Skip to content, sitemap or skip to search.

Personal tools
Join now
You are here: Home Blogs Licensing Reaction to the DRM clause in GPLv3

Reaction to the DRM clause in GPLv3

by novalis Contributions Published on Mar 07, 2006 05:53 PM
GPLv3's anti-DRM section solves an actual problem. I've been thinking about the Digital Restrictions Management (DRM) clauses of GPL version 3, and some of the reactions to them.

One common view among programmers is that the GPL should say nothing at all about DRM, because DRM is a technical problem, and can be solved by technical means. This was true five years ago -- all DRM was ultimately software, all software is data, and all data is mutable. So, DRM could always be circumvented. In other words, these people are perfectly happy to have DRM so long as it is toothless.

I should note that this view is somewhat elitist. Of course programmers can break software-based DRM. But non-programmers have to wait until a programmer does the work, and then have to figure out whatever tools the programmer wrote. That's not always easy -- DeCSS was written in 1998, but it was not until 2001 that user-friendly DVD ripping software became available.

But even if it were acceptable to have DRM from which programmers could free themselves, that's not the DRM we have in 2006. Modern DRM is based on Treacherous Computing (TC). The Trusted Computing Group realized that a secret cannot be kept in software that is widely distributed. So, they moved the secret, and the root enforcement mechanism into hardware. From the Trusted Platform Module's private key grows a twisted tree of "trust", where "trust" is defined to mean that your computer does what others expect of it. You can't chop down the tree except from the root, and that key is inside a piece of hardware. Now, you not only need to be a programmer, but a hardware engineer.

Breaking into the hardware will only become more expensive; already, in the world of game consoles, each successive generation of modchips costs more and is more difficult to install. So, programmers who expect to break DRM are living in the past. They're also ignoring the legal aspects; at present, the DMCA's anti-circumvention provisions are difficult to enforce, in part because any break of a DRM system is a "class break" -- that is, once one breaks one DRM system, all DRM systems of that model are compromised. TC systems are designed to avoid class breaks (of course, during the early years, many will be found anyway -- but this cannot last forever). So, people who wish to free their computers will have to do so individually, which makes policing much easier.

GPLv3's anti-DRM provisions alone cannot stop TC. Only you can do that, by refusing to purchase hardware which includes TC functionality. But GPLv3 can help Free Software authors resist the TC and DRM system by refusing to be a part of it. And together, we can build a world where everyone is truly free of DRM. So, if you think that anti-DRM provisions aren't necessary, read up on Treacherous Computing.

Richard Stallman has also written about Treacherous Computing.

David Turner, GPLv3 Coordinator
Free Software Foundation

Document Actions

The FSF is a charity with a worldwide mission to advance software freedom — learn about our history and work. is powered by:


Send your feedback on our translations and new translations of pages to