed by the GPL is hiding private keys in the binary.
He stressed that developers can sign the binary as a result of the build process, but the GPL does not permit creating a binary that is "aware of certain keys without making those keys public -- because those keys will obviously have been part of the kernel build itself."
