From Freedom to Tinker –
“In light of the Sony-BMG CD incident, Alex and [Ed Felten] asked the Copyright Office for an exemption allowing users to remove from their computers certain DRM software that causes security and privacy harm. The CCIA and Open Source and Industry Association made an even simpler request for an exemption for DRM systems that “employ access control measures which threaten critical infrastructure and potentially endanger lives.” Who could oppose that?
The BSA, RIAA, MPAA, and friends — that’s who.
One would have thought they’d make awfully sure that a DRM measure didn’t threaten critical infrastructure or endanger lives, before they deployed that measure. But apparently they want to keep open the option of deploying DRM even when there are severe doubts about whether it threatens critical infrastructure and potentially endangers lives.
And here’s the really amazing part. In order to protect their ability to deploy this dangerous DRM, they want the Copyright Office to withhold from users permission to uninstall DRM software that actually does threaten critical infrastructure and endanger lives.“
It’s difficult to know what to make of this level of intransigence in the ‘architectures of control’ mindset. While it might be difficult on the face of it to think of DRM that could actually endanger lives, the Sony rootkit (which created security vulnerabilities) was certainly installed on a number of military computers as noted by a commenter on the Freedom to Tinker post:
“Last January, in a SecurityFocus article, reporter Robert Lemos quoted security expert Dan Kaminsky:
“It is unquestionable that Sony’s code has gotten into military and government networks, and not necessarily just U.S. military and government networks.”
Certainly not all military and governmental networks qualify as “critical infrastructure”—just as some civilian networks should be considered “critical.” But the infection of military and governmental networks does help to indicate the severity of the problem.”
More broadly in the DRM realm – “controlling information even after it has been delivered” – as discussed here – and ‘trusted computing’ in general would seem to open up many possible cases where life could be endangered as a direct or indirect result. Say an organisation (a school, a workplace, even a family) has a medical reference encyclopaedia in a digital format (maybe they’ve been encouraged to ditch the paper copy altogether because of how ‘convenient’ it’ll be just to pop in a CD). Say that the computer becomes unusable through either DRM leading to insecurity, or ‘trusted’ computing locking it up, or even the medical encyclopaedia ‘expiring’ after a certain amount of time. Those three possibilities aren’t that unlikely, and in each case, life would be endangered.
OK, let’s try to think further of architectures of control which actually endanger lives.
Speed humps cause problems for ambulances and indeed other vulnerable travellers. And regardless of whether endangering lives is directly (because the vehicle cannot get to an emergency quickly enough) or indirectly (because the vehicles are damaged by repeated bumping, thus either needing to be taken off the road, or replaced with limited finances), the problems are real.
“The London Ambulance Service recently estimated that delays caused by speed humps were responsible directly for the loss of 500 lives each year.”
Equally, other ‘traffic calming’ measures such as chicanes can impede larger emergency vehicles such as fire engines.
What other examples are there? I guess the Mosquito might cause hearing damage but it’s probably not life-threatening. Child-proof lids on medicine bottles, child-proof door locks on cars and other simple control can certainly cause unintended problems for adults too – for example, if someone has arthritis it may be difficult to open a child-proof pill bottle. A car throttle preventing excessive revving could also prevent a motorist accelerating to avoid danger. Skateboarding deterrents can cause injury: in fact, if they are not specifically signed as being there but are introduced without warning, I don’t think it’s going too far that to say they are specifically intended to cause injury and damage, and in most cases their installation is funded with public money.
‘Optimum lifetime products’ could also endanger lives if they shut down or cease to function at a moment when they are needed. Of course, this would need to be considered when designing them – much as modern electricity meters have a ‘reserve’ feature to stop the power cutting out at a dangerous time – but even looking at the wider picture (deliberate built-in obsolescence), life could still be endangered. If a family can’t afford to buy a replacement fridge when the original reaches its ‘optimum environmental lifetime’ and switches itself off permanently, then that may affect the family’s health.
Perhaps more generally, any product which follows a razor-blade model (i.e. replacement parts/consumables lock-in) with a premium price on the parts, has the potential to endanger life. If I decide not to replace my water filter because only the manufacturer’s own expensive brand fits the jug, then that’s starting down a road of endangering life based on an economic architecture of control. The situation is more obvious in publicly funded organisations: every ‘razor-blade model’ situation the NHS gets into, for example, whether it’s replacement parts for medical equipment, or replacement parts for ambulances, or re-licensing software every year (to provide no extra function), is, by using more public money than it has to, endangering lives.