Impact of S. 2048 on Open-Source Software

Executive Summary

Open-source software is distributed along with human-readable source code. Open-source software may be examined and modified by anyone, which makes it affordable to use and easily adaptable to new situations.

Its ready modifiability brings it into conflict with Senator Hollings’ S. 2048, whose goal is to ensure that all digital devices comply with a set of government-mandated standards for content copy-protection.

Open-source software is uniquely important to Colorado’s tech sector. S. 2048, if passed, would gravely encumber open-source development and hinder Colorado’s economy. Accordingly, the case of open source makes an important consideration for rejecting S. 2048 and any similar bill.

Digital Copyright

A trend in copyright in the last century has been increasing mediation. Mediation is the need for some technology to examine the copyrighted material. An excellent example is the player piano, which plays piano rolls that, to people, appear to as carelessly punched sheets.

Another trend is the increasing ability of consumers to make high-quality copies. The original copyright statutes in England and the United States reached only the small set of people who owned printing presses; today, anyone with a computer and an Internet connection can make and distribute hundreds of perfect copies of books or songs.

Companies reliant on copyright for their revenue—the movie and recording industries particularly—have thus pushed for technological and legal countermeasures, seeking to change the way in which computers work, disabling copying and distribution which they consider illegal.

Such measures, however, are limited in efficacy. If a single sufficiently-motivated person is able to liberate a piece of content and obtain the raw, playable form, he may copy and distribute it as before. Increasing quantities of samizdat can thus escape into the unrestricted Internet, creating a shadow trade in unencumbered content.

Open-Source Software

Computers are general-purpose machines, capable, within limits, of performing any task. The process of instructing a computer to perform a task is called programming. Programmers write instructions for computers to follow. These instructions are like recipes, step-by-step lists of actions for achieving some end.

A computer executes the instructions given it in {\sl object code}, a sequence of zeroes and ones that is difficult for humans to decipher. Programmers write programs in {\sl source code}, which resembles structured English, and {\sl compile\/} them to object code for the computer to interpret. Source code is easier for programmers to read, understand, and modify.

Software companies, such as Microsoft, typically release only the object code of the software, guarding the source code closely as their crown jewels. By contrast, the open-source software is distributed by its programmers with source code; anyone is allowed to read and modify the source code—and thus the program—for her own purposes.

An example of a successful open-source project is the Apache web server, which runs about 55 percent of Internet web sites. (Source: Netcraft.) Open source is especially successful where interoperability standards are available and a commodity platform is widely deployed.

The availability of source code makes open-source software both affordable and customizable. Open-source software may typically be obtained and used at no cost; and anyone may modify—or contract with another to have modified—the software.

Thus open-source software is particularly valuable to small business, for which information technology (IT) investment is often prohibitively expensive. A small business can obtain open-source software of the highest quality at little cost.

Additionally, open-source software creates a lucrative economy in aftermarket services. Since businesses are not at the mercy of a software vendor for modifications, they may contract with small independent firms for software modifications.

This is valuable for both small businesses, whose requests are often ignored by large software vendors, and large business, which typically require substantial modifications to software they run.

Analysis of S. 2048

A new bill by Senator Hollings, S. 2048, the Consumer Broadband and Digital Television Promotion Act, seeks to address the copyright industries’ concerns with digital copying.

In a departure from the “no mandate” provision of its predecessor, the Digital Millennium Copyright Act, S. 2048, the Consumer Broadband and Digital Television Promotion Act, defines a process for a government mandate of copy-control technologies.

The nature of these technologies will be determined either by private-sector negotiation (3(a)--(b)) or, failing that, by FCC fiat (3(c)). In either case, they must satisfy a set of criteria, enumerated in section 3(d), whose terms are largely undefined in the bill; a particular technology’s conformance is to be determined by the FCC.

Moreover, these technologies must be incorporated in all “digital media devices” (5), devices which reproduce, make visible or audible, or transmit copyrighted materials (9(3)). These terms, again, are vague, but appear to reach all computers and most software that runs on them, open-source or not. Trafficking in nonconforming devices (5), removing or altering the measures in conforming devices (6(a)(1)), trafficking in unprotected content (6(a)(2)), or misusing the protection measures (6(b)) are all punishable offenses.

The question must be, What technological standards will be arrived at? This is the unknown which makes S. 2048 difficult to address. In section 3(d)(1), S. 2048 presents the requirements that an approved security system must meet. Amongst them are “reliable” (A); “resistant to attack” (C); “readily implemented” (D); “modular” (E); and “not cost prohibitive” (I).

Consider the last of these conditions. “[N]ot cost prohibitive” does not require that the measures be easy to implement, nor that the underlying technology be unencumbered by patent. It may well be that the called-for measures will require a per-copy royalty on software and hardware. (Indeed, Microsoft Corporation owns several seemingly-relevant patents on a “Digital Rights Management Operating System.”)

Open-source software is generally made available for free download over the Internet; by the terms of its common licenses, it may be copied freely. There is no way that a regime can effectively be instituted to collect licensing fees. Even if such a regime were feasible, the royalties would undermine open source’s cost benefits.

Consider the other conditions. A technology that is “readily implemented” and “modular” will behave like a black box that can easily be added to a program to ensure its compliance with the protection measures. But open-source programs are distributed with source code, and designed to be modifiable; and that which is easily added is easily removed again. The protection measures, implemented in open-source software, will not be “resistant to attack” unless the open-source software is immalleable, and thus uncustomizable.

Since (open-source) software can easily be modified to play samizdat, it seems likely that any adopted standard will employ tamper-resistant hardware to determine what can be played. Retrofitting computers with this hardware will require a stupendous IT investment; besides, a hardware solution will still impede open-source software’s affordability and modifiability as above.

S. 2048 interacts with open source in an additional way: section 3(d)(2) requires that “any software portion of [security] standards [be] based on open source code.” (As a matter of technicality, “open source code” is left undefined in the bill.) But in the absence of a hardware component, it is unclear that open-source software can fulfill the requirements of 3(d)(1); and, in the presence of a hardware component, that the (open-source) software components of a standard can alleviate the burden on open-source software in general.


Colorado “is dominated by small business. They are truly the backbone of the Colorado economy.” Eighty-seven percent of businesses have fewer than 20 employees. Of high-tech companies, 75 percent employ fewer than 50 employees. (Source: Colorado Office of Economic Development.) Open-source software lowers the investment bar to entrepreneurship.

Colorado, moreover, has a large number of small companies that provide software services; software services is the largest of the classifications of high-tech companies, with 467 companies listed in the 2001 Rocky Mountain High Technology Journal. For these companies, open-source software forms the perfect substrate for development.

The major software and hardware vendors—and the entertainment companies—do not have a significant presence in Colorado. Colorado’s large employers are not software vendors, and IT for them is an expense. Many of them rely on open-source software for their infrastructure.

Thus, open-source software is uniquely critical to Colorado’s economy. Since any foreseeable implementation of 3(d) would encumber both the cost and adaptability advantages that open-source software possesses, S. 2048 must be seen as a serious danger to Colorado’s high-tech sector and to Colorado’s economy in general.