Healthcare // Analytics
Commentary
2/9/2012
09:03 AM
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Want IT Flexibility? Demand Jailbreaking Be Legal

Why should CIOs care about the DMCA's jailbreaking rules? Despite Pollyanna assurances that locking down a box will make everybody more secure, that's just not true--and it decreases choice.

How do you boil a frog? That's the classic thought experiment. The answer: slowly. If you throw the frog into the boiling water, he'll jump out. But turn up the heat slowly, and it's curtains.

I'm starting to think this way about Secure Boot, the Digital Millennium Copyright Act (DMCA), anti-jailbreaking sentiments, and the gradual erosion of IT's ability to extend the life of business assets and/or take other actions that may be in the interest of the organization. With the DMCA exemption for jailbreaking expiring, CIOs need to weigh in with the U.S. Copyright office.

Like many of us, I have been working in IT long enough to see lots of companies and technologies wax and wane. When an organization buys something, that organization tends to want to use it a good, long time, particularly in particularly in manufacturing or point-of-sale use cases. Witness all of the WinXP--heck, WinNT--kiosks that are still in use. Witness all of the old PCs that get turned into thin clients. We also all know folks who have had to go in and reverse-engineer something because the app developer went out of business, and the customer needed their data exported to something else.

The immediate battle cry of DMCA is to prevent intellectual property theft. That's fine, but the larger perspective is that an organization may need an asset to survive the whims of fashion, and be able to continue servicing an asset without being forced into an upgrade or a rip-and-replace treadmill.

[ For another perspective on Secure Boot, see 8 Features That Could Make Windows 8 Great. ]

How is the heat being turned up on IT? On the one hand, there's a huge celebration to be had because it appears that the PC lifecycle treadmill, rip-and-replace every four years, shows signs of slowing, or at least thinning out. After all, we have tablets, and not every worker needs a tablet. But, now let's look at the lifecycle of mobile devices, which can be shorter than a PC's. For example, the original iPhone, released on June 29, 2007, was essentially end-of-life when Apple released iOS 4 on June 21, 2010, since app manufacturers started creating apps with features not supported on iOS 3.

Now it appears that app stores and walled gardens are being quietly erected on IT's Swiss Army knife--the desktop computer. Apple led the way in creating a sandboxed app store for Mac OS/X, where no system-level apps were allowed. Windows 8 will require a secure, trusted boot, which in some scenarios will mean that users cannot install another operating system. In particular, ARM devices running Windows 8 must offer Secure Boot, and the user must not be able to change it in order to get Windows logo compliance.

Global CIO
Global CIOs: A Site Just For You
Visit InformationWeek's Global CIO -- our online community and information resource for CIOs operating in the global economy.
This creates joy in some circles--"oh, good, we're secure," but the fact of the matter is that you're actually faced with fewer options, and you're not all that secure. Don't believe me? Ask "Bunnie" Huang, the MIT-educated engineer who famously hacked and modded the ostensibly-secure Xbox.

In a recent conversation, he told me, "Secure Boot doesn't get you all the security you thought you had. While you're locked from the boot, a program's buffer overflow still compromises your system. It doesn't save you, ultimately, from a determined attacker. It just makes it highly inconvenient and illegal."

Just because we wear suits and work in office buildings does NOT mean that we are on the same side as DMCA proponents. Anything that makes life harder for IT is bad. And, despite Pollyanna assurances that locking down a box will make everybody more secure, that's just not true, and it decreases choice.

Huang said, "For equipment manufacturers who have to deal with issues of sustainability, service, and cultivating the aftermarket: I'd like them to know that it's possible to have it both ways. They can design secure systems with an 'opt-out.' A simple example is to equip a switch with a tamper-evident seal that, when flipped, opts you out of Secure Boot. Breakage of the tamper-evident seal would void your warranty, but it also allows customers to load an alternate firmware that's not signed or secured by the original corporation...To date I haven't seen any vendor intentionally create an opt-out switch (some have by mistake). Without a DMCA exemption, it means that the IT equipment companies are buying this isn't really 'theirs' because technically they have no clear legal method for circumventing the Secure Boot and doing things like patching bugs, servicing parts, or repurposing old equipment."

When I spoke to Jay "Saurik" Freeman, a software developer and tech consultant who runs the Cydia alternative app store for the iPhone, he said, "Classically, when you had a computer at a company, it was owned by the IT, but now, it's essentially owned by Apple. If a company needs something beyond what is provided by Apple or the vendor, they can't." Is that really what we want?

And that's the major question: Who really owns the tech? If you wanted to lease the tech, you'd lease it. But no, you're buying it, except that it gets treated as if it doesn't belong to your organization.

I'm not saying that we should all go out and void our warranties on our iPhones. But I am saying that the DMCA provides what Huang calls "The 'nuclear' option when it comes to the uneasy truce between OEMs and IT. IT absolutely needs to reserve the right to service and support platforms after the whims of fashion bring the OEMs elsewhere. And IT needs to reserve the right to exit the upgrade treadmill and avoid planned obsolescence. The nuclear option criminalizes something that should not be criminalized.

The copyright office is taking commentary on the jailbreaking exemption for mobile phone devices until February 10, and the EFF and Huang are pushing for exemptions for game consoles and general computing devices as well. IT needs to support this. Help to take the nuclear option off the table.

Jonathan Feldman is a contributing editor for InformationWeek and director of IT services for a rapidly growing city in North Carolina. Write to him at jf@feldman.org or at @_jfeldman.

As enterprises ramp up cloud adoption, service-level agreements play a major role in ensuring quality enterprise application performance. Follow our four-step process to ensure providers live up to their end of the deal. It's all in our Cloud SLA report. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jfeldman
50%
50%
jfeldman,
User Rank: Strategist
2/14/2012 | 10:56:36 AM
re: Want IT Flexibility? Demand Jailbreaking Be Legal
Just watch, soon it WILL be leasing, not owning, like when the cable company demands its set-top-box back when you cancel service. (Not that you could do anything without it.) It's not too much of a stretch to imagine that ATT or Rogers or whomever would demand the iphone back once you upgrade or terminate service. Problem is, though, these devices are useful even without service. "Not for sale at any price" may be where this is going.
jries921
50%
50%
jries921,
User Rank: Ninja
2/10/2012 | 7:23:26 PM
re: Want IT Flexibility? Demand Jailbreaking Be Legal
This is about the best statement of the case I've heard. If you don't control the box, it's not yours; period. Maybe consumers don't need to care that much about it (but maybe they should), but businesses must care.

What we're in the midst of is a counterrevolution calculated to undo the control bestowed on end users by the PC revolution of the 1970s and 80s. Those who don't care about control can simply coast, but those who do will need to put forth some effort to keep it because all most vendors care about is their own bottom line, and retaining control of the merchandise after sale is a lot more lucrative than ceding it to the customer (all things being equal).

...and yes, that probably means not patronizing Apple.
IT Joe
50%
50%
IT Joe,
User Rank: Apprentice
2/9/2012 | 7:07:25 PM
re: Want IT Flexibility? Demand Jailbreaking Be Legal
Look, if you purchase an apple OS, you know what you are buying don't you? If you want more options than apple is providing, buy something else. I do understand what you are saying about being forced out of an older OS into another one and having to deal with the limits of the new OS. But 'Demand Jailbreaking be legal' is nothing more than crying about the fact you won't be able to jailbreak your iPhone. So what, get an android phone if you don't like it but don't try and use this argument to justify the fact you don't like not being able to play around with your iphone.
Big Love for Big Data? The Remedy for Healthcare Quality Improvements
Big Love for Big Data? The Remedy for Healthcare Quality Improvements
Healthcare data is nothing new, but yet, why do healthcare improvements from quantifiable data seem almost rare today? Healthcare administrators have a wealth of data accessible to them but aren't sure how much of that data is usable or even correct.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Nov. 10, 2014
Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 16, 2014.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.