July 10, 2014

avatar

What is a Speedbump?

One thing I learned at the Harvard Speedbumps conference is that many people agree that “speedbump DRM” is a good idea; but they seem to have very different opinions of what “speedbump DRM” means. (The conference was declared “off the record” so I can’t attribute specific opinions to specific people or organizations.)

One vision of speedbump DRM tries to delay the leakage of DRM’ed content onto the darknet (i.e., onto open peer-to-peer systems where they’re available to anybody). By delaying this leakage for long enough, say for three months, this vision tries to protect a time window in which a copyrighted work can sold at a premium price.

The problem with this approach is that it assumes that you can actually build a DRM system that will prevent leakage of the content for a suitable length of time. So far, that has not been the case – not even close. Most DRM systems are broken within hours, or a within few days at most. And even if they’re not broken, the content leaks out in other ways, by leaks in the production process or via the analog hole. Once content is available on the darknet, DRM is nearly useless, since would-be infringers will ignore the DRM’ed content and get unconstrained copies from the darknet instead.

In any case, this approach isn’t really trying to build a speedbump, it’s trying to build a safe. (Even top-of-the-line office safes can only stand up to skilled safecrackers for hours.) A speedbump does delay passing cars, but only briefly. A three-month speedbump isn’t really a speedbump at all.

A real speedbump doesn’t stop drivers from following a path that they’re deterrmined to follow. Its purpose, instead, is to make one path less convenient than another. A speedbump strategy for copyright holders, then, tries to make illegal acquisition of content (via P2P, say) less convenient than the legitimate alternative.

There are several methods copyright owners can (and do) use to frustrate P2P infringers. Copyright owners can flood the P2P systems with spoofed files, so that users have to download multiple instances of file before they get a real one. They can identify P2P uploaders offering copyrighted files, and send them scary warning messages, to reduce the supply of infringing files. These methods make it harder for P2P users to get the copyrighted files they want – they acts as speedbumps.

These kinds of speedbumps are very feasible. They can make a significant difference, if they’re coupled with a legitimate alternative that’s really attractive. And if they’re done carefully, these measures have the virtue of inflicting little or no pain on noninfringers.

From an analytical, information security viewpoint, looking for speedbumps rather than impregnable walls requires us to think differently. How exactly we must change our thinking, and how the speedbump approach impacts public policy, are topics for another day.

Comments

  1. Copyfight says:

    Defining Speedbumps

    Ed Felten has the first report (unfortunately, I wasn’t invited) that I’ve seen on the Berkman Center’s Speed-Bumps conference (What is a Speedbump?). Apparently there was legitimate disagreement over what, exactly, a speed bump for digital distributio…

  2. Cypherpunk says:

    That’s a good point about the meaning of speedbump being unclear. In the physical world, speedbumps aren’t usually used to make people take a different path. Sometimes that does happen (they put speedbumps on a street in my neighborhood to try to discourage drivers from using it as a shortcut), but the more common usage is to slow people down. Most speedbumps appear in parking lots, and they’re not intended to divert traffic, but to slow it.

    This is why the term is confusing, because most people are going to think it means that the intention is to slow down the data flow from the legal to the illegal world, to buy that window of time. And as you say, that’s got technical problems. Your alternative interpretation in terms of convenience is more technically promising, but I think the name “speedbump” is going to be misleading and confusing in that case. Many people will hear it and think of the first interpretation.

    What would be a better word for something that makes a technology so inconvenient to use that people give up on it? How about “spam”? Maybe this new strategy should be called P2P spam. Any other ideas?

  3. Rob Rose says:

    Traditional speed bumps really are a way of increasing the path cost along certain edges of the traffic grid. They have a direct effect on traffic speed, and an indirect effect of traffic density. (The density change is obviously going to depend on the cost of the path going through the speed bump edge versus the cost of other routes).

    And I think the key point here (P2P distribution related) is that a speedbump at point B only effect the time of route A-B-C if no other route is competitive with the cost of the unimpeded A-B-C route… otherwise you merely shift the traffic.

    The path between protected content producer and the consumer goes through many many potential paths: distribution chain, eyeballing it in the theater, DVD sales, pay-per-view, many flavors of P2P, warez FTPs, sneakernets, etc. To have a speedbump on one path take effect, they’re going to have to hit all of the paths simultaneously.

    The other issue is that unlike a real world speedbump where you can’t design your car around them easily (i.e. wheel tracks wide enough to skirt them, or suspensions with two feet of travel and soft springs), the digital world allows for quick easy tweaking to minimize the impact.

    Dr. Felton touched on the point that an attractive legal method must be available as well. Let me first guess that by attractive he meant “a method whose exercise cost is less than what an potential infringer would spend, on average, by illegal means”. The exercise cost of the legal method will be cash and the exercise cost of the illegal methods will largely be time. A huge percentage of the infringers (i.e. preteens, teens and college students) have no cash but lots of free time. I’m guessing the net effect of the attractive legal method will be little on the net infringement angle.

  4. Chris Nyland says:

    It’s a toughie trying to find a suitable name for these things. I wrote my dissertation on a similar such topic a few years ago and called anything of this sort a “hobbling mechanism,” or simply “hobbler.”

    I took my inspiration from Stephen King’s Misery: where Annie describes how the diamond miners ensured that their workers could earn money for them, but couldn’t get too far….

    It’s a little more endogenous than the speedbump analogy (information wanting to be free etc), but then, isn’t that also the case with DRM’s intimate shaping of the message and medium?

  5. Freedom to Tinker says:

    Stopgap Security

    Another thing I learned at the Harvard Speedbumps conference (see here for a previous discussion) is that most people have poor intuition about how to use stopgap measures in security applications. By “stopgap measures” I mean measures that will fail i…

  6. Copyfight says:

    The Best Defense is a Good Offense

    Ed Felten continues his series on the recent Speed Bump conference at the Berkman Center with a discussion of some guidelines for designing effective stopgap security measures (Stopgap Security). His previous post on the conference (What is a Speedbump…

  7. Tong Family Blog says:

    Ed Felton

    Freedom to Tinker: What is a Speedbump?. Wow, this guy is sure smart. He’s a Professor at Princeton and I had the privilege of meeting him recently. Good notes on speedbumps as a way to slow down security and privacy issues. hat tip to Ludwig for that…