July 19, 2024

Archives for September 2004

DMCA Ruling in BNETD Case

A Federal Court in Missouri has ruled on the BNETD case, which involves contract and DMCA claims, and issues of reverse engineering and interoperability. Because I played a role in the litigation (as an expert), I won’t comment on the court’s ruling. The rest of you are welcome to discuss it.

Recorded Music Being Replaced by Other Media

The music industry likes to complain about sales lost to piracy, but figures that show huge sales declines only tell part of the story. Before we blame this trend on infringement, we have to make several assumptions, including that the demand for music (whether purchased or pirated) has remained steady.

Figures available from the US Census bureau suggest otherwise. Data on “Media Usage and Consumer Spending” abstracted from a study by Veronis Suhler Stevenson show the average number of hours spent listening to music by US residents age 12 and older has declined steadily since 1998 (from 283 to a projected 219 in 2003, a 21% decline). Meanwhile, home video, video games, and consumer Internet have seen dramatic gains. This suggests that people are turning to new forms of entertainment (i.e., the Internet, video games, and DVDs) at the expense of recorded music.

Here’s the data, extracted from the Census Bureau report, on the number of hours Americans spent using various types of media in 1998 and 2003.

Activity Hours, 1998 Hours, 2003 (proj.) Change (hours)
TV 1551 1656 +105
Radio 936 1014 +78
Box office 13 13 0
Home video 36 96 +60
Interactive TV 0 3 +3
Recorded music 283 219 -64
Video games 43 90 +47
Consumer Internet 54 174 +120
Daily newspapers 185 173 -12
Consumer books 120 106 -14
Consumer magazines 125 116 -9
Total 3347 3661 +314

(Source: US Census Bureau, Statistical Abstract of the United States: 2003, p. 720.)

(Note 1: We chose to use 2003 as the ending point, even though the source includes projected 2004 data, on the assumption that the 2003 Statistical Abstract’s projected data would be more trustworthy for 2003 than for 2004. Using 2004 as the endpoint would not materially affect the analysis.)

(Note 2: It is possible that part of the decline in recorded music hours may be an artifact of the study methodology. The table caption states that the data for categories including recorded music were based on “survey research and consumer purchase data”. To the extent that the estimate of music listening hours is based on survey data, it can serve as a possible cause of the drop in music sales. But to the extent that the listening time estimate might be inferred from the drop in sales, it should not be used to explain the sale drop. More methodological details might be available in the VSS report, but that is not available to the public.

However, we think it is unlikely that the listening time estimate is derived entirely from sales data. According to the same Census Bureau report (which cites as its source the same Veronis Suhler Stevenson report), per-capita spending on recorded music fell by only 4% from 1998 to 2003; the RIAA estimated a 15% drop in its total recorded music revenue over the same period. It seems unlikely that a 21% drop in listening time would be inferred entirely from a 4% or 15% spending drop.)

(Note 3: VSS wants $2000 for a copy of their report. We’re not in a position to pay that much. If anybody has a copy of the report and is able to fill us in about their methodology, we’d be grateful.)

[This entry was written by Alex Halderman and Ed Felten. If you cite this, please don’t attribute authorship to Ed alone.]

SunnComm Follies

Ashlee Vance at the Register tells the amazing story of SunnComm, the DRM company whose CD “protection” product was famously defeated by holding down a PC’s Shift key. It’s one of those true stories that would be hopelessly implausible if told as fiction. Here’s the opening paragraph:

You might expect one of the world’s leading digital rights management (DRM) technology makers to have a rich history in either the computing or music fields or both. This is not the case for SunnComm International Inc. Instead, the firm’s experience revolves around a troubled oil and gas business, an Elvis and Madonna impersonator operation and even a Christmas tree farm.

The story goes on with shell companies, phantom sales contracts, SEC investigations, shareholder lawsuits, and many, many excuses from the CEO. Oh yeah, at some point the company found time to develop a laughably weak CD copy “protection” product, to threaten legal armageddon against my student Alex Halderman when he wrote a paper analyzing the technology and detailing its weaknesses, and to somehow sell the technology to record companies despite its utter failure to keep even one song off the file-sharing networks.

Readers who are even moderately skeptical of CEO excuses will recognize this company for what it is. And remember, this company can plausibly claim to be the leader in music DRM. Gives you lots of confidence in the viability of DRM, doesn’t it?

A Roadmap for Forgers

In the recent hooha about CBS and the forged National Guard memos, one important issue has somehow been overlooked – the impact of the memo discussion on future forgery. There can be no doubt that all the talk about proportional typefaces, superscripts, and kerning will prove instructive to would-be amateur forgers, who will know not to repeat the mistakes of the CBS memos’ forger. Who knows, some amateur forgers may even figure out that if you want a document to look like it came from a 1970s Selectric typewriter, you should type it on a 1970s Selectric typewriter. The discussion, in other words, provides a kind of roadmap for would-be forgers.

This kind of tradeoff, between open discussion and future security worries, is common with information security issues – and this is a infosecurity issue, since it has to do with the authenticity of records. Any discussion of the pros and cons of a particular security system or artifact will inevitably reveal information useful to some hypothetical bad guy.

Nobody would dream of silencing the CBS memos’ critics because of this; and CBS would have been a laughingstock had it tried to shut down the discussion by asserting future forgery fears. But in more traditional infosecurity applications, one hears such arguments all the time, especially from the companies that, like CBS, face embarrassment if the facts are disclosed.

What’s true with CBS is true elsewhere in the security world. Disclosure teaches the public the truth about the situation at hand (in this case the memos), a benefit that shouldn’t be minimized. Even more important, disclosure deters future sloppiness – you can bet that CBS and others will be much more careful in the future. (You might think that the industry should police itself so that such deterrents aren’t necessary; but experience teaches otherwise.)

My sense is that it’s only the remote and mysterious nature, for most people, of cybersecurity that allows the anti-disclosure arguments to get traction. If people thought about most cybersecurity problems in the same way they think about the CBS memos, the cybersecurity disclosure argument would be much healthier.

Conservative Group Takes Conservative Position on Induce Act

The American Conservative Union, an influential right-wing group, has announced its opposition to the Induce Act, and is running ads criticizing those Republicans who support the Act. This should not be surprising, for opposition to the Act is a natural position for true conservatives, who oppose government regulation of technology products and support a competitive marketplace for technology and entertainment.

One sometimes hears the claim that conservatives should support the Induce Act, because that’s what big business wants. But thoughtful conservatives support free markets, not giveaways to specific business sectors. And conservatives who understand the economy know that the Induce Act is supported by a few businesses, but opposed by many more, and that the opponents – the computer, electronics, Internet, and software industries – account for a larger and more dynamic portion of the economy than the supporters do.

The Induce Act is a nice litmus test for self-described conservative lawmakers. They can support the Act, and confirm the criticism that conservatism is just a fig-leaf for corporate welfare. Or they can oppose the Act and confirm their own claims to stand for competition and the free market.

The ACU sees this choice for what it is, and opposes the Induce Act. Let’s hope that more conservatives join them.