[sword-devel] copyright issues

Chris Little sword-devel@crosswire.org
Mon, 28 May 2001 17:43:35 -0700

Copyright holders are just plain foolish if they believe close source
has any advantage over closed.  If people want to steal content, be it
music or software or Bibles, they will.

If they want to swap with friends, they can swap keys, keyring files,
unlocked content, or whatever.  If they want to export, it's a lot
easier to use the export features of any of the popular commercial
products than to write a program to export our data.  And when there
aren't any exporters, they can use a print to file driver or a screen
scraper.  None of this requires reverse engineering, which I would argue
may be easier than forward engineering for this task.

I would say our encryption is as strong or stronger than any competing
products'.  And overall, as Troy has pointed out, our key mechanism is
as strong as most software's.

The only area where we have a problem is in key delivery.  I think it
would be reasonable to expect all users to unlock while through the
internet (we get 500 downloads/week compared to perhaps 10s of CD
orders/week?).  A number of software products are now requiring this.
We can hide the key itself behind a network transaction rather than
having users type it in.  But none of the client need be closed source
in this circumstance.

I know there are still holes in this idea, but we needn't mention them
when approaching publishers.  It certainly doesn't seem to have occurred
to other software publishers that they ought to point out the security
holes in their products.

Does anyone know of a more secure method of key-delivery than this that
is currently in use or could be implemented within our architecture?

> They way to get around
> this is to use a binary only display renderer which performs a final
> decryption step right before displaying the text.

I don't think this is even possible in our architecture.  It would
completely blow the filtering mechanisms and possibly portability.

The other route is to concentrate on building smarter and smarter
converters.  Let the users pay their money to OLB, Logos, etc., export,
and import to Sword.  Others' copyrights would cease to be our problem,
but converters aren't an exact science.