We're in the middle of the U.S. Copyright Office's triennial DMCA exemption rulemaking. As you might expect, most of the filings are dry as dust, but buried in the latest submission by a coalition of big copyright owners (publishers, Authors' Guild, BSA, MPAA, RIAA, etc.) is an utterly astonishing argument.
Some background: In light of the Sony-BMG CD incident, Alex and I asked the Copyright Office for an exemption allowing users to remove from their computers certain DRM software that causes security and privacy harm. The CCIA and Open Source and Industry Association made an even simpler request for an exemption for DRM systems that "employ access control measures which threaten critical infrastructure and potentially endanger lives." Who could oppose that?
The BSA, RIAA, MPAA, and friends – that's who. Their objections to these two requests (and others) consist mostly of lawyerly parsing, but at the end of their argument about our request comes this (from pp. 22-23 of the document, if you're reading along at home):
Furthermore, the claimed beneficial impact of recognition of the exemption – that it would "provide an incentive for the creation of protection measures that respect the security of consumers' computers while protecting the interests of the record labels" ([citation to our request]) – would be fundamentally undermined if copyright owners – and everyone else – were left in such serious doubt about which measures were or were not subject to circumvention under the exemption.
Hanging from the end of the above-quoted excerpt is a footnote:
This uncertainty would be even more severe under the formulations proposed in submissions 2 (in which the terms "privacy or security" are left completely undefined) or 8 [i.e., the CCIA request] (in which the boundaries of the proposed exemption would turn on whether access controls "threaten critical infrastructure and potentially endanger lives").
You read that right. They're worried that there might be "serious doubt" about whether their future DRM access control systems are covered by these exemptions, and they think the doubt "would be even more severe" if the "exemption would turn on whether access controls 'threaten critical infrastructure and potentially endanger lives'."
Yikes.
One would have thought they'd make awfully sure that a DRM measure didn't threaten critical infrastructure or endanger lives, before they deployed that measure. But apparently they want to keep open the option of deploying DRM even when there are severe doubts about whether it threatens critical infrastructure and potentially endangers lives.
And here's the really amazing part. In order to protect their ability to deploy this dangerous DRM, they want the Copyright Office to withhold from users permission to uninstall DRM software that actually does threaten critical infrastructure and endanger lives.
If past rulemakings are a good predictor, it's more likely than not that the Copyright Office will rule in their favor.
Front page posts
Does the copyright cartel realise what liability they have when something seriously goes wrong due to a bad implementation of DRM. There must be people that remember the black-out that hit NE USA and Canada. Would Sony-BMI be able to pay the damages for such an event?
I think it's less spectacular than that. These guys are most certainly misguided, but they are not stupid. They simply see that invoking a "life or death" exception is difficult to dispute.
It would be in a way analogous to pushing "content filtering" and censorship under the pretexts of let's say the threat of porn to the moral fiber or "homeland security". The reason that's being done is that hardly anybody would want to be caught arguing it.
On a more general note, anything that provides users with a way to seek recourse can be expected to be objectionable to the DRM pushers. Circumventing DRM must be illegal under any circumstance, period. Rulership is not absolute unless it is unquestionable.
May I say that in the eyes of the "Copyright Cartel Lawyer" fighting illegal copying is so important that innocent bystanders can be killed in the process. "Copyright owners need absolute rulership over (all) computers."
If you ask me, I'ld rather abolish copyrights instead.
"These guys are most certainly misguided, but they are not stupid."
You think so, huh? I'd hate to bet on it. They are greedy and power-hungry, and that creates a mindset so close to stupidity as to be practically indistinguishable from it.
Perhaps I'm a brainwashed stooge of the RIAA, but aren't they just saying that the phrases "causes security and privacy harm" and "threaten critical infrastructure and potentially endanger lives" are vague? It is fairly uncontroversial to believe that vague legal rules can have negative consequences. Did the Sony DRM rootkit "threaten critical infrastructure"? It's in everyone's interest to have these concepts clearly defined so the copyright owners know what not to do. I, for one, don't trust them to behave well unless they are given clear instructions.
I don't think it should have to rise to the level of "life or death" before removal.
If I will be exposed to large dollar costs to clean up somebody else's mess, I want the right to mitigate those damages. In fact, do I not have the legal obligation to do so?
Did the Sony DRM rootkit “threaten critical infrastructure�
san4,
Last January, in a SecurityFocus article, reporter Robert Lemos quoted security expert Dan Kaminsky:
"It is unquestionable that Sony's code has gotten into military and government networks, and not necessarily just U.S. military and government networks."
Certainly not all military and governmental networks qualify as "critical infrastructure"—just as some civilian networks should be considered "critical." But the infection of military and governmental networks does help to indicate the severity of the problem.
As a circumstantial consideration: Over the past decade or so, there seems to have been a worrying trend towards integrating SCADA with MIS in a fashion that seems somewhat less than prudent.
[...] RIAA Says Future DRM Might “Threaten Critical Infrastructure and Potentially Endanger Lives” - Freedom to Tinker We’re in the middle of the U.S. Copyright Office’s triennial DMCA exemption rulemaking. As you might expect, most of the filings are dry as dust, but buried in the latest submission by a coalition of big copyright owners (publishers, Authors’ Guild, BSA, MPAA, RIAA, etc.) is an utterly astonishing argument. [...]
If only this could make its way to mainstream media. Lawyers will be lawyers, but no company should believe it has the ability to make such hostile statements without consequence.
Let's say Sony-BMG's software winds up on the CIA network because some high clearance figure likes to listen to music while he works. Bush likes to tell us that security breaches mean death, and whether you buy is NSL/NSA arguments are not is irrellevant: security holes in intelligence computers are a bad idea. So in this situation, DRM threatens a critical infrastructure, security, and, questionably, lives.
So let me get this straight. The RIAA just said that this guy doesn't have the right to remove it?
I'm not sure what's worse, that these people are making the argument, or that the committee recieving requests hasn't condemned them for it.
So let me get this straight. Our National Security is only as good as the next Rootkit implementation? If I was working for al-Qaeda, I'd try and get placed with Sony's DRM tech group and exploit the CIA music-sneakernet...
Our National Security is only as good as the next Rootkit implementation?
See Computer Science and Telecommunications Board, Information Technology for Counterterrorism: Immediate Actions and Future Possibilities, The National Academies Press, Washington, D.C., 2003.
BOX 2.2 Security Vulnerabilities and Problems of SCADA Systems
[F]or economic reasons, the Internet itself is increasingly used as a primary command pathway. In general, there is minimal protection against the forgery of control messages or of data and status messages. Such control paths present obvious vulnerabilities.
In addition, today’s SCADA systems are built from commercial off-the-shelf components and are based on operating systems that are known to be insecure. [...]
(And before you dismiss this as semi-hysterical scare-mongering, please just contemplate that two of the editors, John L. Hennessy and David A. Patterson, also wrote one of my textbooks: Computer Organization & Design.)
RIAA Says Future DRM Might “Threaten Critical Infrastructure and Potentially Endanger Lives”...
Freedom to Tinker: RIAA Says Future DRM Might “Threaten Critical Infrastructure and Potentially Endanger Lives”
How do the people we elect to Congress even consider this a reasonable law? Well, just look at the craptacular bill the House pa...
E. Burke: Neither am I going to place money on absence of stupidity anywhere. I meant it in a purely technical "micro" way. In the same way that there is "macro" wisdom and "micro" smarts, there are their respective opposites. A related concept is "penny-wise, pound-foolish".
Somebody who is unwise enough to pursue the wrong/ineffective ends, and that in an ineffective way, can still be smart enough to reason about obstacles in said ineffective way and how to deal with them.
Freedom to Tinker: RIAA Says Future DRM Might “Threaten Critical Infrastructure and Potentially Endanger Livesâ€
How do the people
[...] Ed Felten waxes technological on DRM in the eyes of the RIAA. Money quote: They’re worried that there might be “serious doubt†about whether their future DRM access control systems are covered by these exemptions, and they think the doubt “would be even more severe†if the “exemption would turn on whether access controls ‘threaten critical infrastructure and potentially endanger lives’.†[...]
Spyware distributors would love this. It would be illegal to remove spyware. Here are the steps down the slippery slope...
1) The BSA wants government to outlaw circumvention/removal of their DRM, which they use to protect their software.
2) So along comes some spyware that uses DRM to "protect" itself.
3) If set up properly, the DRM would have to be removed before the actual malware payload is removed.
4) For a few seconds, you'd have the malware payload present, without its associated DRM being present. This would be equivalant to a "cracked copy" of Windows.
In such a situation, the only legal way to remove the malware would be to re-format/re-partition your hard drive. The next step would be for some creative lawyer to come up with a way to outlaw the act of you re-formatting your harddrive. I don't know how it's possible, but I'm sure someone will try.
Once the DRM measure is on your system it is illegal to remove it.
Consequence: it is then illegal to reformat the harddisk and reinstall.
One may even argue about the legality of workstations being centrally reloaded
with a fresh system ever so often (to reduce employee tinkering with employer equipment)
once such a workstation can be proved to have been infected with DRM.
Will you be permitted to buy a new (identical, but not yet infected) system and throw away the infected one?
You can buy a new one, coz you pay MONEY for that and this is exactly what they want you to do!
As long as they feel they can guarantee reinstallaion of the DRM, I don't think they'll have a problem with someone reformatting their harddrive and reinstalling the OS. If they think that someone will do that and then be able to avoid DRM installation, they may try to find a legealese way to discourage people from reinstalling. (Although, probably not. Realistically.)
However, if they feel people can somehow escape installation of DRM they will go to one or both of two solutions:
1) Make it so that the media is impossible to play without the DRM installed
2) Get the OS manufacturers to bundle the DRM as an integral part of the OS.
I can easily imagine both Microsoft and Apple being willing to follow #2, especially if the DRM chosen is theirs.
slj: You may watch your language here. DRM doe not "infest" computers, but "enhances" them. :-(
"My intestine is enjoying a tapeworm enhancement."
[...] integrating SCADA with MIS [...]
Sorry about following up on my own post, but one reference for this would be:
U.S. General Accounting Office, Critical Infrastructure Protection: Challenges and Efforts to Secure Control Systems, GAO-04-354 Washington, D.C., 2004.
In particular, see Figure 3 “Typical Components of a Control System” on p.10. And on p.13, see “Control Systems Are
Connected to Other Networks”:
Enterprises often integrate their control systems with their enterprise networks. This increased connectivity has significant advantages, including providing decision makers with access to real-time information and allowing engineers to monitor and control the process control system from different points on the enterprise network. In addition, the enterprise networks are often connected to the networks of strategic partners and to the Internet. Furthermore, control systems are increasingly using wide area networks and the Internet to transmit data to their remote or local stations and individual devices. [...]
It's enough to gaze (not too long, mind) at the RIAA's home page: it is a cacophony of "lawsuits", "penalties", "pirates", "theft" and "parental advisories" - a truly sorry example of narrow-minded negativity. Whatever happened to music as one of the loftiest expressions of the human spirit?
Since when does the RIAA have anything to do with music, Glyn? Last I checked, the only five letter 'M' word in their vocabulary rhymes with "honey". :P
Edward Kuns wrote:
"2) Get the OS manufacturers to bundle the DRM as an integral part of the OS.
I can easily imagine both Microsoft and Apple being willing to follow #2, especially if the DRM chosen is theirs."
Been there, done that, already resolved never to ever use Vista or OSx86. Ever.
I think that as regards audio CD's, there will emerge hardware capable of ripping the CDDA content to mp3, where the device doing it is not a PC.
Take a look at
http://www.pcpro.co.uk/news/84827/straighttopod-cd-ripper-announced.html
[...] …and your life. This is the short of it when it comes to the long circuitous blather of MPAA and RIAA (aka “copyright owners”) attorneys. So reports Ed Felton of the Freedom to Tinker website: One would have thought they’d make awfully sure that a DRM measure didn’t threaten critical infrastructure or endanger lives, before they deployed that measure. But apparently they want to keep open the option of deploying DRM even when there are severe doubts about whether it threatens critical infrastructure and potentially endangers lives. [...]
[...] I’m writing this as a response to an article (pingback) I read at Freedom to tinker. Put simply, the RIAA acknowledges that future DRM might “threaten critical infrastructure and potentially endanger livesâ€. [...]
If the purchasing public stopped buying all entertainment media completey for a full week after each such filing I wonder if, then, they'd ge the message...
Boycotting all CD's, Theatre Movies, DVD's and Videos of proposing companies comes to mind as well...
I don't trust Sony - BMG at all... I will not buy any product with their Logo. Even DVD's or supposedly safe CD's...
And, law or no law NO: Hidden DRM or Root Kits will be allowed to stay on my system...
It's not an issue of circumvention... Or, of theft... It's an issue of my being responsible for my own Computer Safety and Security...
But, we are already nothing more than the serfs of not so jolly old England...
And, the music industry wants to be yet another 'master'...
It's time for a "Boston Tea Party!!!
The $0.99 downloads have made sharing songs much more easy for those who want to be legal. **When** the songs are available as singles... If there were a facility to pay a reasonable license when we cut tracks to share... I'd use it...
The Psalmist (David) said that he would not give a gift that cost him nothing... (2 Samauel 24:24 )
Do we *really* value our friends when we give them gifts that cost us nothing?
Also some cd's are cut for a one time listen... Is it really fair to expect $20 for a one time listen to a single track?
Make it easy for the "end user" to license use of material and most of us will pay the fees! Even in Midi's
[...] hiesse ismael jon und wäre reinigungskraft im kernkraftwerk three mile island in harrisburg, dürfte er den kopierschutz nicht deinstallieren. die musikindustrie besteht nämlich darauf, dass selbst kopierschutz-massnahmen, die kritische infrastruktur bedrohen und möglicherweise leben gefährden, nicht deinstalliert werden dürfen. die plattenindustrie begründet dass damit, dass eine solche ausnahmen vom allgemeinen verbot, den kopierschutz zu deinstallieren, eine grauzone eröffnet, die niemandem nützt. daher dürfen selbst kopierschutz-massnahmen, die menschen buchstäblich töten könnten, auf gar keinen fall deinstalliert werden. [...]
Incredible. I can't *wait* for the first lawsuit against the maker of DRM whose software ends up killing someone, such as in a defibrillator, heart monitor, oxygen regulator, etc.
What they're saying is that their "right" to profits trumps your right to live if DRM is involved. I'm telling you, you just can't make this stuff up!
Mike
http://www.thepregnancytester.com (coded without any DRM)
[...] From Freedom to Tinker - “In light of the Sony-BMG CD incident, Alex and [Ed Felten] asked the Copyright Office for an exemption allowing users to remove from their computers certain DRM software that causes security and privacy harm. The CCIA and Open Source and Industry Association made an even simpler request for an exemption for DRM systems that “employ access control measures which threaten critical infrastructure and potentially endanger lives.†Who could oppose that? [...]
Just have some have said: The RIAA et al. should be should be held accountable for death that results from their DRM. Placing cause on the DRM might be difficult however.
Copyright noob here:
I understand that it violated the DMCA to play a Sony CD without installing the Sony rootkit software. Did it also violate the DMCA to remove the Sony rootkit before they released a tool to do so -- just remove it, not remove it and play a protected cd. Did it violate the DMCA to talk about how to remove the rootkit, even after it was discovered that the DRM was a rootkit?
If it's going to be illegal to remove malicious software that was installed without my express consent, you might as well lock me up now. Legal mumbo-jumbo buried 12 pages deep in the EULA does NOT constitute express consent, as these documents are intentionally written in such a way as to cause migranes in anyone who tries to decipher them without the aid of an advanced law degree. How about a law requiring that EULAs and TOSs be written in such a way that anyone with ab IQ of 100 or more can easily understand them? (my IQ is much higher than that, but those things give me a splitter every time I try to decipher one.)
if this passes couldn't someone just sue immedatly because it violates consistutional rights to life.
[...] From Freedom to Tinker: RIAA Says Future DRM Might “Threaten Critical Infrastructure and Potentially Endanger Lives” [...]
Do I recall that the Sony rootkit did open the PC up to various malware? And weren't there instances where the rootkit made an otherwise stable PC unstable? I would suppose that in every state, if such a PC were being used in a life safety fucntion, that would constitute the crime of at least, reckless endangerment; even if no actual ijuries or damage resulted.
Elliot Spitzer, where are you?
due to riaa's bull alone I will no longer buy music from any source. in light of sony/bmg doing what they did with their programming I don't feel that it is safe to buy anything more that is on the open market since spyware etc. is NOT desireable and is part of the problem that now faces people who try to play their stuff on their computers.
I have spent too much money that I can ill afford on this computer and I will not for any reason put it at risk because someone refuses to pay artists their net worth but screams that the company is being jipped while over charging for a product.
Let me get this right.
I bought the computer.
I bought the OS.
I bought the media software to play media.
I bought the rights to play a given track/clip.
They install software without my permission.
I remove said software.
I get hit with a lawsuit?
All of my actions were not only legal, but also (except the last two), generate cashflow (and profit if they are decent businesspeople) for someone.
This is just stupid. Better to only download public domain music and freely available open source software.
What I want to know is, how is it legal that a music CD installs software on my computer, without my knowledge or consent? I want to know how many victims of this farce actually incurred damages. I know if I had my computer hacked, my personal info stolen, and my identity threatened or stolen, and I could track that to the infamous rootkit on a music cd, I'd sue them for every penny I could get.
We've all heard the arguments.
1. P2P is hurting the artists...
MPAA, RIAA, etc. are lobbying organizations looking out for the interests of megacorporate entities. You think the artists get rich off records? Or the actors off DVD sales? Not very often. Music artists get rich from touring, the records help with publicity, but the record companies get the bulk of those profits. Only from concerts do the artists get a decent percentage. Actors get paid before the movies air, for the most part. I'm sure some get a small slice of royalties, but it is SMALL.
2. On the other hand, P2P actually acts as free advertising. For every leech who never buys anything, there are more than one who buy the music they like, or who focus on bands which allow taping and free distribution of their concerts.
The reason we see all this is that the lobbies have an almost infinite supply of money to fight this battle, and the end users are too diffused and too apathetic (when you look at the average). Even if the consumers were to execute their sole powers (by choosing to boycott the companies represented by the lobbyists or by voting those being lobbied out of office), together and in force, it would take too long for the industries pockets to run dry.
It's a conundrum
Some one referenced a slippery slope above, and that's exactly what this is. But the top of the slope doesn't start with DRM, it's copy rights in general. Copy rights are a contrivance.
The only things of actual worth are physical objects and services rendered. The orientation, characterization, or dimensions of an object are human conceptions and cannot be owned by a third party, with respect to the primary owner of the object, without that third party having at least partial domain of ownership over the primary ownership party's mind. Until we sign over our minds, the copy right law will be an incoherent facet of the legal system.
If the Earth people sell an encryption box to the Mars people, the Earth people cannot expect to the Mars people to not reverse engineer the encryption box. All we can ask for from the Mars people is reciprocation goods and services. If that happens to be information, we can only ask for a one-time, up-front fee for that information. If we didn't want our goods and services to be used in certain ways, we shouldn't have traded them for goods and services that we wanted with other parties.
DMCA- "Personal privacy (section 1201(i)). This exception permits circumvention when the technological measure, or the work it protects, is capable of collecting or disseminating personally identifying information about
the online activities of a natural person."
when did sony/riaa/mpaa/etc decide that people cannot break the DMCA yet they can?...oh yeah, right before they handed the check to the judge.
All of you have made some good comments put forth some excellent arguments. However, you are missing an important point. One that SpiritualMadMan hit on. We who buy the products that the BSA, MPAA and RIAA et al sell are being hurt, inconvenienced and our property violated by their over zealous lust to prevent theft.
As SpiritualMadMan said, we need to boycott and we need to do it in a very big way. We need to let them know that by hurting those that made them rich they are harming themselves more then any pirate ever could. Instead of discussing the evils of their DRM stop buying, renting their product. Do not buy or rent any movie or music in any form do not go to the theater. Do this for one month and if they do not give in do it for another.
I realize that not having the latest song or watching that new movie will disappoint you, but consider your future and the impact that DRM will have on it. Stop discussing it do something about it (legally.) Boycott! (It is really all we have.)
Take care,
Doug
Boycott is the only solution. Dont wait for the announcement, just stop buying their junk. This is obviously a war. There are two sides and you must choose one. The artists have dug their own grave by the voluntary erosion of their rights as creators and authors and deserve no more mercy than the industry they serve. Find some new heros, find new artists, expand your horizons, pay for a local show. Refuse to use their distribution system. Take what they assure is theirs because they have taken what is undeniably yours - your security and rights. Fight fire with fire. It is absolutely pointless to discuss any other action. We are the masses, disorganized and seperated and we cannot beat them at their game. The theatre for this conflict is not a courtroom but the battlefield of the free market. Refuse to pay - its working. Dont even pay 99 cents. Buy a guitar. This is the greatest thing to ever happen to music. We dont need spineless artists that give up their rights to be stars for the public at large. We should except nothing less than real talent - not overmarketed and radio hyped pop garbage - a homogenous ooze that pollutes our souls. Tell you friends. Steal that song, steal that movie. The only slipperly slope I see is thinking that this will ever be resolved in a manner that would be accepted as fair on either side. Its obvious this isn't about digital rights, this is about control and freedom from control.
Aguante el DRM...
En otro post más contra los actos delictivos de las discográficas, quiero resaltar dos temas bastante interesantes:
Por un lado, la MPAA, la RIAA y otras asociaciones usurpadorasdueñas de copyrights están [URL=http:// ......
Actually, xalorous , you didn't buy the OS or the media software, so you have no ownership rights. You agreed to lease it, warts and all.
In my opinion, the lease model is the fundamental (and least discussed) barrier to reasonable legal usage rights of your computer. Everything would change if you owned the hardware and software, but you do not.
[...] RIAA Says Future DRM Might “Threaten Critical Infrastructure and Potentially Endanger Lives†[...]
I wonder if this means that the MPAA/RIAA will accept legal liability if someone is injured or if critical infrastructure is damaged?
Actually I disagree (even if wrong legally) When I buy content as far as I am concerned the content for personal use is my PROPERTY. not leased or license.
I do not recognize license terms or eula. they mean nothing to me. its my property period. as far as I am concerned license and terms ONLY apply to IP Rights or which I claim no ownership.
I see PROPERTY RIGHTS as differeing from IP RIGHTS.
I own the CD I OWN the copy of the music on it. that music is my property to do ANYTHING I WISH WITH for personal use. Restrictions do not exist to me legally or any other way. Those restrictions as far as I am concerned only apply to IP RIGHTS ie when its NON Personal.
This is the way I see and utilize it whether they agree to it or not. I am not giving them the option nor asking there permission.
We need to FORCE congress to do its job as our employee's.
DRM is to be outlawed. it has no valid use except to restrict competition and restrict my rights to my property.
Chris Taylor
http://www.nerys.com/