Text 16, 116 rader
Skriven 2004-08-21 23:10:27 av Steve Asher (3:800/432.0)
Ärende: (2/2) "Treacherous Computing"
=====================================
/Continued/

Today you can avoid being restricted by proprietary software by not
using it. If you run GNU/Linux or another free operating system, and
if you avoid installing proprietary applications on it, then you are
in charge of what your computer does. If a free program has a
malicious feature, other developers in the community will take it out,
and you can use the corrected version. You can also run free
application programs and tools on non-free operating systems; this
falls short of fully giving you freedom, but many users do it.

Treacherous computing puts the existence of free operating systems and
free applications at risk, because you may not be able to run them at
all. Some versions of treacherous computing would require the
operating system to be specifically authorized by a particular
company. Free operating systems could not be installed. Some versions
of treacherous computing would require every program to be
specifically authorized by the operating system developer. You could
not run free applications on such a system. If you did figure out how,
and told someone, that could be a crime.

There are proposals already for U.S. laws that would require all
computers to support treacherous computing, and to prohibit connecting
old computers to the Internet. The CBDTPA (we call it the Consume But
Don't Try Programming Act) is one of them. But even if they don't
legally force you to switch to treacherous computing, the pressure to
accept it may be enormous. Today people often use Word format for
communication, although this causes several sorts of problems (see
http://www.gnu.org/philosophy/no-word-attachments.html). If only a
treacherous computing machine can read the latest Word documents, many
people will switch to it, if they view the situation only in terms of
individual action (take it or leave it). To oppose treacherous
computing, we must join together and confront the situation as a
collective choice.

For further information about treacherous computing, see
http://www.cl.cam.ac.uk/users/rja14/tcpa-faq.html.

To block treacherous computing will require large numbers of citizens
to organize. We need your help! The Electronic Frontier Foundation
(www.eff.org) and Public Knowledge (www.publicknowledge.org) are
campaigning against treacherous computing, and so is the FSF-sponsored
Digital Speech Project (www.digitalspeech.org). Please visit these Web
sites so you can sign up to support their work.

You can also help by writing to the public affairs offices of Intel,
IBM, HP/Compaq, or anyone you have bought a computer from, explaining
that you don't want to be pressured to buy "trusted" computing systems
so you don't want them to produce any. This can bring consumer power
to bear. If you do this on your own, please send copies of your
letters to the organizations above.

Postscripts:

1. The GNU Project distributes the GNU Privacy Guard, a program that
implements public-key encryption and digital signatures, which you can
use to send secure and private email. It is useful to explore how GPG
differs from treacherous computing, and see what makes one helpful and
the other so dangerous.

When someone uses GPG to send you an encrypted document, and you use
GPG to decode it, the result is an unencrypted document that you can
read, forward, copy, and even re-encrypt to send it securely to
someone else. A treacherous computing application would let you read
the words on the screen, but would not let you produce an unencrypted
document that you could use in other ways. GPG, a free software
package, makes security features available to the users; they use it.
Treacherous computing is designed to impose restrictions on the users;
it uses them.

2. Microsoft presents Palladium as a security measure, and claims that
it will protect against viruses, but this claim is evidently false. A
presentation by Microsoft Research in October 2002 stated that one of
the specifications of Palladium is that existing operating systems and
applications will continue to run; therefore, viruses will continue to
be able to do all the things that they can do today.

When Microsoft speaks of "security" in connection with Palladium, they
do not mean what we normally mean by that word: protecting your
machine from things you do not want. They mean protecting your copies
of data on your machine from access by you in ways others do not want.
A slide in the presentation listed several types of secrets Palladium
could be used to keep, including "third party secrets" and "user
secrets" -- but it put "user secrets" in quotation marks, recognizing
that this is not what Palladium is really designed for.

The presentation made frequent use of other terms that we frequently
associate with the context of security, such as "attack," "malicious
code," "spoofing," as well as "trusted." None of them means what it
normally means. "Attack" doesn't mean someone trying to hurt you, it
means you trying to copy music. "Malicious code" means code installed
by you to do what someone else doesn't want your machine to do.
"Spoofing" doesn't mean someone fooling you, it means you fooling
Palladium. And so on.

3. A previous statement by the Palladium developers stated the basic
premise that whoever developed or collected information should have
total control of how you use it. This would represent a revolutionary
overturn of past ideas of ethics and of the legal system, and create
an unprecedented system of control. The specific problems of these
systems are no accident; they result from the basic goal. It is the
goal we must reject.

Copyright 2002 Richard Stallman
Verbatim copying and distribution of this entire article is permitted
without royalty in any medium provided this notice is preserved.

                             -=<*>=-

Source: P2Pnet - http://p2pnet.net/index.php?page=reply&story=299


Cheers, Steve..

--- 
 * Origin: Xaragmata / Adelaide SA telnet://xaragmata.thebbs.org (3:800/432)