What Does It Mean for Your Computer to Be Loyal?
by Richard StallmanWe say that running free software on your computer means that its operation is under your control. Implicitly this presupposes that your computer will do what your programs tell it to do, and no more. In other words, that your computer will be loyal to you.
In 1990 we took that for granted; nowadays, many computers are designed to be disloyal to their users. It has become necessary to spell out what it means for your computer to be a loyal platform that obeys your decisions, which you express by telling it to run certain programs.
Our tentative definition consists of these principles.
- Installability
-
Any software that can be replaced by someone else, the user must be empowered to replace.
Thus, if the computer requires a password or some other secret in order to replace some of the software in it, whoever sells you the computer must tell you that secret as well.
- Neutrality towards software
-
The computer will run, without prejudice, whatever software you install in it, and let that software do whatever its code says to do.
A feature to check for signatures on the programs that run is compatible with this principle provided the signature checking is fully under the user's control. When that is so, the feature helps implement the user's decisions about which programs to run, rather than thwarting the user's decisions. By contrast, signature checking that is not fully under the user's control violates this principle.
- Neutrality towards protocols
-
The computer will communicate, without prejudice, through whatever protocol your installed software implements, with whatever users and whatever other networked computers you direct it to communicate with.
This means that computer does not impose one particular service rather than another, or one protocol rather than another. It does not require the user to get anyone else's permission to communicate via a certain protocol.
- Neutrality towards implementations
-
When the computer communicates using any given protocol, it will support doing so, without prejudice, via whatever code you choose (assuming the code implements the intended protocol), and it will do nothing to help any other part of the Internet to distinguish which code you are using or what changes you may have made in it, or to discriminate based on your choice.
This entails that the computer rejects remote attestation, that is, that it does not permit other computers to determine over the network whether your computer is running one particular software load. Remote attestation gives web sites the power to compel you to connect to them only through an application with DRM that you can't break, denying you effective control over the software you use to communicate with them.
We can comprehend remote attestation as a general scheme to allow any web site to impose tivoization or “lockdown” on the local software you connect to it with. Simple tivoization of a program bars modified versions from functioning properly; that makes the program nonfree. Remote attestation by web sites bars modified versions from working with those sites that use it, which makes the program effectively nonfree when using those sites. If a computer allows web sites to bar you from using a modified program with them, it is loyal to them, not to you.
- Neutrality towards data communicated
-
When the computer receives data using whatever protocol, it will not limit what the program can do with the data received through that communication.
Any hardware-level DRM violates this principle. For instance, the hardware must not deliver video streams encrypted such that only the monitor can decrypt them.
- Debugability
-
The computer always permits you to analyze the operation of a program that is running.
- Completeness
-
The principles above apply to all the computer's software interfaces and all communication the computer does. The computer must not have any disloyal programmable facility or do any disloyal communication.
For instance, the AMT functionality in recent Intel processors runs nonfree software that can talk to Intel remotely. Unless disabled, this makes the system disloyal.
For a computer to be fully at your service, it should come with documentation of all the interfaces intended for software running in the computer to use to control the computer. A documentation gap as such doesn't mean the computer is actively disloyal, but does mean there are some aspect of it that are not at your service. Depending on what that aspect does, this might or might not be a real problem.
We ask readers to send criticisms and suggestions about this definition to <computer-principles@gnu.org>.
Loyalty as defined here is the most basic criterion we could think of that is meaningful. It does not require that all the software in the computer be free. However, the presence of nonfree software in the computer is an obstacle to verifying that the computer is loyal, or making sure it remains so.
History
Here is the list of substantive changes in this page.
- Version 1.6: Add installability requirement.
- Version 1.5: Full documentation is not a requirement for loyalty.