A few months ago, I was pleased to see this post by ZDNet editor David Berlind, in which he did a great job of explaining why “open DRM” is a contradiction in terms:
Until last night, when I met Brad Templeton, chairman of the board at the Electronic Frontier Foundation, my position has basically been that DRM as an idea is a bad idea (especially the way it is being implemented) but that if we must have it, then at least let’s have one that’s based on an open standard so that the content you buy can flow frictionlessly from one of your devices to the other without running into a playback gotcha. But, based on what Templeton told me, I now realize that even an open standard won’t do much to solve the problem. This for me–a huge proponent of open standards–was such devastating news that Templeton will tell you that at first, I refused to believe it. But it’s true and perhaps just as troubling is how open source software is one of the reasons why. Templeton taught me something about how DRM works that I had never stopped to consider. As it turns out, a proprietary DRM scheme relies on the proprietary closed source software that works with it to form the one-two punch of what makes DRM function. The great thing about open standards is that they make it possible for anybody including open source developers to implement them in their software. But if there was an open standard for DRM, the resulting open source implementations would very likely defeat the purpose of the DRM in the first place. The reason proprietary DRM works is that the vendor is in control of both the DRM technology that secures the content and the playback technology that knows how to unlock it and play it back. So, by virtue of what the proprietary playback software is capable of, that vendor is completely in charge of what happens to the content once it’s unlocked.
But in a Friday post, he seemed to be changing his tune, at least when it comes to Sun’s “open source” DRM scheme:
With two small (but significant) hitches, DReaM would be open and freely deployable in any type of software (including open source software). The first of these hitches is that the final software has to be digitally signed by an indepedent third party–perhaps one or more centralized authorities–who can verify that the executable software correctly preserves rightsholders rights. To get such a digital signature, code would have to undergo testing by the centralized authority. In the DReaM architecture, only properly signed code that hasn’t been tampered with (code-tampering voids the signature) can access the key infrastructure that’s necessary to remove the locks from the content and question. The second of these hitches is that the code must run in a secure execution environment where malware can’t hijack signed, running code in realtime in a way that gives it unauthorized access to the keys and the content.
This is a little like saying that with two small (but significant) hitches, OJ Simpson was a law-abiding guy. The exceptions obliterate the rule. Cory Doctorow, with perhaps a bit of hyperbole, gets it basically right:
David Berlind has written about Sun’s “Open DReaM” crippleware project, a DRM that pretends to be “open source” and an “open platform” in a cynical bid to curry favor with copyfighters and studios. The gimmick is that Sun’s technology has to be run as signed code on trusted computing hardware, which means that while you can see the code, you can’t change it, improve it, or build on it. Once you have code you can’t modify on hardware you can’t access, “open source” can’t be meaningfully used to describe a project. The key to free and open source software is the right of users to understand, modify, and distribute their changes to the tools they use–to continue a tradition as old as the Enlightenment and as fundamental as the scientific method. Sun’s project doesn’t subvert DRM, it subverts open source. It complies–barely–with the letter of older OSS definitions, while gutting their spirit. It’s a car with the hood welded shut, with an “open” engine underneath the welding-seam.
Sun may be able to stretch the definition of “open” so that DReaM barely meets it. But if his goal is to rally the open source community around an alternative to Apple and Microsoft’s proprietary DRM formats, he’s barking up the wrong tree. Software that complied with the DReaM format would lack the primary advantage of open source software–the ability to freely customize it to individual needs. They’re unlikely to attract the interest of any actual open source developers. “Look but don’t touch” open source isn’t really open source at all.
Mr. Berlind, you had it right the first time. “Open DRM” is an oxymoron.
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.