June 24, 2024

Encryption and Copying

Last week I criticized Richard Posner for saying that labeling content and adding filtering to P2P apps would do much to reduce infringement on P2P net. In responding to comments, Judge Posner unfortunately makes a very similar mistake:

Several pointed out correctly that tags on software files, indicating that the file is copyrighted, can probably be removed; and this suggests that only encryption, preventing copying, is likely to be effective in protecting the intellectual property rights of the owner of the copyright.

The error is rooted in the phrase “encryption, preventing copying”. Encryption does nothing to prevent copying – nor is it intended to. Encrypted data can be readily copied. Once decrypted, the plaintext data can again be readily copied. Encryption prevents one and only one thing – decryption without knowledge of the secret key.

It’s easy to see, then, why encryption has so little value in preventing infringement. You can ship content to customers in encrypted form, and the content won’t be decrypted in transit. But if you want to play the content, you have to decrypt it. And this means two things. First, the decrypted content will exist on the customer’s premises, where it can be readily copied. Second, the decryption key (and any other knowledge needed to decrypt) will exist on the customer’s premises, where it can be reverse-engineered. Either of these facts by itself would allow decrypted content to leak onto the Internet. So it’s not surprising that every significant encryption-based anticopying scheme has failed.

We need to recognize that these are not failures of implementation. Nor do they follow from the (incorrect) claim that every code can be broken. The problem is more fundamental: encryption does not stop copying.

Why do copyright owners keep building encryption-based systems? The answer is not technical but legal and economic. Encryption does not prevent infringement, but it does provide a basis for legal strategems. If content is encrypted, then anyone who wants to build a content-player device needs to know the decryption key. If you make the decryption key a trade secret, you can control entry to the market for players, by giving the key only to acceptable parties who will agree to your licensing terms. This ought to raise antitrust concerns in some cases, but the antitrust authorities have not shown much interest in scrutinizing such arrangements.

To his credit, Judge Posner recognizes the problems that result from anticompetitive use of encryption technology.

But this in turn presents the spectre of overprotection of [copyright owners’] rights. Copyright is limited in term and, more important (given the length of the term), is limited in other ways as well, such as by the right to make one copy for personal use and, in particular, the right of “fair use,” which permits a significant degree of unauthorized copying. To the extent that encryption creates an impenetrable wall to copying, it eliminates these limitations on copyright. In addition, encryption efforts generate countervailing circumvention efforts, touching off an arms race that may create more costs than benefits.

Once we recognize this landscape, we can get down to the hard work of defining a sensible policy.


  1. Alexander Wehr says

    It’s always been interesting to see the specs on HD DVD talking of “device revocation” and “adaptive encryption”.

    under the interpretation that encryption prevents copying.. the disk utility present in my mac is an eeevil circumvention device because it can create a bit for bit disk image of an HD dvd, which could theoretically be disseminated to the eeevil downloaders who would then be able to play it on any authorized player.

    Considering the fact that the copyfight debate torrent was over a gig in size, it’s conceivable that compression is not really a necessity as it once was, but a mere convenience.

  2. Randy,

    You asked where I think antitrust authorities should look. Here’s an off-the-cuff list, which shouldn’t be mistaken for a serious analysis.

    I would watch the next-gen DVD standards negotiations.

    I would look at the Apple and Microsoft DRM technologies. An important question here is to what extent each is a substitute for the other.

    If the broadcast flag goes ahead, I would look at the list of approved DRM technologies. To the extent that industry has input into the approval process, I would watch for cartel behavior in that process.

    I would watch copyright owners’ decisions about which DRM systems they will release content on, to make sure they’re not colluding or coordinating their decisions inappropriately.

  3. enigma_foundry says

    “This alternative has evidently been foreseen as the punishments for leaking a copy of such an unpublished work are particularly severe…”

    Under what law? Are you saying that the serialised content would classify as a trade secret? Don’t think so. Publishing is Publishing isn’t it? Or are you saying that contract law would be operative here, and that the contract could specify damages? Perhaps–there is a case being heard that speaks to this very issue…Blizzard v. BnetD…whether a clickwrap contract prohibits reverse engineering (no decision issued) So, under what law/jurisdiction/theory do these “particularly severe” consequences occur?

  4. Randy Picker says

    Definitely a mix of tech, law and economics, so time to name names: which arrangements should the antitrust authorities be looking at?

  5. Filtering WORKS, but only IF filters remove the bad and keep the good.

    At the moment the ‘bad’ is the noisy, spoof, or DRMed, and the good is the high fidelity work that people keep around (mostly against copyright owner’s wishes, but sometimes to their approval when copyleft).

    So very few users are going to install filters that remove copyright restrained works (90% of the good stuff). They will happily install filters that remove the bad stuff of course.

    Some people will actually be happy to install filters that identify the copylefted works, as they can then re-share these without compunction.

    A more sensible policy (but ultimately fruitless) would be for the industry not to publish what they don’t want copied, but to instead digitally sign and serialise each copy that they then securely deliver to each of their contract bound subscribers. This alternative has evidently been foreseen as the punishments for leaking a copy of such an unpublished work are particularly severe.