April 24, 2014

avatar

DRM Wars: Property Rights Management

In the first part of my invited talk at Usenix Security, I argued that as the inability of DRM technology to stop peer-to-peer infringement becomes increasingly obvious to everybody, the rationale for DRM is shifting. The new argument for DRM-bolstering laws is that DRM enables price discrimination and platform lock-in, which are almost always good for vendors, and sometimes good for society as a whole. The new arguments have no real connection to copyright enforcement so (I predict) the DRM policy debate will come unmoored from copyright.

The second trend I identified in the talk was toward the use of DRM-like technologies on traditional physical products. A good example is the use of cryptographic lockout codes in computer printers and their toner cartridges. Printer manufacturers want to sell printers at a low price and compensate by charging more for toner cartridges. To do this, they want to stop consumers from buying cheap third-party toner cartridges. So some printer makers have their printers do a cryptographic handshake with a chip in their cartridges, and they lock out third-party cartridges by programming the printers not to operate with cartridges that can’t do the secret handshake.

Doing this requires having some minimal level of computing functionality in both devices (e.g., the printer and cartridge). Moore’s Law is driving the size and price of that functionality to zero, so it will become economical to put secret-handshake functions into more and more products. Just as traditional DRM operates by limiting and controlling interoperation (i.e., compatibility) between digital products, these technologies will limit and control interoperation between ordinary products. We can call this Property Rights Management, or PRM.

(Unfortunately, I didn’t coin this term until after the talk. During the actual talk I used the awkward “DRM-like technologies”.)

Where can PRM technologies be deployed? I gave three examples where they’ll be feasible before too many more years. (1) A pen may refuse to dispense ink unless it’s being used with licensed paper. The pen would handshake with the paper by short-range RFID or through physical contact. (2) A shoe may refuse to provide some features, such as high-tech cushioning of the sole, unless used with licensed shoelaces. Again, this could be done by short-range RFID or physical contact. (3) The scratchy side of a velcro connector may refuse to stick to the fuzzy size unless the fuzzy side is licensed. The scratchy side of velcro has little hooks to grab loops on the fuzzy side; the hooks may refuse to function unless the license is in order. For example, Apple could put PRMed scratchy-velcro onto the iPod, in the hope of extracting license fees from companies that make fuzzy-velcro for the iPod to stick to.

[UPDATE (August 16): I missed an obvious PRM example: razors and blades. The razor would refuse to grip the blade unless the blade knew the secret handshake.]

Will these things actually happen? I can’t say for sure. I chose these examples to illustrate how far PRM micht go. The examples will be feasible to implement, eventually. Whether PRM gets used in these particular markets depends on market conditions and business decisions by the vendors. What we can say, I think, is that as PRM becomes practical in more product areas, its use will widen and we’ll face policy decisions about how to treat it.

To sum up thus far, the arguments for DRM are disconnecting from copyright, and the mechanisms of DRM are starting to disconnect from copyright in the form of Property Rights Management. Where does this leave the public policy debates? That will be the topic of the next (and final) installment.

Comments

  1. Michael Weiksner says:

    Very interesting – obvious this issue is central to the freedom to tinker. However, I wonder if you and others on this blog might brainstorm about better examples. Frankly, the ink cartridge example is more interesting than any of the hypothetical ones you came up with. What ways might manufacturers items would benefit most from lock in and price discrimination?

  2. Wes Felter says:

    What a great piece of newspeak — Property Rights Management actually denies the property rights of consumers.

  3. Jon Marcus says:

    It seems like it’d be a lot harder to justify laws backing PRM. With the copyright link, those who circumvented DRM could be called thieves or “pirates.” And there was general consensus that those who made copyrighted works available deserved to be able to demand compensation for it.

    I don’t believe there’s the same consensus that printer manufacterers should be able to require users to keep buying from them. And it doesn’t seem like to develop for the other hypothetical products you describe.

  4. enigma_foundry says:

    I don’t believe there’s the same consensus that printer manufacterers should be able to require users to keep buying from them. And it doesn’t seem like to develop for the other hypothetical products you describe.

    Anti-trust, Anti-trust, Anti Trust.

    or translated to French:

    Interoperability, Interoperability, Interoperability

  5. John says:

    You’re missing the key part of the Supreme Court’s decision re: Lexmark. They ruled that copyright and the DMCA can’t be used to prevent interoperability. They even allowed verbatim copying of the copyrighted lockout code since the only reason for it was to prevent interoperability.

    I think you’re still fighting the last war. Effective hardware technologies will prevent easily-replicated attacks. Legal measures will cease to be the main arena of debate. Once every device is as difficult to break as modern TV smart cards, no one will even make the effort-to-tinker.

  6. Scott says:

    Products should be required to carry warning labels, very much like a Surgen General’s Warning, so unsuspecting consumers are not duped into purchasing items such as the famous printer without fair warning of what they are getting into. If people make that informed decision, fine, but they should not find out after the fact that they are required to use only approved ink or whatever the related accessory may be.

    If warning labels were required by law, this whole PRM thing would have a hard time gaining traction.

  7. Bill Higgins-- Beam Jockey says:

    I gave three examples where they’ll be feasible before too many more years. (1) A pen may refuse to dispense ink unless it’s being used with licensed paper. The pen would handshake with the paper by short-range RFID or through physical contact.

    We’re halfway there; the Leapfrog FlyPen (and similar products licensed from Anoto) already work with “licensed paper.” See http://www.anotofunctionality.com/cldoc/aof3.htm and http://www.flypentop.com.

    Briefly, the pen contains a camera that looks at tiny, nearly imperceptibl marks on special paper. The pen always knows where it is on the paper, so it can digitize all the user’s penstrokes. But without the special paper it’s useless (or perhaps reverts to being an ordinary pen), and one must buy the paper from a licensed supplier…

    (Possibly Prof. Felten was already aware of such products when he offered this example.)

  8. Chris S says:

    Re: Anoto pen and paper

    The real stickler comes if you think – “well, I’ll just print my special paper on my own printer”. That’s when you discover (last time I checked) that Anoto refuses to license end-point printing of the special design paper, since that might prevent them from getting their “paper cut” on each sheet.

  9. Hal says:

    I got one of those pens… as a toy for my kids (OK, my kids got it as a toy for me actually) and it’s kind of fun. Right now the pen is pretty bulky but imagine in a few years that it shrinks to the size of a normal pen. Then you might find pens often sold which act “smart” when used with smart paper but act like ordinary pens otherwise. And probably they would only work right with their own brand of paper. My guess is you’d see a couple of paper standards dominate, as with VHS and Beta, or HDDVD and Blueray. Certain brands of pens would use one kind of smart paper and others would use the other kind. And maybe some would just use their own brand.

    Seems pretty plausible to me, but it doesn’t seem as horrifying as these stories are apparently meant to be.

  10. Jon Marcus says:

    re FlyPen: I got one for my son. There’s some technical analogy to Prof. Felton’s PRM. But the legal/social issues are very different. There’s no competitor, no one attempting to sell cheap “fly paper” and most importantly no legal restrictions.

    In other words, there’s no attempt to manage property rights. (Perhaps because, as John says, Lexmark’s attempt to use the DMCA went down in flames.)

  11. the_zapkitty says:

    (The zapkitty replaces enigma_foundry’s mouse with one exactly like it…)

    I think Ed’s getting a little too academic, and is trying to structure logical arguments concerning new marketing schemes as reflected by insuffieciently defined technological applications… when the same arguments can be easily formulated for and examined against known business models using current technology.

    The following is stretching things a bit, but the concepts, and business models behind them, are known… and if you back off a bit in one way or another from one or more the knee-jerk catchphrases I use so freely you can see how some nasty binds can be actually be laid out for the customer by crossing the realm of current IP business models with material goods.

    ***

    HP comes out with a new printer, the HP-SUX0RZ.

    Not only are the ink cartridges still linked to the printer via RFID, so is the paper…

    … and yet you are perfectly free to load and use any third-party ink and/or paper you like into the HP-SUX0RZ…..

    …and yet HP gets its cut of the sales profit for every page you print.

    Each cartridge and each ream of the Officially Certified HP-SUX0RZ supplies has an RFID chip which will broadcast to the printer the amount of supplies purchased with that particular chip. And of course the printer will come with a starter batch of ink and paper and the chips for that. As the printer is used the amount of supplies used is subtracted from the total of the supplies purchased… or, if the printer-user (no longer owner, mind you) uses outside supplies, the supplies run through the printer are subtracted from the RFID totals anyway… or what HP thinks the amount of supplies used should have been anyway.

    When the total supplies used slightly exceeds the supplies that were indicated purchased by the RFID chips… the printer stops working.

    Hm? you thought you’d bought the printer? Sorry, printer-user, you only bought a limited amount of printer uses. The right to continue to use the advanced HP technology and software in the printer must be paid for by only using HP supplies, or (for anti-trust mavens) you can use third-party supplies in the printer anyway… it’s just that you still must pay for RFID chips to continue using the HP-SUX0RZ and its awesome integrated control-and-supply network and it’s amazing unspecified extra features.

    Didn’t you read the EULA when you paid to translocate the machine?

    But don’t worry, printer-user! When you present it with RFID chips showing you have purchased more Officially Certified HP-SUX0RZ supplies your printer will happily roar back into action!

    ***

    As I said in my preface: back off a bit on the worst of the buzzwords, sweeten the pot with “special functions good only with official supplies”, and voila! Workable “PRM”.

    Now, transfer one or another of the above concepts (or some combination thereof) to an oil filter for a car engine. Or brake fluid for that matter….

    A voice speaks from under the hood of the car… “Sorry, car-user, but to protect your safety from substandard products this brake fluid resevoir will only open in the presence of Official Mercedes Benz Brake Fluid.” … … …. “I’m sorry, car-user, that’s the old can of Official Mercedes Benz Brake Fluid you used last time. To ensure your safety you must use a fresh can of Official Mercedes Benz Brake Fluid.”…

    With RFID’d supplies the good old software concepts of “Buy-To-Not-Own” or “Our Brand Or None” or “Rent-The-Updates” can transfer alive and well to the realm of material goods… and that is definitely doubleplus-good for the manufacturers.


    Chuck Stewart
    “Anime-style catgirls: Threat? Menace? Or just studying algebra?”

  12. Dan Lockton says:

    I’ve been trying to catalogue ‘architectures of control’ in products – of which ‘PRM’ of the type Ed describes is a major subset – for a couple of years now, first as my master’s thesis (for the Cambridge-MIT Technology Policy programme) and then as a blog (http://architectures.danlockton.co.uk ).

    My conclusion, so far at least, is that, yes, regardless of any copyright issues, price discrimination and razor-blade type lock-ins will always be favoured tools of certain manufacturers, and as technology enables this to be done more easily, the prevalence of ‘controlled’ products will increase substantially.

    There are plenty of examples, both real and projected, beyond the – very interesting – ones that Ed posits: we already have battery authentication ICs (http://architectures.danlockton.co.uk/?p=94 ) for laptops and cellphones; you can bet that if electric cars take off (with batteries often being worth more than the car) they’re going to have some watertight authentication on them. Henry Ford never got into the oil business, but it’s not unlikely that it’ll be the auto manufacturers selling you the fuel cells or hydrogen for your future cars, and that ‘fuel’/energy vector will be heavily locked in/PRM’d to your vehicle, even if it’s officially for ‘safety reasons’. Put it this way: they’ll know if you didn’t use Ford brand hydrogen, and will invalidate your warranty as a result.

    @the_zapkitty – your speaking Mercedes-Benz is not far away at all. We already have the Audi A2 (http://architectures.danlockton.co.uk/?page_id=6#Audi-A2 ) where the owner cannot open the hood on pain of losing his/her warranty (only authorised dealers may do it), and it isn’t a big step to using cheap RFID on every component so the car “knows” if a non-genuine part has been fitted, and invalidates your warranty automatically. (Or, if that’s illegal in your territory, maybe it deliberately degrades the performance to ‘punish’ you – just like the Dell AIO 920/Lexmark 1150 cartridges mentioned here – http://www.theregister.co.uk/2005/02/08/letters_0802/ – though with more technological sophistication).

    In parallel with the economically motivated uses of architectures of control, there are many more politically or socially motivated examples – but I’d best leave them for another time…

  13. Mark Christiansen says:

    The software business has been successful in crippling its own used market. I think we will find this sort of PRM used to limit resale of hard goods as well. How many companies must look on in envy at how Microsoft’s activation and legal devices force people to throw away perfectly good copies of software with obsolete computers.

  14. Dan Wallach says:

    This sort of “lock-in” has been used widely in the past without requiring any elaborate PRM. Instead, all you need is traditional patents. For example, Nintendo used the threat of patent infringement as part of how they enforced that NES game developers had to purchase an appropriate license (see, e.g., http://www.gamasutra.com/features/20051111/boyd_01.shtml). You could imagine similar use of traditional patents in a wide variety of fields, from car parts to printer cartridges and on. Of course, patents expire, but the market for ink cartridges that fit 20-year old printers is relatively small.

    The use of PRM technologies seems aimed largely at raising the technological bar for doing something that might already be illegal for other reasons. Consider printer ink cartridges. You could imagine that the printer manufacturer could patent the process of refilling their cartridges and then refuse to license that patent. Any mainstream third party refiller could be sued for patent infringement. The PRM technology is a catch-all that makes it harder for both Joe Consumer and for businesses operating in countries that may not respect the validity of the patents.

  15. Dan Lockton says:

    But for a cartridge refilling process to be patentable, it would surely have to be very different to existing methods. I can’t quite imagine what that would be; whatever it was, I’m sure a cartridge refill company could find a way round it which didn’t infringe the patent, even if it involved some replacement cartridge components in addition to the ink/toner/wax/whatever type of filling. Say Lexmark develops and patents some kind of syringe and inlet valve built into the cartridge. If I really want to refill a cartridge, I can just drill out the patented valve and put my own (non-patented) valve in instead.

    Printer cartridge companies can’t retro-patent something that’s already well-known (well, they certainly can’t in Europe, anyway).

    I don’t really consider patents to be analogous to built-in technological measures. Patents are just legal measures. You could make it illegal to hum a tune you’ve heard on the radio – it’s only the fear of detection that would stop anyone doing it.

    The key thing about PRM, and other such architectures of control, as far as I’m concerned, is that whether or not they are enforcing actual laws is largely irrelevant – it’s Lessig’s ‘Code’ principle applied to technology in general. They allow companies to enforce their own control, regardless of what the actual laws are.

    The law (in the UK, at least) says that if I publish a book, I have to deposit a copy with certain libraries. But if I deposit that copy on low-quality paper which disintegrates in 10 years, because I don’t want people being able to borrow a copy for free (i.e. I want to approach a monopoly on supply), there’s nothing illegal about doing that.

  16. Xcott Craver says:

    Presumably, you meant “Property restrictions management.”

    But I actually disagree that the DRM debate will unhinge from copyright. I don’t think it can without a major change in public attitudes.

    Copyright has been the one moral justification for DRM in the public eye. Ask laypeople why DVDs have copy protection, and many will say, “to stop illegal copying” or “to keep people from stealing it.”

    If you argue that the DRM is too restrictive, you will often get the response that “well, they have to stop illegal copying somehow.” The public only accepts DRM as much as it does because of the perceived righteousness of trying to stop infringement.

    Everything else you can achieve with DRM is only possible because infringement offers users a compelling explanation for its presence. Infringement is also the reason DRM enjoys protection under 1201 (and note, attempts to aim 1201 at “PRM” uses has failed.)

    “PRM” would only be accepted by the public if you could sway them into thinking that it prevents some kind of illegal or immoral behavior. If not infringement, it would have to be something else. Unless we become so bogged down in a “permission culture” that people feel it is wrong to use their own property in a manner not prescribed by the manufacturer.

    Xcott

  17. Randy Picker says:

    Xcott,

    What defines “their own property”? Is there a general rule that does that? Something other than the contract of transfer between the manufacturer and the user?

  18. enigma_foundry says:

    It seems like it’d be a lot harder to justify laws backing PRM. With the copyright link, those who circumvented DRM could be called thieves or “pirates.” And there was general consensus that those who made copyrighted works available deserved to be able to demand compensation for it.

    I don’t believe there’s the same consensus that printer manufacturers should be able to require users to keep buying from them. And it doesn’t seem like to develop for the other hypothetical products you describe.

    I think that you are correct but beware: Blizzard v BnetD may leave a route for manufacturer’s to implement PRM by having purchaser agree to a license when using, similar to the agreement at issue in the above-referenced decision. Getting this horrible precedent overturned has to be on the top of eff’s agenda.

    Also, let’s re-christen this technology. PRM is pure newspeak. I’d propose reduced-access property enablement.

  19. Nato Welch says:

    DRM always seems to be aimed at removing native capabilities from products – whether they’re PCs, or anything else. DRM resistance often focuses on essential property rights: the right to remove these restrictions on things you bought and own fair & square.

    If this thinking prevails, however, industrial intersts already are beginning to understand the way around it: rent the stuff, instead of selling it. If the owner retains title to it, than users have no right to tinker with it. The same could apply from set top boxes, to mobile phones and PCs. These days, PCs aren’t just rented on your premises, but over the net using the Software-as-a-Service model.

    This is the reason I find it especially prudent that the mission of organizations like the Free Software Foundation advocates the rights of //users// – not just owners.

  20. Alexander Wehr says:

    To Xscott:

    given this, and other reading i’ve been doing on my own, game consoles will still be subjected to this kind of thing for some time to come.

    Even people who can’t stand DRM will accept draconian restrictions to prevent even more hated activities on online games.. such as infamous cheating on halo2 by modders. “it will stop the dirty halo cheaters” will be their next argument.

    As for this PRM thing.. it’s been most effective with the use of server dependent games and programs.

    As for those arguing that DRM will evolve into PRM without being attached to copyright in some way, I highly doubt it.

    Without the DMCA to prop up their DRM/PRM schemes companies will be free to develop generic products through reverse engineering. They will need to keep the DMCA active and somehow tie their product to copyrighted goods.

    In the case of electronics this should not be too great of a stretch.

    take my earlier example of the xbox 360. The dvd authentication firmware has been hacked to allow any layman to “Pirate” games, the actual protection of copyright has left that debate, but if any company now were to come up with and market in the open a mod to allow homebrew like linux or osX you would bet your life they’d pile all over it.

    By asserting their prevention of homebrew is copyright protection microsoft defends their PC market from inflitration by xbox360′s running linux or Tiger or even windows through emulation, which would be arguably the most powerful computer for the money on todays market.

  21. Crosbie Fitch says:

    Note that authenticity and integrity assurance schemes, whether utilising digital signatures or not, do not necessarily constitute DRM.

    You can have a digitally signed MP3 file without needing to encrpyt it.

    You can choose to play or not play with other players who have not chosen to utilise authenticated player identities (with associated reputations), or who have removed the integrity checking features of the game console they’re using.

    If a console manufacturer only provides these authentication services to customers who have not compromised other unnecessarily restrictive TPM’s in their consoles, well, it’s up to the players to decide what equipment to purchase.

  22. Xcott Craver says:

    I think that you are correct but beware: Blizzard v BnetD may leave a route for manufacturer’s to implement PRM by having purchaser agree to a license when using,

    A licence agreement is only possible if the vendor starts out with the right to restrict use. If not, there is nothing for the vendor to license to you.

    For example, software licence agreements grant me permission to make a copy when installing the software—which otherwise could arguably be construed as infringement. Supposedly I need a license to copy the material, hence the license agreement.

    This cannot be extended to ordinary items like pencils. If it is perfectly legal for me to use the product how I want, then what are they licensing? Permission to use my own stuff? Not unless unlicensed use is in some way illegal.

  23. Dan Lockton says:

    This cannot be extended to ordinary items like pencils. If it is perfectly legal for me to use the product how I want, then what are they licensing? Permission to use my own stuff? Not unless unlicensed use is in some way illegal.

    The thing is, even if (horror) unlicensed use of products (whether owned or rented) did become illegal, does it matter?

    As far as I can see, unless the product has the ability to detect and report on your ‘illegal’ actions (which would probably be likely), I’m not going to lose any sweat about it. When a law holds no moral value, and the only thing to prevent the majority breaking it is simply fear of being caught, then the law is pretty valueless. It’s unenforceable, and totally without common sense.

    Say your pencil came with a licence agreement stating that you must only use it as a writing implement, and you decide to use it to stir your coffee. You’re not going to be caught.

    The only problem comes when the standard pencil gets replaced with the ‘gizmo’ pencil, or the ‘spime’ pencil and tracks and reports on everything you do with it, and the moment you use it ‘wrongly, the lead is retracted to punish you. One thing’s for sure: you’ll never buy that brand of pencil again. So long as you have the choice…

  24. Ned Ulbricht says:

    For example, software licence agreements grant me permission to make a copy when installing the software—which otherwise could arguably be construed as infringement. Supposedly I need a license to copy the material, hence the license agreement.

    Xcott,

    Absent a contractual agreement, 17 USC § 117 provides:

    (a) Making of Additional Copy or Adaptation by Owner of Copy.— Notwithstanding the provisions of section 106, it is not an infringement for the owner of a copy of a computer program to make or authorize the making of another copy or adaptation of that computer program provided:

    (1) that such a new copy or adaptation is created as an essential step in the utilization of the computer program in conjunction with a machine and that it is used in no other manner, or

    This statutory text seems clear.

    Thus, while someone could conceivably “argue” that a software purchaser requires a use license to avoid infringement, that “argument” just isn’t supported by the copyright act.

    Instead, the argument generally runs along the line that the software licensee does not purchase a copy of the software.

  25. Ned Ulbricht says:

    What defines “their own property”? Is there a general rule that does that? Something other than the contract of transfer between the manufacturer and the user?

    Randy,

    In a consumer transaction between an end-user and a retailer, there is no privity between the manufacturer and the user… unless the retailer acts as the manufacturer’s agent.

    But you know that better than I.

  26. supercat says:

    //If this thinking prevails, however, industrial intersts already are beginning to understand the way around it: rent the stuff, instead of selling it. //

    That is, indeed, the legally-proper approach. If a company offers game machines in a twenty-year lease, whether or not it would actually bother to reclaim the machines at the end of that lease, it would have the right to forbid customers from making unauthorized alterations.

    What the companies are seeking to do is claim rights as lessors over products that they, in fact, sell. Courts need to recognize that there’s no legal basis for such behavior.

    If I purchase a $200 game machine, in the absense of any contract signed prior to purchase, my sole obligation to the manufacturer is to pay the $200. The manufacturer may hope that I will in turn buy other products made or licensed by the manufacturer, but I am under no legal obligation to do so. Nor does the manufacturer have any inherent right to say how I should use the prodct I purchased, except to the extent that I must comply with copyright and other such laws.

    One thing I’d like to see, btw, would be a standard socket and multi-socket extender for dongles. Those seem a better approach than Microsoft’s “activation” nonsense, and they seem less likely to “go wrong”.

  27. Daryn Smith says:

    If you have kids, the odds of a DVD movie scatched possible happen, but the DMCA doen’t allow either removal of the the DVD movie copy protection and, a backup of DVD movie anyway! No thanks to the DMCA, we the people get the short end of the stick.

  28. Neo says:

    Maybe it’s time that you, the people of the United States of America, took back control of your legislature from special interests and big business. Break up the buddy-buddy system of old cronies that went to the same fancy prep schools and Harvard variously Business or Law School before going on to head multi-billion-dollar corporations or run for office, respectively. Vote against all incumbents, regardless of party, until someone gets into a seat that actually represents his or her constituents; then that one is eligible to be reelected. Do this in enough numbers in enough ridings and before long the system will change.

  29. John Stracke says:

    PRM might start with a foothold in domains where copyright does apply. Consider clothing. Step-by-step:

    * The design of clothing is copyrightable.
    * An outfit (a set of clothes worn together) is a form of clothing.
    * Therefore, the design of an outfit is also copyrightable.
    * Therefore, an outfit is a derived work of the clothes that make it up.
    * Therefore, you need the manufacturer’s permission to combine clothing into an outfit.
    * Therefore, if manufacturer X chooses to put DRM technology in their shirts to make them incompatible with pants from other manufacturers, they can invoke the DMCA to back them up.

    No new laws needed at all. Once people are resigned to PRM in their clothes, they’ll be softened up to accept it in other domains.

  30. Bernie says:

    I suspect there are some high(er) risk areas like aircraft parts (where the use of sanctioned parts is already mandated) where PRM-like functionality could enforce legal/manufacturer’s requirements and more perhaps more usefully, signal the unintended use of a part.

    There’s nothing like an “involuntary conversion” or “collision with the ground” to ruin your day…