One thing I learned at the Harvard Speedbumps conference is that many people agree that “speedbump DRM” is a good idea; but they seem to have very different opinions of what “speedbump DRM” means. (The conference was declared “off the record” so I can’t attribute specific opinions to specific people or organizations.)

One vision of speedbump DRM tries to delay the leakage of DRM’ed content onto the darknet (i.e., onto open peer-to-peer systems where they’re available to anybody). By delaying this leakage for long enough, say for three months, this vision tries to protect a time window in which a copyrighted work can sold at a premium price.

The problem with this approach is that it assumes that you can actually build a DRM system that will prevent leakage of the content for a suitable length of time. So far, that has not been the case – not even close. Most DRM systems are broken within hours, or a within few days at most. And even if they’re not broken, the content leaks out in other ways, by leaks in the production process or via the analog hole. Once content is available on the darknet, DRM is nearly useless, since would-be infringers will ignore the DRM’ed content and get unconstrained copies from the darknet instead.

In any case, this approach isn’t really trying to build a speedbump, it’s trying to build a safe. (Even top-of-the-line office safes can only stand up to skilled safecrackers for hours.) A speedbump does delay passing cars, but only briefly. A three-month speedbump isn’t really a speedbump at all.

A real speedbump doesn’t stop drivers from following a path that they’re deterrmined to follow. Its purpose, instead, is to make one path less convenient than another. A speedbump strategy for copyright holders, then, tries to make illegal acquisition of content (via P2P, say) less convenient than the legitimate alternative.

There are several methods copyright owners can (and do) use to frustrate P2P infringers. Copyright owners can flood the P2P systems with spoofed files, so that users have to download multiple instances of file before they get a real one. They can identify P2P uploaders offering copyrighted files, and send them scary warning messages, to reduce the supply of infringing files. These methods make it harder for P2P users to get the copyrighted files they want – they acts as speedbumps.

These kinds of speedbumps are very feasible. They can make a significant difference, if they’re coupled with a legitimate alternative that’s really attractive. And if they’re done carefully, these measures have the virtue of inflicting little or no pain on noninfringers.

From an analytical, information security viewpoint, looking for speedbumps rather than impregnable walls requires us to think differently. How exactly we must change our thinking, and how the speedbump approach impacts public policy, are topics for another day.

Scientific American has published an interview with Leonardo Chiariglione, the creator of the MP3 music format and formerly head of the disastrous Secure Digital Music Initiative. (SDMI tried to devise a standard for audio content protection. The group suffered from serious internal disagreements, and it finally dissolved after a failed attempt to use DMCA lawsuit threats to suppress publication of a research paper, by my colleagues and me, on the weaknesses of the group’s technology.)

Now Chiariglione is leading another group to devise the ultimate DRM (i.e., anti-copying) music format: “a system that guarantees the protection of copyrights but at the same time is completely transparent and universal.” He doesn’t seem to see that this goal is self-contradictory. After all, we already have a format that is completely transparent and universal: MP3.

The whole point of DRM technology is to prevent people from moving music usefully from point A to point B, at least sometimes. To make DRM work, you have to ensure that not just anybody can build a music player – otherwise people will build players that don’t obey the DRM restrictions you want to connect to the content. DRM, in other words, strives to create incompatibility between the approved devices and uses, and the unapproved ones. Incompatibility isn’t an unfortunate side-effect of deficient DRM systems – it’s the goal of DRM.

A perfectly compatible, perfectly transparent DRM system is a logical impossibility.

The idea of universally compatible DRM is so odd that it’s worth stopping for a minute to try to understand the mindset that led to it. And here Chiariglione’s comments on MP3 are revealing:

[Scientific American interviewer]: Wasn’t it clear from the beginning that MP3 would be used to distribute music illegally?

[Chiariglione]: When we approved the standard in 1992 no one thought about piracy. PCs were not powerful enough to decode MP3, and internet connections were few and slow. The scenario that most had in mind was that companies would use MP3 to store music in big, powerful servers and broadcast it. It wasn’t until the late ’90s that PCs, the Web and then peer-to-peer created a completely different context. We were probably naive, but we didn’t expect that it would happen so fast.

The attitude of MP3’s designers, in other words, was that music technology is the exclusive domain of the music industry. They didn’t seem to realize that customers would get their own technology, and that customers would decide for themselves what technology to build and how to use it. The compatible-DRM agenda is predicated on the same logical mistake, of thinking that technology is the province of a small group that can gather in a room somewhere to decide what the future will be like. That attitude is as naive now as it was in the early days of MP3.

Derek Slater discusses Fraunhofer’s new Light Weight DRM system. Derek is skeptical but states his opinion cautiously, not being a technologist. In any case, Derek gets it right.

It’s hard to see much that’s new in this proposal. If we ignore the newly coined LWDRM buzzword and the accompanying marketing spin, we’re left with a fairly standard looking DRM scheme, of the type I call mark-and-trace.

Mark-and-trace DRM schemes try to put a unique, indelible mark on each legitimate copy of a work, so that any infringing copies found later can be traced, with the aid of the mark, back to the legitimate copy from which they originated. Such schemes have fallen out of favor recently, because of two problems.

First, the mark must really be indelible. If an adversary can remove the mark, the resulting “scrubbed” copy can be redistributed with impunity. Nobody has figured out how to make marks that can’t be removed from music or video. Past attempts to create indelible marks have failed miserably. A notable example is the SDMI watermarks that my colleagues and I showed were easily removed.

Second, blaming the buyer of an original for all copies (and copies of copies, etc.) made from it just isn’t practical. To see why, suppose Alice has a big collection of music on her laptop. Then her laptop is stolen, or somebody breaks into it electronically, and all of her songs end up on millions of computers all over the Net. What then? Do you take all of Alice’s earthly possessions to compensate for the millions of infringements that occurred? (And if that’s the policy, what sane person will buy music in the first place?) Or do you let Alice off the hook, and allow burglars to defeat your entire DRM scheme? Nobody has a plausible answer to this question; and the Fraunhofer people don’t offer one.

Reuters reports that a new CD copy-protection technology from Sony debuted yesterday in Germany, on a recording by the group Naturally Seven. Does anybody know how I can get a copy of this CD?

UPDATE (12:30 PM): Thanks to Joe Barillari and Scott Ananian for pointing me to amazon.de, where I ordered the CD. (At least I think I did; my German is pretty poor.)