December 22, 2024

Rethinking DRM Dystopia

Thanks to Ed for the flattering introduction – now if only I can live up to it! It’s an honor (and a little intimidating) to be guest blogging on FTT after several years as an avid reader. I’ve never blogged before, but I am looking forward to the thoughtful, user-driven exchanges and high transparency that blogs in general, and FTT in particular, seem to cultivate. Please consider yourself, dear reader, every bit as warmly invited to comment and engage with my posts as you are with Ed’s, and Alex’s.

I want to use this first post to flag something that startled me, and to speculate a little about the lessons that might be drawn from it. I was surprised to read recently that Zune, Microsoft’s new music service, will probably scan users’ iTunes libraries and automatically buy for them (at Microsoft’s expense) copies of any protected music they own on the iTunes service.

Let’s suppose, for the sake of argument, that this early report is right – that Microsoft is, in fact, going to make an offer to all iTunes users to replicate their libraries of iTunes, FairPlay-protected music on the new Zune service at no added cost to the users. There are several questions of fact that leap to mind. Did Microsoft obtain the licensing rights to all of the music that is for sale on iTunes? If not, there will be some iTunes music that is not portable to the new service. Will copyright holders be getting the same amount from Microsoft, when their songs are re-purchased on behalf of migrating iTunes users, as they will get when a user makes a normal purchase of the same track in the Zune system? The copyright holders have a substantial incentive to offer Microsoft a discount on this kind of “buy out” mass purchasing. As Ed pointed out to me, it is unlikely that users would otherwise choose to re-purchase all of their music, at full price, out of their own pockets simply in order to be able to move from iTunes to Zune. By discounting their tracks to enable migration to a new service, the copyright holders would be helping create a second viable mass platform for online music sales – a move that would, in the long run, probably increase their sales.

I have spent a fair amount of time and energy worrying about dystopian scenarios in which a single vertically integrated platform, protected by legally-reinforced DRM technologies, locks users in and deprives them not only of first-order options (like the ability to copy songs to a second computer), but also of the second-order freedom to migrate away from a platform whose DRM provisions, catalog, or other features ultimately compare unfavorably to alternative platforms.

Of course, as it has turned out, the dominant DRM platform at the moment, FairPlay, actually does let people make copies of their songs on multiple computers. It is in general a fair bit less restrictive than what some of us have worried that we might, as consumers, ultimately end up being saddled with. Indeed, the relatively permissive structure of FairPlay DRM is very likely one of the factors that has contributed to Apple’s success in a marketplace that has seen many more restrictive alternative systems fail to take hold. But the dominance of Apple’s whole shiny white realm of vertical integration in the digital music market still has made it seem like it would be hard to opt against Apple, even if the platform were to get worse or if better platforms were to emerge to challenge it.

But now it seems that it may actually be easy as pie for any iTunes user to leave the Apple platform. The cost of the Zune player, which will presumably be exclusive to the Zune music service just as the iPod is to iTunes, is a significant factor, but given that reliability issues require users to replace iPods frequently, buying a new player doesn’t actually change the cost equation for a typical user over the long run.

What are the lessons here? Personally, I feel like I underestimated the power of the market to solve the possible problems raised by DRM. It appears that the “lock in” phenomenon creates a powerful incentive for competitors to invest heavily in acquiring new users, even to the point of buying them out. Microsoft is obviously the most powerful player in the technology field, and perhaps some will argue it is unique in its ability to make this kind of an offer. But I doubt that – if the Zune launch is a success, it will set a powerful precedent that DRM buyouts can be worthwhile. And even if Microsoft were unique in its ability to offer a buyout, the result in this case is that we’ll have two solid, competing platforms, each one vertically integrated. It’s no stretch of the imagination to think Apple may respond with a similar offer to lure Zune users to iTunes.

Bottom line: Markets are often surprisingly good at sorting out this kind of thing. Technology policy watchers underestimate the power of competition at our peril. It’s easy to see Microsoft or Apple as established firms coasting on their vertically integrated dominance, but the Zune buyout is a powerful reminder that that’s not what it feels like to be in this or most any other business. These firms, even the biggest, best and most dominant, are constantly working hard to outdo one another. Consumers often do very well as a result… even in a world of DRM.

University-Purchased Music Services a Bust

When universities buy music service subscriptions for their students, few students use them, according to Nick Timiraos’s story in yesterday’s Wall Street Journal. Students tend to download music illegally, or buy it from iTunes instead.

In explaining the popularity of Napster and other file-sharing systems, commentators have often overemphasized the price factor and underestimated convenience. Here we see students given the option of a free subscription service, and passing it up to use another free (though illegal) system, or a for-pay system that is more convenient than the free one. (These systems are free to the students, in the sense that using them costs no more than not using them.)

This error was particularly common when the original Napster was new. Before Napster, many people knew how to distribute music conveniently online, but licensing and payment issues were holding up the development of useful online music services. Napster cut the Gordian knot by building the distribution infrastructure and skipping the licensing and payment part. For Napster users, payment was not optional – there was no way to pay, even if the user wanted to. Napster users were choosing convenience, as much as they were choosing not to pay.

Thanks to the record companies’ insistence on intrusive DRM, most of today’s authorized online music services suffer from incompatibility and user frustration. iTunes offers the least intrusive DRM, and unsurprisingly it is by far the most successful online music store. Music fans want music they can actually listen to.

(link via Doug Tygar)

Freeing the Xbox

When Microsoft shipped its Xbox game console, Linux programmers salivated. The Xbox was a pretty nice computer, priced at $149. The Xbox had all the hardware needed to run Linux and its applications. Problem was, Microsoft had tried to lock down the Xbox hardware to prevent unauthorized programs – such as the Linux kernel – from running on it. An article at xbox-linux.org explains how this lockdown plan failed. The technical details are quite interesting, but nontechies can learn from this story too.

Microsoft had two reasons for locking down the hardware. It wanted to stop people from running Xbox games that had been illegally copied. And it wanted to stop people from running other (noninfringing) software such as Linux. The latter goal is the more interesting one. Microsoft did this because it wanted to sell the Xbox hardware at a loss, and make up the difference by charging a premium for games. To do this, it needed to stop unauthorized software – otherwise people might buy the Xbox, install another operating system on it, and never buy an Xbox game.

A group of clever engineers, calling themselves the Xbox Linux Project, set out to discover how Microsoft had tried to lock down the Xbox hardware, and how they could overcome Microsoft’s lockdown and install Linux. We would expect them to succeed – in computer security, physical control of a device almost always can be leveraged to control the device’s behavior – and indeed they did. The bulk of the Xbox-Linux article describes the technical details of how Microsoft’s lockdown worked, how they reverse engineered it, and the tricks they discovered for capturing effective control of the Xbox and installing Linux on it.

Opponents of this kind of tinkering often argue that it is really just a front for copyright infringement – that the tinkerers really just want to run illegally copied games. But the article describes a group of people who just want to run Linux on their Xboxes, and are willing to take steps to stop their work being misappropriated by game copiers. For example, the article says that once they had figured out a trick, which the article calls a “hack”, for installing new software on the Xbox, they tried to use it responsibly:

But the Xbox Linux Project did not blindly release this hack. The first … proof of concept exploit had been finished in January 2003. After that, a lot of energy was invested in finding out a way to free the Xbox for homebrew development and Linux, but not allowing game copies. Microsoft was contacted, but without any success. They just ignored the problem.

Finally in July, the hack was released, with heavy obfuscation, and lockout code for non-Linux use. It was obvious that this would only slow down the “hacking of the hack”, so eventually, people would be able to use this vulnerability for copied games, but since Microsoft showed no interest in finding a solution, there was no other option than full disclosure. The suggestion of the Xbox Linux Project would have been to work together with Microsoft to silently close the security holes and, in return, work on a method to let homebrew and Linux run on the Xbox.

What should public policy have to say about this? Given that the Xbox Linux folks apparently weren’t trying to copy games but simply wanted to run noninfringing software on lawfully purchased hardware, and given that they took steps to hinder the use of their work for infringing purposes, it’s hard to object to their work on copyright grounds. The real action here is in Microsoft’s strategy of selling the Xbox hardware as a loss leader, and the tendency of the Xbox Linux work to frustrate this strategy. Xbox Linux creates value for its users. Should public policy be willing to destroy this value in order to enable Microsoft’s pricing strategy? My instinct is that it should not, though there is a plausible argument on the other side.

What is clear, though, is that this is not really a copyright issue. At bottom, it’s not about the right of Microsoft to be paid for the Xboxes it builds, or about the right of game authors to be paid for the copies of their games that users get. Instead, it’s about whether Microsoft can control how people use its products. In general, the law does not give the maker of a product the right to control its use. Why should the Xbox be any different?

Ed Talks in SANE

Today, I gave a keynote at the SANE (System Administration and Network Engineering) conference, in Delft, the Netherlands. SANE has an interesting group of attendees, mostly high-end system and network jockeys, and people who like to hang around with them.

At the request of some attendees, I am providing a PDF of my slides, with a few images redacted to placate the copyright gods.

The talk was a quick overview of what I used to think of as the copyfight, but I now think of as the technologyfight. The first part of the talk set the stage, using two technologies as illustrations: the VCR, and Sony-BMG’s recent copy-protected CDs. I then switched gears and talked about the political/regulatory side of the techfight.

In the last part of the talk, I analogized the techfight to the Cold War. I did this with some trepidation, as I didn’t want to imply that the techfight is just like the Cold War or that it is as important as the Cold War was. But I think that the Cold War analogy is useful in thinking about the techfight.

The analogy works best in suggesting a strategy for those on the openness/technology/innovation/end-to-end side of the techfight. In the talk, I used the Cold War analogy to suggest a three-part strategy.

Part 1 is to contain. The West did not seek to win the Cold War by military action; instead it tried to contain the other side militarily so as to win in other ways. Similarly, the good guys in the techfight will not win with lawyers; but lawyers must be used when necessary to contain the other side. Kennan’s definition of containment is apt: “a long-term, patient but firm and vigilant containment of [the opponent’s] expansive tendencies”.

Part 2 is to explain. This means trying to influence public opinion by explaining the benefits of an open and free environment (in the Cold War, an open and free society) and by rebutting the other side’s arguments in favor of a more constraining, centrally planned system.

Part 3 is to create. Ultimately the West won the Cold War because people could see that ordinary citizens in the West had better, more creative, more satisfying lives. Similarly, the best strategy in the techfight is simply to show what technology can do – how it can improve the lives of ordinary citizens. This will be the decisive factor.

In the break afterward, somebody referred to a P.J. O’Rourke quote to the effect that the West won the Cold War because it, unlike its opponents, could provide its citizens with comfortable shoes. (If you’re the one who told me this, please remind me of your name.) No doubt O’Rourke was exaggerating for comic effect, but he did capture something important about the benefits of a free society and, by analogy, of a free and open technology ecosystem.

Another American approached me afterward and said that by talking about the Cold War as having been won by one side and lost by the other, I was portraying myself, to the largely European audience, as the stereotypical conservative American. I tried to avoid giving this impression (so as not to distract from my message), calling the good side of the Cold War “the West” and emphasizing the cultural rather than military aspects of the Cold War. I had worried a little about how people would react to my use of the Cold War analogy, but ultimately I decided that the analogy was just too useful to pass up. I think it worked.

All in all, it was great fun to meet the SANE folks and see Delft. Now back to real life.

Happy Endings

Cameron Wilson at the USACM Policy Blog writes about a Cato Institute event about copyright policy, which was held Wednesday. The panel on the DMCA was especially interesting. (audio download; audio stream; video stream)

Tim Lee, author of the recent Cato paper on the ill effects of the DMCA, spoke first.

The second speaker was Solveig Singleton of PFF, who offered some amazing arguments. Here is her response to the well-documented list of DMCA misuses:

Even if you set aside some of the errors in the Cato paper, you’re left with a set of examples, many of which have happy endings, without any change to the law. Ed Felten’s case, for example. There are other cases. There were lawsuits that were threatened but not brought. Lawsuits that were brought but ultimately failed. Lawsuits that succeeded but on grounds other than the DMCA.

(This is my transcription from the audio stream.)

To call the case of my colleagues and me a “happy ending” takes some real chutzpah. Let’s catalog the happy consequences of our case. One person lost his job, and another nearly did. Countless hours of pro bono lawyer time were consumed. Anonymous donors gave up large amounts of money to support our defense. I lost at least months of my professional life, and other colleagues did too. And after all this, the ending was that we were able to publish our work – something which, before the DMCA, we would have been able to do with no trouble at all.

In the end, yes, we were happy – in the same way one is happy to recover from food poisoning. Which is not really an argument in favor of food poisoning.

She goes on to argue for the efficacy of the DMCA, using the example of Apple’s FairPlay technology (which is used by the iTunes music store):

But … are they [Apple] going to be able to get music developers to the table to negotiate with them to help create this library [of music] if they can’t make some reasonable assurances that that content isn’t going to show up free everywhere else?

Never mind that all of the songs Apple sells are available for free on P2P networks, despite FairPlay and the DMCA. Never mind that FairPlay has a huge and widely known hole – the ability to burn songs to an unprotected CD – which Apple created deliberately.

It’s understandable that DMCA advocates don’t want to give a realistic, straightforward explanation of exactly why the DMCA is needed. If they tried to do so, it would become clear that the DMCA, as written, is poorly suited for their purpose. Instead, we get strawmen and arguments from counterfactual assumptions.

I’ll close with a quote from Emery Simon of the Business Software Alliance, another speaker on the same panel, making a claim so far off-base that I won’t even bother to rebut it:

[If not] for copy protection technologies, whether it’s Macrovision or CSS or Fairplay, my VCR and my television set would be devices no more useful to me than my car without gasoline.