[sword-devel] e-Sword collaboration & other copyright matters (including Jonathan's original post about the copyright website)

[Paul Gear]

[Sorry this is untimely, but i think it's an important issue.]

BJW7TOAEM@aol.com wrote:
> ...
> I set up the web site so that we could start contacting copyright holders of
> the modules for Sword that are locked, this way we could unlock them for all
> of the public to use.
> ...
> Comments? Questions? Thanks for your time!

Let me clarify this: are you wanting to get the modules released by the
copyright holder for free, unencrypted distribution?

I've been doing a lot of thinking about this issue, and you can
criticise me for my lack of faith later, but (assuming i am
understanding the idea rightly) i don't think this will happen. 
_Ever_.  It would be great if it did, but i don't think it's going to.

Now if my understanding above is not right, then what you are talking
about is a way to issue unlock codes so that people can use the locked
texts.  Now before we can expect to get publishers to allow us to use
their texts, we need to be able to provide them with assurances that
their texts are protected using a well-proven mechanism.

I started thinking about how we might achieve such a thing in the Sword
project, and i knew that other people must have been thinking about
these things, so i went looking at the Open eBook site
<http://www.openebook.org>, because i knew that would be a main hurdle
that those guys would be interested in overcoming.

This led me to a company called ContentGuard
<http://www.contentguard.com>, and thence to the site for XrML,
eXtensible Rights Markup Language, an XML specification for DRM (Digital
Rights Management), which means describing and enforcing the rights of
publishers, distributors, and consumers of digital content.  Check it
out at <http://www.xrml.org>.

On the XrML site, i came across what i consider a truly scary document:
<http://www.xrml.org/PDFs/Pendulum97Jul29.pdf>.  This is an academic
white paper written by a couple of guys (one of them a computer
scientist, and the other a patent attorney specialising in intellectual
property) in Xerox's Palo Alto Research Center back in 1997.  In this
article the authors represent publishing as a pendulum that can swing
between the rights of publishers and the rights of consumers.

Fundamentally, what they are saying is that back in the good old days of
print media, there was a reasonable balance between the needs and rights
of publishers and the needs and rights of consumers.  Publishers had
copyright to protect other people from ripping off their works for
commercial gain, but consumers had a wide range of rights that fall
under 'fair use', including copying portions of a work for personal or
academic purposes, and access to technologies (e.g. photocopying) that
allowed them to do this copying without overly concerning the
publishers.

They then contend that the digital revolution has swung the pendulum too
far towards the rights of consumers, away from the publishers (due to
the fact that perfect copies can be made of digital content), and that
because of this, traditional publishers are reluctant to get into the
digital publishing market.  They claim what is needed is a standard for
digital publishing that will enable publishers to enter the market with
confidence that they are not going to be victimised by the consumer.

The actual details of this digital standard are largely irrelevant, but
in a nutshell, it involves creating 'trusted systems' - certified
software that can be trusted to handle digital content in accordance
with the rules given for its use by the publisher.

What this boils down to in practical terms is that the software would be
able to, for example, deny people the right to copy more than a certain
number of pages or Kb of a work (without paying for a license), store
and print it in a manner that makes it hard to copy in electronic and
printed form (encrypted, with digital and printable watermarks), limit
us to viewing the first chapter of a downloaded book until we've paid
for more, etc.

I believe this paper presents a view of digital publishing that, first,
reflects the broad trends of the majority of commercial publishers
(including those who publish Christian content), and second, cuts at the
very core of what CrossWire is trying to do (which is make more content
more available).  (You can find more documents reflecting this viewpoint
at <http://www.xrml.org/news.htm>.)

Personally, i don't want to be part of a world where people are so
close-fisted with their content that i have to pay them to even make a
copy for reference purposes (like i might take a copy of a single page
in a book and stick it in my filing cabinet), or have to rent a book
that i want to read, and lose access to it when my "lease" runs out.

To put this in (Windoze) Bible software terms, i think Online Bible has
it right when it comes to content, not Logos.  Online Bible are
continually building their library of content that, admittedly, is
unfamiliar to the commercial consumer (and probably inferior in some
parts), but is not shackled by the license agreements of commercial
publishing.  I think this is something we need to constantly keep in
mind.

Chris Little wrote:
> 
> > some of our leverage as being a free, non-commercial and OPEN SOURCE
> > software package would be taken away.
> 
> I don't think being Open Source is much of a selling point to publishers.

Definitely not.  Even if they understand it, they are not likely to want
it.  Neither would i if i was a commercial publisher.  (See below for
why.)

> See Bob Pritchett from Logos' comments in the bible-linux egroups list on
> the subject.  Generally, they're afraid of someone cracking the software and
> stealing their stuff.  There's some logic to it, since someone with an
> unlocked module could essentially do anything with that module, like print,
> publish online, etc.  Amusingly, I'd say we still have much stronger
> protection than most closed-source, even commercial products.  With SWORD,
> you definitely have to have a decrypt key for every query.  Logos, on the
> other hand, just keeps track of which books you have unlocked and stores it
> in a file.  In other words, nothing is even encrypted, so you can pretty
> easily share your unlock cache file or crack the program itself to ignore
> the unlock checks.

How are those problems not applicable to Sword?  Think about this: where
do you get the decrypt key that you need for every query?  There are two
obvious answers to this: store it in a file, or request it from an
unlock server.  (There are several other, less practical answers than
these, like requiring the user to enter it manually each time, but let's
ignore them for the time being.)

Take the second case: downloading the key in real time from an unlock
server.  This immediately adds the requirement that the unlock server
must be available at the time.  That prevents us from being able to
provide the ability on most PDAs, as well as being a pain for those
people who do not have full-time 'Net access (which is most of the rest
of the world, for those of you who have American-class bandwidth).

Secondly, if the unlock server is to provide the client with a key,
there must be an authentication mechanism for clients.  This means that
we would have to provide every client with an RSA key or equivalent that
could be verified against a database on the unlock server.

Now, since we are free software project, everyone can see the code to do
this.  What is to stop someone writing a program to do the handshake
with the unlock server and then store the unlock key on their local
computer?  Then they can also write a program to decrypt the module
locally without ever going to the unlock server.  So this makes even the
technique of using an unlock server equivalent to storing the keys in a
local file.

Now let's think about the local file storage issue.  If we store the key
unencrypted, anyone can write a program to open the module using it.  If
we decide to encrypt the module key, what do we use as the key for
that?  Where do we store that key?  The whole problem starts again.

All of this is rather moot at the moment, as software for unlocking,
etc. doesn't even exist for Sword.  Presently, anyone can go to the
alpha test page, download the encryption keys, and write a program to
dump out the raw text.  That would be much easier than cracking Logos or
sharing your Logos unlock files with your friends.  (You have to restart
the program each time you switch unlock files, and as far as i know, you
can't combine them.)

> I think most publishers can be categorized as
> Pointy-Haired Bosses, though, so closed-source indicates greater security to
> them, even in cases where it shouldn't.  *sigh*

Closed source _does_ give greater security to publishers.  If all other
things are equal (i.e. the type of technology, the method of
distribution, etc.), closed source is more secure, because it is harder
to reverse-engineer software than it is to forward-engineer (compile)
it.  It doesn't matter how many layers of abstraction you add in, with
open source you can write a program that can retrieve the plain text of
a module and do what you want with it.

There are a few solutions to this: ignore the issue and assume that we
will always have free texts and never need an unlocking mechanism (cf.
Online Bible), convert Sword to LGPL or an equivalent and write closed
software for the locked module management, or convince publishers that
it is harder to write software than disassemble software.  (There may be
more answers.)  I think the last of these is an exercise in futility,
the first locks us out of the commercial text market for good, and the
middle one is a little distasteful from the libertarian programmer point
of view, but probably practical.

Leon Brooks wrote:
> 
> Chris Little wrote:
> 
> >> some of our leverage as being a free, non-commercial and OPEN SOURCE
> >> software package would be taken away.
> 
> > I don't think being Open Source is much of a selling point to publishers.
> 
> No, but it does illustrate that in principle we are not chest-hugging
> greedy and paranoid about things.

But in most cases, the people whose texts we want to use are.  (Maybe
that's a bit unfair of me, but not by much.)

> ...
> The advantage here is not ``open source'' but ``better methods,'' or (in
> this case at least) better engineering.

I think we're a long way from being able to assert that.  It's not like
the difference between NT and Linux just yet.  Linux has better
engineering because there are thousands of pairs of eyes looking at
various parts of the OS.  We've probably got 5 or 10 pairs.  :-P

> Really, any work done for Christ should be both free and open source
> regardless, caveat that the workers concerned must find a way to sustain
> themselves. Many ``Christian'' publishers are worrying too much about
> staying in business and not enough about what their business really is.
> While there is a definite duty of care involved, if God be for a
> publisher, who can be against them?

What if the publisher is not Christian?  Zondervan is the overused
example here - it is owned by Harper Collins, and they are just there to
make money, not promote Christian living or values.  It just so happens
that Christian books (particularly of the conservative Evangelical
persuasion) are a very profitable market.

> Publishers should have the purity
> and effectiveness of the works that they produce first in mind, the
> dollars second (and the spread of the gospel zeroeth: it should not so
> much be something to be borne in mind as a basic assumption, part of the
> personality of the company).

I think everyone here agrees with you.

> <pontification target=choir>
> ...
> One profitability method is to use electronic media as a leader back to
> traditional media: ``if you like reading this text on line, have you
> considered owning an attractively bound printed copy with that
> traditional feel, clear print, lasting value and batteryless portable
> operation?'' This, I believe, has a limited future.

Have a read of the article i've linked above and see how it sits with
you.

> Either way, the purpose of Christian literature, espcially the Word of
> God, should be primarily to get itself read and used. If we can find a
> way to make this happen, hopefully commensurate with the profitability
> of whatever the publishing companies become, I'm sure God will be
> pleased. (-:
> </pontification>

It seems to me that at present, there aren't too many viable
alternatives to the 'If you like the electronic copy, you'll love the
hard copy' marketing method.    What "ways to make this happen" are you
thinking of?

Paul
---------
"He must become greater; i must become less." - John 3:30
http://www.bigfoot.com/~paulgear

P.S.  Quick gripe: Jonathan, Can you turn of HTML on your email
messages?  It makes them very hard to read.