December 22, 2024

Grimmelmann on the Berkeley DRM Conference

James Grimmelmann at LawMeme offers a typically insightful and entertaining summary of the recent Berkeley DRM Conference. Here’s my favorite part:

And thus, the sixty-four dollar question: Is any of this [DRM technology] really going to work? The question tends to come up about once per panel; most of the panelists do their best to avoid dealing with it. The techies are split. The ones who go to great pains to say that they don’t speak for their companies say “no, DRM is a pipe dream.” The ones who don’t include these disclaimers either avoid the question or say “well, we’re doing our best.” The content industry reps treat effective DRM as almost a foregone conclusion. It must exist, because if it doesn’t, well, that would be too horrible a future to contemplate.

The lawyers in attendance, strangely enough, don’t seem to care whether DRM can work. I would have thought that the technical feasibility of effective mass-market DRM was the critical threshold question, but apparently not. I suppose it’s because they’re so accustomed to speaking in hypotheticals.

Berkeley DRM Workshop

It’s the second day of the Berkeley DRM Workshop, a wonderful conference. Donna points to live commentary from several bloggers.

I was on a panel with David Wagner, Hal Abelson, John Erickson, Joe Liu, and Larry Lessig. My quick presentation (here, in PowerPoint format) was about the (negative) impact of DRM and its companion regulations on a wide range of public policy debates. If you can’t learn about technology and you can’t talk about technology, then you can’t make good public policy decisions about technology.

Standards, or Collusion?

John T. Mitchell at InteractionLaw writes about the potential antitrust implications of backroom deals between copyright owners and technology makers.

If a copyright holder were to agree with the manufacturers of the systems for making lawful copies and of the systems for playing them to eliminate all trade in lawful copies unless each transaction (each resale, trade, gift or rental) has the consent of the copyright holder, there is of course no doubt that such agreement would constitute a naked restraint of trade. If, instead, the copyright holder agreed with the manufactures of copying and playing technologies to deploy a system which simply obeys the instructions of the copyright holder (including instructions which have the purpose and effect of eliminating the resale, trade, gift or rental of the copy, or of enlarging the copyright monopoly by charging for private performances), then the agreement to have technology automatically do the deed is certainly no better than the first. It is akin to a company saying to the prospective co-conspirator: “Listen, I can’t agree with you to do what you are asking because my lawyers tell me it would be illegal, so what I’ll do is program my machine to do what you tell it to do, but just don’t tell me.”

I understand that antitrust law is suspicious of backroom deals in which companies agree not to produce certain otherwise legal products, but that there are some exceptions for standard-setting. Perhaps that is why the various inter-industry groups try to dress up their agreements as “standards.” As I have written before, most of these agreements don’t look at all like technical standards, and to label them as such is misleading.

True technical standards are voluntary, and allow products to be more functional by giving them a way to interoperate (i.e., to work together). Most of the DRM “standards” are mandatory, and make products less functional by banning some kinds of interoperation.

Whether these agreements violate antitrust law is beyond my expertise, but I do know that a reasonable exemption for technical standard-setting ought not to apply to them.

Are DVDs Copy-Protected?

Maximillian Dornseif at disLEXia wonders why people refer to CSS, the encryption scheme used on DVDs, as “copy protection.” He points out, correctly, that encryption by itself cannot prevent copying, since encrypted bits can be copied just as easily as unencrypted ones. He wonders, then, how CSS can be called an anti-piracy measure. The answer is a bit subtle.

Dornseif is correct in saying that CSS by itself does not prevent copying. The goal of CSS is not to control copying (at least not directly), but to control who can build DVD players. In order to build a DVD player, you need to know how CSS works. If CSS is a trade secret, and if the owner of that trade secret will license it only to parties who agree to abide by certain rules, then all DVD players will abide by those rules. And if those rules make DVDs harder to copy, then the whole licensing scheme acts as a kind of indirect copy control scheme. Indeed, the owner of the trade secret can use this kind of scheme to enforce almost any limitation on use of DVDs, regardless of whether that limitation has any relation to copyright infringement.

The whole scheme breaks down, though, if the details of CSS get out to the general public. If that happens, then anyone can build a DVD player without having to agree to anybody’s rules (other than the legal rules that apply to everybody). Given the way players work, it was inevitable that somebody would reverse-engineer a player and recover the CSS algorithm. Learning a “trade secret” by reverse engineering is legal in many jurisdictions, so the CSS licensing scheme was doomed from the beginning to fail because somebody would legally reverse engineer CSS and publish it.

If you’re the DVD cartel, you want to do something to salvage your trade secret scheme. There are two ways you can do that. The first method is to make reverse engineering illegal (or just claim that it’s illegal), and then sue anybody who reverse engineers a player (e.g., Johansen), or anybody who publishes the results of reverse engineering (e.g. Pavlovich, Bunner, et al.). Alternatively, you can get a law passed that outlaws players that are made without your permission, and then sue anybody who make non-authorized DVD player or extractor products (e.g. Corley).

Both rules – banning reverse engineering, and banning unauthorized interoperation – are very dangerous from a public policy standpoint, as many of us have argued. But that hasn’t stopped vocal advocates from endorsing them, and even getting limited versions passed.

Long DRM Article in Today's NYT

Today’s New York Times offers a long article by Amy Harmon on DRM, or “digital armor” on recorded media. It’s mostly a backgrounder for people less up-to-speed on DRM issues than most of my readers (probably) are, but there are a few new nuggets worth noting.

First, Jack Valenti tries yet another analogy: “We need to put in speed bumps to keep people honest.” I have long argued that media companies should view DRM as a speed bump and not a fence, and I would be happy if Mr. Valenti stuck with this analogy. I doubt he will, though.

Speed bumps try to channel behavior by making some routes less convenient than others; but they don’t make anything impossible. Their inability to prevent anything is precisely what makes them useful as a tool – they can be used more liberally because a driver can overrule the speed bump when appropriate.

In my view, DRM is fundamentally weak so it can’t be anything but a speed bump. We might as well embrace its speed-bump nature, and build simpler DRM that doesn’t try to be impregnable. Then we can use DRM more liberally, like speed bumps, to channel behavior, but without trying (in vain) to prevent anything through pure technology.

If you believe the speed bump analogy, then the DMCA anti-circumvention laws clearly need to be repealed. A ban on driving over speed bumps makes speed bumps useless as speed bumps; and a ban on making cars that can drive over bumps is even worse.

Later in the article is another revealing record-company exec quote:

“You’re not buying music, you’re buying a key,” says Larry Kenswil, the president of the eLabs division of the Universal Music Group

Unfortunately for Mr. Kenswil, his customers don’t give a hoot about keys. They want to buy music.

Worse yet, these keys aren’t like the keys on your key ring. Your car key doesn’t expire. It doesn’t refuse to work on weekends, or when it’s humid, or when you’re burning the wrong brand of gas. It just opens the car – every time.

Next, we have this:

“We have zero objection to anyone’s ability to duplicate, to record, to play back and to save any copy- able content whatsoever,” said Peter Chernin, the president of 20th Century Fox. “But we’d be idiots not to be wary of the risks that come with that ability, and of the vulnerability of those of us supplying digitally unprotected films and shows.”

The first sentence is a puzzler. He can’t mean it literally, since Fox clearly does object to widespread copying over the Internet, so let’s read it as meaning that Fox doesn’t object to duplication, recording, playback, and saving for personal use as consumers have come to expect.

Even this is quite a statement. Is he really saying that Fox will not support any regulation that restricts personal use? If so, that’s a significant commitment, and one that will in my view make DRM impossible (since the technology cannot tell whether a use is personal). So he probably doesn’t mean that either.

Probably what he means is that Fox doesn’t object to personal use, but they will try to regulate personal use anyway, because a ban on many personal uses is an unavoidable side-effect of the regulation they seek. If so, then “we have zero objection” is irrelevant at best, and misleading at worst.

Finaally, the article ends with this:

Hollywood executives say they know they may need to adjust to meet consumer demands [for fair use]. James B. Ramo, the chief executive of Movielink, the Internet movie service, said the security software’s flexibility was one of its chief virtues.

“We’re not locked into these rules,” Mr. Ramo said. “We’re just testing them out.”

This is not likely to reassure Movielink’s customers, who are locked into the current rules.