September 26, 2018

Is DRM Good for You?

Randy Picker, a principled DRM (copy protection) advocate, had an interesting comment on one of my prior posts about the Sony incident. Here’s the core of it:

Assume for now that you are right that DRM leads to spyware; all that means is that we need to figure out whether we should or shouldn’t favor active protection/supervision environments.

That gets us to the central point: namely the fact that consumers don’t want it doesn’t tell us anything about whether it is in the joint interests of consumers and producers. I spent the morning writing my exam and then will have to grade it after the students take it (no grad student graders for law profs). By far and away the worst part of the job, and I certainly don’t want it as part of the job, but that doesn’t mean that it isn’t jointly sensible.

Putting that point slightly differently, consumers may gain more from a DRM world than they would from whatever alternative world emerges without DRM; those subject to restrictions rarely want them but restrictions are frequently welfare maximizing; the fact that one party would like to get rid of the restrictions tells me little (nothing, probably) about whether the restriction is in the joint interest of the parties to the transaction.

It’s true in principle that an arrangement can be unwanted but ultimately good for those on whom it is imposed; but I don’t think that observation matters much in the specific case of CD DRM.

To understand why, let’s look at a case where a similar argument has traditionally worked: copyright. Copyright can be understood as an agreement among all of us that we will not infringe. Even though each of us individually would prefer to use works without paying, we understand that if we all refrain from infringing this increases incentives for authors, leading to the creation of more works we can enjoy. By making and keeping this copyright deal with each other, we come out ahead. (That’s the theory anyway. We all know what happens when the lobbyists show up, but work with me here, okay?)

One of the practical problems with this kind of deal is that each individual can gain by defecting from the deal – in the case of copyright, by infringing at will. If enough people defect, the deal could collapse. This danger is especially acute when it’s technologically easy to defect. Some people argue that this is happening to the copyright deal.

Anyway, what Randy is suggesting is that there might be a similar deal in which we all agree to accept some kind of DRM in order to boost incentives for authors and thereby cause the creation of more works than would otherwise exist. I think that if we weigh the costs and benefits, that would be a bad deal. And I’m especially sure it’s a bad deal for CD DRM. Let me explain why.

First, it turns out to be easy technologically to defect from the CD-DRM deal. Experience with the copyright deal teaches us that when it’s easy to defect, many people will, whether we like it or not.

Second, the costs of the CD-DRM deal seem much clearer than the benefits. Allowing spyware-DRM on our computers will open loopholes in our anti-spyware defenses that will foster more spyware infections. And as we have seen already, spyware-DRM will itself expose us to security risks. That’s the cost side. On the benefit side, we have only the dubious premise that CD-DRM might boost record sales. The costs are more certain, and larger.

The best argument against the CD-DRM deal, though, is that it is inferior to the copyright deal. If we’re going to make and keep a deal of this general type, the copyright deal is the one to pick. Compared to the copyright deal, the CD-DRM deal is a loser: costs are higher, benefits are the same at best, and the deal is just as easy to defect from. If we can’t keep the copyright deal, then we won’t be able to keep the CD-DRM deal either. But more to the point, we shouldn’t make the CD-DRM deal in the first place.

I’ve looked here at the specific case of DRM for CDs, but I think the same argument holds for other types of DRM as well. Leaving aside the mythical side-effect-free DRM systems and perfectly just legal regimes that some DRM advocates dream about, and looking instead at DRM systems and legal rules that could actually exist and how they would work in practice – as I am sure Randy and other principled DRM advocates would want us to do – the available DRM deals look lousy. Certainly they look worse than the original copyright deal.

Now I’m not arguing here that the current copyright deal is perfect or even close to perfect. The copyright deal is under stress and we need to keep thinking about how we might improve it or how we might renegotiate it to work better in the digital world. I’m not certain what the best deal would look like, but I’m pretty sure that it won’t try to lock in any kind of DRM.

Comments

  1. I agree that DRM for CDs (and for the same reasoning DVDs and future media formats) are a dead end. With a disk you buy a permanent transferable license to use (enjoy) its content within limitations of copyright law. DRM decreases consumer value because a license is non-transferrable and the consumer can be sure that his use will be limited; publishers don’t guarantee availability of their license servers in 25 years.
    DRM could make other services (like the Napster “all you can listen to” subscrition) feasible, so it is too early to rule out any usefull application. It is important that legal standards are set in this area, so that consumers are well informed and get a fair deal.

  2. Randy’s use of the word “consumers” is, I think, the best example of why DRM is bad for people.

    The internet is turning more and more people into producers. I’m acting as a content producer right now by writing this comment. Aside from this, I post things on my web site, write software, etc. I’m completely unmusical, but for anybody who is, getting your music out to a worldwide audience has never been easier. You just have to do a Google search for a word and put “filetype:mp3” on the end to see that.

    The producers/consumers division made sense in the 50s, and maybe even in the 90s, but it doesn’t make much sense today, and it’s getting smaller all the time. DRM serves to enforce this division, which effectively leads to two classes of producers, the officially-sanctioned producers, and everybody else. Ignoring this forced division while simultaneously claiming that it will make everybody better off seems, to me, to be ignoring some fundamental realities of the modern age.

    Of course, the existing record companies have every possible incentive to destroy this new class of producers, so their motivations may go beyond raw ignorance.

  3. Sadly, you’re preaching to the choir here. I know what the opposite argument will be – “The DRM deal looks fine – there’s only a few race-hustlers, Commies, and radical militant librarians who are unhappy, stirring up discontent …” (note this is NOT my view – I’m just sarcastically outlining the opposite view).

    Now, I think the Sony debacle is very likely a good opportunity to convince some wavering people that the DRM deal is bad. And hence we may make progress with it. But never underestimate the power of the desire to debate theory and abstraction.

  4. Ed,
    While I agree with your ultimate point of view, DRM will never work correctly without serious harm to all parties involved, I don’t think you are being very fair to the DRM side in your arguments. From their point of view, the current copyright deal is already broken. They see massive quantities of people “defecting” from the copyright deal. And the truth is, they are right! The copyright deal is broken.
    Where they go wrong is in the response to the broken copyright deal. They think they can turn the clock back. What they are trying to accomplish with the DRM plan, is to return to the days when it was nearly impossible to “defect” from the deal. What they should be doing, is trying to create a new business model that reflects the existing technology. Rather than trying to make it hard/impossible to copy, they should try to make it so that people don’t want to copy.

  5. Edward Kuns says:

    Jamie,

    A correction/clarification of what you are saying. With copiers, it was never difficult to defect from the copyright deal with printed books. This was perhaps a biggest problem with sheet music and individual chapters of textbooks. However, buying the official material and staying within the copyright deal was less expensive and less effort than defecting. (Except in cases such as sheet music and at a college campus where mass copying facilities are available and inexpensive for a professor, copying an individual chapter out of a textbook.)

    I believe I am agreeing with that you are saying, but clarifying.

    Which is, during the late 20th century, it was pretty easy to defect from the copyright deal at least regarding printed material and music. However, much of that time it was sufficient effort and expense to defect to deter much copyright violation.

    Regarding music, the music industry fought each new techology, claiming that it facilitated copyright violation: Reel to reel tape, cassette tape, video tape, DAT, CD writers, DVD writers, MP3. They successfully prevented DAT from being a commercial possibility in the US, preventing much **legal** use in the process. They other technologies they failed to prevent.

  6. Edward,
    That is exactly the point I was trying to make. It has always been easy to copy books, but in most cases people don’t. Why? Because people don’t want to. The value of the book in the form the publisher produces it in, is better in most consumers eyes. So copiers are not a threat to the publishing industry as a whole. There are a few exceptions, but for the most part the publishing industry isn’t hurt by copiers.
    Currently the music industry is threatened by the copying that goes on. There are all kinds of arguments for and against copying, but the truth is, if you can get a copy for free that is identical in use and quality to the one you can buy, you aren’t going to buy it. The music industry’s response is to make the hardware illegal and to load the content with DRM. As Ed in his columns and others (the massive filesharing community) have shown this approach is doomed to fail. So what they need to do is find a way to make you not want to copy their music. If they can make it more valuable to buy the music from them, than it is to get it free, then the copying that goes on will be smaller and insignificant. Just like the copying that goes on with books. Currently they don’t seem to be interested in even looking at any alternate business models that might help them do this.

  7. There’s a leap in the reasoning from “sometimes people don’t want things that we believe would make them better off all round” and “we should force people to accept DRM.”

    The consumer landscape is littered with (some would say consists almost entirely of) situations where consumers would be better off (for some value of “better off”) with a restricted or modified set of choices. Fast food, cigarettes, motorcycles, kitchen knives, baked goods, politcal candidates — you name it. The question isn’t whether there’s a net benefit to be found (even though for DRM there’s probably still a question about that). It’s about what coercive or deceptive steps that benefit justifies taking.

  8. There’s multiple problems with mythical-perfect DRM. Problem #1 is that the producers, given the opportunity will overreach at least as severely as the consumers. The producers are corporations, and they will push the envelope in search of profits.

    Problem #2 are the likely side-effects of this DRM. To work, it must close the analog hole. Either we spin an even more fanciful story that filters the permitted analog from the copies, or else we ban unDRM’d analog/mp3 content. That’s a loss; in particular, I would lose access to the dozens of gigabytes of legally ripped music that I already own. Amateurs would be blocked from creating their own music unless they used DRM to protect it (and will that be as low-cost as the various formats are now? Surely, such a valuable piece of intellectual property will be patented and released only under license.)

    Problem #3 is that it is mythical. Mythical hypotheses lead to bad policy and bad law.

    Mythical music industry accounting doesn’t help the argument, either, because it overpredicts what they would earn, if they could get the DRM that they wanted. Massive copying is not equivalent to massive music industry losses; that argument presumes that each and every copy is equivalent to a lost sale. It’s possible that the copiers would never pay list price (and crude application of economics says that if they would pay list price, then they went out and bought it already, so no loss); it’s possible that they listened to the music, liked it, and went and bought a copy. It’s also possible that money is lost because people listen before buying, don’t like it, throw away the copy, and don’t buy. This is “bad” for the music industry, but economically superior.

    I have heard (from someone in a position to know) that the existence of a market for cellphone ringtones (3x the iTune cost for a low-fi monophonic song fragment) infuriates the music industry; they see this as what they could earn, if only they could similarly lock down their customers. However, it’s not so much about being “locked down” and much more about convenience. First, the phones aren’t that locked down; certainly T-Mobile (my provider) is not. Second, though the ringtone is only a fraction of a song, it takes time and effort to select that fraction. (I’ve done this myself, so I know it’s not locked down, and I know it takes time. I should post the instructions.)


  9. Where they go wrong is in the response to the broken copyright deal. They think they can turn the clock back. What they are trying to accomplish with the DRM plan, is to return to the days when it was nearly impossible to “defect” from the deal. What they should be doing, is trying to create a new business model that reflects the existing technology. Rather than trying to make it hard/impossible to copy, they should try to make it so that people don’t want to copy.

    Jamie brings up a good point. The problem with this whole argument is that CD-DRM already tries to address this very argument.

    CD-DRM is technology that makes it more difficult to defect from the deal. Along with that technology comes bonus content and materials that would otherwise not be available. The bonus content is the incentive to use the DRM and keep you from breaking the deal.

    The content producers are thus giving away some of their content to get you to agree to the deal. Are you saying that content is worthless to everybody? It has to add some value somewhere, doesn’t it? How can you say which value is greater? Isn’t the value up to the individual? Shouldn’t the market place be deciding what that value is, and not Ed Felton with a blanket statement about all CD-DRM being worth less than zero?

  10. One of the problems for the music business is that most of the reason for it being a business is going away. It only exists as a channel to transfer the content (produced by the writers and musicians) to the consumers. For the last 50 years or so the capital investment in studios and pressing plants meant they had control. Fair enough (although maybe not to the musicians who got a very small slice, and not to the consumers who had to pay artificially inflated prices through the cartel operations of the industry).
    So now the production and distribution technology is cheap, the only way the “business” can protect their model is through expensive lawyers.

  11. When people are talking about DRM and copyright, they think they are talking about a consumers to artist relationship. The following article points out that this is usually not the case:

    http://www.culturelink.org/news/members/2005/members2005-011.html

    Copyright (and DRM as its technical implementation) is about a customer/derivative-creator to corporation relationship, and does not neccessarrily “increase incentives for authors, leading to the creation of more works we can enjoy.”

    Only if people can build upon previous work without the fear of being put in jail, there will be ‘more works we can enjoy’.

    PS: I am NOT a communist.

  12. I won’t buy music with DRM. That means if the law begins requiring a closing of the analog hole, I won’t buy music, period. I think that there are enough people like me that the music industry will go bankrupt. Only artists and concert promoters will be able to survive, barely, as only concerts will make money–not cd sales. The music recording industry will lose over 90% of its profits to boycotters and illegal music copying, as a copy protection scheme has not yet been found that protects digital content without removing ALL access to such content.

  13. Apparently, there’s a bill pending that would seek to close the analog hole: http://www.publicknowledge.org/node/19

    (Aside: I’d be interested in the instructions for T-Mobile ringtones — I find the selection on their web site extremely limited and generally awful.)

  14. Josh, would you please give me an example of this mysterious bonus material that only DRM makes available? And also give an exact technical description (or a pointer to one) that makes evident that it would be absolutely impossible to publish this material otherwise, e.g. using html, java or other freely available (and preferably also platform-independent) means?

    By the way, I have here a David Bowie CD, containing a buch of bonus material. From 1999 (it contains directions for using Win3.1!), so too old to contain any DRM. Unfortunately I cannot check now the exact contents, save that there are a few pictures, because the files are for Windows/MacIntosh, and this ‘puter has only Linux installed.

  15. I appreciate the desire of DRMers to incentivize information markets, but let’s try to keep the big picture in mind. Information is not always a product that changes hands as part of a market.

    A flow of information can also be a question or statement in a conversation, a petition to the government for the redress of grievances, a document in a criminal conspiracy, or any one of countless Speech Acts not part of a market.

    DRM controls information in general. If there were a way to limit it to “productized” information, then it would be a market issue. But as long as DRM poses a threat to information that we need for other reasons, it’s a speech issue.

  16. Josh,
    I don’t think you understood my point at all! The answer to the music industries copying problem, isn’t to try to make it hard to copy. The answer is to make it less valuable to copy, than to buy. I don’t mean not valuable at all to copy, just less valuable. As others have pointed out, DRM will not ever stop people from copying if they really want to. And the “extra” content that is present on the DRMd CDs is content you can get legally for free in other locations without the DRM. So what exactly is the DRM protecting? Make the store bought CDs more valuable, than the downloaded CDs and people will buy them. Lower the price, add inserts, and lyrics. Make the packaging collectible, put both audio and digital tracks on the CD. These are just a few of the things that could be done to make the store bought CD more valuable, there are many more. You can’t stop the copying, so why alienate your customers trying to? Instead, convince the customers that they are better off buying the CD than they are downloading it. Yes people will still download it, but the majority wont.

  17. CD DRM is a poor example. There is no CD copy protection built in, so it has no chance but to be a lousy bolt-on.

    Old floppy protection (Apple 2, Commodore, PC) is a much better example. Manufacturers went to great extremes to produce custom formats that couldn’t be copied. Many were lousy and were easily circumvented. Some were much harder and would last months before being cracked. The games that had the better protection sold more copies. And your worries about lack of access to the data were unfounded since eventually every title was cracked and archived. Finally, we had great fun cracking the protection (and did not distribute the cracked version).

    The only thing that is different today is that the DMCA anti-reverse-engineering clause makes it much more dangerous. But that’s a different argument.

  18. Professor Felten,

    I think it would be helpful if you could further explain the distinction you draw between “the copyright deal” and “the DRM deal.” I think DRM advocates view the two as one and the same deal, with the DRM deal being a pragmatic way of shoring up the copyright deal. They don’t see it as either-or.

    Perhaps a future post could explicitly describe the ways in which DRM is more than a beefed-up enforcement mechanism for copyright?

    I’d also be interested in your argument as to why it will always be easy to defect from the DRM deal.

  19. the zapkitty says:

    Laura Kataja wrote:

    “Josh, would you please give me an example of this mysterious bonus material that only DRM makes available?”

    How can you say that?

    Look at what all you get with DRM that you don’t get with a standard audio CD!

    http://www.geocities.com/zapkitty/

    🙂

    work in progress, any carps, criticisms or potshots are welcome

  20. “One of the practical problems with this kind of deal is that each individual can gain by defecting from the deal — in the case of copyright, by infringing at will. If enough people defect, the deal could collapse. This danger is especially acute when it’s technologically easy to defect. Some people argue that this is happening to the copyright deal.”

    That’s the whole problem – copyright is already a failed deal, but because of the virtually infinite lifetime extensions Congress keeps granting the copyright cartels. Think about it – a drug company that invents a cure for cancer will only get to profit from that invention for 7 years, IIRC. Yet, at the same time, Britney Spears’ new baby will be getting residual checks for 70 years after death of the author, or if work of corporate authorship, the shorter of 95 years from publication, or 120 years from creation, for “Hit Me Baby, One More Time”. This is simply not acceptable, and THAT’S why people are upset.

    A CD is not “enhanced” if I can’t do with it today, what I could do with one 5 years ago. If I can’t rip it due to the DRM (and let’s call it what it is – Digital Rectrictions Management, or Copy Prevention), I don’t want it, and I will not pay for it.

    (I hope I did the html correctly.)

  21. the zapkitty says:

    “(I hope I did the html correctly

  22. the zapkitty says:

    that was supposed to be a funny post, showing your vast superiority over me in coding html, but the blog software ate 9/10’s of my funny html… hmmm…

  23. I’m not worried about DRM getting into media, decreased/no sales will certainly reverse that — a pure market solution.

    I AM worried about legislation that has anything to do with DRM, mandating it, outlawing it, whatever. The government has no place in our record stores, our homes, our dvd players, our manufacturers, our movie studios or anything.

    As long as DRM exists, it will be hackable, and of course that’s the old anarchists approach 🙂

  24. the zapkitty says:

    aries wrote:

    “I AM worried about legislation that has anything to do with DRM…”

    Then how do you stop the deep-pocket media industries from buying all the DRM legislation they want? Oooops… too late…

  25. It seems to me that an argument can be made that eliminating DRM will actually improve the quality and quantity of material produced for entertainment. The movie and music industries currently complain that piracy costs them too much in light of their enormous costs. How much it costs them is of course controversial, but let’s suppose they’re right. An alternative to cutting piracy is for them to reduce costs. Is this feasible? Everything I know suggests that it is. Their costs are high because of the ridiculous salaries paid to well-known performers, the equally ridiculous salaries of the executives, and the enormous amounts spent on advertising. These are all costs that could easily be cut substantially. This will be easier to do if the companies have the same incentive to do it and not to go too high in outbidding each other.

    Cutting these costs could have two beneficial effects. First, it will make it easier for new companies and performers to enter the market. Second, it will force the companies to pay more attention to quality.

  26. I see two problems with Randy’s argument. The first is, while a mutually beneficial agreement may appear to be against one party’s self-interest, it is not against their enlightened, long-term, collective self interest. To use the analogy of grading, as a student, I would much prefer not to have had to take finals last week. However, I am in college of my own choice, and I believe that such transient suffering will benefit me in the long run. If taking finals were not, in the long run, good for me, then they would not be in the joint interest of me and my college.

    The second problem is, I don’t think DRM is actually in the interest of the music industry. For the forseeable future, any audio content, whether released exclusively with DRM or not, will be available to copyright infringers. This means individuals are faced with a choice – accept the guilt, technical difficulty, and increasing legal risk of not paying, or pay. To get people to pay, the music industry must make customers feel good about the buying music, make the transaction technically simple and convenient, and not expose their customers to risk.

    DRM actually works against those goals. It makes the customers feel like potential criminals. It introduces technical hurdles that are not present with the unencumbered formats people can get illegally. And it introduces many risks, both legal and technical, that can cause people to lose their music or even be sued.

    I’ll tell you what’s in the music industry’s best interest. iTunes (or similar), but without DRM. Coincidentally, it’s also in my best interest. And, unlike any DRM scheme, DRM-free iTunes would actually have a negative effect on piracy, by significantly lowering the demand for it.

  27. Edward Kuns says:

    Josh,

    OK, I’ll bite. What are the CD-DRM vendors giving away with the CD to add value? You cannot name something we already legally had available before the DRM was inserted. That is, you cannot say, “Hey, we provide you three legal copies” because before the DRM was inserted we had unlimited legal copies. That is, I could burn a copy for my car, and once that copy got scratched beyond usability, I could burn another. Totally legal. 100% fair use. And limited if one uses the CD-DRM software.

    So again, I’ll ask: What is the bonus content you speak of.

    Or, to quote Inigo Montoya: “You keep using that word. I do not think it means what you think it means.”

  28. The only real use I can see for DRM is allowing media to be made available in a “rental” model, e.g. $10/month for all the music you want. Some people prefer that model for receiving content, and it obviously will have problems if there’s no practical way to enforce its restrictions.

    If I spend $10/month for a music “rental” service, I don’t expect to have anything of value at the end of the month. What I paid for was the use of the music for a finite time. On the other hand, if I’m going to spend significant money for music purchases, I want to be able to play them forever without being reliant upon the supplier remaining in business. I happen to have some Castlle Films from the 1950’s. They’re a bit scratched up and have a second or two missing here and there, but if they’re kept under reasonable conditions they might still be viewable when the copyrights expire. I don’t have to worry about a particular projector breaking down; if one machine breaks down I can get another.

    Can the same be said of most DRM’ed materials? It seems to me one pays ownership prices but still only ends up with “rental” status. The rental may last as long as a particular machine holds out, but there’s no guarantee as to how long that will be.

  29. Mr. Felten,

    I see several problems with your analysis. The first problem is that you seem to analyze the effectiveness of DRM solely from the technological standpoint of pointing out that it is “easy to circumvent.” This, however, is not the full story on how effective DRM technology can be.

    It goes without saying that our current DRM technologies are “technologically easy to circumvent.” In fact, I’m willing to concede that DRM probably will always be “technologically easy to circumvent” unless we cripple our computers and the internet with an incredibly thick, rich level of security that would stagnate technological innovation.

    But the issue needs further analysis. We need to ask “Who can circumvent today’s DRM?”

    The answer, of course, is:
    1. A very small percentage of the general population with the necessary programming experience and mathematical maturity to gain at least some understanding of how a certain DRM technology works in order formulate and implement a plan to break it. Naturally, to belong to this group said programmer must also have the will and intent to do this.
    2. Anybody who has access to tools made available by those qualified persons from group 1 who have chosen to somehow make their creations available. The number of persons in the second group probably exceeds the number of persons in the first group by at least 99% to 1% (of the American population). If you don’t believe this, do the math: America has roughly 300 million citizens. 1% of those citizens is 3 million citizens. Are 3 million people currently working on DRM circumvention technology?

    There will probably never be a reasonable way to stop the persons from the first group. That, however, doesn’t necessarily break DRM. Harsh civil penalties are already in place to stop trafficking in DRM. It is likely that big media companies will push for the frequent application of harsh criminal penalties for both copyright infringers and DRM traffickers. And, if you didnt know, BayTSP has developed rock-solid anti-piracy tools that have been almost universally adapted by the major music and motion picture businesses of America. The only thing really keeping BayTSP’s tools from having a 100% efficiency against today’s p2p pirates is that acheiveing this efficiecy level would take gargantuan amounts of bandwith.

    This where making copyright infringement and DRM circumvention technology highly illegal goes into the picture. Taking this incredibly simple step would eliminate the internet as a distribution vector for DRM circumvention technology (and probably widespread copyright infrigement as well). This is because the very act of making something widely publically available on the internet puts it in plain view of the so-called “copyright police.” One can, of course, password access to DRM circumvention technology. But again, the probablility that the “copyright police” would gain knowledge of this distribution vector increases in proportion to how widely available one makes the password. And so on and so forth.

    Of course, this presents the problem of creating a “copyright underground.” It is a generally accepted fact, however, that only a small fraction of people are willing to join underground movements. Put a few traffickers in DRM circumvention technology behind bars for 10 years, and you’re likely to scare away a whole lot of people from the underground. Of course, completely eliminating the underground would be extremeley difficult – but as long as the underground remains small it poses no real problem.

    In conclusion to this part of my argument: yes, it is easy for someone who knows what they are doing to technologically circumvent DRM technology. Not many people, however, know what they’re doing. If the flow of information from the “uber-geeks” to the general population is stopped by the threat of, say, handing over one’s life savings and/or spending 10+ years in jail, “technologically-flawed” DRM technology works at an incredible efficiency at stopping unauthorized access to copyrighted media. Therefore, media packaged with DRM technology is a good deal more effective at preventing “piracy” than than media without DRM.

    The REAL question to ask then, is not whether DRM is effective, but whether we should have it at all. I suspect that your arguement about how easy it is to technologically circumvent DRM technology is meant as a precursor to be used to help answer the question: “as a society, should we be using DRM at all”?

    The REAL debate about DRM should start with something like the following as a precursor. Home computing technology and the proliferation of robust internet technology has fundamentally changed the ability of any person who has access to such tools to copy, distribute, and receive media of all types, be it music, motion pictures, photographs, books, magazines, journals, etc etc etc. This has dramatically reduced the price it costs to distribute media. Prior to the “home computing and internet revolution,” media was saddled with the at least 3 costs that it can be now be freed from:
    1. The cost of physical media and packaging. Examples: Optical media and the cost to imprint it, paper and ink, plastic and cardboard, etc.
    2. Transportation costs. Examples: Air, Sea, and Ground travel to retail stores by plane, boat, and truck. Also includes the cost of petroleum to move the goods.
    3. Point-of-sale costs. The cost to build and maintain retail locations and the corportations that finance them. The cost of the labor of employees who work in the store and in the retail businesses. Etc.

    After the internet revolution, the vast majority of these costs SHOULD disappear. This is because media can be sold over the internet and downloaded to the hard drives of customers . (This, of course, minus the “sold” part is how most p2p denizens are consuming their media. They have apparently voted on how they want to receive their media.) This SHOULD make media not only cheaper but almost universally available.

    (It still costs money to run an online store front. Web programmers and security developers have to be paid; e-commerce applications have to be licensed, and bandwith has to be purchased. That last cost, however, could be greatly reduced by adapting BitTorrent-like technology for large downloads. The cost of running an online store front is thus arguably many times cheaper than operating a brick-and-mortar store front.)

    So why aren’t we seeing this distribution model widely adapted? Why are brick-and-mortar stores still selling media?

    The answer is simple: media companies dont feel that they will financially benefit from doing this. The two best arguements they have (that dont include trying to keep obsolete stores in business):

    1. Big media companies make a ton of money on the status quo. Change that status quo, and, as media becomes more available, they’ll probably lose a lot of money.
    2. “Digital media distributed over the internet” is currently ridiculosly easy to access. While most people can’t break DRM technologies, they can easily download files that those who can break the DRM technologies offer to share. Thus, by releasing something over the internet, a business is taking a big risk on wide-scale infringment.

    We’ve now amalgamated enough information to judge DRM technology.

    DRM technology is BAD if it allows big media companies to attempt to keep the pre-internet status of media distribution. A nation or culture with the universal access to it’s media resources that the internet offers would be wise to adopt by any means universal access to those resources. While media producers must be compensated, they dont need to like Arab oil shieks. It should be obvious that any nation that makes sure content producers are paid while making media universally accessible will have a significant economic, cultural, academic, educational, and business advantage over a nation who does not do this. The future of a nation that tries to freeze it’s economy from technology innovation can be seen in the history of Europe in the 19th and 20th centuries: those who do not “move with the times” are economically, culturally, academically, and educationally more advanced that those who do move with the times.

    DRM is GOOD if it, without posing a more significant security risk than most other common applications, it gives media producers significant assurance that an individual must pay to get their product. (Minus, of course, the prospect of lending and borrowing and “used” sales.) Media producers had this reasonable expectation in the pre-internet world, and they need this reasoanble expectation restored in order to induce them to adopt wide-scale distribution over the internet to create universally available media content.

    This is the REAL social contract that needs to signed. Customers need to allow media producers to ensure reasonable protection of their content. Media producers need to reward customers by making media universally available at the going-price that the market will bear in the current technological climate- not at the going-price they enjoyed prior to the “internet revolution.”

    In this “good” iteration of DRM, everybody wins. Content producers get control over their content and can be sure that they will be reasonably compensated at the market price for said content. Customers get the universal access that they have been using “piracy” to achieve for the past 10 years.

    Comments?


  30. Josh,

    OK, I’ll bite. What are the CD-DRM vendors giving away with the CD to add value? You cannot name something we already legally had available before the DRM was inserted. That is, you cannot say, “Hey, we provide you three legal copies” because before the DRM was inserted we had unlimited legal copies. That is, I could burn a copy for my car, and once that copy got scratched beyond usability, I could burn another. Totally legal. 100% fair use. And limited if one uses the CD-DRM software.

    How about the obvious bonus content: another audio track, available only in a DRM’d format. You can have the plain audio CD, or you can agree to the DRM and get the bonus track too. If you add enough bonus tracks, you’ll eventually overcome any loss of value attributed to the DRM.

    “You must be that little Spanish brat I taught a lesson to all those years ago. You’ve been chasing me your whole life only to fail now? I think that’s about the worst thing I’ve ever heard.”

  31. I think Andrew has some good points. It would be useful — a net gain — to have a system whereby content producers can expect to get paid for that which they distribute over the internet.

    I’ll just add a few musings:

    Such a system would be an even larger gain if any and every producer could make use of the system. (For example, if I record my own song, I ought to be able to charge for it, and not need a middle-man like the RIAA).

    Such a system could lead to micro-payments. (However, I for one don’t want to have to pay two cents to read your two cents, for example.) [Nor do I want a more advanced system whereby I pay for every time I hear a song, or every time I read a page in a book.]

    I also have a hard time envisioning how such a system should come to pass. Even with cryptographic knowledge and reverse engineering being 1) difficult to do, and 2) prohibited by laws (in some places), the darknet paper’s assumptions (discussed elsewhere on this blog) still hold — if it is valuable, someone can figure out how to crack it and spread a tool to do so.

    I can see no reason why some people should be locked out. For example, I think it is wrong that I can purchase a computer equipted with a DVD drive and purchase a movie in the DVD format, and not be able to watch it because I am not using a locked-up operating system. [A similar statement goes for region encoding.]

    It seems to me that one of the key innovations that led to the industrial revolution was the use of standardized parts. DRM is, practically speaking, all about non-standard parts (vendor-lock-in). There could be no way to have an open DRM system (at least, none that I can see.)

    As fair use is a grey area, it would be impossible to create a program — which uses concrete, definite rules — that would guarantee a user the ability to exercise their fair use rights. Indeed, even a human-level intelligence has a hard time determining what are fair use rights (lawyers and judges are effectively a human-level intelligence trying to determine which parts of the grey are black and which are white, based on common sense and past decisions — and if it was easy to do, it would hardly require so much of their time and effort!)

    A DRM system that could be constantly updated is not likely a win, because only one side (the content producers) could update it, and do whatever they please with it. [Also, it seems to me that it is the content producers who are defecting on the copyright contract. I suppose it goes both ways.]

    And if we could implement this perfect DRM system — where does it lead? For example, I don’t want my computer to ask my camera if the thumb that pressed the button to take an image matches the biometric scan for my thumb-print, and then grey out all the corporate logos, billboards, T.V. screens, etc. (unless I pay for the “right” to be able to display them), and for it to identify all the people in the image and get their express permission to be in the image (and hope that they don’t give me limited permission — ex. you may only view my face when in this photo when the moon is full.] This would definitely be a net loss.

    One last musing: “trafficking in DRM” to me sounds like a good description of what Sony-BMG has been doing (and not what those who are circumventing such techniques are doing.) I rather like the term.

    Well, time to call it a night.
    Armagon

  32. I won’t say that I will never purchase something with DRM, but what I will say is that the value must be correct. For example DVDs have much more control features built-in to them (region coding, fast-forward disabling, etc.). I still purchase DVDs despite a strong dislike for those DRM features because the DVD has good value.

    The CD-DRM has poor value – they are still charging the same price and are taking away capabilities. Speaking personally, they would have to add a lot of content (or it would have to be something I’m very interested in), before that would provide enough offset for me to swallow a CD-DRM.

    In the long term, I’m not too concerned about overly restrictive DRM – the market will sort it out (government regulations did not make DAT a consumer success). What I am concerned about is the short term pain to everyone (producers, consumers, and consumer electronics manufactures) when the government interferes through ill-considered laws like AHRA and DMCA. This tends to slow down the consumer feedback, cause poor products to be made, dampens sales, and orphans media.

    Speaking as a security professional involved with DRM like activities, I only wish that the users of DRM better understood its limitations. For example:

    (1) It adds cost to producing the media,
    (2) Professional pirates will circumvent it quickly,
    (3) The quality of the copy is almost always a red-herring (e.g. panic about “perfect” digital copies) – typically only your best customers care
    (4) DRM makes more sense for short-term protection and almost no sense in the long term
    (5) Historically DRM has been very blunt – for example the AHRA required serial-code-management that makes no provision for normal people producing their own recordings. Newer systems claim better granularity, but I’ve almost never seen them used in consumer situations.

    Back to the consumer side, there are two big additional DRM concerns:

    * Is the DRM (both benefits and restrictions) clearly understood? Although it is a little better now, one of the biggest lesson equipment manufactures learned from the AHRA/DAT fiasco is that consumer won’t “knowingly” buy DRM products. When other forces made them add DRM to their products (like section K of the DMCA), the lesson was to keep the customer from knowing about it. My prime example of this was JVC not putting any information about MacroVision in its VCR manuals, and indeed even banishing questions about it from their FAQ. If this type of sneaky business keeps on, we will need consumer protection laws.

    * How will the DRM change? Given the ability to change the rules in mid-stream (like iTunes and Tivo), how can the consumer trust that they won’t be screwed? Ironically, Sony has just lost a great deal of this type of trust just when they needed it the most (it was almost the sole reason I decided not to purchase a Sony SRDX RPTV technology, resulting in an additional $5000 of lost revenue).

  33. InfoSeeker01 says:

    “Old floppy protection (Apple 2, Commodore, PC) is a much better example. Manufacturers went to great extremes to produce custom formats that couldn’t be copied. Many were lousy and were easily circumvented. Some were much harder and would last months before being cracked.”

    Yes, I went through that era. But once again, nothing not to hard. In fact, manufacturers are selling copy-card to duplicate those media. It is a classic example of “treating your customers will disrespect and you lose”. Disc copying program has this updatable database, much like today’s AV database, release weekly or monthly to circumvent the protection. I still remember Lotus-123 tried this but eventually everyone gave up.

    Remember those CAD programs with dongle protection. It was in vogue but they are now all gone.

    I believe the current fade of DRM and license activation is destined to the same dust bin.

    Like one of the reader say, the media company needs to find way to add ‘values’ to the ware their are selling. Restauranteurs know this meaning extremely well. How many surviving restaurant dare to treat their incoming customers with disrespect like media companies or software companies do now and still have a business at the end of the day.

    If the restauranteur mere disk out food that you can buy around the corner, he will not draw any business. He has to add ‘values’ to coming into his restaurant other than to come in to fill up the stomach.

    Get rid of the DRM and start treating each buyer of the CD material as someone special and to offer something of great value.

  34. Andrew,

    In my opinion you’re making a classic mistake in your comment:
    Let’s assume for a moment that a large group of people is under some circumstances unwilling to abide by copyright law, and that this infringement actually leads to great losses in the music industry (both are highly questionable, but if they are incorrect then DRM shouldn’t be in the picture anyway). This leaves these people with two alternatives:
    1. Legally received content
    2. Illegally received content
    What DRM does is make the legally received content less interesting/valuable, but does it prevent the illegal availability of content? Not at all!

    If you look at the source of illegally distributed content on the internet (of which you can be sure the DRM has already been removed), then the original sources are a relative small group of people. These people will remain able to circumvent the DRM even in the proposal put forth by you. In other words: it is irrelevant whether only 1% of the people can circumvent the DRM, since that 1% can easily distribute it WITHOUT the DRM to the other 99%.

    In short: DRM really doesn’t add anything to the copyright problem. The only thing it can do is anger those customers actually willing to pay for their music. Angering loyal customers seems to me about the LAST thing the music industry should be wanting to do at this point in time.

    I believe it is important that one should first investigate if P2P sharing is even a problem other than a legal one. In the last years the company I work(ed) for lost about 80% of their sales due to the economic problems (compare that to the RIAA numbers!), and it has long been known that there are multiple real problems for the music industry:
    1. Fewer albums have been put on the market.
    2. Growing competition from DVD, computer games, and mobile phone usage (money can only be spent once).
    3. PR nightmares due to spyware DRM and TV shows showing the wealth of some artists.

    Btw, I’m not saying that last argument is a valid reason to infringe copyrights, but it really doesn’t help in convincing teenagers that what they do might hurt the artist. When I hear that some actors receive $40,000,000 for playing in a movie it’s a tad hard to buy that making a(n illegal) copy of that movie will prevent the camera(wo)man from feeding his/her children. As said: it’s no valid reason, but it doesn’t help shape the debate properly either.

    On another note: copyright is supposed to be balanced system of rights and limits to those rights. I find it to be highly questionable that copyright holders should be allowed to take those rights, and remove the limits to those rights by using DRM, thereby completely removing the balance within copyright law.

  35. Andrew,

    I’m not sure why you think DRM can prevent P2P piracy. It has never succeeded in stopping piracy, and I can see no reason, either theoretical or practical, why that will change. DRM vendors always promise that the next system will be effective and side-effect-free, but things never turn out that way.

    In my experience DRM systems tend to be defeated by attacks that are not at all rocket science: holding down the shift key, putting tape over some sensor, etc. DRM systems keeps getting more complicated, but they keep failing to the same sorts of attacks.

    I’m also puzzled as to why a law enforcement system that is unable to stop the distribution of thousands and thousands of huge movie files would be able to stop the spread of a handful of small circumvention programs.

    You write this:

    DRM is GOOD if it, without posing a more significant security risk than most other common applications, it gives media producers significant assurance that an individual must pay to get their product. (Minus, of course, the prospect of lending and borrowing and “used” sales.) Media producers had this reasonable expectation in the pre-internet world, and they need this reasoanble expectation restored in order to induce them to adopt wide-scale distribution over the internet to create universally available media content.

    This is the REAL social contract that needs to signed.

    I don’t understand this argument. Surely you’re not saying that we should just agree that DRM works well. We might wish that were true, but agreeing can’t make it so. Digital content is inherently copyable, and our social contract, whatever it is, will have to cope with that fact.

    We might as well make a social contract that we will all keep our homes warm this winter without using any fuel or electricity. This just dodges the hard issue, which is how we should cope with the fact that heating requires energy inputs that are expensive.

  36. As far as I can tell, the only success DRM is having currently is to anger and alienate the paying customer. Will the big media companies succeed in committing suicide by angering their customersor will they wake up to the new reality which requires a new business model?

    Currently the record companies charge about $19.95 for a new CD. If I can purchase those 12 to 15 songs (say from iTunes) for $.99 ea, spend about $.89 for a blank CD (How much do they get for the sale of blank CDs and DVDs?) , and burn my own CD; I don’t see a reason to purchase their CD.

    I don’t see these companies surviving by pushing DRM technology, especially when they continue to use under-handed, back-door methods. I guess I’ll just be content to keep my turntable working.

  37. Is getting sued good for you?

    RIAA sues music swappers at three universities
    By Antone Gonsalves, TechWeb 19 December 2005 09:45

    The Recording Industry Association of America has filed lawsuits against 751 people suspected of illegally distributing copyrighted music, including students at Drexel University, Harvard University and the University of Southern California.

    The “John Doe” suits filed Thursday cite individuals for swapping copyrighted music via unauthorised file-sharing networks, such as LimeWire and Kazaa. The RIAA will now seek court permission to take legal steps to try to identify the defendants.

    In addition, the industry trade group said it filed lawsuits against 105 named defendants living across a dozen states, including Arizona, Connecticut, Georgia, Illinois, Massachusetts, Michigan, North Carolina, Nebraska, New Jersey, New York, Texas and Wisconsin.

    The suits are meant to send to “a clear message that stealing music will bring consequences”, Cary Sherman, president of the RIAA said in a statement.

    “The end of the year is an especially important time for the music community, and an especially fortunate time for music fans, with a great slate of new releases in stores,” Sherman said. “We must do everything to protect the integrity of the marketplace.”

    Despite the latest round of lawsuits, experts disagree as to whether taking legal action against music fans is an effective deterrent to music piracy.

    http://www.itnews.com.au/newsstory.aspx?CIaNID=21548&r=rss

  38. Anonymous Says:

    “Is getting sued good for you?”

    This bit of non-sequitur completely ignores the fact that DRM would not, could not, and in fact did not prevent the file sharing.


  39. RIAA sues music swappers at three universities
    By Antone Gonsalves, TechWeb 19 December 2005 09:45

    I think the best thing for someone to do in this case would be this; allow the case to go to trial. Then, to allow the complete list of tracks to be presented as evidence, and to even allow the prosecution to play any or all of said tracks to the jury. However, you must have had only copies of music that were corrupt files that were seeded onto the file sharing networks by companies hired by the RIAA, like Overpeer and such. Then, you can say that these files were explicitly authorized to be shared by the RIAA, and you walk away scott-free; you could also file a counter-claim, and make them pay for the humility and suffering of being dragged through the mud.

    Anyone want to set up such a honeypot?


    “Despite the latest round of lawsuits, experts disagree as to whether taking legal action against music fans is an effective deterrent to music piracy.”

    Gee, there’s a newsflash.

  40. Andrew:

    Where music and video are concerned, I think it is laughable that you think only a small number of people with a high level of mathematical sophistication will be able to bypass the copy protection. At the point of final delivery, the content has to be transmitted in the clear. Anyone with the right (inexpensive) equipment can make a high-quality copy at that point. Game over.

    Also, regarding your apparent desire to levy severe criminal penalties against the makers of circumvention tools – to my knowledge the U.S. law enforcement system tried that preciesely once. You might remember the Skylyarov/ElcomSoft case, and how that turned out. Apparently the new social contract embedded in DMCA 1201 didn’t go over too well with the jury.

  41. Edward Kuns says:

    Josh,

    OK, if there are bonus tracks only available on the DRM’s portion of the media, then there is genuine bonus content.

    P.S. Good quote.

    Andrew,

    If 0.1% of Americans illegally share music or share music-sharing tools, that is 300,000 people. That is a believable number considering the millions of students that are in college every year. 300,000 people is such a large number that this makes music essentially freely available for those who wish to steal. It will be very difficult to deter that 0.1%. The fact that they are still sharing music despite the lawsuits says something.

    (I know, I know, many disagree with the term “stealing” for copyright violation, but for me the term “stealing” seems a perfect fit for what occurs when someone illegally copies copyrighted material.)

    I do support the lawsuits against those who are directly breaking the law, because those lawsuits go after the people who are actually doing something wrong. When the government tries to legislate DRM, however, the only likely result is overreaching legislation that makes illegal much that should remain legal.

  42. People might “speed” if they think they won’t get caught, but are less likely if they know they are in “that little speed-trap town.” Should speed limiters be placed in cars? Of course not! People make their own choices, as it should be, and if they break the law, they risk the consequences if they get caught. If the consequences are small, or think they won’t get caught, they are more likely to break the laws. Etc…

  43. Ed says:

    “We might as well make a social contract that we will all keep our homes warm this winter without using any fuel or electricity. This just dodges the hard issue, which is how we should cope with the fact that heating requires energy inputs that are expensive.”

    Are you suggesting the stealing of energy to heat your home? tsk tsk tsk

  44. Foil Hat Guy says:

    Faulty assumptions to date:
    1. There is widespread internet-enabled digital media piracy. (see Canal Street in NYC for REAL sneaker-net enabled piracy)
    2. The so-called “analog hole” can be closed (see your own eyes and ears for evidence)
    3. Congress and SCOTUS represent citizens interests (see Sonny Bono Copyright Term Extension Act/Mickey Mouse Protection Act/Grokster Decision).
    4. P2P networks expose the users to liability/prosecution (see TOR for a real eye-opener)
    Truth is, there’s a war going on between citizens and corporations. This is just one facet, and the corporations are destined to lose this particular battle. Until all content is scrambled and the decoder lives inside your skull (at the optical nerve and inner ear) no one can close the analog hole. Period.
    This is a good place to fight the war, but there are other battlefronts too. Any time you are asked to weigh what’s “good for business” against your rights or well-being, the battle is being fought.
    Remember, people have rights, both natural and granted. It is not precisely clear whether corporations (a total misnomer, btw) should or do have natural rights, except by association with and extension of human owners. In the case where corporations do have granted rights, one could argue that they should be totally and unequivocally secondary to the natural/granted rights of individuals, when the two conflict.
    Maybe we need the three laws of robotics for corporations:
    1. Corporations shall do no harm to humans.
    2. Corporations shall not by inaction allow harm to be done to humans.
    3. Corporations shall do no harm to themselves.
    That would shake things up a bit, wouldn’t it?

  45. [“People might “speed” if they think they won’t get caught, but are less likely if they know they are in “that little speed-trap town.” Should speed limiters be placed in cars? Of course not! People make their own choices, as it should be, and if they break the law, they risk the consequences if they get caught. If the consequences are small, or think they won’t get caught, they are more likely to break the laws. Etc…”]

    Exactly. The problem with every implemented form of DRM to date is that they are built upon the concept of “guitly until proven innocent”.

    Huh?

    Isn’t this against the law in almost every country?

    The only thing such a scheme successfully accomplishes is punishing only those who are innocent. In fact, by the logic of current DRM schemes, everyone who passes through that little “speed trap” you describe would be slapped with a fixed fine — speeding or not — in order to compensate for speeders who are not caught. How much sense does that make?

  46. the zapkitty says:

    epp_b wrote:

    “In fact, by the logic of current DRM schemes, everyone who passes through that little “speed trap” you describe would be slapped with a fixed fine — speeding or not”

    Shut up, fool.

    You knew you were guilty of theft the second you put opened the CD drive of your PC and put that audio CD in the tray!

    Now you just sit and watch while we slag your PC.

    Damned candyass pirates always whining about being stopped from stealing…

    (This cleansing moment of clarity has been brought to jou by Jack Valenti, the RIAA, and a variety ofnon-prescription psychopharmaceuticals…)

  47. Doug Lay:

    It is my experience that the average mathematical sophistication possessed by an American citizen is located somewhere between adding integers and adding fractions, inclusive. As far as the understanding of computers goes, I would wager that most Americans can locate their mouse, keyboard, and monitor. I would also wager that most Americans would have have difficulty if asked to locate their motherboard, hard drive, or power supply.

    Obviously, there are plenty of people who understand much more than these “basics.” Many of the readers of this blog may fit into this category. When it comes to even the existence of DRM, however, most Americans, are well, clueless.

    You may recall the statistic that circulated the internet several weeks back: tests showed that Sony’s flawed XCP software was installed on over 5 million computers world-wide.

    If you can get flawed software onto over 5 million computers worldwide in a relatively small amount of time, you must be doing something right. DRM must be working far better than Mr. Felten claims.

    As for the criminal penalties issue you raise, I would think that copyright holders would agree with you that the DMCA doesnt go far enough. That’s why they’re paying four senators who are up for re-election in 2006 to sponsor a bill that would authorize 10 year jail sentences for “repeat copyright infringers”. Data provided by BayTSP has already been used by the MPAA to elicit guilty pleas from large-scale movie pirates. Those individuals will spend the next 5 years in prison.

    As far as the Skylarov case goes, you may recall that Elcomsoft’s main defense was that the company never intended their tools to be sold in the US. They apparently presented credible evidence towards proving this. (You may also recall that the laws of the US have no jurisdiction in Russia). Absent this evidence, it is very likely that Skylarov and Elcomsoft would have lost. The jury stated that they (paraphrase): “just couldn’t believe that, with full knowledge of the penalties involved, an individual whould intentionally expose themselves to such incredibly liability.” Certainly the world wide nature of the internet will require credible intellectual property treaties to be signed and followed by many different parties. The first steps, however, should be domestic in nature.

    The underlying issue of the DRM battle should not be, as Mr. Felten is contending, whether DRM can be easily overriden by someone who know what he/she is doing. Virtually no one knows what they are doing! DRM clearly tries to resuscitate an integral part of the pre-internet world. It tries to ensure that a copyright holder has the right of control of his/her property. Without this control, no one will have to pay creators for their work. Creators need jobs. If there is no profit to be had in creating, no one will create as a primary vocation.

    Giving creators back this right will ensure a robust market for media. Cretators can then begin to offer their creations over the internet without fear that a customer can illegally give their creation to her 10,000 best friends. This will allow small-time self publishers to compete against big media!

    In response to Foil Hat Guy:

    I wouldn’t cite TOR as an example of a good way to anonymously use p2p apps. Instead, I would cite MUTE, Freenet, or Antz. TOR has publically requested that their network not be used for p2p because it simply cannot handle the traffic. Most users report relatively slow speeds.

  48. I don’t think that the speed limiter is a very good analogy. In that case you are talking about a strict offence, and the action amounts to the offence.

    With something like copyright, there are situations where making a copy is not itself unlawful or a breach of copyright. It is what you do with the copy after you have made it that is either lawful or unlawful.

    No DRM system can anticipate what you might decide to do with a copy after you have made it, so ipso facto it is not possible to devise a valid DRM solution to protect copyright which does not also infringe on valid and lawful activity.

  49. Foil Hat Guy says:

    @Andrew:
    Thanks for recommending tools for stealing stuff online! Actually, I was just citing TOR as a TCP based anonymizing metanetwork, to illustrate that it is quite possible to obfuscate online activities.
    Also, if you want to give creators back their profits, just cut the studios out of the deal. Then, with all the crazy money flying around, we’ll deal with how to lock down the product, assuming that any of the actual creators give a crap about that.

  50. Andrew,

    Glad you took the time to read my reply as well… People don’t need to know how to bypass DRM; they just need to know where to download the material without the DRM, removed by that 1% you talked about. All it comes down to is whether or not you can enforce copyright law itself; not DMCA like laws for DRM bypassing. All the DRM does is make legal music less interesting to buy, and thereby relatively increasing the value of illegally available content.

    Also: DRM and Open Source simply don’t go together. You cannot build an Open Source implementation of an algorithm that’s supposed to remain a secret (which is what DRM is: security through obscurity). Any cryptologist will tell you DRM by definition cannot work.

  51. Andrew: The following statement is highly flawed. The stealth installation of software as a byproduct of the sale of popular music does not demonstrate “success”. One could claim success if pirating is reduced.

    “If you can get flawed software onto over 5 million computers worldwide in a relatively small amount of time, you must be doing something right. DRM must be working far better than Mr. Felten claims.”
    —————————————————————————————-
    The following statement below is also highly flawed. As many posters have already pointed out, DRM has crossed a line. DRM as currently implemented “takes control” of (tresspass onto) YOUR PC. The copyright holder does not have a legal right to “invade” you space. Second, we are loosly using the word “copyright” holder. It is the music industry itself that is promoting (funding) DRM, not the artists who actually produce the music. So I would advocate that it is the music industry trying to sustain a business model that is obsolete. Artists can now distribute their music, on the internet, on their own terms without the “help” of the music labels. Third, business models become obsolete in the face of techological progress, the producers of content need to develop new ways to get their music out (ie $0.99 downloads). Under todays draconian interpretation of DRM, Guttenberg printing press would be illegal!

    “DRM clearly tries to resuscitate an integral part of the pre-internet world. It tries to ensure that a copyright holder has the right of control of his/her property.”
    ————————————————————————————-

  52. Andrew,

    I think the point that Doug, Edward, Pieter and others were trying to make, is that with (anonymous, if necessary) P2P networks available for distribution, it only takes one willing person with the skills to both break the DRM and not get caught, to make the DRM entirely useless. They can break the encryption, and then post a DRM-free copy to a peer to peer network where it can be easily downloaded by anyone (if the average person lacks the knowledge to download a file from a P2P network, then the DRM is hardly needed in the first place)

    In your post, you wrote:

    “Without this control, no one will have to pay creators for their work. Creators need jobs. If there is no profit to be had in creating, no one will create as a primary vocation.”

    I believe there is a mistake in thinking that enforcing copyright through DRM is the only way to cause people to pay creators for their work. That’s what the PR departments of the record lables are telling us, but just because copyright has been around for a while and has worked well so far, doesn’t mean that there’s not room for change. There are currently many ideas floating around the internet about ways to compensate artists for their works. This page here lists some of the more popular ideas. Some are being used successfully by artists. There are evensome ideas for ways to change the entire way the music industry is run. Anything’s possiable.

    So, given such alternatives, do we really want DRM?

  53. Whoops, some of the links I posted didn’t work…

    They were, in order of apperance:
    http://www.eff.org/share/?f=compensation.html
    https://www.sheeba.ca/store/
    http://www.pbs.org/cringely/pulpit/pulpit20030724.html

  54. Andrew:

    Your assertions about the Sklyarov/Elcomsoft case are entirely wrong. Elcomsoft never denied inentionally selling their software in the U.S. Their defense was that they did not intend their software to be used for piracy, but rather for decoding lawfully purchased E-books (i.e. fair use). The jury accepted this reasoning and at least one juror also had some harsh comments about the DMCA.

  55. the zapkitty says:

    (Sneaking up on the topic the zapkitty gets… relevant! )

    Nate S. wrote::

    “… with (anonymous, if necessary) P2P networks available for distribution, it only takes one willing person with the skills to both break the DRM and not get caught…”

    But DRM has more than one variety of supporter. Here’s an Interesting viewpoint from the shills pushing Sunncomm/Mediamax…

    They don’t care if they can’t stop piracy. All they care about is convincing the labels that putting their malware on an audio CD stops enough piracy to justify the per-CD cost.

    Several variants on this were posted after I’d pointed out several glaring holes in the Sony attempts (all of which you’d be familiar with hereabouts, methinks).

    This DRM company, at least, doesn’t give a damn if their product works or not nor how badly it might screw over the consumer… much giving any deep thought on DRM’s relationship to society.

    All that matters is that they can claim that any percentage slowdown in the rate of decline of new CD sales is attributable to their malware.

    So in the overall debate of DRM policy one should keep in mind that some sectors will push any DRM they can get, regardless of cost to others or how messed up it is, because they have convinced themselves they are doing “something” about the problem (without having to change their outdated industry)… even if they are being fed bad data. And there are those out there whose stock prices [i]depend[/i] on pushing the bad data.

  56. As a consequence of responding to Andrew’s post, I have come-up with the yea-olde slippery slope analogy that translates what a person says into an unpalatable conclusion.

    The pro-DRM crowd asserts that this technology is a vital legal necessity to protect the rights of those who manufacture content, such as musicians. Piracy, like speeding is illegal. Therefore, to assure that we stay legal (that none of us speed) and do not violate the rights of other road users (such a toddlers on tricycles) we should all be legally required to have GPS systems installed (at our own expense of course) in our cars to report our speed to the local police station so that we may be immediately ticketed should we speed thereby violating the law by creating a public safety hazard. The pro-DRM crowd preaches the moral/ethical/legal high ground, but how may would actually have the fortitude to actually accept this technological innovation to make our streets safe????????

  57. gene poole says:

    i agree with the record labels, after reading the comments on this site, i have come to the conclusion that all pc owners are thieves or at least potential thieves. unfortunately, computers are used for more than just stealing music, so they can’t simply be outlawed. besides, there is the thorny dilemma regarding the so called analog hole. i also see deficiencies in the well intentioned scheme to add powerful drm tools to the windows operating system – ie. linux, anyone?

    the only realistic and feasible solution to this issue is simple. with recent advances in the field of microchip technology, it would be cheap and easy to require all citizens of the world to be implanted with a “drm chip” that could easily keep track of what intellectual property each citizen consumes. then at the end of the month, the riaa and the mpaa send each citizen an itemized invoice reflecting the IP consumed and the cost that must be paid for said IP. that way, creators of IP will recieve their due compensation. also, by making each CONSUMER responsible for their own enjoyment of IP, it will provide much needed relief for restaraunts, laundromats, taverns, etc. so those small businesses won’t have to pay licensing fees for playing copyrighted material.

    the microchip solution would have the added benefit of keeping track of ALL IP CONSUMED by a citizen, so even if a citizen illegaly steals copyright by downloading from the internet, or by taking advantage of other loopholes in IP law, for example, consuming IP by having a neighbor who plays their stereo loud, or humming a copyrighted tune to ones self – s/he will still be invoiced for all infringements at the end of the month.

    the only alternative is a future without new music. people will just stop playing instruments, singing, and writing songs. then, all you content thieving philistines will have nothing to steal. you don’t want that, now do you?

  58. UH OH!

    ‘High’ risk in Symantec antivirus software flaw
    By Colin Barker, ZDNet (UK)
    Published on ZDNet News: December 21, 2005, 8:06 AM PT

    Symantec’s antivirus software contains a vulnerability that could be exploited by a malicious hacker to take control of a system, the company said late Tuesday.

    According to Symantec, the bug, which affects a range of the company’s security products, is a “high” risk. Denmark security company Secunia has labeled it “highly critical.”

    According to an advisory issued by Secunia, the bug affects most of Symantec’s products, including enterprise and home user versions of Symantec AntiVirus, Symantec Norton AntiVirus and Symantec Norton Internet Security, across the Windows and Macintosh platforms.

    The vulnerability is within Symantec AntiVirus Library, which provides file format support for virus analysis. “During decompression of RAR files, Symantec is vulnerable to multiple heap overflows allowing attackers complete control of the system(s) being protected,” said security consultant Alex Wheeler, who first discovered the flaw. “These vulnerabilities can be exploited remotely, without user interaction, in default configurations through common protocols such as SMTP.”

    RAR is a native format for WinRAR, which is used to compress and decompress data. So far, the vulnerability has been reported in Dec2Rar.dll version 3.2.14.3 and, according to Wheeler, potentially affects all Symantec products that use the DLL. The full list of products affected can be seen here.

    Symantec has not yet released a patch to address this problem. In the meantime, Wheeler recommends that users “disable scanning of RAR-compressed files until the vulnerable code is fixed.”

    This is not the first vulnerability Wheeler has discovered. In October, he highlighted a similar flaw in Kaspersky Lab’s antivirus software, which was later acknowledged by the company. Again, it was a heap overflow vulnerability.

    In February, he found a different heap overflow vulnerability in Symantec’s antivirus software.

    http://news.zdnet.com/2100-1009_22-6004097.html?tag=nl.e589

  59. the zapkitty says:

    What the Sunncomm stock shill is trying to drown out with their off-topic spam is, of course, this news item:

    The Texas Attorney General has added distribution of the Sunncomm/Mediamax malware to the charges against Sony in its lawsuit.

    http://www.kristv.com/Global/story.asp?S=4273445

  60. Andrew,

    Would deem acceptable a website that, in order to protect it’s content, installed a stealth printer driver onto your computer without your knowledge or consent, ostensibly to keep you from printing out the pages on their site? What if this same driver remained on your computer just to check to see if you were linking to the site, or sending quotes of it’s contents or images to your friends? Would this be acceptable to you even if it didn’t interfere with the ‘normal’ operation of your computer? Personally, I wouldn’t allow something like this on my computer – seems like spying to me, even if the owner of the copyrighted material on the website was just trying to protect their intellectual property.

    Would you allow a secret wiretap on your phone, just so that the record companies could check to see if you were listening to the music they sold you? Just for marketing purposes, you see…

    What if the next stand-alone CD player you bought had a feature where it dialed into a central server to authenticate every disk you put into it? This way the record companies could simply bill you when you burned a disk of the music you bought on iTunes so that you could play it in your living room – each copy has to be paid for, you see…

    You see, for me, music is a part of the culture – once these variants of common themes and rhythms are released to an audience, they become embedded in the fabric of society. I don’t believe that Digital Rights Management should be allowed to be extended into Digital Culture Management….

    I also find incredible irony in the fact that some of the largest distributors of digital content are also some of the largest manufacturers of consumer means to copy that content – think Sony. Maybe they’ll consume themselves one day.

  61. It is interesting that while so much emphasis is being given to DRM on CDs, no one seems to discuss systems that have DRM built into them as a feature and not an add-on. Systems like iTunes.

    What is more interesting is that ‘users’ have found ways to circumvent the DRM in place. Those who say DRM will work if the price is right may find that difficult to explain. Sure, interoperability could be an excuse. But the fact remains that whatever the price or the properties of the DRM system, people will find reasons and incentives to crack them.

  62. Srijith: We have two distinct issues, which is why there is DRM “silence” on systems like iTunes. When one buys a hardware product with DRM installed, it is much like (automobile analogy) buying a Ford with no expectation that Chevy parts will work on the Ford. The “silence” implies that customers buy this type of proprietary system knowing of and accepting this limitiation.

    However, in the case of DRM on CDs, the DRM itself is trespassing onto your computer without your knowledge and using your computer’s resources to degrade the ability of your computer to function effectively. By way of the automobile analogy again, DRM actually modifys the cars engine without telling you so that you can not effectively control it and it will stop your Ford from working if it detects a Chevy part. This type of stealth installation clearly ticked off many people.
    ————————————————————————————-
    Below is a quote from the SONY/BMG EULA:
    “SONY BMG and each LICENSOR reserve the right to use the SOFTWARE and/or any APPROVED MEDIA PLAYER to enforce their respective rights in and to the DIGITAL CONTENT, including any and all of the restrictions on use set forth in this Article 3, at any time, without notice to you.”

    http://www.sysinternals.com/blog/sony-eula.htm

  63. Steve: Good to hear that there are some people around who do make such a distinction. While I have heard enough arguments against DRM used as a blanket term, not many debates have been conducted in a clear-headed manner to differentiate between the two types of systems.

  64. Ned Ulbricht says:

    I just received a pair of DVDs as gifts. Both movies look very entertaining and interesting. I’d sure enjoy watching them.

    Two different distributors—Sony and Warner—offer similar “terms of trade” which purport to extend beyond first sale.

    The boxes really do look very pretty in their plastic wrap.

  65. Josh said:
    How about the obvious bonus content: another audio track, available only in a DRM’d format. You can have the plain audio CD, or you can agree to the DRM and get the bonus track too. If you add enough bonus tracks, you’ll eventually overcome any loss of value attributed to the DRM.
    ————-

    Bonus? So, people who only play the disk in a CD drive don’t get “bonus” tracks?

    These aren’t “bonus” tracks at all. That is marketing telling you a pink elephant is better than a grey one. TO get to “bonus” items you need to accept the EULA and give up all possible rights you previously enjoyed. Thats not a bonus, its a trade, and it should be CLEARLY and HONESTLY defined that way on teh box before you buy the disk.

    What if you only bought the CD for that bonus track, and then found out you have to use a computer to get to it?

    Furthermore, why not simply make 100% of the CD into “bonus” material? Just encrypt all of it, make it only play after accepting the EULA, and be done with it? THAT is exactly what software like suncomm’s should be doing, but they fail at even that level.

    The reason it fails is because Sony wants to use the open standards of CD players to make their music widely available, yet they don’t also want the downside of potential piracy.

    Sony COULD make CD’s that only play on Sony music players. They choose not to, its their choice and they should live with it.

  66. Some interesting points, here’s some responses from me:

    – why do you think the music available on eMusic tends towards the smaller, indie side of the scale? Because these people are making a rational economic decision, swapping DRM protection for distribution on the eMusic platform. If they broke through to another level, those bands would be off eMusic and into DRMville before you could say “The Strokes”

    – does the fact that DRM can be “broken” invalidate the concept entirely?

    – if DRM doesn’t give you control, and the people who pay for the media we consume need that control, how will they get it?