November 22, 2024

Archives for 2006

More on Meta-Freedom

Tim Lee comments:

The fact that you can waive your free speech rights via contract doesn’t mean that it would be a good idea to enact special laws backing up those contracts with criminal penalties. I think you’re missing an important middle ground here. The choice isn’t between no tinkering rights and constitutionally mandated tinkering rights. There’s a third option: the the law should neither restrict nor guarantee tinkering rights. You’re welcome to tinker, but you’re also welcome to contract away your freedom to tinker.

The DMCA sticks its thumbs on the “no tinkering” side of the scale by giving DRM creators rights beyond those available to parties in ordinary contract disputes, and by roping third parties into the DRM “contract” whether they’ve agreed to it or not. If I sign a NDA, and then I break it, the company can sue me. But they can’t have me thrown in jail. And they can’t necessarily sue the journalist to whom I divulged the NDA’d information.

But repealing the DMCA would not create an inalienable right to tinker. It would simply put the freedom to tinker on the same plane as all our other rights: you’d have the right to sign them away by contract, but in the absence of a contract you would retain them.

He is right. There is an important middle ground possible that calls for DMCA repeal without calling for the contracts that restrict tinkering rights to be unenforceable. There is certainly a great deal to be said in favor of such a position. I would still say that the mixture-of-motives issue applies, because when people are allowed to sign away their tinkering rights, many of them will, and this outcome will be particularly unwelcome among power users and technology policy activists.

The Freedom to Tinker with Freedom?

Doug Lay, commenting on my last post, pointed out that the Zune buyout would help make a world of DRM-enabled music services more attractive. “Where,” he asked, “does this leave the freedom to tinker?”

Anti-DMCA activism has tended to focus on worst-case, scary scenarios that can spur people to action. It’s a standard move in politics of all kinds, aptly captured in the title of a 2005 BBC documentary about Bush and Blair, The Power of Nightmares. In the context of a world of DRM gone mad, it’s obvious why we need the freedom to tinker. We need it because (in that world) opaque, tinker-proof devices protected by restrictive laws would be extremely harmful to consumers. The only way to make sure that the experience of the average media viewer or software user doesn’t go down the tubes, in this scenario, is to make sure that consumers, either legislatively or through individual choice, never let DRM get off the ground.

But consider an alternative possibility. The Darknet is a permanent backdrop for any real-world system. The major players know this – after all, it was a team at Microsoft Research that helped to launch the Darknet idea. The big players will, in the long run, be smart enough not to drive users into the arms of the Darknet. They will compete with the Darknet, and with each other, and will end up producing systems that most consumers think are fine. Yes, consumers will (still) chafe at the restrictions on DRM-protected systems ten or twenty years from now. But on the whole, they will find that these systems are attractive, and worth investing in.

Who loses in this scenario? Ed and others have argued that all consumers will suffer to some degree because we all enjoy the benefits that come from a few intrepid power users excercising the freedom to tinker. There are educational benefits that come from tinkering and, perhaps most importantly, the freedom to tinker keeps technologies flexible and leaves room for them to interoperate in surprising ways not initially envisioned by their creators. And, as Alex has pointed out to me, the social costs of tinkerproofing are cumulative in such a way that there may be a collective bargaining problem–we may have a situation in which the freedom to tinker does not matter very much to most individuals, but we’d all be better off if, collectively, we assigned a higher value to our individual freedom to tinker than we actually feel for it.

These arguments certainly have significant merit. Together, they (and others like them) might be enough to make it the case that we should create legal protection for the freedom to tinker, or at least build a social consensus for the importance of tinkering.

But I think the people who lose the most, in this DRM-isn’t-so-bad scenario, are the power users. People who like to poke around under the hood. People who are outliers, attaching more importance to the freedom to tinker than a typical consumer attaches to it. I’m talking, in other words, about us.

We the reader-participants of www.freedom-to-tinker.com are an unusual bunch. We really like to tinker. In my own case, I know that I care more about things like being able to time and space shift my media collection than the average person does. I derive a certain strange pleasure from being able to change the way the interface on my desktop computer looks. I buy books so I can mark them up, even though it would be much cheaper and more space-efficient to use a library.

In fact, when I think about it, I have to admit that I would find a world where DRM works and the ability to tinker can be bargained away to be a bit of a downer. I know that the equilibrium point the market reaches, in such a case, will be based on the moderate importance most people attach to tinkering, rather than the high importance that I attach to it. I’ll probably still buy in to some DRM-based music scheme in the long run, just as I still go to the movies even while wishing that they would focus more on plot and less on special effects. But I’ll miss the tinkering.

If the government were to put a legal guarantee behind the freedom to tinker, it would be reducing peoples’ freedom to contract by telling them they can’t bargain away their tinkering rights. It would force on consumers as a whole an outcome that they would manifestly not choose for themselves in the private market. Yes, it is possible that externalities or collective action issues could justify this coercion. But even if those considerations didn’t justify the coercion, part of me would still want it to happen, because that way, I’d get to keep tinkering rights that, under a different terrain of options, I would end up choosing to relinquish.

I apparently haven’t mastered the art of ending a blog post, so just as I closed last time with a “bottom line,” this one gets a “moral of the story.” The moral of the story is that many of us, who may find ourselves arguing based on public reasons for public policies that protect the freedom to tinker, also have a private reason to favor such policies. The private reason is that we ourselves care more about tinkering than the public at large does, and we would therefore be happier in a protected-tinkering world than the public at large would be. We all owe it to ourselves, to each other, and to the public with whom we communicate to be careful and candid about our mixture of motivations.

Rethinking DRM Dystopia

Thanks to Ed for the flattering introduction – now if only I can live up to it! It’s an honor (and a little intimidating) to be guest blogging on FTT after several years as an avid reader. I’ve never blogged before, but I am looking forward to the thoughtful, user-driven exchanges and high transparency that blogs in general, and FTT in particular, seem to cultivate. Please consider yourself, dear reader, every bit as warmly invited to comment and engage with my posts as you are with Ed’s, and Alex’s.

I want to use this first post to flag something that startled me, and to speculate a little about the lessons that might be drawn from it. I was surprised to read recently that Zune, Microsoft’s new music service, will probably scan users’ iTunes libraries and automatically buy for them (at Microsoft’s expense) copies of any protected music they own on the iTunes service.

Let’s suppose, for the sake of argument, that this early report is right – that Microsoft is, in fact, going to make an offer to all iTunes users to replicate their libraries of iTunes, FairPlay-protected music on the new Zune service at no added cost to the users. There are several questions of fact that leap to mind. Did Microsoft obtain the licensing rights to all of the music that is for sale on iTunes? If not, there will be some iTunes music that is not portable to the new service. Will copyright holders be getting the same amount from Microsoft, when their songs are re-purchased on behalf of migrating iTunes users, as they will get when a user makes a normal purchase of the same track in the Zune system? The copyright holders have a substantial incentive to offer Microsoft a discount on this kind of “buy out” mass purchasing. As Ed pointed out to me, it is unlikely that users would otherwise choose to re-purchase all of their music, at full price, out of their own pockets simply in order to be able to move from iTunes to Zune. By discounting their tracks to enable migration to a new service, the copyright holders would be helping create a second viable mass platform for online music sales – a move that would, in the long run, probably increase their sales.

I have spent a fair amount of time and energy worrying about dystopian scenarios in which a single vertically integrated platform, protected by legally-reinforced DRM technologies, locks users in and deprives them not only of first-order options (like the ability to copy songs to a second computer), but also of the second-order freedom to migrate away from a platform whose DRM provisions, catalog, or other features ultimately compare unfavorably to alternative platforms.

Of course, as it has turned out, the dominant DRM platform at the moment, FairPlay, actually does let people make copies of their songs on multiple computers. It is in general a fair bit less restrictive than what some of us have worried that we might, as consumers, ultimately end up being saddled with. Indeed, the relatively permissive structure of FairPlay DRM is very likely one of the factors that has contributed to Apple’s success in a marketplace that has seen many more restrictive alternative systems fail to take hold. But the dominance of Apple’s whole shiny white realm of vertical integration in the digital music market still has made it seem like it would be hard to opt against Apple, even if the platform were to get worse or if better platforms were to emerge to challenge it.

But now it seems that it may actually be easy as pie for any iTunes user to leave the Apple platform. The cost of the Zune player, which will presumably be exclusive to the Zune music service just as the iPod is to iTunes, is a significant factor, but given that reliability issues require users to replace iPods frequently, buying a new player doesn’t actually change the cost equation for a typical user over the long run.

What are the lessons here? Personally, I feel like I underestimated the power of the market to solve the possible problems raised by DRM. It appears that the “lock in” phenomenon creates a powerful incentive for competitors to invest heavily in acquiring new users, even to the point of buying them out. Microsoft is obviously the most powerful player in the technology field, and perhaps some will argue it is unique in its ability to make this kind of an offer. But I doubt that – if the Zune launch is a success, it will set a powerful precedent that DRM buyouts can be worthwhile. And even if Microsoft were unique in its ability to offer a buyout, the result in this case is that we’ll have two solid, competing platforms, each one vertically integrated. It’s no stretch of the imagination to think Apple may respond with a similar offer to lure Zune users to iTunes.

Bottom line: Markets are often surprisingly good at sorting out this kind of thing. Technology policy watchers underestimate the power of competition at our peril. It’s easy to see Microsoft or Apple as established firms coasting on their vertically integrated dominance, but the Zune buyout is a powerful reminder that that’s not what it feels like to be in this or most any other business. These firms, even the biggest, best and most dominant, are constantly working hard to outdo one another. Consumers often do very well as a result… even in a world of DRM.

Guest Blogger: David Robinson

I’m thrilled to welcome David Robinson as a guest blogger. David was a star student in my InfoTech and the Law course at Princeton a few years ago. He received a philosophy degree from Princeton and proceeded to Oxford, studying philosophy and political economy on a Rhodes Scholarship. A budding journalist, he was opinion editor of the Daily Princetonian and interned at Time and the Wall Street Journal. David will return to the States as the first managing editor of The American, a business magazine that will debut in a few months.

Banner Ads Launch Security Attacks

An online banner advertisement that ran on MySpace.com and other sites over the past week used a Windows security flaw to infect more than a million users with spyware when people merely browsed the sites with unpatched versions of Windows …

So says Brian Krebs at the Washington Post’s Security Fix blog. The ads, he says, contained a booby-trapped image that exploited a Windows security flaw to install malicious software. (Microsoft released a patch for the flaw back in January.)

Is this MySpace’s fault? I’m not asking whether MySpace is legally liable for the attack, though I’m curious what lawyers have to say about that question. I’m asking from an ethical and practical standpoint. Recognizing that the attacker himself bears primary responsibility, does MySpace bear some responsibility too?

A naive user who saw the ad displayed on a MySpace page would assume the ad was coming from MySpace. On a technical level, MySpace would not have served out the ad image, but would instead have put into the MySpace page some code directing the user’s browser to go to somebody else’s server and get an ad image; this other server would have actually provided the ad. MySpace’s business model relies on getting paid by ad agencies to embed ads in this way.

Of course, MySpace is in the business of displaying content submitted by other people. Any MySpace user could have put a similarly booby-trapped image on his own MySpace page; this has almost certainly happened. But it’s one thing to go to Johnny’s MySpace page and be attacked by Johnny. It’s another thing to go to your friend’s MySpace page and get attacked because of something that MySpace told you to display. If we’re willing to absolve MySpace of responsibility for Johnny’s attack – and I think we should be – it doesn’t follow that we have to hold MySpace blameless for the ad attack.

Nor does the fact that MySpace (presumably) does not vet the individual ads resolve the question. Failure to take a precaution does not in itself imply that the precaution is unnecessary. MySpace could have decided to vet every ad, at some cost, but instead they presumably decided to vet the ad agencies they are working with, and rely on those agencies to vet the ads.

The online ad business is a complicated web of relationships and deals. Some agencies don’t sell ads directly but make deals to display ads sold by others; and those others may in turn make the same kinds of deals, so that ads are not placed on sites not directly but through a chain of intermediaries. The more the sale and placement of ads is automated, the less there are people in the loop to spot harmful or inappropriate ads. And the more complex and indirect the mechanisms of ad placement become, the harder it is for anyone to tell where an ad came from or how it ended up being displayed on a particular site. Ben Edelman has documented how these factors can cause ads for reputable companies to be displayed by spyware. Presumably the same kinds of factors enabled the display of these attack ads on MySpace and elsewhere.

If this is true, then these sorts of ad-based attacks will be a systemic problem unless the structure of the online ad business changes.