James Grimmelmann at LawMeme offers a typically insightful and entertaining summary of the recent Berkeley DRM Conference. Here’s my favorite part:

And thus, the sixty-four dollar question: Is any of this [DRM technology] really going to work? The question tends to come up about once per panel; most of the panelists do their best to avoid dealing with it. The techies are split. The ones who go to great pains to say that they don’t speak for their companies say “no, DRM is a pipe dream.” The ones who don’t include these disclaimers either avoid the question or say “well, we’re doing our best.” The content industry reps treat effective DRM as almost a foregone conclusion. It must exist, because if it doesn’t, well, that would be too horrible a future to contemplate.

The lawyers in attendance, strangely enough, don’t seem to care whether DRM can work. I would have thought that the technical feasibility of effective mass-market DRM was the critical threshold question, but apparently not. I suppose it’s because they’re so accustomed to speaking in hypotheticals.

It’s the second day of the Berkeley DRM Workshop, a wonderful conference. Donna points to live commentary from several bloggers.

I was on a panel with David Wagner, Hal Abelson, John Erickson, Joe Liu, and Larry Lessig. My quick presentation (here, in PowerPoint format) was about the (negative) impact of DRM and its companion regulations on a wide range of public policy debates. If you can’t learn about technology and you can’t talk about technology, then you can’t make good public policy decisions about technology.

Maximillian Dornseif at disLEXia wonders why people refer to CSS, the encryption scheme used on DVDs, as “copy protection.” He points out, correctly, that encryption by itself cannot prevent copying, since encrypted bits can be copied just as easily as unencrypted ones. He wonders, then, how CSS can be called an anti-piracy measure. The answer is a bit subtle.

Dornseif is correct in saying that CSS by itself does not prevent copying. The goal of CSS is not to control copying (at least not directly), but to control who can build DVD players. In order to build a DVD player, you need to know how CSS works. If CSS is a trade secret, and if the owner of that trade secret will license it only to parties who agree to abide by certain rules, then all DVD players will abide by those rules. And if those rules make DVDs harder to copy, then the whole licensing scheme acts as a kind of indirect copy control scheme. Indeed, the owner of the trade secret can use this kind of scheme to enforce almost any limitation on use of DVDs, regardless of whether that limitation has any relation to copyright infringement.

The whole scheme breaks down, though, if the details of CSS get out to the general public. If that happens, then anyone can build a DVD player without having to agree to anybody’s rules (other than the legal rules that apply to everybody). Given the way players work, it was inevitable that somebody would reverse-engineer a player and recover the CSS algorithm. Learning a “trade secret” by reverse engineering is legal in many jurisdictions, so the CSS licensing scheme was doomed from the beginning to fail because somebody would legally reverse engineer CSS and publish it.

If you’re the DVD cartel, you want to do something to salvage your trade secret scheme. There are two ways you can do that. The first method is to make reverse engineering illegal (or just claim that it’s illegal), and then sue anybody who reverse engineers a player (e.g., Johansen), or anybody who publishes the results of reverse engineering (e.g. Pavlovich, Bunner, et al.). Alternatively, you can get a law passed that outlaws players that are made without your permission, and then sue anybody who make non-authorized DVD player or extractor products (e.g. Corley).

Both rules – banning reverse engineering, and banning unauthorized interoperation – are very dangerous from a public policy standpoint, as many of us have argued. But that hasn’t stopped vocal advocates from endorsing them, and even getting limited versions passed.

Today’s New York Times offers a long article by Amy Harmon on DRM, or “digital armor” on recorded media. It’s mostly a backgrounder for people less up-to-speed on DRM issues than most of my readers (probably) are, but there are a few new nuggets worth noting.

First, Jack Valenti tries yet another analogy: “We need to put in speed bumps to keep people honest.” I have long argued that media companies should view DRM as a speed bump and not a fence, and I would be happy if Mr. Valenti stuck with this analogy. I doubt he will, though.

Speed bumps try to channel behavior by making some routes less convenient than others; but they don’t make anything impossible. Their inability to prevent anything is precisely what makes them useful as a tool – they can be used more liberally because a driver can overrule the speed bump when appropriate.

In my view, DRM is fundamentally weak so it can’t be anything but a speed bump. We might as well embrace its speed-bump nature, and build simpler DRM that doesn’t try to be impregnable. Then we can use DRM more liberally, like speed bumps, to channel behavior, but without trying (in vain) to prevent anything through pure technology.

If you believe the speed bump analogy, then the DMCA anti-circumvention laws clearly need to be repealed. A ban on driving over speed bumps makes speed bumps useless as speed bumps; and a ban on making cars that can drive over bumps is even worse.

Later in the article is another revealing record-company exec quote:

“You’re not buying music, you’re buying a key,” says Larry Kenswil, the president of the eLabs division of the Universal Music Group

Unfortunately for Mr. Kenswil, his customers don’t give a hoot about keys. They want to buy music.

Worse yet, these keys aren’t like the keys on your key ring. Your car key doesn’t expire. It doesn’t refuse to work on weekends, or when it’s humid, or when you’re burning the wrong brand of gas. It just opens the car – every time.

Next, we have this:

“We have zero objection to anyone’s ability to duplicate, to record, to play back and to save any copy- able content whatsoever,” said Peter Chernin, the president of 20th Century Fox. “But we’d be idiots not to be wary of the risks that come with that ability, and of the vulnerability of those of us supplying digitally unprotected films and shows.”

The first sentence is a puzzler. He can’t mean it literally, since Fox clearly does object to widespread copying over the Internet, so let’s read it as meaning that Fox doesn’t object to duplication, recording, playback, and saving for personal use as consumers have come to expect.

Even this is quite a statement. Is he really saying that Fox will not support any regulation that restricts personal use? If so, that’s a significant commitment, and one that will in my view make DRM impossible (since the technology cannot tell whether a use is personal). So he probably doesn’t mean that either.

Probably what he means is that Fox doesn’t object to personal use, but they will try to regulate personal use anyway, because a ban on many personal uses is an unavoidable side-effect of the regulation they seek. If so, then “we have zero objection” is irrelevant at best, and misleading at worst.

Finaally, the article ends with this:

Hollywood executives say they know they may need to adjust to meet consumer demands [for fair use]. James B. Ramo, the chief executive of Movielink, the Internet movie service, said the security software’s flexibility was one of its chief virtues.

“We’re not locked into these rules,” Mr. Ramo said. “We’re just testing them out.”

This is not likely to reassure Movielink’s customers, who are locked into the current rules.