While the federal Copyright bill is on the order paper and likely to be tabled Thursday, it is not the only issue currently under discussion where people are concerned about IT property rights. Many people have expressed concern with how newer machines shipped with Microsoft Windows may be unable to boot alternative operating systems. Given the confusion over how the property rights of computer hardware owners are adversely impacted by so-called “Copyright” legislation, discussing this related issue may help clarify.
It’s all about the Keys!
The alternative operating system issue relates to a secure booting process that is part of the Unified Extensible Firmware Interface (UEFI). Microsoft will be requiring that hardware conforming to the Windows 8 logo program ship with secure boot enabled. Hardware that only ships with the keys from the manufacturer and Microsoft, and provide no way for owners to manage keys, will not be able to boot an alternative operating system. This includes, but is not limited to restricting the ability to run Linux.
Red Hat developer Matthew Garrett blogged on Sept. 20 about the issue, discussing some of the legal issues when it comes to Linux. While RedHat could provide hardware manufacturers with RedHat keys, this would circumvent the spirit as well as likely the letter of the agreements under which Linux is licensed.
Disabling secure boot should not be seen as a solution to the issue, given the ability to lock ones own property with keys managed by the owner is a valuable feature. Denying owners the ability to lock their property is not a solution to what is essentially a key management problem.
A system that would support the secure boot of any operating system of the owners choosing would need to allow the owners of the machines to install keys. The owner would then be choosing which signed software their machines would be willing to run, denying unauthorized software/malware from running. This would not be a technologically complicated thing to support, so the problems are not technical but legal and economic.
Quite a bit of hardware is shipped with software being a late afterthought. The hardware manufacturer offers as much software as minimally required to meet short-term requirements, and ship the hardware out the door. While we can complain that this is laziness, there is minimal economic incentive for hardware manufacturers to follow the steps required to do things right. The minimum would be to ship hardware with the keys of the most popular operating system(s) of the day, and not offer any way for owners to manage keys after sale.
How to solve this problem
While many in our community like to get angry at Microsoft and/or the hardware manufacturers, I don’t think that a consumer boycott or blaming these vendors will solve anything. I consider the problem to be a public policy one where governments must step in.
What we are observing is a form of “digital exceptionalism” where laws are being treated and enforced differently when we are talking about computer hardware than when we are talking about other physical property.
The purchasing of a home includes a ritual where the new owner obtains the keys to their home, often from their lawyer. The same is true of other property which has locks on them, including when automobiles are sold. While there is paperwork, along with ownership rights comes the keys. If the previous owner kept the keys without the permission of the owner and/or denied the keys from the new owner, there are laws in place that protect the rights of the new owner -- including against the interests of the previous owner.
The same must be true with digital technology. When digital technology is sold the new owners must be in control of any keys, and the law should protect the rights of the new owner.
Canada’s constitution places property and civil rights as provincial jurisdiction, which puts this issue as something that should be dealt with by the provinces. We should be calling upon our provincial representatives to enact legislation that provides clarity in this area.
My off-the-cuff suggestions to start would be:
- That the owner be protected in their right to change the locks on any hardware that they own. This would be similar to our rights for our homes where we can hire a locksmith to change any locks and provide new keys.
- That hardware manufacturers, or other previous owners, must provide any keys to the new owners as part of the sale.
- The manufacturer/previous owner should be prohibited from denying the owners the ability to manage keys. This would include disallowing the sale in the province of hardware where the owner is denied the ability to manage their own keys.
The economic incentives would change very quickly, where manufacturers would always provide the tools to fulfill the provincial requirements to be able to sell their hardware.
How do we get good policy from here
We currently live in a world filled with “digital exceptionalism”. People who are otherwise strong protectors of property rights fail to do so when the property happens to be a computer.
We can see this things such as Copyright act amendments which attack the rights of computer owners by legally protecting non-owner locks on computers and anti-interoperabiliy locks on content (which provides perverse incentives for non-owner locked computers). This attack on property rights is being tabled by the Conservative party who include the protection of property rights as part of their founding principles.
There are a growing number of people who are recognizing the property rights issues relating to certain copyright law proposals. Michael Geist recently wrote about how the Government's clause-by-clause Analysis of Bill C-32 raised Constitutional questions. He also referenced the same law papers on the subject I included in my Bill C-32 FAQ.
We need to take every opportunity to discuss this “digital exceptionalism”. Many of the current proponents of non-owner locks as part of Copyright would be as offended and opposed to it as I am if they adequately understood the relevant technology and thought about it from a tangible property rights perspective. The same would be true of secure boot technology which is an important technology for computer security, but which can too easily be abused in numerous harmful ways if improperly regulated.