December 22, 2024

Archives for April 2006

Guns vs. Random Bits

Last week Tim Wu gave an interesting lecture here at Princeton – the first in our infotech policy lecture series – entitled “Who Controls the Internet?”, based on his recent book of the same title, co-authored with Jack Goldsmith. In the talk, Tim argued that national governments will have a larger role than most people think, for good or ill, in the development and use of digital technologies.

Governments have always derived power from their ability to use force against their citizens. Despite claims that digital technologies would disempower government, Tim argued that it is now becoming clear that governments have the same sort of power they have always had. He argued that technology doesn’t open borders as widely as you might think.

An illustrative example is the Great Firewall of China. The Chinese government has put in place technologies to block their citizens’ access to certain information and to monitor their citizens’ communications. There are privacy-enhancing technologies that could give Chinese citizens access to the open Web and allow them to communicate privately. For example, they could encrypt all of their Internet traffic and pass it through a chain of intermediaries, so that all the government monitors saw was a stream of encrypted bits.

Such technologies work as a technical matter, but they don’t provide much comfort in practice, because people know that using such technologies – conspicuously trafficking in encrypted data – could lead to a visit from the police. Guns trump ciphers.

At the end of the lecture, Tim Lee (who happened to be in town) asked an important question: how much do civil liberties change this equation? If government can arbitrarily punish citizens, then it can deter the use of privacy-enhancing technologies. But are limits on government power, such as the presumption of innocence and limits on search and seizure, enough to turn the tables in practice?

From a technology standpoint, the key issue is whether citizens have the right to send and receive random (or random-looking) bits, without being compelled to explain what they are really doing. Any kind of private or anonymous communication can be packaged, via encryption, to look like random bits, so the right to communicate random bits (plus the right to use a programmable computer to pre- and post-process messages) gives people the ability to communicate out of the view of government.

My sense is that civil liberties, including the right to communicate random bits, go a long way in empowering citizens to communicate out of the view of government. It stands to reason that people who are more free offline will be tend to be more free online as well.

Which raises another question that Tim Wu didn’t have time to address at any length: can a repressive country walk the tightrope by retaining control over its citizens’ access to political information and debate, while giving them enough autonomy online to reap the economic benefits of the Net? Tim hinted that he thought the answer might be yes. I’m looking forward to reading “Who Controls the Internet?” to see more discussion of this point.

Korean Music Industry Puts Negative Value on DRM

The Korean music industry has negotiated a deal that puts a monetary price on the inconvenience customers experience due to Digital Restrictions Management (DRM) technology. According to a DRM Watch story:

In an agreement with the Korea Music Producers’ Association (KMPA), [the online service] Soribada will charge users KRW 500 (US $0.51) for DRM-protected music tracks and KRW 700 ($0.72) for non-DRM-protected tracks….

How should we interpret this deal? DRM Watch starts out on the right track but then goes terribly wrong:

The above figures can be read in a number of ways. Most importantly, they reflect the idea that users can do less with DRM-protected tracks than with unprotected ones, including some things that provide a better user experience and/or are allowed under Korea’s copyright laws.

But beyond that, those figures imply that KMPA is assuming a piracy rate for unprotected tracks of 40% relative to the piracy rate for DRM-protected tracks. Put another way, if KMPA assumes almost zero piracy for protected tracks, then it is assuming that for every unprotected track purchased, 0.4 tracks are illegally copied. We would be interested to know if there were any quantitatively analytic basis for that 40%.

To see what is wrong with this logic, let’s apply the same argument to an analogous situation. Suppose a first-class air ticket to Chicago costs $720, and a coach ticket costs $510. We cannot conclude that the airline expects 40% of first class tickets to be stolen! The price differential merely encodes the fact that customers value the first-class seat more than the coach seat.

In the same way, if non-DRM songs cost more than DRM songs, we can safely conclude that customers like non-DRM songs better.

It’s tempting to say that the 40% price difference reflects the value of the functionality that the average customer loses due to DRM. That’s more plausible than DRM Watch’s theory, but it’s still not quite right, because the price difference may be a price discrimination strategy.

Price discrimination by versioning is a standard tactic in information markets. For example, software companies often sell “standard” and “pro” versions of their products, where the standard version is just the pro version with some features disabled. High-end customers buy the pro version, and more cost-conscious customers buy the standard. By having two versions, the vendor can extract more revenue from the high-end customers, while still extracting some non-zero revenue from the cost-conscious customers.

KMPA’s two-tier pricing looks like a straightforward example of product versioning. The non-DRM version is for higher-end customers who know they like the song and are willing to pay for flexible use of it. The DRM version is for cost-conscious customers who might not be entirely sure they will like the song.

If this is a versioning strategy by KMPA, it may make sense for them to reduce deliberately the usefulness of the DRM version, even beyond the inherent limits of DRM. Think of the software vendor with standard and pro versions – the limitations of the standard version are not dictated by technical necessity but are chosen strategically by the vendor. The same may be true here – KMPA may have an incentive to make the DRM version less useful than it could be.

It’s worth noting that KMPA can rationally choose this versioning strategy even if it knows that DRM does nothing to stop copyright infringement. Indeed, the versioning strategy may even be rational if DRM causes infringement. All we can conclude from the KMPA’s pricing strategy is that DRM reduces customer value. But we knew that already.