We're definitely in agreement for how the world ought to work. My larger point is that this isn't merely a problem created by the government through the legal system - for which statements of "ought" would have straightforward implications of getting rid of the oppressive laws. Rather it seems to be a problem due to informational complexity, and will take positive government action to reign companies in, similar to the privacy issue.

On the technical side, the difficult bit is coming up with ways that discern the owner of a computer from a mere possessor of a computer. There are many legitimate cases for protecting against a mere possessor (evil maid, datacenter, theft prevention), to the point that blanket outlawing processors with built in code signing isn't going to happen. The only way I've thought of is through some sort of time delay where if you put the processor in a debug mode and let it sit there for a period of time (say a week), you'd then be treated as the owner and could reflash signing keys etc.

The simple legislative approach would be to make it so that a manufacturer has to create an automated process of signing code hashes supplied by legitimate owners, that would allow the code to run on the owner's hardware. But this would just be constraining the centralized power that manufacturers have and hoping the law would be strong enough to enforce it (and keep enforcing it), rather than reforming the capability to begin with.

>On the technical side, the difficult bit is coming up with ways that discern the owner of a computer from a mere possessor of a computer. There are many legitimate cases for protecting against a mere possessor (evil maid, datacenter, theft prevention), to the point that blanket outlawing processors with built in code signing isn't going to happen.

That idea is so easy to abuse (e.g. are you sure you become the owner when you buy a computer?) that IMO there really should be no distinction between owner and possessor. If you have physical access to the device you should be able to do whatever you want with it. Physical security is easy for people to understand, unlike public-key cryptography. I'd much rather have maids steal my encrypted bits due to my carelessness if it means I have full control over my hardware.

The ownership vs possesion is definately tricky, as the history of crypto is littered with lost or stolen keys, etc.

I'd like to see the keys to the kingdom being unique for each machine and being handed over to the owner when the purchase is made.

As for positive government action- I think government plays 'neutral' action when it sets the rules of the game, and current rules of the game are, you could be consodered owner of a vehicle even though you don't have keys to the software.

Those rules are wrong and need changing - because we have never explicitly set the rules for what does it mean to own an object with firmware.

I am trying to frame it in such a way, as to make it clear that we arent asking manufacturers for concession, we are correcting illigitimate market behaviour, sort of like selling snake oil.