Randy Picker, a principled DRM (copy protection) advocate, had an interesting comment on one of my prior posts about the Sony incident. Here's the core of it:
Assume for now that you are right that DRM leads to spyware; all that means is that we need to figure out whether we should or shouldn’t favor active protection/supervision environments.
That gets us to the central point: namely the fact that consumers don’t want it doesn’t tell us anything about whether it is in the joint interests of consumers and producers. I spent the morning writing my exam and then will have to grade it after the students take it (no grad student graders for law profs). By far and away the worst part of the job, and I certainly don’t want it as part of the job, but that doesn’t mean that it isn’t jointly sensible.
Putting that point slightly differently, consumers may gain more from a DRM world than they would from whatever alternative world emerges without DRM; those subject to restrictions rarely want them but restrictions are frequently welfare maximizing; the fact that one party would like to get rid of the restrictions tells me little (nothing, probably) about whether the restriction is in the joint interest of the parties to the transaction.
It's true in principle that an arrangement can be unwanted but ultimately good for those on whom it is imposed; but I don't think that observation matters much in the specific case of CD DRM.
To understand why, let's look at a case where a similar argument has traditionally worked: copyright. Copyright can be understood as an agreement among all of us that we will not infringe. Even though each of us individually would prefer to use works without paying, we understand that if we all refrain from infringing this increases incentives for authors, leading to the creation of more works we can enjoy. By making and keeping this copyright deal with each other, we come out ahead. (That's the theory anyway. We all know what happens when the lobbyists show up, but work with me here, okay?)
One of the practical problems with this kind of deal is that each individual can gain by defecting from the deal – in the case of copyright, by infringing at will. If enough people defect, the deal could collapse. This danger is especially acute when it's technologically easy to defect. Some people argue that this is happening to the copyright deal.
Anyway, what Randy is suggesting is that there might be a similar deal in which we all agree to accept some kind of DRM in order to boost incentives for authors and thereby cause the creation of more works than would otherwise exist. I think that if we weigh the costs and benefits, that would be a bad deal. And I'm especially sure it's a bad deal for CD DRM. Let me explain why.
First, it turns out to be easy technologically to defect from the CD-DRM deal. Experience with the copyright deal teaches us that when it's easy to defect, many people will, whether we like it or not.
Second, the costs of the CD-DRM deal seem much clearer than the benefits. Allowing spyware-DRM on our computers will open loopholes in our anti-spyware defenses that will foster more spyware infections. And as we have seen already, spyware-DRM will itself expose us to security risks. That's the cost side. On the benefit side, we have only the dubious premise that CD-DRM might boost record sales. The costs are more certain, and larger.
The best argument against the CD-DRM deal, though, is that it is inferior to the copyright deal. If we're going to make and keep a deal of this general type, the copyright deal is the one to pick. Compared to the copyright deal, the CD-DRM deal is a loser: costs are higher, benefits are the same at best, and the deal is just as easy to defect from. If we can't keep the copyright deal, then we won't be able to keep the CD-DRM deal either. But more to the point, we shouldn't make the CD-DRM deal in the first place.
I've looked here at the specific case of DRM for CDs, but I think the same argument holds for other types of DRM as well. Leaving aside the mythical side-effect-free DRM systems and perfectly just legal regimes that some DRM advocates dream about, and looking instead at DRM systems and legal rules that could actually exist and how they would work in practice – as I am sure Randy and other principled DRM advocates would want us to do – the available DRM deals look lousy. Certainly they look worse than the original copyright deal.
Now I'm not arguing here that the current copyright deal is perfect or even close to perfect. The copyright deal is under stress and we need to keep thinking about how we might improve it or how we might renegotiate it to work better in the digital world. I'm not certain what the best deal would look like, but I'm pretty sure that it won't try to lock in any kind of DRM.
Front page posts
I agree that DRM for CDs (and for the same reasoning DVDs and future media formats) are a dead end. With a disk you buy a permanent transferable license to use (enjoy) its content within limitations of copyright law. DRM decreases consumer value because a license is non-transferrable and the consumer can be sure that his use will be limited; publishers don't guarantee availability of their license servers in 25 years.
DRM could make other services (like the Napster "all you can listen to" subscrition) feasible, so it is too early to rule out any usefull application. It is important that legal standards are set in this area, so that consumers are well informed and get a fair deal.
Randy's use of the word "consumers" is, I think, the best example of why DRM is bad for people.
The internet is turning more and more people into producers. I'm acting as a content producer right now by writing this comment. Aside from this, I post things on my web site, write software, etc. I'm completely unmusical, but for anybody who is, getting your music out to a worldwide audience has never been easier. You just have to do a Google search for a word and put "filetype:mp3" on the end to see that.
The producers/consumers division made sense in the 50s, and maybe even in the 90s, but it doesn't make much sense today, and it's getting smaller all the time. DRM serves to enforce this division, which effectively leads to two classes of producers, the officially-sanctioned producers, and everybody else. Ignoring this forced division while simultaneously claiming that it will make everybody better off seems, to me, to be ignoring some fundamental realities of the modern age.
Of course, the existing record companies have every possible incentive to destroy this new class of producers, so their motivations may go beyond raw ignorance.
Sadly, you're preaching to the choir here. I know what the opposite argument will be - "The DRM deal looks fine - there's only a few race-hustlers, Commies, and radical militant librarians who are unhappy, stirring up discontent ..." (note this is NOT my view - I'm just sarcastically outlining the opposite view).
Now, I think the Sony debacle is very likely a good opportunity to convince some wavering people that the DRM deal is bad. And hence we may make progress with it. But never underestimate the power of the desire to debate theory and abstraction.
Ed,
While I agree with your ultimate point of view, DRM will never work correctly without serious harm to all parties involved, I don't think you are being very fair to the DRM side in your arguments. From their point of view, the current copyright deal is already broken. They see massive quantities of people "defecting" from the copyright deal. And the truth is, they are right! The copyright deal is broken.
Where they go wrong is in the response to the broken copyright deal. They think they can turn the clock back. What they are trying to accomplish with the DRM plan, is to return to the days when it was nearly impossible to "defect" from the deal. What they should be doing, is trying to create a new business model that reflects the existing technology. Rather than trying to make it hard/impossible to copy, they should try to make it so that people don't want to copy.
Jamie,
A correction/clarification of what you are saying. With copiers, it was never difficult to defect from the copyright deal with printed books. This was perhaps a biggest problem with sheet music and individual chapters of textbooks. However, buying the official material and staying within the copyright deal was less expensive and less effort than defecting. (Except in cases such as sheet music and at a college campus where mass copying facilities are available and inexpensive for a professor, copying an individual chapter out of a textbook.)
I believe I am agreeing with that you are saying, but clarifying.
Which is, during the late 20th century, it was pretty easy to defect from the copyright deal at least regarding printed material and music. However, much of that time it was sufficient effort and expense to defect to deter much copyright violation.
Regarding music, the music industry fought each new techology, claiming that it facilitated copyright violation: Reel to reel tape, cassette tape, video tape, DAT, CD writers, DVD writers, MP3. They successfully prevented DAT from being a commercial possibility in the US, preventing much **legal** use in the process. They other technologies they failed to prevent.
Edward,
That is exactly the point I was trying to make. It has always been easy to copy books, but in most cases people don't. Why? Because people don't want to. The value of the book in the form the publisher produces it in, is better in most consumers eyes. So copiers are not a threat to the publishing industry as a whole. There are a few exceptions, but for the most part the publishing industry isn’t hurt by copiers.
Currently the music industry is threatened by the copying that goes on. There are all kinds of arguments for and against copying, but the truth is, if you can get a copy for free that is identical in use and quality to the one you can buy, you aren't going to buy it. The music industry's response is to make the hardware illegal and to load the content with DRM. As Ed in his columns and others (the massive filesharing community) have shown this approach is doomed to fail. So what they need to do is find a way to make you not want to copy their music. If they can make it more valuable to buy the music from them, than it is to get it free, then the copying that goes on will be smaller and insignificant. Just like the copying that goes on with books. Currently they don't seem to be interested in even looking at any alternate business models that might help them do this.
There's a leap in the reasoning from "sometimes people don't want things that we believe would make them better off all round" and "we should force people to accept DRM."
The consumer landscape is littered with (some would say consists almost entirely of) situations where consumers would be better off (for some value of "better off") with a restricted or modified set of choices. Fast food, cigarettes, motorcycles, kitchen knives, baked goods, politcal candidates -- you name it. The question isn't whether there's a net benefit to be found (even though for DRM there's probably still a question about that). It's about what coercive or deceptive steps that benefit justifies taking.
There's multiple problems with mythical-perfect DRM. Problem #1 is that the producers, given the opportunity will overreach at least as severely as the consumers. The producers are corporations, and they will push the envelope in search of profits.
Problem #2 are the likely side-effects of this DRM. To work, it must close the analog hole. Either we spin an even more fanciful story that filters the permitted analog from the copies, or else we ban unDRM'd analog/mp3 content. That's a loss; in particular, I would lose access to the dozens of gigabytes of legally ripped music that I already own. Amateurs would be blocked from creating their own music unless they used DRM to protect it (and will that be as low-cost as the various formats are now? Surely, such a valuable piece of intellectual property will be patented and released only under license.)
Problem #3 is that it is mythical. Mythical hypotheses lead to bad policy and bad law.
Mythical music industry accounting doesn't help the argument, either, because it overpredicts what they would earn, if they could get the DRM that they wanted. Massive copying is not equivalent to massive music industry losses; that argument presumes that each and every copy is equivalent to a lost sale. It's possible that the copiers would never pay list price (and crude application of economics says that if they would pay list price, then they went out and bought it already, so no loss); it's possible that they listened to the music, liked it, and went and bought a copy. It's also possible that money is lost because people listen before buying, don't like it, throw away the copy, and don't buy. This is "bad" for the music industry, but economically superior.
I have heard (from someone in a position to know) that the existence of a market for cellphone ringtones (3x the iTune cost for a low-fi monophonic song fragment) infuriates the music industry; they see this as what they could earn, if only they could similarly lock down their customers. However, it's not so much about being "locked down" and much more about convenience. First, the phones aren't that locked down; certainly T-Mobile (my provider) is not. Second, though the ringtone is only a fraction of a song, it takes time and effort to select that fraction. (I've done this myself, so I know it's not locked down, and I know it takes time. I should post the instructions.)
---
Where they go wrong is in the response to the broken copyright deal. They think they can turn the clock back. What they are trying to accomplish with the DRM plan, is to return to the days when it was nearly impossible to “defect†from the deal. What they should be doing, is trying to create a new business model that reflects the existing technology. Rather than trying to make it hard/impossible to copy, they should try to make it so that people don’t want to copy.
---
Jamie brings up a good point. The problem with this whole argument is that CD-DRM already tries to address this very argument.
CD-DRM is technology that makes it more difficult to defect from the deal. Along with that technology comes bonus content and materials that would otherwise not be available. The bonus content is the incentive to use the DRM and keep you from breaking the deal.
The content producers are thus giving away some of their content to get you to agree to the deal. Are you saying that content is worthless to everybody? It has to add some value somewhere, doesn't it? How can you say which value is greater? Isn't the value up to the individual? Shouldn't the market place be deciding what that value is, and not Ed Felton with a blanket statement about all CD-DRM being worth less than zero?
One of the problems for the music business is that most of the reason for it being a business is going away. It only exists as a channel to transfer the content (produced by the writers and musicians) to the consumers. For the last 50 years or so the capital investment in studios and pressing plants meant they had control. Fair enough (although maybe not to the musicians who got a very small slice, and not to the consumers who had to pay artificially inflated prices through the cartel operations of the industry).
So now the production and distribution technology is cheap, the only way the "business" can protect their model is through expensive lawyers.
When people are talking about DRM and copyright, they think they are talking about a consumers to artist relationship. The following article points out that this is usually not the case:
http://www.culturelink.org/news/members/2005/members2005-011.html
Copyright (and DRM as its technical implementation) is about a customer/derivative-creator to corporation relationship, and does not neccessarrily "increase incentives for authors, leading to the creation of more works we can enjoy."
Only if people can build upon previous work without the fear of being put in jail, there will be 'more works we can enjoy'.
PS: I am NOT a communist.
I won't buy music with DRM. That means if the law begins requiring a closing of the analog hole, I won't buy music, period. I think that there are enough people like me that the music industry will go bankrupt. Only artists and concert promoters will be able to survive, barely, as only concerts will make money--not cd sales. The music recording industry will lose over 90% of its profits to boycotters and illegal music copying, as a copy protection scheme has not yet been found that protects digital content without removing ALL access to such content.
Apparently, there's a bill pending that would seek to close the analog hole: http://www.publicknowledge.org/node/19
(Aside: I'd be interested in the instructions for T-Mobile ringtones -- I find the selection on their web site extremely limited and generally awful.)
Josh, would you please give me an example of this mysterious bonus material that only DRM makes available? And also give an exact technical description (or a pointer to one) that makes evident that it would be absolutely impossible to publish this material otherwise, e.g. using html, java or other freely available (and preferably also platform-independent) means?
By the way, I have here a David Bowie CD, containing a buch of bonus material. From 1999 (it contains directions for using Win3.1!), so too old to contain any DRM. Unfortunately I cannot check now the exact contents, save that there are a few pictures, because the files are for Windows/MacIntosh, and this 'puter has only Linux installed.
I appreciate the desire of DRMers to incentivize information markets, but let's try to keep the big picture in mind. Information is not always a product that changes hands as part of a market.
A flow of information can also be a question or statement in a conversation, a petition to the government for the redress of grievances, a document in a criminal conspiracy, or any one of countless Speech Acts not part of a market.
DRM controls information in general. If there were a way to limit it to "productized" information, then it would be a market issue. But as long as DRM poses a threat to information that we need for other reasons, it's a speech issue.
Josh,
I don't think you understood my point at all! The answer to the music industries copying problem, isn't to try to make it hard to copy. The answer is to make it less valuable to copy, than to buy. I don't mean not valuable at all to copy, just less valuable. As others have pointed out, DRM will not ever stop people from copying if they really want to. And the "extra" content that is present on the DRMd CDs is content you can get legally for free in other locations without the DRM. So what exactly is the DRM protecting? Make the store bought CDs more valuable, than the downloaded CDs and people will buy them. Lower the price, add inserts, and lyrics. Make the packaging collectible, put both audio and digital tracks on the CD. These are just a few of the things that could be done to make the store bought CD more valuable, there are many more. You can't stop the copying, so why alienate your customers trying to? Instead, convince the customers that they are better off buying the CD than they are downloading it. Yes people will still download it, but the majority wont.
CD DRM is a poor example. There is no CD copy protection built in, so it has no chance but to be a lousy bolt-on.
Old floppy protection (Apple 2, Commodore, PC) is a much better example. Manufacturers went to great extremes to produce custom formats that couldn't be copied. Many were lousy and were easily circumvented. Some were much harder and would last months before being cracked. The games that had the better protection sold more copies. And your worries about lack of access to the data were unfounded since eventually every title was cracked and archived. Finally, we had great fun cracking the protection (and did not distribute the cracked version).
The only thing that is different today is that the DMCA anti-reverse-engineering clause makes it much more dangerous. But that's a different argument.
Professor Felten,
I think it would be helpful if you could further explain the distinction you draw between "the copyright deal" and "the DRM deal." I think DRM advocates view the two as one and the same deal, with the DRM deal being a pragmatic way of shoring up the copyright deal. They don't see it as either-or.
Perhaps a future post could explicitly describe the ways in which DRM is more than a beefed-up enforcement mechanism for copyright?
I'd also be interested in your argument as to why it will always be easy to defect from the DRM deal.
Laura Kataja wrote:
"Josh, would you please give me an example of this mysterious bonus material that only DRM makes available?"
How can you say that?
Look at what all you get with DRM that you don't get with a standard audio CD!
http://www.geocities.com/zapkitty/
:)
work in progress, any carps, criticisms or potshots are welcome
"One of the practical problems with this kind of deal is that each individual can gain by defecting from the deal — in the case of copyright, by infringing at will. If enough people defect, the deal could collapse. This danger is especially acute when it’s technologically easy to defect. Some people argue that this is happening to the copyright deal."
That's the whole problem - copyright is already a failed deal, but because of the virtually infinite lifetime extensions Congress keeps granting the copyright cartels. Think about it - a drug company that invents a cure for cancer will only get to profit from that invention for 7 years, IIRC. Yet, at the same time, Britney Spears' new baby will be getting residual checks for 70 years after death of the author, or if work of corporate authorship, the shorter of 95 years from publication, or 120 years from creation, for "Hit Me Baby, One More Time". This is simply not acceptable, and THAT'S why people are upset.
A CD is not "enhanced" if I can't do with it today, what I could do with one 5 years ago. If I can't rip it due to the DRM (and let's call it what it is - Digital Rectrictions Management, or Copy Prevention), I don't want it, and I will not pay for it.
(I hope I did the html correctly.)
"(I hope I did the html correctly
that was supposed to be a funny post, showing your vast superiority over me in coding html, but the blog software ate 9/10's of my funny html... hmmm...
I'm not worried about DRM getting into media, decreased/no sales will certainly reverse that -- a pure market solution.
I AM worried about legislation that has anything to do with DRM, mandating it, outlawing it, whatever. The government has no place in our record stores, our homes, our dvd players, our manufacturers, our movie studios or anything.
As long as DRM exists, it will be hackable, and of course that's the old anarchists approach :)
aries wrote:
"I AM worried about legislation that has anything to do with DRM..."
Then how do you stop the deep-pocket media industries from buying all the DRM legislation they want? Oooops... too late...
It seems to me that an argument can be made that eliminating DRM will actually improve the quality and quantity of material produced for entertainment. The movie and music industries currently complain that piracy costs them too much in light of their enormous costs. How much it costs them is of course controversial, but let's suppose they're right. An alternative to cutting piracy is for them to reduce costs. Is this feasible? Everything I know suggests that it is. Their costs are high because of the ridiculous salaries paid to well-known performers, the equally ridiculous salaries of the executives, and the enormous amounts spent on advertising. These are all costs that could easily be cut substantially. This will be easier to do if the companies have the same incentive to do it and not to go too high in outbidding each other.
Cutting these costs could have two beneficial effects. First, it will make it easier for new companies and performers to enter the market. Second, it will force the companies to pay more attention to quality.
I see two problems with Randy's argument. The first is, while a mutually beneficial agreement may appear to be against one party's self-interest, it is not against their enlightened, long-term, collective self interest. To use the analogy of grading, as a student, I would much prefer not to have had to take finals last week. However, I am in college of my own choice, and I believe that such transient suffering will benefit me in the long run. If taking finals were not, in the long run, good for me, then they would not be in the joint interest of me and my college.
The second problem is, I don't think DRM is actually in the interest of the music industry. For the forseeable future, any audio content, whether released exclusively with DRM or not, will be available to copyright infringers. This means individuals are faced with a choice - accept the guilt, technical difficulty, and increasing legal risk of not paying, or pay. To get people to pay, the music industry must make customers feel good about the buying music, make the transaction technically simple and convenient, and not expose their customers to risk.
DRM actually works against those goals. It makes the customers feel like potential criminals. It introduces technical hurdles that are not present with the unencumbered formats people can get illegally. And it introduces many risks, both legal and technical, that can cause people to lose their music or even be sued.
I'll tell you what's in the music industry's best interest. iTunes (or similar), but without DRM. Coincidentally, it's also in my best interest. And, unlike any DRM scheme, DRM-free iTunes would actually have a negative effect on piracy, by significantly lowering the demand for it.
Josh,
OK, I'll bite. What are the CD-DRM vendors giving away with the CD to add value? You cannot name something we already legally had available before the DRM was inserted. That is, you cannot say, "Hey, we provide you three legal copies" because before the DRM was inserted we had unlimited legal copies. That is, I could burn a copy for my car, and once that copy got scratched beyond usability, I could burn another. Totally legal. 100% fair use. And limited if one uses the CD-DRM software.
So again, I'll ask: What is the bonus content you speak of.
Or, to quote Inigo Montoya: "You keep using that word. I do not think it means what you think it means."
The only real use I can see for DRM is allowing media to be made available in a "rental" model, e.g. $10/month for all the music you want. Some people prefer that model for receiving content, and it obviously will have problems if there's no practical way to enforce its restrictions.
If I spend $10/month for a music "rental" service, I don't expect to have anything of value at the end of the month. What I paid for was the use of the music for a finite time. On the other hand, if I'm going to spend significant money for music purchases, I want to be able to play them forever without being reliant upon the supplier remaining in business. I happen to have some Castlle Films from the 1950's. They're a bit scratched up and have a second or two missing here and there, but if they're kept under reasonable conditions they might still be viewable when the copyrights expire. I don't have to worry about a particular projector breaking down; if one machine breaks down I can get another.
Can the same be said of most DRM'ed materials? It seems to me one pays ownership prices but still only ends up with "rental" status. The rental may last as long as a particular machine holds out, but there's no guarantee as to how long that will be.
Mr. Felten,
I see several problems with your analysis. The first problem is that you seem to analyze the effectiveness of DRM solely from the technological standpoint of pointing out that it is "easy to circumvent." This, however, is not the full story on how effective DRM technology can be.
It goes without saying that our current DRM technologies are "technologically easy to circumvent." In fact, I'm willing to concede that DRM probably will always be "technologically easy to circumvent" unless we cripple our computers and the internet with an incredibly thick, rich level of security that would stagnate technological innovation.
But the issue needs further analysis. We need to ask "Who can circumvent today's DRM?"
The answer, of course, is:
1. A very small percentage of the general population with the necessary programming experience and mathematical maturity to gain at least some understanding of how a certain DRM technology works in order formulate and implement a plan to break it. Naturally, to belong to this group said programmer must also have the will and intent to do this.
2. Anybody who has access to tools made available by those qualified persons from group 1 who have chosen to somehow make their creations available. The number of persons in the second group probably exceeds the number of persons in the first group by at least 99% to 1% (of the American population). If you don't believe this, do the math: America has roughly 300 million citizens. 1% of those citizens is 3 million citizens. Are 3 million people currently working on DRM circumvention technology?
There will probably never be a reasonable way to stop the persons from the first group. That, however, doesn't necessarily break DRM. Harsh civil penalties are already in place to stop trafficking in DRM. It is likely that big media companies will push for the frequent application of harsh criminal penalties for both copyright infringers and DRM traffickers. And, if you didnt know, BayTSP has developed rock-solid anti-piracy tools that have been almost universally adapted by the major music and motion picture businesses of America. The only thing really keeping BayTSP's tools from having a 100% efficiency against today's p2p pirates is that acheiveing this efficiecy level would take gargantuan amounts of bandwith.
This where making copyright infringement and DRM circumvention technology highly illegal goes into the picture. Taking this incredibly simple step would eliminate the internet as a distribution vector for DRM circumvention technology (and probably widespread copyright infrigement as well). This is because the very act of making something widely publically available on the internet puts it in plain view of the so-called "copyright police." One can, of course, password access to DRM circumvention technology. But again, the probablility that the "copyright police" would gain knowledge of this distribution vector increases in proportion to how widely available one makes the password. And so on and so forth.
Of course, this presents the problem of creating a "copyright underground." It is a generally accepted fact, however, that only a small fraction of people are willing to join underground movements. Put a few traffickers in DRM circumvention technology behind bars for 10 years, and you're likely to scare away a whole lot of people from the underground. Of course, completely eliminating the underground would be extremeley difficult - but as long as the underground remains small it poses no real problem.
In conclusion to this part of my argument: yes, it is easy for someone who knows what they are doing to technologically circumvent DRM technology. Not many people, however, know what they're doing. If the flow of information from the "uber-geeks" to the general population is stopped by the threat of, say, handing over one's life savings and/or spending 10+ years in jail, "technologically-flawed" DRM technology works at an incredible efficiency at stopping unauthorized access to copyrighted media. Therefore, media packaged with DRM technology is a good deal more effective at preventing "piracy" than than media without DRM.
The REAL question to ask then, is not whether DRM is effective, but whether we should have it at all. I suspect that your arguement about how easy it is to technologically circumvent DRM technology is meant as a precursor to be used to help answer the question: "as a society, should we be using DRM at all"?
The REAL debate about DRM should start with something like the following as a precursor. Home computing technology and the proliferation of robust internet technology has fundamentally changed the ability of any person who has access to such tools to copy, distribute, and receive media of all types, be it music, motion pictures, photographs, books, magazines, journals, etc etc etc. This has dramatically reduced the price it costs to distribute media. Prior to the "home computing and internet revolution," media was saddled with the at least 3 costs that it can be now be freed from:
1. The cost of physical media and packaging. Examples: Optical media and the cost to imprint it, paper and ink, plastic and cardboard, etc.
2. Transportation costs. Examples: Air, Sea, and Ground travel to retail stores by plane, boat, and truck. Also includes the cost of petroleum to move the goods.
3. Point-of-sale costs. The cost to build and maintain retail locations and the corportations that finance them. The cost of the labor of employees who work in the store and in the retail businesses. Etc.
After the internet revolution, the vast majority of these costs SHOULD disappear. This is because media can be sold over the internet and downloaded to the hard drives of customers . (This, of course, minus the "sold" part is how most p2p denizens are consuming their media. They have apparently voted on how they want to receive their media.) This SHOULD make media not only cheaper but almost universally available.
(It still costs money to run an online store front. Web programmers and security developers have to be paid; e-commerce applications have to be licensed, and bandwith has to be purchased. That last cost, however, could be greatly reduced by adapting BitTorrent-like technology for large downloads. The cost of running an online store front is thus arguably many times cheaper than operating a brick-and-mortar store front.)
So why aren't we seeing this distribution model widely adapted? Why are brick-and-mortar stores still selling media?
The answer is simple: media companies dont feel that they will financially benefit from doing this. The two best arguements they have (that dont include trying to keep obsolete stores in business):
1. Big media companies make a ton of money on the status quo. Change that status quo, and, as media becomes more available, they'll probably lose a lot of money.
2. "Digital media distributed over the internet" is currently ridiculosly easy to access. While most people can't break DRM technologies, they can easily download files that those who can break the DRM technologies offer to share. Thus, by releasing something over the internet, a business is taking a big risk on wide-scale infringment.
We've now amalgamated enough information to judge DRM technology.
DRM technology is BAD if it allows big media companies to attempt to keep the pre-internet status of media distribution. A nation or culture with the universal access to it's media resources that the internet offers would be wise to adopt by any means universal access to those resources. While media producers must be compensated, they dont need to like Arab oil shieks. It should be obvious that any nation that makes sure content producers are paid while making media universally accessible will have a significant economic, cultural, academic, educational, and business advantage over a nation who does not do this. The future of a nation that tries to freeze it's economy from technology innovation can be seen in the history of Europe in the 19th and 20th centuries: those who do not "move with the times" are economically, culturally, academically, and educationally more advanced that those who do move with the times.
DRM is GOOD if it, without posing a more significant security risk than most other common applications, it gives media producers significant assurance that an individual must pay to get their product. (Minus, of course, the prospect of lending and borrowing and "used" sales.) Media producers had this reasonable expectation in the pre-internet world, and they need this reasoanble expectation restored in order to induce them to adopt wide-scale distribution over the internet to create universally available media content.
This is the REAL social contract that needs to signed. Customers need to allow media producers to ensure reasonable protection of their content. Media producers need to reward customers by making media universally available at the going-price that the market will bear in the current technological climate- not at the going-price they enjoyed prior to the "internet revolution."
In this "good" iteration of DRM, everybody wins. Content producers get control over their content and can be sure that they will be reasonably compensated at the market price for said content. Customers get the universal access that they have been using "piracy" to achieve for the past 10 years.
Comments?
---
Josh,
OK, I’ll bite. What are the CD-DRM vendors giving away with the CD to add value? You cannot name something we already legally had available before the DRM was inserted. That is, you cannot say, “Hey, we provide you three legal copies†because before the DRM was inserted we had unlimited legal copies. That is, I could burn a copy for my car, and once that copy got scratched beyond usability, I could burn another. Totally legal. 100% fair use. And limited if one uses the CD-DRM software.
---
How about the obvious bonus content: another audio track, available only in a DRM'd format. You can have the plain audio CD, or you can agree to the DRM and get the bonus track too. If you add enough bonus tracks, you'll eventually overcome any loss of value attributed to the DRM.
"You must be that little Spanish brat I taught a lesson to all those years ago. You've been chasing me your whole life only to fail now? I think that's about the worst thing I've ever heard."
I think Andrew has some good points. It would be useful -- a net gain -- to have a system whereby content producers can expect to get paid for that which they distribute over the internet.
I'll just add a few musings:
Such a system would be an even larger gain if any and every producer could make use of the system. (For example, if I record my own song, I ought to be able to charge for it, and not need a middle-man like the RIAA).
Such a system could lead to micro-payments. (However, I for one don't want to have to pay two cents to read your two cents, for example.) [Nor do I want a more advanced system whereby I pay for every time I hear a song, or every time I read a page in a book.]
I also have a hard time envisioning how such a system should come to pass. Even with cryptographic knowledge and reverse engineering being 1) difficult to do, and 2) prohibited by laws (in some places), the darknet paper's assumptions (discussed elsewhere on this blog) still hold -- if it is valuable, someone can figure out how to crack it and spread a tool to do so.
I can see no reason why some people should be locked out. For example, I think it is wrong that I can purchase a computer equipted with a DVD drive and purchase a movie in the DVD format, and not be able to watch it because I am not using a locked-up operating system. [A similar statement goes for region encoding.]
It seems to me that one of the key innovations that led to the industrial revolution was the use of standardized parts. DRM is, practically speaking, all about non-standard parts (vendor-lock-in). There could be no way to have an open DRM system (at least, none that I can see.)
As fair use is a grey area, it would be impossible to create a program -- which uses concrete, definite rules -- that would guarantee a user the ability to exercise their fair use rights. Indeed, even a human-level intelligence has a hard time determining what are fair use rights (lawyers and judges are effectively a human-level intelligence trying to determine which parts of the grey are black and which are white, based on common sense and past decisions -- and if it was easy to do, it would hardly require so much of their time and effort!)
A DRM system that could be constantly updated is not likely a win, because only one side (the content producers) could update it, and do whatever they please with it. [Also, it seems to me that it is the content producers who are defecting on the copyright contract. I suppose it goes both ways.]
And if we could implement this perfect DRM system -- where does it lead? For example, I don't want my computer to ask my camera if the thumb that pressed the button to take an image matches the biometric scan for my thumb-print, and then grey out all the corporate logos, billboards, T.V. screens, etc. (unless I pay for the "right" to be able to display them), and for it to identify all the people in the image and get their express permission to be in the image (and hope that they don't give me limited permission -- ex. you may only view my face when in this photo when the moon is full.] This would definitely be a net loss.
One last musing: "trafficking in DRM" to me sounds like a good description of what Sony-BMG has been doing (and not what those who are circumventing such techniques are doing.) I rather like the term.
Well, time to call it a night.
Armagon
I won't say that I will never purchase something with DRM, but what I will say is that the value must be correct. For example DVDs have much more control features built-in to them (region coding, fast-forward disabling, etc.). I still purchase DVDs despite a strong dislike for those DRM features because the DVD has good value.
The CD-DRM has poor value - they are still charging the same price and are taking away capabilities. Speaking personally, they would have to add a lot of content (or it would have to be something I’m very interested in), before that would provide enough offset for me to swallow a CD-DRM.
In the long term, I’m not too concerned about overly restrictive DRM - the market will sort it out (government regulations did not make DAT a consumer success). What I am concerned about is the short term pain to everyone (producers, consumers, and consumer electronics manufactures) when the government interferes through ill-considered laws like AHRA and DMCA. This tends to slow down the consumer feedback, cause poor products to be made, dampens sales, and orphans media.
Speaking as a security professional involved with DRM like activities, I only wish that the users of DRM better understood its limitations. For example:
(1) It adds cost to producing the media,
(2) Professional pirates will circumvent it quickly,
(3) The quality of the copy is almost always a red-herring (e.g. panic about "perfect" digital copies) – typically only your best customers care
(4) DRM makes more sense for short-term protection and almost no sense in the long term
(5) Historically DRM has been very blunt – for example the AHRA required serial-code-management that makes no provision for normal people producing their own recordings. Newer systems claim better granularity, but I’ve almost never seen them used in consumer situations.
Back to the consumer side, there are two big additional DRM concerns:
* Is the DRM (both benefits and restrictions) clearly understood? Although it is a little better now, one of the biggest lesson equipment manufactures learned from the AHRA/DAT fiasco is that consumer won’t "knowingly" buy DRM products. When other forces made them add DRM to their products (like section K of the DMCA), the lesson was to keep the customer from knowing about it. My prime example of this was JVC not putting any information about MacroVision in its VCR manuals, and indeed even banishing questions about it from their FAQ. If this type of sneaky business keeps on, we will need consumer protection laws.
* How will the DRM change? Given the ability to change the rules in mid-stream (like iTunes and Tivo), how can the consumer trust that they won’t be screwed? Ironically, Sony has just lost a great deal of this type of trust just when they needed it the most (it was almost the sole reason I decided not to purchase a Sony SRDX RPTV technology, resulting in an additional $5000 of lost revenue).
"Old floppy protection (Apple 2, Commodore, PC) is a much better example. Manufacturers went to great extremes to produce custom formats that couldn’t be copied. Many were lousy and were easily circumvented. Some were much harder and would last months before being cracked."
Yes, I went through that era. But once again, nothing not to hard. In fact, manufacturers are selling copy-card to duplicate those media. It is a classic example of "treating your customers will disrespect and you lose". Disc copying program has this updatable database, much like today's AV database, release weekly or monthly to circumvent the protection. I still remember Lotus-123 tried this but eventually everyone gave up.
Remember those CAD programs with dongle protection. It was in vogue but they are now all gone.
I believe the current fade of DRM and license activation is destined to the same dust bin.
Like one of the reader say, the media company needs to find way to add 'values' to the ware their are selling. Restauranteurs know this meaning extremely well. How many surviving restaurant dare to treat their incoming customers with disrespect like media companies or software companies do now and still have a business at the end of the day.
If the restauranteur mere disk out food that you can buy around the corner, he will not draw any business. He has to add 'values' to coming into his restaurant other than to come in to fill up the stomach.
Get rid of the DRM and start treating each buyer of the CD material as someone special and to offer something of great value.
Andrew,
In my opinion you're making a classic mistake in your comment:
Let's assume for a moment that a large group of people is under some circumstances unwilling to abide by copyright law, and that this infringement actually leads to great losses in the music industry (both are highly questionable, but if they are incorrect then DRM shouldn't be in the picture anyway). This leaves these people with two alternatives:
1. Legally received content
2. Illegally received content
What DRM does is make the legally received content less interesting/valuable, but does it prevent the illegal availability of content? Not at all!
If you look at the source of illegally distributed content on the internet (of which you can be sure the DRM has already been removed), then the original sources are a relative small group of people. These people will remain able to circumvent the DRM even in the proposal put forth by you. In other words: it is irrelevant whether only 1% of the people can circumvent the DRM, since that 1% can easily distribute it WITHOUT the DRM to the other 99%.
In short: DRM really doesn't add anything to the copyright problem. The only thing it can do is anger those customers actually willing to pay for their music. Angering loyal customers seems to me about the LAST thing the music industry should be wanting to do at this point in time.
I believe it is important that one should first investigate if P2P sharing is even a problem other than a legal one. In the last years the company I work(ed) for lost about 80% of their sales due to the economic problems (compare that to the RIAA numbers!), and it has long been known that there are multiple real problems for the music industry:
1. Fewer albums have been put on the market.
2. Growing competition from DVD, computer games, and mobile phone usage (money can only be spent once).
3. PR nightmares due to spyware DRM and TV shows showing the wealth of some artists.
Btw, I'm not saying that last argument is a valid reason to infringe copyrights, but it really doesn't help in convincing teenagers that what they do might hurt the artist. When I hear that some actors receive $40,000,000 for playing in a movie it's a tad hard to buy that making a(n illegal) copy of that movie will prevent the camera(wo)man from feeding his/her children. As said: it's no valid reason, but it doesn't help shape the debate properly either.
On another note: copyright is supposed to be balanced system of rights and limits to those rights. I find it to be highly questionable that copyright holders should be allowed to take those rights, and remove the limits to those rights by using DRM, thereby completely removing the balance within copyright law.
Andrew,
I'm not sure why you think DRM can prevent P2P piracy. It has never succeeded in stopping piracy, and I can see no reason, either theoretical or practical, why that will change. DRM vendors always promise that the next system will be effective and side-effect-free, but things never turn out that way.
In my experience DRM systems tend to be defeated by attacks that are not at all rocket science: holding down the shift key, putting tape over some sensor, etc. DRM systems keeps getting more complicated, but they keep failing to the same sorts of attacks.
I'm also puzzled as to why a law enforcement system that is unable to stop the distribution of thousands and thousands of huge movie files would be able to stop the spread of a handful of small circumvention programs.
You write this:
DRM is GOOD if it, without posing a more significant security risk than most other common applications, it gives media producers significant assurance that an individual must pay to get their product. (Minus, of course, the prospect of lending and borrowing and “used†sales.) Media producers had this reasonable expectation in the pre-internet world, and they need this reasoanble expectation restored in order to induce them to adopt wide-scale distribution over the internet to create universally available media content.
This is the REAL social contract that needs to signed.
I don't understand this argument. Surely you're not saying that we should just agree that DRM works well. We might wish that were true, but agreeing can't make it so. Digital content is inherently copyable, and our social contract, whatever it is, will have to cope with that fact.
We might as well make a social contract that we will all keep our homes warm this winter without using any fuel or electricity. This just dodges the hard issue, which is how we should cope with the fact that heating requires energy inputs that are expensive.
As far as I can tell, the only success DRM is having currently is to anger and alienate the paying customer. Will the big media companies succeed in committing suicide by angering their customersor will they wake up to the new reality which requires a new business model?
Currently the record companies charge about $19.95 for a new CD. If I can purchase those 12 to 15 songs (say from iTunes) for $.99 ea, spend about $.89 for a blank CD (How much do they get for the sale of blank CDs and DVDs?) , and burn my own CD; I don't see a reason to purchase their CD.
I don't see these companies surviving by pushing DRM technology, especially when they continue to use under-handed, back-door methods. I guess I'll just be content to keep my turntable working.
Is getting sued good for you?
RIAA sues music swappers at three universities
By Antone Gonsalves, TechWeb 19 December 2005 09:45
The Recording Industry Association of America has filed lawsuits against 751 people suspected of illegally distributing copyrighted music, including students at Drexel University, Harvard University and the University of Southern California.
The "John Doe" suits filed Thursday cite individuals for swapping copyrighted music via unauthorised file-sharing networks, such as LimeWire and Kazaa. The RIAA will now seek court permission to take legal steps to try to identify the defendants.
In addition, the industry trade group said it filed lawsuits against 105 named defendants living across a dozen states, including Arizona, Connecticut, Georgia, Illinois, Massachusetts, Michigan, North Carolina, Nebraska, New Jersey, New York, Texas and Wisconsin.
The suits are meant to send to "a clear message that stealing music will bring consequences", Cary Sherman, president of the RIAA said in a statement.
“The end of the year is an especially important time for the music community, and an especially fortunate time for music fans, with a great slate of new releases in stores," Sherman said. “We must do everything to protect the integrity of the marketplace."
Despite the latest round of lawsuits, experts disagree as to whether taking legal action against music fans is an effective deterrent to music piracy.
http://www.itnews.com.au/newsstory.aspx?CIaNID=21548&r=rss
Anonymous Says:
"Is getting sued good for you?"
This bit of non-sequitur completely ignores the fact that DRM would not, could not, and in fact did not prevent the file sharing.
RIAA sues music swappers at three universities
By Antone Gonsalves, TechWeb 19 December 2005 09:45
I think the best thing for someone to do in this case would be this; allow the case to go to trial. Then, to allow the complete list of tracks to be presented as evidence, and to even allow the prosecution to play any or all of said tracks to the jury. However, you must have had only copies of music that were corrupt files that were seeded onto the file sharing networks by companies hired by the RIAA, like Overpeer and such. Then, you can say that these files were explicitly authorized to be shared by the RIAA, and you walk away scott-free; you could also file a counter-claim, and make them pay for the humility and suffering of being dragged through the mud.
Anyone want to set up such a honeypot?
"Despite the latest round of lawsuits, experts disagree as to whether taking legal action against music fans is an effective deterrent to music piracy."
Gee, there's a newsflash.
Andrew:
Where music and video are concerned, I think it is laughable that you think only a small number of people with a high level of mathematical sophistication will be able to bypass the copy protection. At the point of final delivery, the content has to be transmitted in the clear. Anyone with the right (inexpensive) equipment can make a high-quality copy at that point. Game over.
Also, regarding your apparent desire to levy severe criminal penalties against the makers of circumvention tools - to my knowledge the U.S. law enforcement system tried that preciesely once. You might remember the Skylyarov/ElcomSoft case, and how that turned out. Apparently the new social contract embedded in DMCA 1201 didn't go over too well with the jury.
Josh,
OK, if there are bonus tracks only available on the DRM's portion of the media, then there is genuine bonus content.
P.S. Good quote.
Andrew,
If 0.1% of Americans illegally share music or share music-sharing tools, that is 300,000 people. That is a believable number considering the millions of students that are in college every year. 300,000 people is such a large number that this makes music essentially freely available for those who wish to steal. It will be very difficult to deter that 0.1%. The fact that they are still sharing music despite the lawsuits says something.
(I know, I know, many disagree with the term "stealing" for copyright violation, but for me the term "stealing" seems a perfect fit for what occurs when someone illegally copies copyrighted material.)
I do support the lawsuits against those who are directly breaking the law, because those lawsuits go after the people who are actually doing something wrong. When the government tries to legislate DRM, however, the only likely result is overreaching legislation that makes illegal much that should remain legal.
People might "speed" if they think they won't get caught, but are less likely if they know they are in "that little speed-trap town." Should speed limiters be placed in cars? Of course not! People make their own choices, as it should be, and if they break the law, they risk the consequences if they get caught. If the consequences are small, or think they won't get caught, they are more likely to break the laws. Etc...
Ed says:
"We might as well make a social contract that we will all keep our homes warm this winter without using any fuel or electricity. This just dodges the hard issue, which is how we should cope with the fact that heating requires energy inputs that are expensive."
Are you suggesting the stealing of energy to heat your home? tsk tsk tsk
Faulty assumptions to date:
1. There is widespread internet-enabled digital media piracy. (see Canal Street in NYC for REAL sneaker-net enabled piracy)
2. The so-called “analog hole†can be closed (see your own eyes and ears for evidence)
3. Congress and SCOTUS represent citizens interests (see Sonny Bono Copyright Term Extension Act/Mickey Mouse Protection Act/Grokster Decision).
4. P2P networks expose the users to liability/prosecution (see TOR for a real eye-opener)
Truth is, there’s a war going on between citizens and corporations. This is just one facet, and the corporations are destined to lose this particular battle. Until all content is scrambled and the decoder lives inside your skull (at the optical nerve and inner ear) no one can close the analog hole. Period.
This is a good place to fight the war, but there are other battlefronts too. Any time you are asked to weigh what’s “good for business†against your rights or well-being, the battle is being fought.
Remember, people have rights, both natural and granted. It is not precisely clear whether corporations (a total misnomer, btw) should or do have natural rights, except by association with and extension of human owners. In the case where corporations do have granted rights, one could argue that they should be totally and unequivocally secondary to the natural/granted rights of individuals, when the two conflict.
Maybe we need the three laws of robotics for corporations:
1. Corporations shall do no harm to humans.
2. Corporations shall not by inaction allow harm to be done to humans.
3. Corporations shall do no harm to themselves.
That would shake things up a bit, wouldn’t it?
["People might “speed†if they think they won’t get caught, but are less likely if they know they are in “that little speed-trap town.†Should speed limiters be placed in cars? Of course not! People make their own choices, as it should be, and if they break the law, they risk the consequences if they get caught. If the consequences are small, or think they won’t get caught, they are more likely to break the laws. Etc…"]
Exactly. The problem with every implemented form of DRM to date is that they are built upon the concept of "guitly until proven innocent".
Huh?
Isn't this against the law in almost every country?
The only thing such a scheme successfully accomplishes is punishing only those who are innocent. In fact, by the logic of current DRM schemes, everyone who passes through that little "speed trap" you describe would be slapped with a fixed fine -- speeding or not -- in order to compensate for speeders who are not caught. How much sense does that make?
epp_b wrote:
"In fact, by the logic of current DRM schemes, everyone who passes through that little “speed trap†you describe would be slapped with a fixed fine — speeding or not"
Shut up, fool.
You knew you were guilty of theft the second you put opened the CD drive of your PC and put that audio CD in the tray!
Now you just sit and watch while we slag your PC.
Damned candyass pirates always whining about being stopped from stealing...
(This cleansing moment of clarity has been brought to jou by Jack Valenti, the RIAA, and a variety ofnon-prescription psychopharmaceuticals...)
Doug Lay:
It is my experience that the average mathematical sophistication possessed by an American citizen is located somewhere between adding integers and adding fractions, inclusive. As far as the understanding of computers goes, I would wager that most Americans can locate their mouse, keyboard, and monitor. I would also wager that most Americans would have have difficulty if asked to locate their motherboard, hard drive, or power supply.
Obviously, there are plenty of people who understand much more than these "basics." Many of the readers of this blog may fit into this category. When it comes to even the existence of DRM, however, most Americans, are well, clueless.
You may recall the statistic that circulated the internet several weeks back: tests showed that Sony's flawed XCP software was installed on over 5 million computers world-wide.
If you can get flawed software onto over 5 million computers worldwide in a relatively small amount of time, you must be doing something right. DRM must be working far better than Mr. Felten claims.
As for the criminal penalties issue you raise, I would think that copyright holders would agree with you that the DMCA doesnt go far enough. That's why they're paying four senators who are up for re-election in 2006 to sponsor a bill that would authorize 10 year jail sentences for "repeat copyright infringers". Data provided by BayTSP has already been used by the MPAA to elicit guilty pleas from large-scale movie pirates. Those individuals will spend the next 5 years in prison.
As far as the Skylarov case goes, you may recall that Elcomsoft's main defense was that the company never intended their tools to be sold in the US. They apparently presented credible evidence towards proving this. (You may also recall that the laws of the US have no jurisdiction in Russia). Absent this evidence, it is very likely that Skylarov and Elcomsoft would have lost. The jury stated that they (paraphrase): "just couldn't believe that, with full knowledge of the penalties involved, an individual whould intentionally expose themselves to such incredibly liability." Certainly the world wide nature of the internet will require credible intellectual property treaties to be signed and followed by many different parties. The first steps, however, should be domestic in nature.
The underlying issue of the DRM battle should not be, as Mr. Felten is contending, whether DRM can be easily overriden by someone who know what he/she is doing. Virtually no one knows what they are doing! DRM clearly tries to resuscitate an integral part of the pre-internet world. It tries to ensure that a copyright holder has the right of control of his/her property. Without this control, no one will have to pay creators for their work. Creators need jobs. If there is no profit to be had in creating, no one will create as a primary vocation.
Giving creators back this right will ensure a robust market for media. Cretators can then begin to offer their creations over the internet without fear that a customer can illegally give their creation to her 10,000 best friends. This will allow small-time self publishers to compete against big media!
In response to Foil Hat Guy:
I wouldn't cite TOR as an example of a good way to anonymously use p2p apps. Instead, I would cite MUTE, Freenet, or Antz. TOR has publically requested that their network not be used for p2p because it simply cannot handle the traffic. Most users report relatively slow speeds.
I don't think that the speed limiter is a very good analogy. In that case you are talking about a strict offence, and the action amounts to the offence.
With something like copyright, there are situations where making a copy is not itself unlawful or a breach of copyright. It is what you do with the copy after you have made it that is either lawful or unlawful.
No DRM system can anticipate what you might decide to do with a copy after you have made it, so ipso facto it is not possible to devise a valid DRM solution to protect copyright which does not also infringe on valid and lawful activity.
@Andrew:
Thanks for recommending tools for stealing stuff online! Actually, I was just citing TOR as a TCP based anonymizing metanetwork, to illustrate that it is quite possible to obfuscate online activities.
Also, if you want to give creators back their profits, just cut the studios out of the deal. Then, with all the crazy money flying around, we'll deal with how to lock down the product, assuming that any of the actual creators give a crap about that.
Andrew,
Glad you took the time to read my reply as well... People don't need to know how to bypass DRM; they just need to know where to download the material without the DRM, removed by that 1% you talked about. All it comes down to is whether or not you can enforce copyright law itself; not DMCA like laws for DRM bypassing. All the DRM does is make legal music less interesting to buy, and thereby relatively increasing the value of illegally available content.
Also: DRM and Open Source simply don't go together. You cannot build an Open Source implementation of an algorithm that's supposed to remain a secret (which is what DRM is: security through obscurity). Any cryptologist will tell you DRM by definition cannot work.