License management tools: good, bad, or ugly?

Showing 1-11 of 11 messages
License management tools: good, bad, or ugly? Paul Fernhout 5/5/01 12:50 PM
INTRODUCTION

I've read Richard Stallman's "right-to-read" essay.
  http://www.gnu.org/philosophy/right-to-read.html

I've also seen the public outcry over hard disks which would include
license management features.
  http://slashdot.org/articles/01/01/07/1545220.shtml

I definitely do not want to see a future world of only proprietary
intellectual property where basically everything I want to do requires
agreeing to endless licenses and royalty payments, such as described in
"right-to-read". My wife and I released a six person-year effort under
the GPL (a garden simulator application) around 1997
  http://www.gardenwithinsight.com
so I am obviously sympathetic to encouraging free sharing of some
information and allowing derived works of some things.

However, on a practical basis, living in our society as it is right now,
any software developer is going to handle lots of packets of information
from emails to applications to program modules under a variety of
explicit or implied licenses. If a developer is going to do this in a
way that makes his or her work most useful to the community (under the
terms he or she so chooses), proper attention must be given to the
licensing status of all works received and distributed, especially those
that form the basis for new derived works to be distributed. Note that
even in the case of purely GPL'd works, one still needs to know that a
user contributing an extension to a GPL'd work was the original author
and/or he or she has permission to distribute the patch (if say an
employer owns all the contributor's work).

My question is: should software tools, protocols, and standards play a
role in easing this required "due diligence"
  http://www.lawnotes.com/ipduedil.html
license management work (at least as far as copyright alone is
concerned)?

CURRENT PRACTICE ON LICENSE MANAGEMENT

For example, software projects which just take contributions from
anybody and package them into the distribution without doing all the due
diligence required may be heading for legal issues (or at least, may be
giving some cautious users pause before large scale use). I've been
admittedly a thorn in the side of the Squeak community, harping on this
issue. For example:
  http://squeak.cs.uiuc.edu/mail/squeak/msg04484.html
  http://squeak.cs.uiuc.edu/mail/squeak/msg07054.html

By contrast, the Free Software Foundation for GNU works attempts to be
very explicit about licensing and the license management process, for
example:
  http://www.fsf.org/prep/maintain_5.html#SEC5
  http://www.fsf.org/prep/maintain_6.html#SEC6
However, this license management process is mostly handled through human
vigilance and paperwork.

In the interest of ensuring one may redistribute things or make derived
works from them, it would seem ensuring clarity of the license under
which you receive something is essential. So to is picking an explicit
license (i.e. GPL, LGPL, BSD, whatever) for projects and includign it
with the work. We are already stuck with numerous licenses and numerous
opinions on them. Realistically, I don't see that variety of licenses
and motivations going away anytime soon. Would it then be a good idea to
use a system for collaborative development that helps encourage
licensing clarity up front?

WHY IS CLARITY OF LICENSING IMPORTANT?

Why is this important? Even the same author might pick multiple licenses
for contributions. For example, Richard Stallman as far as I can tell
usually tends to use at least two licenses -- the GPL for code and a
"Verbatim copying and distribution of this entire article is permitted
in any medium, provided this notice is preserved" for some writings such
as for his "right-to-read" essay. It would be important to distinguish
if you archived all of Richard Stallman's public works for future use
that you could legally make a derived work of say an emacs code module
under the GPL by adding lots more code, whereas you could not legally
make a derived work from "right-to-read" say by expanding that story to
twice the size. This isn't necessarily inconsistency on his part.
Richard Stallman distinguishes "functional" sets of instructions from
"opinion" pieces and from "aesthetic" works.
  http://www.ipmatters.net/webcaught/interview_stallman.html

The point is, in general, no matter who you are, you are likely to make
and use works under a variety of licenses.

AUTOMATING LICENSE HANDLING?

So, would it make things better or worse if a legally binding license
accompanied every data transmission? (Or more than one if that is the
case).

Usually license management tools (e.g. for music or DVDs) are thought of
as keeping the end user from doing something they might wish to with
content they have paid for. Does it make sense as well to look at
license management tools from the perspective of allowing
(non-technical, non-lawyer) casual users to do things they otherwise
might not be legally sure they can do? Similarly, would such tools help
someone filter out proprietary content with licenses he or she does not
approve of (and would this provide incentives for artists to release
free versions if they want to reach people through those filters)? And
most of all, would such tools allow creative people to be more certain
that they could legally use certain freely licensed materials found on
the internet in making derived works? Would this provide a legitimate
defense of due diligence to minimize copyright infringement suit costs
(or reduce related liability insurance costs)?

For example, when you get an email it could come with a machine-readable
license (e.g. "redistribution OK in entirety", "for your eyes only",
"open content", "GPL"). Likewise, what if every file or zip archive came
with a specific machine-readable license? In effect, this would make the
license a fundamental part of the work.

In part, you may think, perhaps correctly, this it the "right-to-read"
nightmare. Such information could be used to prevent you from making
copies of things you might want to copy (legally or not) under some
notion of "fair use"
  http://fairuse.stanford.edu/
if the system enforced the license by preventing say you forwarding or
quoting an email that comes in with a license of "for your eyes only" or
with no explicit license at all. Perhaps the feeling that copy
protection systems will prevent fair use underlies much of the
resistance to such automation. It is not my point in this note to
advocate either for or against the enforcement of licenses by the end
user's system. Obviously though, enforcement would certainly be made
easier by machine-readable licenses, and this is a problematical issue
as far as "fair use" is concerned.

On the other hand, license management tools might force everyone to be
explicit about licenses for things they redistribute. Some authors would
explicitly choose free or open licenses. That might mean that when you
get free software (or open source software or anything else) you would
know what you at a minimum can and can't do with it. That clarity and
sense of peace of mind might help promote use and more derived works.

For example, even if MIT puts its course material on-line, that does not
necessarily mean you can make derived works from them or even share them
with a friend (other than by telling them to look at the MIT site). Yet,
without a good free license management system, that fact might not be
obvious to users and a truly free course library may never arise. (Note:
I don't know whether the MIT courses will permit derived works, so MIT
may surprise me.)

A LICENSE REJECTION PROTOCOL

Being explicit about licensing (especially in a machine-readable way)
may have great benefits. For one thing, you might decide to set your
email receiver to reject email from most people unless it came with an
acceptable (to you) license. There might be a "license negotiation"
protocol at the start of all transmissions of all works.

For example:
Sender: PERMISSION TO SEND "Windows NT Source" BY "misguided kiddy";
Receiver: WHAT LICENSE?;
Sender: LICENSE: NO-REDISTRIBUTE-39;
Receiver: REJECT;

or perhaps instead:
Sender: PERMISSION TO SEND "GNU/Linux kernel mods" BY "Linus Torvalds";
Receiver: WHAT LICENSE?;
Sender: LICENSE: GPL-2;  
Receiver: ACCEPT;

If you ran a peer-to-peer file server, such a protocol might help ensure
only legally redistributeable works were redistributed on it (making it
legally safer to run one). Obviously, people could lie about the license
status of works when they inject them into the system -- but the point
is, it forces such people to explicitly lie, as opposed to just being
careless or neglectful. (Obviously, carelessness and neglect could
affect the system as well if the person injecting the information is
just confused, hopefully other factors like community awareness could
minimize this.) Nonetheless, it might gives users a legal defense from
extreme copyright infringement awards if they screen incoming data. This
in turn might make insurance for such situations affordable. Defenders
of such a file sharing system (in court) could then admit to there being
a few "bad apples" and take efforts to route out such illegally
contributed material in the same way people now use virus scanners or
other filters. This might make it more likely such systems would
prosper, with other attendant benefits for democracy or an open society.

To be clear: I personally am not for supporting sharing of material that
for legal or copyright reasons can't be shared (it's the law; change the
law peacefully if so desired). I instead want to make sure that it is
easy to share material that it is legal to share, and likewise I want to
ensure it easy to make derived works with clear legal titles from
material it is legal to make derived works from.

In the case of software, with such a system, when you build free
software packages (or "open source" ones), you could ensure that all
contributions were under an acceptable license, because that licensing
information would be already there in a machine-readable form (perhaps
including information pointing to works and their licenses from which
you made derived works). Presumably, if someone emailed you a
contribution using such a system, you could see at a glance from the
email record what license it (or the code part) was under. In addition,
information could also come along that was the equivalent of a statement
of either originality for the work or a statement the author had
permission to incorporate other works they used into the new work under
the license chosen. Such information might include an audit trail of all
works and licenses used by various authors in making the final product.

AN EXAMPLE FROM THE MUSIC WORLD ON THE NEED FOR LICENSE META-DATA

Such issues extend beyond software. If we are to enlarge the realm of
works that are publicly accessible in various ways
  http://www.centerforthepublicdomain.org/
it is important to wrestle with the issue of how to ensure a large body
of things are clearly licensed. See for example, the issues involved
with making a large quantity of images publicly accessible:
  http://www.pipeline.com/~rabaron/VRA-TM-SF-PublicDomain.htm

For example, consider this situation. I go to the Choral Public domain
site
  http://cpdl.snaptel.com/
and download a MIDI tune picked at random, say "Ecce nunc benedicite" by
"Giovanni Pierluigi da Palestrina" edited by "Claudio
Macchi".                    
  http://cpdl.snaptel.com/sound/pal-ecce.mid
Let's say I like it and want to pass it on.

The Choral Public Domain Library site has "public domain" in the title,
but the main page announces "Much of the music in this archive is in the
public domain and has been newly edited under the terms of the Choral
Public Domain License (CPDL). Under this license, all music here can be
freely downloaded, distributed, reproduced, performed, and recorded.
Modifications can be made to these editions, if certain steps are
followed. A working draft of the CPDL is available on this website
(click here)." This leads to a variant license inspired by the GPL:
  http://cpdl.snaptel.com/license.htm
All of this requires me to think a lot, keep track of information, tell
other people things, and in general, not be able to treat the MIDI file
(from a licensing perspective) as more or less an atomic thing. I can't
just point a tool at the "pal-ecce.mid" file and check what the
licensing conditions are.

As soon as I have this file on my computer, much of the "meta data"
about licensing is lost, since the meta-data is not all kept in the same
file but is implicit from having the file on the site. If I pass the
file to you, how do you know it is freely redistributeable? Do you take
my word for it? Do you check the site? Am I myself even sure enough what
license it is under when I downloaded it that I can give you assurances
you can use it? Why should you trust me if I do? Did you get the
identical version I downloaded, or did I slip in a change which I might
later use to make a claim against you if you use the file in a work of
your own? If I (not the author) bundle the midi file with a CPDL license
in a zip file, how do you know I had any right to do that? How much time
do you need to take to verify the situation?

Note: this isn't to put down this particular site. It is a great site
that has given me much enjoyment and represents a lot of painstaking
work to assure compliance with copyright law. The issue isn't specific
to the site or its files. I just use it as an example. Also, this
problem isn't specific to MIDI files. Even if you could put such
information as a text comment in a MIDI file, this doesn't solve the
general issue for all files, or necessarily in a way where license
analysis, filtering, and handling could be automated.

Note that ultimately, having such meta-data in every file might require
operating system support, or at least very smart tools, like a MIDI
player that ignores the meta-data when actually playing the file. That
in turn might require a more sophisticated repository approach to
storing all file data (at a minimum, perhaps "license forks" like the
Macintosh has "data forks", although this doesn't address the notion of
one license covering multiple files taken as a whole).

HOW THINGS CAN GO WRONG

Python (whose license recently became GPL incompatible for the moment)
  http://slashdot.org/interviews/01/04/20/1455252.shtml
suffered from a sort of lack of clarity in licensing. CNRI in effect
claimed that no permission had ever been granted to use Guido's work
done on Python done at CNRI (that is, the Python license only covered
work from before he joined). Note that Guido has been asked by CNRI
lawyers to get signed permission
  http://www.python.org/1.5/legalfaq.html
  http://www.python.org/1.5/wetsign.html
for external contributions to Python; I guess it never occurred to
anyone to get Guido van Rossum to sign such a thing as well in terms of
ensuring his contributions were also under a Python-like license.
 
It is a fair question whether such a system might have helped some with
this. Certainly, such a license management system might not resolve this
issue entirely, since people could mistakenly pick a wrong license or
claim permission to redistribute (say against their employer's wishes).
Would such a system make the case stronger in court if a Python user was
sued, at least that due diligence was kept up?

I'm sure people in this newsgroup will point out that if Python was
under the GPL before Guido van Rossum came to CNRI, this particular
problem might not have arisen (although, frankly, I think part of
Python's success was from being easily embeddable in proprietary works,
seemingly legally.)

If such a system came with a tutorial module and click through tests and
such to ensure the author knew the issues relating to ownership and
originality before they could start using it, would that help? Could
such a system also help with the due diligence required to maintain the
legal purity of only GPL's code?

USING NEW LAWS TO HELP FREE SOFTWARE

On a practical basis, without such an automated system, it may be more
difficult to build large software systems collaboratively. So, can
click-through licenses, encryption reverse engineering restrictions, and
such now be used to benefit free software? Could it be possible that
some recent laws related to making click through licenses legally
binding might be used in such software to make your granting of such
license to use your work through the system legally binding? This could
possibly make the due diligence process for building free software much
easier. Also, could recent laws related to reverse engineering of
encryption schemes give such systems legal validity as far as providing
evidence of due diligence in terms of assuming simple digital signatures
generated by the system are authentic?

DO IT ONLY FOR FREE SOFTWARE OR SIMILAR WORKS?

Would it make any difference if such an approach was limited to say an
email reader (or peer-to-peer client) which basically only tracked a few
licenses for contributions (i.e. GPL, LGPL, BSD, public domain vs.
OTHER)? Could that at least make due diligence easier for writing GPL
code while leaving everyone else with the due diligence problem? Or
would the system quickly be adapted for a wide variety of licenses?

FEEDBACK REQUESTED

So anyway, what do people think? Would such a license management
approach with tools, protocols, and standards (ensuring every work
received or sent comes with a legally binding machine-readable license
and related audit trails for derived works) promote more clearly titled
(in a legal sense) free software or would it be the slippery slope to
the "right-to-read" future?  Without explicit licensing handling, are we
just setting the free software or open content communities up for legal
challenges down the road as people just try to do their best without
such tools? Is trying to automate license handling really that much
different (in a bad way) from the current situation of often
distributing zip files including both content and license?

[Disclaimer: I am not a lawyer; any corrections from such are
appreciated.]

-Paul Fernhout
Kurtz-Fernhout Software
=========================================================
Developers of custom software and educational simulations
Creators of the GPL Garden with Insight(TM) garden simulator
http://www.kurtz-fernhout.com

Copyright 2001 Paul D. Fernhout
License: Verbatim copying and distribution of this entire article is
permitted in any medium, provided this notice is preserved.
Note: I believe "fair use" of this work permits copying of short
sections with attribution for the purpose of Usenet discussion.

License management tools: good, bad, or ugly? Paul Fernhout 5/19/01 7:36 PM
I previously wrote:
> Would such a license management approach with
> tools, protocols, and standards
> (ensuring every work received or sent comes with a legally
> binding machine-readable license and related audit trails
> for derived works) promote more clearly titled
> (in a legal sense) free software
> or would it be the slippery slope to the "right-to-read" future?

There have been no comments on my original post from the newsgroup so
far. Since it was both a long post and there was a heated thread going
on at the time of the post, let me try again. I was expecting at least a
flame or two considering the public outcry over hard disks which would
include license management features -- not that this is exactly the same
thing, but it resembles it enough I expected some concern.

To (over)simplify, by "license management tools" I mean putting a header
of machine-readable license information in every file, and building
subroutines to create and use that information. A little more generally,
I mean something like "adding support to tools and operating systems for
tracking for each code or content module (or file) the associated
license (or licenses) and contributor history list (or lists for merged
items) in a systematic and computer-readable way".

Managing licenses is important because under current copyright law
  http://www.loc.gov/copyright/circs/circ03.html
a file you receive or transmit without an explicit license essentially
cannot legally be used for anything (since pretty much every action with
a file on a computer including displaying it requires copying).
Obviously there is some tiny (and ever diminishing) wiggle room in
claiming "fair use", implicit permission, or even prevalent social
convention, say, if you copy a usenet message to your hard disk, but
those principles are very hazy and the safest thing is to assume you can
make no copies without explicit permission.

This need for a license is especially true for making derived works you
plan to redistribute, because here your liability seems highest. If we
are to have a lot of free software and free content, based on fine grain
collaboration made possible by the internet allowing us to rapidly
modify each others works, that is a lot of licenses citing a lot of
authors. If these licenses get lost (as in the midi file download
example I cited), the content can no longer be considered free. Handling
lots of papers is what computers are good at. The less time people need
to spend thinking about, negotiating, and managing paperwork and extra
files related to free licenses, the more time they can spend making free
software and free content.

Such systems are also often called "digital rights management".
  http://www.w3.org/2000/12/drm-ws/
One problem from the point of view of authors who wish to tightly
control their works is that such DRM systems "leak":
  http://www.w3.org/2000/12/drm-ws/pp/digitalhanse-reichwein.html
However, my intent here is to ensure the continued freedom of free
files, so it is in the interest of end users to ensure such free data is
kept in the system. I am trying to shift a paradigm here from "rights
management to restrict rights and ensure author royalties" to "rights
management to ensure the right to freely copy and make derived works".

Can I take it then that in general free software developers do not have
major issues with such a system being implemented or popularized to help
ensure license clarity for free software and free content? Frankly, the
concept is a little scary to me in terms of getting out of hand (in
terms of attempting to use it to enforce licenses or limit fair use),
which is why I created the original post. But I'm coming to believe it
is may be a necessary evil given today's legal situation for copyright.

Opinions? Flames? Wheels (reinvented)?

-Paul Fernhout
Kurtz-Fernhout Software
=========================================================
Developers of custom software and educational simulations
Creators of the Garden with Insight(TM) garden simulator
http://www.kurtz-fernhout.com

License management tools: good, bad, or ugly? Isaac 5/20/01 8:14 AM
On Sat, 19 May 2001 22:36:14 -0400, Paul Fernhout
<pdfer...@kurtz-fernhout.com> wrote:
>There have been no comments on my original post from the newsgroup so
>far. Since it was both a long post and there was a heated thread going
>on at the time of the post, let me try again. I was expecting at least a
>flame or two considering the public outcry over hard disks which would

I read your post, and I'll admit to being to drained with flaming
elsewhere to invest time in a length and meaty post.  

I thought the idea of automating the license issues even among free
software seemed somewhat implausible.  The method of implemenation
you describe (add stuff to each file) seems unweildy and an obstacle
to portability.  I would suggest that the law probably supports the
right to at least read any legally acquired text file on my system
even if some incidental copying takes place.  For other file types,
(multimedia, binaries, etc) perhaps not.  Given that, it seems
to me implausible that the kind of license manager you describe
could be implemented without making a computer very difficult to
use.

Implementation issues aside, automating the legal issues surrounding
free software seems an impossible task as well, and as you pointed out
the compatibility among free licenses is a constant state of debate.
Sometimes problems are resolved by contacting the author and getting
a permission slip.  Other problems spark recurring month long debate
and flames.

Anyway, because the system you described seemed to have a fairly
remote chance of being implemented, and because the flaws seemed
so evident, I couldn't work myself up to commenting.  

I really so wanted to flame too..

Isaac

License management tools: good, bad, or ugly? Paul Fernhout 5/20/01 5:12 PM
Isaac-

Thanks for the reply. OK, so there are technical and user interface
issues. I haven't worked them out in detail, in part because I wanted to
get feedback before creating the next Frankenstein's monster of
licensing (who by the way, actually turned out in Mary Shelly's original
book
  http://www.boutell.com/frankenstein/
to be a very insightful and essentially compassionate guy, if a bit ugly
and scary looking.)

And, of course, even if I had a fully worked out and implemented
"Frankenlicense?" :-) system, getting people to actually adopt it as a
standard for daily use for information interchange would be even harder
still.

Perhaps I should then refine the question away from technical issues to
focus on the paradigm shift.

Essentially, is it sensible to shift the debate on Digital Rights
Management from:

"rights management to restrict rights and ensure author royalties"

to:

"rights management to ensure the right to freely copy and make derived
works"

as a new paradigm?

Does this sound like a general principle free software and free content
developers could get behind? Or is that concept itself flawed, perhaps
because people think DRM is a fundamentally flawed concept as far as
ensuring personal freedoms?

By the way, as for reading a text file on your system (say this post), I
read somewhere in the end only nine people really know the true
definition of "fair use" in the US -- the supreme court! That's a scary
thing when some unauthorized copying is now a felony.

-Paul Fernhout
Kurtz-Fernhout Software
=========================================================
Developers of custom software and educational simulations
Creators of the Garden with Insight(TM) garden simulator
http://www.kurtz-fernhout.com

License management tools: good, bad, or ugly? phil hunt 5/21/01 7:56 AM
On Sun, 20 May 2001 20:12:23 -0400, Paul Fernhout <pdfer...@kurtz-fernhout.com> wrote:
>
>Does this sound like a general principle free software and free content
>developers could get behind? Or is that concept itself flawed, perhaps
>because people think DRM is a fundamentally flawed concept as far as
>ensuring personal freedoms?

Which it is.

The point of DRM is to *restrict* people's rights, not to guve them rights.

It should really stand for Digital Restrictions Management.

--
*****[ Phil Hunt ***** ph...@comuno.freeserve.co.uk ]*****
Pstream class library for C++: a Parsing Stream library that
facilitates writing lexical analysers and other programs
that parse data files. Available on an open source license from
<http://www.vision25.demon.co.uk/oss/phlib/intro.html>

               

License management tools: good, bad, or ugly? Paul Fernhout 5/22/01 8:26 PM
phil hunt wrote:
>
> On Sun, 20 May 2001 20:12:23 -0400, Paul Fernhout <pdfer...@kurtz-fernhout.com> wrote:
> >
> >Does this ["managing licenses to ensure freedom"]
> >sound like a general principle free software and free content
> >developers could get behind? Or is that concept itself flawed, perhaps
> >because people think DRM is a fundamentally flawed concept as far as
> >ensuring personal freedoms?
>
> Which it is.
>
> The point of DRM is to *restrict* people's rights, not to guve them rights.
>
> It should really stand for Digital Restrictions Management.

Phil-

Thanks for the feedback.

All works since 1978 (US laws) and 1989 (World Berne Convention) are now
copyrighted by default
  http://www.loc.gov/copyright/circs/circ03.html
rather than requiring an explicit act by the author of adding a
copyright notice. Thus all recent works can't be used without permission
(from an explicit license). Many people still do not understand the
implications (especially people who grew up under the old law) and
assume that a license only restricts what you can do with something, and
things without licenses or copyright notices are public domain. That
used to be the case. Now a license is required before a file can be
copied, meaning licenses grant permission to use, and without one, a
file is legally useless. (Obviously, "fair use" is/was the oil that lets
the WWW gears turn to some extent anyway.) The DMCA just continues this
trend and reduces the scope of "fair use", and also criminalizes some
types of copying as a felony.

So, without explicit licenses, we can't legally view many files on our
computers (like this usenet email) because making copies without
permission is against the law. "Fair use" is continually being
restricted, and in any case, how can you fairly use a copy of something
(like a downloaded web page) for which you never got any explicit
license grantign permission to copy in the first place? This is as
opposed to the "doctrine of first sale" when you copy from a physical
book where you have a right to view the physical book because it is in
your physical posession. As another example, if you have a physical
letter from a person you have a right to view it (although you don't
generally have the right to publish it.) In this context, a DRM system
could ensures you have such a "free" license to make copies of digital
works if such permission was intended by the author. This DRM would then
be giving rights, not restricting rights, because the restriction is
(essentially) the default under the law. From:
  http://www.law.wayne.edu/litman/papers/read.htm
"Most of us can no longer spend even an hour without colliding with the
copyright law. Reading one's mail or picking up one's telephone messages
these days requires many of us to commit acts that the government's
Information Infrastructure Task Force now tells us ought to be viewed as
unauthorized reproductions or transmissions."

It is true that the way that Digital Rights Management (DRM) systems are
usually discussed
  http://www.w3.org/2000/12/drm-ws/
in terms of implementation is to restrict rights by preventing copying
or use, because the default on our current personal computer system
implementations is typically to not in any way restrict copying or use
of files. (Obviously some file systems like for Unix restrict file
access based on permissions for user, group, and world -- but generally
for reasons of privacy and security, not payment.)
 
I would not want to see generally enforced restrictions (as opposed to,
say, advisories) on copying using a pay-per-use DRM system because that
would be an end to any sort of "fair use" the system was not designed to
permit. It would also limit use because it could not handle other
permissions you obtained that were not recorded in the system (like the
copyright finally expires or the artist personally says you can view the
work). Essentially a DRM on every computer charging for every use of
every file is like making every road a toll road. Lots of things can go
wrong with such systems.

I recently used a toll road (the Garden State Parkway in New Jersey) and
had four mis-transactions in a row.
1. At the first toll plaza, I asked for a receipt when buying a roll of
tokens. The attendant probably didn't hear me and didn't give me a
receipt, and rather than make a big thing out of it with a waiting line
I drove on.
2. At the second plaza, I threw in a token into a basket, but I didn't
see any sort of light turn on. I didn't normally drive that road, so I
was admittedly a bit confused as to which the indicator was in terms of
what was going on (where was it, was it burned out?). I didn't see a red
light, but I didn't see a green one either. There were some human
interface issues with how the booth indicator was set up (the same booth
can have a toll taker, take coins, or use an electronic "Easy-Pass"
token -- but only one at a time and the "hand shake" method is different
for each). Perhaps I ended up in lane configured for Easy-Pass (although
I specifically went for the token lane)? In any case, I drove on after
waiting a bit after a beep of the horn (what you are supposed to do),
although for all I know I now have a $200 fine hanging over me in that
state as there is a camera set up at each booth to take a license plate
photo. And how would I contest paying such a fine? It would be my word
against the machine's picture, and I don't even have a receipt saying I
paid for some tokens (because of failure #1).
3. At the third plaza I threw in a token and nothing happened. Rather
than risk another $200 fine, I threw in another token, and also nothing
happened. So I threw in a third token, and I finally got a green light.
4. At the fourth plaza, the token lane I ended up in was all the way to
the left side, but when I merged back from the left (fast) side of the
road after the plaza there was a lot of traffic and I came close to an
accident.
So, the non-direct "toll" costs of using that road included: no receipt,
worrying about a $200 fine because of machine failure, multiple charges
for the same permission, and finally putting my life and property at
risk.

Putting the toll road failures in the DRM context, these failures of the
system might be analogous to:
1. a failure to store a digital receipt after paying for a number of
song playbacks ("But you were out of disk!"),
2. the DRM system recording a copyright (felony) violation despite
deducting a usage fee from an account ("whoops, wrong account ID!"),
3. the DRM system billing multiple times for the same single action
("Yeah, there's a bug if the payment amount is a multiple of seven and
it's a Thursday!"), and finally
4. lack of access to some crucial material at the right time, by DRM
system failure or bad user interface or additional delay, causing loss
of human life. ("Sorry, but I didn't know the patient needed heart
medication because I could not access a copy of the patient medication
records since the hospital DRM system payment account was temporarily
overdrawn.")

I can certainly see the point that since the road had to be paid for one
way or another, why not have it paid for from a general fund, since it
is cheaper in terms of these "external" costs I had to pay? Richard
Stallman writes about toll roads vs. free roads here:
  http://www.gnu.org/philosophy/shouldbefree.html
The issue is not that people shouldn't get paid for doing creative
things, but rather that the current system restricts derivative works as
a side effect of restricting distribution. Now, DMCA criminalizes some
copying. DRM systems may soon charge us dearly for everything we do on
the computer. While for example a grant funded system might be unfair,
at least the granting agency could insist all the grant funded software
was released as free software, so I could indirectly benefit from the
results of the grant (using the software as a base to build on) even if
I did not get a grant myself.  And as a bonus, we wouldn't need
draconian privacy invading laws like successors to the DMCA will surely
be if the trend continues (Stallman's "right-to-read" scenario). With
increased productivity and a wealthy society, we are even slowly moving
towards a "post-scarcity" economy where rationing access to a basic
level of services may not even have to be done for water, food, shelter,
medicine, communications, clothes, education, and transport, meaning
artists and programmers willing to live at a basic level may not even
need to earn money from their works to keep at them full-time.

However, especially with the changes to copyright law from DMCA, it
seems to me that legally speaking most common copying cannot be done
without explicit permission, since the law attempts to restrict fair
use. I'm being slightly overly broad here, but certainly that's the
direction the law is heading. See Professor Jessica Litman's writings:
  http://www.msen.com/~litman/
  http://www.law.wayne.edu/litman/
http://slashdot.org/article.pl?sid=01/03/28/0121209&mode=thread&threshold=1

However, having said all that, the current DMCA law still may
criminalize much of what is done with computers on a routine basis, and
it does so in a way that works against the public's expectations for
"fair use". So under the DMCA, it is more like using any interesting
file or email on your computer is like passing through a toll plaza
which puts you in jail unless you have the right permission slip for the
specific toll plaza. This is counter the public perception of copyright
and is probably thus a bad law. Richard Stallman suggests better
copyright laws (from the public perspective) here:
http://media-in-transition.mit.edu/forums/copyright/index_transcript.html
Still, DMCA is the law, and to obey the law, even if we use only free
software and free content, we may need a system that keeps track of free
licenses for us for every file (or email) we have on our computers.

Metaphorically, consider "slave" files and "free" files. Our current
copyright system is now in some ways like the American South before the
Civil War where black people (or now "creative works") were often
assumed to be a runaway slave unless they had their papers of freedom
with them (or a pass from the slave holder).
From:
  http://www.ibiscom.com/fdoug.htm
"It was the custom in the State of Maryland to require the free colored
people to have what were called free papers. These instruments they were
required to renew very often, and by charging a fee for this writing,
considerable sums from time to time were collected by the State."

Obviously, black people suffered greatly under slavery without such
papers, even if they had had them at one time, such as described at:
  http://docsouth.unc.edu/northup/nytarticle.html
so this analogy is very limited when applied to inanimate things and I
don't mean to make light of the suffering of all people (master,
slave, freeman, and bystander) under human slavery (especially as
practiced in the American South, which is discussed at length in _A
People's History of the United States_ by Howard Zinn).

Pressing the analogy forward nonetheless, the default since 1979 in the
US changed so that all files or other creative works are "slaves" and if
caught without their papers of "freedom" (e.g. the GPL in an
accompanying file in a zip archive, or an accompanying statement by the
author releasing them into the public domain) they must be treated as
"slaves" under the law. Under the current law you can't be kind to a
file's continued existence by copying it or making derivative works from
it if the file does not come with "free papers". Under the law you need
to keep file "slaves" without papers out of your home and are sometimes
rewarded if you turn in others who harbor such "slaves". This is made
easy with 1-800 numbers for turning in your friends and employers if
they harbor, aid, or abet such runaway meme slaves. Granted, text files
often have a copyright and GPL notice in them at the top; however this
doesn't work for images, sounds, or various other types of files, and in
any case, the way this is done in text files is not consistent or
machine-readable. Even if a file has a license, that does not prove the
license is legal or was not added without permission, since like in
Frederick Douglass' "Escape From Slavery, 1838" essay referenced above,
where he escaped Maryland using a friend's papers, the papers that come
with a "free" file may not be authentic.

Adding explicit license "meta data" in a file ensures that the "papers"
indicating a module is "free" always travel with that module. Digital
signatures can given one a higher confidence that the papers of freedom
are authentic. The example I gave of what becomes of a "free" midi file
after I download it points to this problem. Without the meta data about
its freedom, the "free" midi file again becomes a "slave", or at best,
dependent on the downloader to vouch for it. Shifting the paradigm of
digital rights management and related technology towards "ensuring
freedom" is intended to ensure an easy way to grant permission to use
some work freely, and to ensure a free item has meta data about its
freedom which travels with it.

Even now, "free" people (like from the US) need to carry a passport (and
often a visa) when in another country or they will be detained at the
border (or elsewhere). So, you could think of this approach as embedding
a "passport" in all free files, as well as a permission "visa". Perhaps
someday the world and laws may be such that passports and visas will not
be required or important. But, that doesn't change the fact that they
are important today.

In the case of human slavery, laws were changed to make all people free.
This may happen with file "slavery" someday but until then we need a way
of keeping the papers of freedom with the free software or free content.
This happens now informally. I'm asking, what would happen if we
formalize this?

I can't do much in the next month about people who want to enslave their
creative works or changing the laws back to pre-1979 rules for all
creative works. Also, like Thomas Jefferson, I have some such digital
"slaves" myself and I participate in that economy. However, I can still
try in my spare time to make it easier for people who want to free their
slaves and collaborate with others on free creative works by (if it
makes sense) creating such standards and related subroutines for
handling free licenses as well as possible under the current law. That's
actually not the main thing I want to do (I'd rather make simulations
and content and tools for a free digital library on sustainable
technology), but it does seem like it might be a prerequisite for moving
forward if such efforts were to be done collaboratively on a large
scale. A lot of my feeling about this comes out of my experience with
the Squeak Smalltalk community and the complete lack of clarity
regarding the license status of many contributions to that system.
Another part comes out of seeing how the Python license overnight became
GPL incompatible retroactively. And there are other experiences I have
had where licensing clarity was lacking and prevented me for
redistributing derived works I had created.

However, such a "free" DRM system could probably be easily adapted to
handling or even (sadly) enforcing proprietary licenses too, and I think
this creates questions of whether this road is worth going down (if it
leads to "right to read"). But if we really believe in the growing
spirit of cooperation to produce free works (think James P. Hogan's
  http://www.jamesphogan.com/
novels "Voyage from Yesteryear" or "Cradle of Saturn" or Theodore
Sturgeon's short story "The Skills of Xanadu" in his anthology "Selected
Stories"), perhaps such a system may help create a world where
proprietary content is marginalized and filtered out, especially if the
rest of the economy moves to a "post-scarcity" model.

If this road is worth going down, one should also consider whether it
makes sense to just design the general system to allow non-free licenses
as well, as a tradeoff for increasing adoption speed in the standards
war and to speed the network effect of adoption. We as a society
unfortunately do seem to be going down this road towards Digital Rights
Management anyway, so perhaps the free software community should do
something about this first in the context of promoting free content.

In any event, now is the best time for more people to tell me why this
is a bad idea for various reasons before I or someone else implements
such a system without taking into account valid objections that would
either lead to changes in the design or lead to not doing it at all.

-Paul Fernhout
Kurtz-Fernhout Software
=========================================================
Developers of custom software and educational simulations
Creators of the GPL Garden with Insight(TM) garden simulator
http://www.kurtz-fernhout.com

License management tools: good, bad, or ugly? Isaac 5/22/01 9:51 PM
On Tue, 22 May 2001 23:26:09 -0400, Paul Fernhout
<pdfer...@kurtz-fernhout.com> wrote:
>
>implications (especially people who grew up under the old law) and
>assume that a license only restricts what you can do with something, and
>things without licenses or copyright notices are public domain. That
>used to be the case. Now a license is required before a file can be
>copied, meaning licenses grant permission to use, and without one, a
>file is legally useless. (Obviously, "fair use" is/was the oil that lets

I think this overstates the case a bit.  Lots of uses don't involve
copying.  When you read something and use the ideas contained
but not the specific copyrighted expressions, you do not need permission.
Such "uses" should not be confused with fair use, which is a defense
to actual copying.

>the WWW gears turn to some extent anyway.) The DMCA just continues this
>trend and reduces the scope of "fair use", and also criminalizes some
>types of copying as a felony.

The one advantage that the DMCA has over your proposal is that at least
there is some onus on the copyright holder if he intends to restrict
usage.  There has to be some access control measure in place.  Your
proposal would only be worthwhile if the default case was that there
was no permission to access, let alone use copyrighted material even
if one of the copyright holders exclusive rights is not infringed.


>
>So, without explicit licenses, we can't legally view many files on our
>computers (like this usenet email) because making copies without

I think you overstate the case again.  To fair use also add implicit
and explicit permission.  Undoubtably, you know that the message
you've posted has been copies and archived countless times in order
to traverse usenet.  Surely you don't think you have the right to
sue the owners of machines on the network?

>Metaphorically, consider "slave" files and "free" files. Our current
>copyright system is now in some ways like the American South before the
>Civil War where black people (or now "creative works") were often
>assumed to be a runaway slave unless they had their papers of freedom
>with them (or a pass from the slave holder).

This kind of comparison is very similar to invoking the Nazi's.  I
find it very hard to take such metaphors seriously.  In fact I find
them offensive.

Isaac

License management tools: good, bad, or ugly? Mark Wooding 5/23/01 5:35 AM
Thanks for your excellent article.

Paul Fernhout <pdfer...@kurtz-fernhout.com> wrote:

> However, especially with the changes to copyright law from DMCA, it
> seems to me that legally speaking most common copying cannot be done
> without explicit permission, since the law attempts to restrict fair
> use. I'm being slightly overly broad here, but certainly that's the
> direction the law is heading. See Professor Jessica Litman's writings:
>   http://www.msen.com/~litman/
>   http://www.law.wayne.edu/litman/

And thanks for this pointer.  Litman has some interesting and persuasive
ideas.

> However, such a "free" DRM system could probably be easily adapted to
> handling or even (sadly) enforcing proprietary licenses too, and I think
> this creates questions of whether this road is worth going down (if it
> leads to "right to read").

I think that you've provided your own clue to the solution.  If the
system is really `free', and moreover copyleft, then we're home and
dry.  It can pop up warnings about licensing issues if it likes, and
even forbid certain operations, but because the source code *of the
actual version you're running* is available, you can bodge around if it
gets something wrong, or whatever.  It won't actually stop you from
doing things that you shouldn't, but it will let you know that you're
on dodgy ground.

I think this is an almost archetypal application for the LGPL.

-- [mdw]

License management tools: good, bad, or ugly? Paul Fernhout 5/23/01 9:20 PM
Thanks for the comments and compliments.

Mark Wooding wrote:
> > However, such a "free" DRM system could probably be easily adapted to
> > handling or even (sadly) enforcing proprietary licenses too, and I think
> > this creates questions of whether this road is worth going down (if it
> > leads to "right to read").
>
> I think that you've provided your own clue to the solution.  If the
> system is really `free', and moreover copyleft, then we're home and
> dry.  It can pop up warnings about licensing issues if it likes, and
> even forbid certain operations, but because the source code *of the
> actual version you're running* is available, you can bodge around if it
> gets something wrong, or whatever.  It won't actually stop you from
> doing things that you shouldn't, but it will let you know that you're
> on dodgy ground.

Interesting -- you see a key enabler of the idea that the code can be
modified to circumvent the licensing if the user wishes. Would others
echo that?

So, presumably, you would be opposed to a license that somehow
prohibited tampering with the copy protection system (say if it could be
worded generally enough if such were possible to limit such changes
without inhibiting innovation in that area). Obviously, one could
otherwise reimpliment a client from scrach and break the system
(although would DMCA might prohibit that if such code was otherwise
restricted by the license?)

> I think this is an almost archetypal application for the LGPL.

Not GPL? Are you thinking then this would then effectively be a library
called by numerous applications? (I'm not sure how decomposable this
part would be from the rest of an application.) As opposed to being an
entire self-contained suite of applications under the GPL, perhaps with
a standard protocol allowing others to reimpliment client code adhering
to the standard? Or as opposed to being something added to the Linux
kernel (GPL)?

-Paul Fernhout
Kurtz-Fernhout Software
=========================================================
Developers of custom software and educational simulations
Creators of the Garden with Insight(TM) garden simulator
http://www.kurtz-fernhout.com

License management tools: good, bad, or ugly? Paul Fernhout 5/23/01 10:05 PM
Isaac-

Thanks for the comments.

Isaac wrote:
>
> On Tue, 22 May 2001 23:26:09 -0400, Paul Fernhout
> <pdfer...@kurtz-fernhout.com> wrote:
> >
> >implications (especially people who grew up under the old law) and
> >assume that a license only restricts what you can do with something, and
> >things without licenses or copyright notices are public domain. That
> >used to be the case. Now a license is required before a file can be
> >copied, meaning licenses grant permission to use, and without one, a
> >file is legally useless. (Obviously, "fair use" is/was the oil that lets
>
> I think this overstates the case a bit.  Lots of uses don't involve
> copying.  When you read something and use the ideas contained
> but not the specific copyrighted expressions, you do not need permission.
> Such "uses" should not be confused with fair use, which is a defense
> to actual copying.

You're quite right on the issue of ideas (although watch out for
"organization" or "structure" of ideas which can be considered
copyrighted.) A good way to handle such situations is to work from three
to five references and look for commonalities.

I think what I was trying to get at here is that unlike when using a
book, doing anything on the computer including displaying a text file on
the screen requires copying.

For example, when viewing a web page, a copy is made in a local cache,
in memory, on the screen, and perhaps both inside a printer and on a
printed page. View and print three web pages on a site and you are over
the DMCA felony threshold of ten copies (although probably not over the
additional threshold of $2500 to make this an actual felony unless
someone assigns a high value for their web pages). From:
  http://www.templetons.com/brad/copymyths.html
: Actually, recently in the USA commercial copyright violation
: involving more than 10 copies and value over $2500 was made a felony
: So watch out. (At least you get the protections of criminal law.)
: On the other hand, don't think you're going to get people
: thrown in jail for posting your E-mail.
: The courts have much better things to do.
: This is a fairly new, untested statute.
: In one case an operator of a pirate BBS that didn't charge
: was acquited because he didn't charge,
: but congress amended the law to cover that.

 
> The one advantage that the DMCA has over your proposal is that at least
> there is some onus on the copyright holder if he intends to restrict
> usage.  There has to be some access control measure in place.  Your
> proposal would only be worthwhile if the default case was that there
> was no permission to access, let alone use copyrighted material even
> if one of the copyright holders exclusive rights is not infringed.

Interesting point. I'll need to explore this.

Note though that an important consideration is making derived works and
redistributing them. Making derived works is a much higher risk activity
and is basically blocked (except for limited "fair use") without
explicit permission (like a license such as the GPL, BSD, LGPL, or a
statement something is in the public domain).

> >
> >So, without explicit licenses, we can't legally view many files on our
> >computers (like this usenet email) because making copies without
>
> I think you overstate the case again.  To fair use also add implicit
> and explicit permission.  Undoubtably, you know that the message
> you've posted has been copies and archived countless times in order
> to traverse usenet.  Surely you don't think you have the right to
> sue the owners of machines on the network?

Granted, perhaps I overstate things in practice (such as the above
comment on email). However, some of these issues (like what is implicit
permission and how far does it extend?) are always open to debate.
Still, what is fair use today may not be fair use tomorrow. So one issue
is where the law seems to be heading -- and that seems to be continually
restricting fair use.

The current trend in academia is for universities to issue severely
restricted fair use guidelines to avoid lawsuits. From:
  http://www.pipeline.com/~rabaron/AAMBaltimoreCIPQA.htm
"a young faculty member came up to me to thank us for our efforts to
gather public domain and copyright free images. She began to complain
(hiding tears) that in her school all photocopying out of books for
classroom slides is absolutely prohibited."

Still, with usenet, where does "fair use" end? It isn't clear. Obviously
DejaNews (now Google) thinks it OK to archive usenet posts indefinitely
and even sell them as a database (although they also support a way to
opt out with a no-archive option). But can I collect all your postings
into a book and publish it? I would think probably not. Then can I
legally put all your postings into another discussion list? I don't
know. I'm not sure anyone knows until the courts decide, and they may
view the same action differently depending on the circumstances.
Basically, without explicit licenses, there is a lot of uncertainty, and
I feel that this uncertainty may be limiting people's ability to
collaborate.

Also the boundary of what constitutes a derived work (as opposed to fair
use) of a usenet article is unclear. Having an explicit license avoids
the problem and may promote more derived works. Obviously, as long as
usenet articles are mostly opinions that is not much of an issue, but
faqs, directions, or code snippets are also possible usenet posts which
might readily become part of derived works.

> >Metaphorically, consider "slave" files and "free" files. Our current
> >copyright system is now in some ways like the American South before the
> >Civil War where black people (or now "creative works") were often
> >assumed to be a runaway slave unless they had their papers of freedom
> >with them (or a pass from the slave holder).
>
> This kind of comparison is very similar to invoking the Nazi's.  I
> find it very hard to take such metaphors seriously.  In fact I find
> them offensive.

My apologies if I offended you or anyone else with that analogy.

Perhaps you or someone else can suggest a better one?

-Paul Fernhout
Kurtz-Fernhout Software
=========================================================
Developers of custom software and educational simulations
Creators of the Garden with Insight(TM) garden simulator
http://www.kurtz-fernhout.com

License management tools: good, bad, or ugly? Isaac 5/24/01 1:30 AM
On Thu, 24 May 2001 01:05:09 -0400, Paul Fernhout
<pdfer...@kurtz-fernhout.com> wrote:
>
>I think what I was trying to get at here is that unlike when using a
>book, doing anything on the computer including displaying a text file on
>the screen requires copying.
>
True, but has there been any suggestion that copyright holders
can limit such copies (without using some access control measure
and thus bringing the DMCA into the mix)?

>For example, when viewing a web page, a copy is made in a local cache,
>in memory, on the screen, and perhaps both inside a printer and on a
>printed page. View and print three web pages on a site and you are over
>the DMCA felony threshold of ten copies (although probably not over the
>additional threshold of $2500 to make this an actual felony unless
>someone assigns a high value for their web pages). From:

I think you need to get $1000 dollars worth of copying before you
trigger a criminal violation even with more than 10 copies.  $2500
dollars makes the criminal violation a felony.

I seriously doubt that any of the copies you describe except the
printed one would count towards a criminal or civil violation unless a
public performance was involved.  I don't think the on screen
display is a copy at all, although there might be a copy in memory on
the display card that you didn't count.  In any event, I think it's
safe to assume that the copies associated with browsing a public
web page are with the copyright owners permission.

>The current trend in academia is for universities to issue severely
>restricted fair use guidelines to avoid lawsuits. From:

Interestingly enough, academic and research copying is probably the
most defined area concerning fair use.

Isaac