Kyle Rankin

Kyle Rankin

President
PGP ID: 0xB9EF770D6EFE360F
Fingerprint: 0DFE 2A03 7FEF B6BF C56F73C5 B9EF 770D 6EFE 360F
Librem Social
Kyle Rankin

Latest posts by Kyle Rankin (see all)

Canon made big news this past week when it started telling customers how to defeat the Digital Rights Management (DRM) in its toner cartridges because of supply chain issues with the chips they normally use to enforce it. That Canon explained how to bypass the DRM when it suited them, and that it didn’t negatively affect the operation of the printers or the customer, made it clear that DRM and the chips that enforce it offer little if any benefit to customers. Instead, DRM is only in place so the vendor can exert remote control over their product after the customer buys it. Computer vendors are marching to the beat of this DRM, and their ultimate goal is to exert the same sort of control printer and smartphone vendors enjoy into laptops and desktops.

One of the Most Expensive Liquids on Earth

Printer cartridge DRM provides one of the best examples of how Digital Rights Management is used to benefit the vendor at the expense of the consumer. It’s not driven by consumer wishes–in fact it runs counter to them–and instead is motivated by profit. It turns out that inkjet ink is one of the most expensive liquids on Earth. Consumables (ink and toner) are a primary way printer companies make their money, often offering the printers themselves at a heavily discounted price (with reduced capacity cartridges) with the understanding they will make their money back when the ink or toner runs out. Conventional wisdom used to be that toner was a much better buy, and for enterprise printers it might still be, but as consumer-grade laser printers have gone down in price, the cost-per-page of standard capacity toner cartridges for many brands is no longer that much different from inkjet ink.

Of course, there’s nothing particularly special about the ink or toner from the vendor, and there are plenty of third party services and do-it-yourself kits that allow you to refill your own cartridges when they run out. These services are often significantly cheaper than buying new cartridges, with the added benefit of reusing (instead of throwing away) the previous cartridge. Printer companies don’t like this practice, and embed chips in their cartridges that detect when a customer refills them and rejects the cartridge. Third party refilling services have been playing a kind of cat and mouse game with vendors to bypass these digital locks, with vendors relying ever more on hardware-backed cryptography, in the name of security and preventing counterfeit cartridges, but in reality to maintain their monopoly on consumables.

Orbiting Around Pluton

Most people agree that printer DRM is unfriendly to the consumer, and that the control printer companies exert over consumers (and competitors) is unfair. Yet printer DRM is only the most obvious example of the practice. What might be less obvious is the DRM that’s already present inside your smartphone and is soon to show up on your laptop.

The other DRM news that hit in the past few weeks has been about Microsoft’s Pluton chip because Lenovo announced at CES that it would start to ship laptops that incorporate it. Matthew Garrett does a good job of explaining the background of the Pluton chip and why he feels Pluton is not (currently) a threat to software freedom. In essence his stance is based on the fact that while Pluton does offer a few different configurations that could allow Microsoft to prevent booting alternative operating systems, for now Pluton will likely be operating like a traditional Trusted Platform Module (TPM). Another argument he makes is that Microsoft already has the ability to enforce this kind of lock-in with existing technology and so far hasn’t.

All of this is certainly true, and not just of Microsoft. In fact, Microsoft is marching behind Apple and Google in their own implementation of discrete security chips that help enforce their policies and none of them so far have used the control they already have to completely lock up computers like they lock up smartphones. Yet Google and Apple have already laid the roadmap for the future of general computing in how they use these chips to control smartphones, and even Apple is making the argument that their own computers are less secure than their iPhones specifically because Apple can’t exert the same control over what software you install and run. One could argue why worry about Microsoft using Pluton or Google using Titan to lock down computers, because if anyone was going to exert this kind of control over general-purpose computers it would be Apple, and they haven’t. At least they haven’t yet.

Something free software advocates often miss when they worry about a future where Microsoft could lock out alternative OSes, is that blocking you from installing Linux, while it could become a secondary effect, is not the primary reason for this DRM. Security (at least from hackers) also isn’t the primary reason. As always it’s about control, and securing these platforms against customers and competitors. Microsoft sees where the industry is going, and also realizes it’s behind both Apple and Google in getting there, so it has to catch up.

The primary goal for all of these vendors is to have an app store on laptops and desktops that can act as the sole gatekeeper for what software is allowed on their platforms. Any vendor who is able to exert this kind of control will get a cut from all paid software on the platform. For this to work, Microsoft must be able to enforce DRM inside the OS universally and prevent jailbreaking.

Getting the Band Back Together

Each step the tech industry takes, marches further in the direction of stricter DRM. While you could certainly enforce DRM in the past to a degree, these new discrete security chips make it more difficult (if not impossible) for someone to bypass these digital locks. Consumers already accept these digital locks in game consoles (justified by stopping piracy) and in smartphones (justified by securing against malicious apps), and increasingly in other consumer electronics, but so far while these other devices march toward total vendor control, traditional computers have been many steps behind.

So if Apple, Google and Microsoft want to do this, why haven’t they yet? One reason in the past was lack of ability–the tech wasn’t there, at least not universally. The missing piece that has prevented Microsoft from enabling the kind of DRM free software advocates are worried about, is the fact that Windows runs on a large variety of hardware, and a lot of that hardware doesn’t have a TPM. With Windows 11 requiring a TPM, and with the Pluton chip available to provide TPM features, this missing piece can now fall into place.

Yet the main reason has more to do with public sentiment and the way people approach their computers. There would be a large backlash if computers employed the same locks as smartphones overnight. Instead, the wise strategy is to ease into it one step at a time. The first place you will see this enforced is likely in video games. In the name of preventing cheating (but also to prevent piracy), the OS will help ensure that only legitimate versions of commercial games are allowed to run in Windows, in a similar way Pluton chips are already used to enforce this on Xboxes.

Next you will see more focus on software installation through app stores (for security!) instead of directly from third parties. The app store will enforce DRM and use strong authentication at login to manage a user’s subscriptions and purchases, much like what is already done on smartphones. Ultimately the app store will become the only way you are allowed to install software. You’ll be told this is for security, or maybe also to prevent piracy, but in reality it will be about control.

A Different Digital Rights Management

The thing about DRM is that it’s always been about protecting someone else’s digital rights. We tend to march to the beat of a different drum here at Purism, and as a result we’ve had to reject a lot of the security measures that have become industry standards with other vendors, because they remove your control over your own hardware.

This is why we develop PureBoot tamper-evident boot firmware for our Librem 14 and Librem Mini instead of using secure boot. It’s why while PureBoot uses a TPM, it doesn’t use it with Microsoft’s keys, or our keys, but instead with keys that are fully under your control. It’s why our Librem 5 USA and Librem 5 phones run the same 100% free software operating system, PureOS, as our laptops and desktops. Just like the copyleft principle uses copyright law to protect against copyright abuses, we use the traditional tools of DRM (code signing, TPMs, hardware-backed encryption) to help you manage your digital rights.

Purism Products and Availability Chart

 ModelStatusLead Time 
Most Secure PC Purism Librem Mini
Librem MiniIn Stock10 days
Most Secure Server Purism Librem ServersLibrem ServersOut of Stock--
USB Security Token Purism Librem KeyLibrem KeyIn Stock10 days
Most Secure Laptop Purism Librem 14Librem 14In Stock10 days
Made in USA Phone Purism Librem 5 USALibrem 5 USAIn Stock10 days
Librem 5Currently shipping backlogs52 weeks
The current product and shipping chart of Purism Librem products, updated on September 2, 2022

Recent Posts

Related Content

Tags