Computing Applications Viewpoint

I Can’t Let You Do That, Dave

Computers should not treat their owners as adversaries.
HAL's eye, illustration
  1. Article
  2. Author
HAL's eye, illustration

It has been 25 years since the Electronic Frontier Foundation was founded to ensure the civil liberties that mattered in the real world followed us into the online world, and it has been a heady quarter-century, with many significant victories, and we have learned some alarming, important lessons on the way.

First among these lessons: there is no distinction between the "virtual" and "real" worlds. The Internet is the nervous system of the 21st century. This was obvious even before the Internet of Things (IoT) turned our cars and homes into computers that engulf our bodies, but the IoT has made the issue especially urgent.

The problems of regulation and the IoT is an old one, but with a new urgency. Since 1998, EFF has been part of the movement to reform the Digital Millennium Copyright Act (DMCA). The DMCA has many flaws, the worst of which is in Section 1201, the "anti-circumvention" rule, whose ills have been magnified by recent technological developments, turning them into something of an existential threat to a free and fair future.

DMCA 1201 prohibits breaking "digital locks" that restrict access to copyrighted works. Though it was originally conceived as a means of preventing piracy, it has proved most useful at preventing competition and the creation of legitimate, otherwise legal technologies. Copyright law has many flexibilities and exclusions that product designers, developers, and users can freely exercise, without any permission from the copyright holder. But under 1201, you can only make these uses if you do not have to break a lock.

For example, it is legal for you to rip your CDs. Put a CD in your computer’s optical drive and the manufacturer-supplied OS will launch a tool that invites you to rip and library the music on the disc, automating the process of taking your music with you on a mobile device. Ripping DVDs is legal under the same theory, with one important difference: DVDs were born with DMCA-covered digital locks. Insert a DVD into your computer and the only feature you get is the same one your DVD player had in 1996: playing the movie. If you want to watch your movie on your phone legally, you cannot do so, because despite the legality of transcoding and moving files for personal use, the legal inviolability of the digital lock you must break to do that computation means you must buy all your movies all over again to watch them on the go.

Watching a movie you paid for on a device you own is not piracy by any definition, and it is bad enough that the DMCA prevents this lawful feature. It has been 19 years since the DVD was introduced and not one single feature has been introduced to the platform in all that time.

But the main event is not user rights or innovation: it is security and free speech. As ACM members doubtlessly appreciate, preventing the owner of a computer from executing the code of their choice is an impossible task. No matter how cleverly the operating system and its services monitor the user and hide the keys necessary to unlock files without permission, users will eventually find a flaw in the defenders’ code and use it to jailbreak the system, allowing arbitrary code execution. Even if you stipulate that locking computer users out of their own computers is a legitimate objective, it is still a technological nonsense. A security model that treats the computer’s user as an attacker is doomed. We cannot hide keys in devices we give to attackers for the same reason we cannot keep safes—no matter how well designed—in bank-robbers’ living rooms.

The DMCA tries to address this by threatening people who publish code or information that would help remove a lock with severe penalties: five years in prison and $500,000 in fines for a first offense.

But information about flaws in a computer is not just useful to people who want to add functionality to their computers: it also provides opportunities for malware to seize control over the system. By criminalizing disclosure of flaws, the DMCA ensures systems covered by its measures become reservoirs of long-lived digital pathogens. This is bad enough in the context of mobile devices—your phone is not just a distraction rectangle that lets you throw birds at pigs; it is a sensor-studded supercomputer that is privy to your every movement, conversation, and authentication credential—but it gets much worse in the age of the IoT.

Internet of Things startups are under intense investor pressure to restrict their devices with DMCA-covered locks to create managed "ecosystems." GM and John Deere both filed comments with the U.S. Copyright Office this spring asserting the software locks on their products are covered by the DMCA. They want to ensure independent mechanics cannot jailbreak those vehicles and provide service without first entering into a license-agreement through which they promise only to buy original parts.

A security model that treats the computer’s user as an attacker is doomed.

We are familiar with this model: it is the printer-ink business-model, where digital locks are used to ensure people who buy a product are locked into buying consumables for it from one company, at the highest possible price. It is just one of the ways the DMCA rewards IoT businesses that treat their customers as the enemy.

Another is the ability to make promises to other people about what your customers will and will not do with your product. The World Wide Web Consortium yielded to pressure from Netflix and the BBC to add digital locks to the standards for HTML5 so that these companies could promise copyright holders viewers would not be able to save streamed video. Smartthermostat offerings like Nest want to be able to promise power authorities they can lower their customers’ thermostats without customers turning them back up again.

Finally, the DMCA lets vendors extract rent from, and exact control over, independent software vendors. Putting locks on the devices you sell means you can set up app stores and no one else can set up competing stores. This lets you charge high commissions on sales and refuse to carry apps that add functionality your users want, but that you would rather not see.

DMCA 1201 is turning all of IoT into a playground for malware, where reporting vulnerabilities and releasing third-party improvements to systems are chilled by a law that was stupid in 1998 and is deadly in 2015.

Malware is always frightening, but it is much worse on systems already designed to treat their owners as adversaries. Infections on devices that take pains to hide their processes and files from their owners are much more difficult to detect and root out. Those devices are supposed to run programs that user-space apps cannot see or terminate, so malware that avails itself of this privilege becomes nearly bulletproof.

The Electronic Frontier Foundation’s new Apollo 1201 project aims to reform DMCA 1201, and all of the laws like it around the world, within a decade. We want to litigate the constitutionality of 1201, representing scholars, researchers and academics, these being the kind of unimpeachable clients judges are loathe to find against.

We know from our own off-the-record conversations with academics and researchers that they quietly violate 1201 in their work all the time, and that there are plenty of legitimate projects that never launch for fear of violating the law. If you do this sort of work, the Electronic Frontier Foundation would like to discuss it with you. If you know someone who does this kind of work, encourage that person to get in touch with the Electronic Frontier Foundation.

The model of fixing social problems by locking users out of their own devices is an invitation to even worse security policies. When FBI Director James Comey and U.K. Prime Minister David Cameron call for backdoors in our crypto, they are necessarily implying a means of ensuring you cannot install code of your choosing on your devices, lest you choose to install working crypto.

The Internet of Things is here already. The most salient fact about a person’s pacemaker is its network stack and security model; the most salient fact about a person’s car is its informatics. As computers move inside our bodies and as we move our bodies into computers, it is clearer than ever that "offline" and "online" are not meaningful distinctions. If the information age is to be habitable, then crucial free speech provisions that let experts blow the whistle on unsafe practices in our infrastructure cannot be denied.

Back to Top

Join the Discussion (0)

Become a Member or Sign In to Post a Comment

The Latest from CACM

Shape the Future of Computing

ACM encourages its members to take a direct hand in shaping the future of the association. There are more ways than ever to get involved.

Get Involved

Communications of the ACM (CACM) is now a fully Open Access publication.

By opening CACM to the world, we hope to increase engagement among the broader computer science community and encourage non-members to discover the rich resources ACM has to offer.

Learn More