November 2005

Adam and Fred duke it out over on the PFF blog, and I have to admit that my previous criticism was a bit hasty. I skimmed the report, but didn’t read the conclusion very carefully. He proposes a plausible alternative business model for the labels wherein consumers pay a flat fee for the right to make unlimited peer-to-peer downloads of copyrighted music. This is, at a minimum, a serious proposal worth discussing, and I can see some appeal in it. Notably, it does give people a way to “go legit” without being forced to put up with irritating and pointless DRM restrictions.

I do, however, think Adam continues to have a good point: what to do with the people who don’t join this scheme either? Fred seems to think that the number of such people will be trivial and so enforcing the rules against them won’t be very difficult. I’m not so sure. Even $5/month is a non-trivial amount of money to some people, and lots of people are lazy. I think a lot of people might continue to use P2P without paying the fee, and you’d be left in the same situation you’re in now: no way to enforce the rules except to sue them.

Secondly, is $5/month going to be enough to come anywhere close to replacing music industry revenues? The music industry currently gets about $13 billion in revenues. They’d be saving some money by not having to ship plastic discs around, so let’s round that down to $10 billion. To replace that revenue with $5/month subscriptions, it would need 150,000,000 subscribers. Is that reasonable? I honestly don’t know. If you combine the populations of the U.S., the EU, and Japan, there certainly are enough people in the industrialized world to support such a scheme, but I think the music industry would find it extremely difficult to corall enough of them into signing up.

After all, if I were a consumer in Fred’s future, what I would do is pay my subscription, download all the music I wanted in a month, and then cancel the subscription the following month. I might do that every 6 months or so. That would mean instead of adding $60/year to the industry’s coffers, I’d be adding about $10. To break even at that price you’d need about a billion subscribers, which is probably impossible, at least until China and India join the ranks of the wealthy nations.

Moreover, this kind of scheme seems like it would be extraordinarily difficult to enforce. If legitimate P2P services require users to log in with an RIAA-approved password, what’s to stop a dozen friends from sharing the same password? If the P2P services don’t require logging in, how will anyone figure out which users are legit?

SHARE: 12 comments

The New York Times reports on the latest way that the DMCA is stifling technological innovation:

The Internet, in theory, can offer a selection of video programming that even the most advanced cable systems cannot match, and technology is helping improve the often grainy quality of online video.

But the cable and satellite companies are becoming concerned about providers of video programming using the Internet to reach customers directly.

Larry Kramer, the president of CBS Digital Media, has explicitly called the network’s Internet video strategy a “cable bypass.”

Yuanzhe Cai, the director of broadband research at Parks Associates, said: “We are seeing a lot of experimentation in terms of video programming through the Internet, and a lot of people are going to want to sit back and watch it on their TV. The big hurdle now is the digital rights issues of the studios and content owners.”

TiVo is caught in the middle. Its current digital recorder is capable of viewing programming from the Internet. Indeed, it recently did a test that allowed its users to download movies offered by the Independent Film Channel. “There is more video content that is coming down the broadband pipes,” said Tom Rogers, TiVo’s chief executive, referring to high-speed connections. He argued that TiVo’s technology could be important in helping providers that put programs on the Internet to gain a wider audience.

So what’s the problem?

Continue reading →

SHARE: 2 comments

Over at the PFF blog, co-blogger Solveig Singleton has some points about the connection between fair use and DRM technology. Some are fair points, others I disagree with, but I think this one is particularly worth commenting on:

DRM does respond to demand. Take interoperability, for example. This is important to consumers. Thus the market began with many types of not-particularly-interoperable DRM. But now there are all kinds of interoperability ventures going on for all types of media. It’s unlikely the market will converge to one… but it is converging.

Lots of people are talking about DRM interoperability. But so far, none have been widely deployed. There’s a good reason for this: genuinely interoperable DRM is a contradiction in terms.

Why? It’s difficult to explain in non-technical language, but I think the fundamental reason is this: the restrictions of a DRM scheme are enforced by devices, not files. That means that every single device that accesses DRMed content must be tightly controlled to ensure it doesn’t become a conduit for unauthorized access to the copyrighted materials.

Therefore, a truly interoperable DRM system–one which anyone is free to participate in–isn’t just a difficult technical challenge. It’s a flat contradiction in terms. A DRM scheme’s security is only as strong as its weakest device. Every software has bugs, and each time a new device is built, it’s a new opportunity for a hacker to examine it and find flaws. Moreover, as flaws are found (which there always will be) the DRM scheme must be constantly upgraded to fix those flaws. Those upgrades must be done in a synchronized fashion, otherwise upgrades to one device might break compatibility with the others. Coordinating those updates becomes harder as the number of licensees increases.

As a result, the specifications for the DRM scheme must remain secret, and every compatible device must be approved by the owner of the DRM scheme before it’s allowed on the market. You can have “interoperability” in the very limited sense that Microsoft’s DRM scheme is interoperable: multiple companies all share Microsoft’s DRM format and so their files can be shared. But that works because the participating companies are all Microsoft licensees, and Microsoft tightly controls who is allowed to participate and what kinds of devices they’re allowed to make.

Real interoperability as it has existed in the technology industry, is quite different. Modern PC hardware is a good example of this. The processor, the memory, the hard drive, the mother board, the graphics card, and plenty of other parts are all built to publicly available specifications. For each part, there are multiple vendors (Intel and AMD for processors, Seagate and Western Digital for hard drives, ATI and nVidia for graphics cards, etc) competing for the business of computer builders. Any new company that knows how to build a part better or cheaper can build it without asking anyone’s permission. No one–Microsoft, IBM, Intel, or anyone else–has the power to exclude anyone from the PC industry or dictate what features a new PC device can have.

The “interoperability” that DRM builders are talking about isn’t like that at all. DRM interoperability is a closed system, with only those vendors who’ve gotten the permission of the DRM maker allowed to participate. If someone wants to do something that the DRM maker isn’t interested in, that’s just too bad.

Why does this matter? The PC industry has been so astonishingly innovative precisely because there wasn’t a central authority approving every device before it went on the market. Innovation often happens precisely when people mix-and-match technologies from different vendors in ways unforseen by either. And it’s vital that new firms be allowed to enter the market, even if their products threaten the market position of entrenched firms.

Moreover, hobbyists and open-source programmers are completely locked out of DRM schemes. Hobbyists can’t be given access to the secret specifications of DRM systems because there’s not way to prevent them from sharing them with others, or to inspect their devices to make sure they implement the DRM scheme successfully. Open source projects are locked out because by definition, the operation of an open source application cannot be secret, and anyone could modify open source applications to disable the DRM restrictions. The first successfully personal computer (the Aople II)was built by a hobbyists. And the most popular web server (Apache) and the #2 and #3 web browsers (Mozilla/Netscape/Firefox and Safari/Konquerer) are built on open source foundations. If you exclude hobbyists and open source programmers from the DRM marketplace, you’re forgoing a lot of potential innovation.

DRM vendors (and before that, copy protection vendors) have a long history of making promises they couldn’t deliver. Every DRM scheme ever made has been broken. Yet they continue to promise that the next scheme will work better. By the same token, DRM vendors are promising a bright future where all DRM schemes will work seamlessly with each other. But that will never happen, because open DRM, like unbreakable DRM, is a contradiction in terms.

SHARE: 6 comments

The EFF has a new study out surveying the results of more than two years of RIAA lawsuits against file-sharers. I’m ordinarily sympathetic to the EFF’s arguments, but in this case, I agree with Adam:

OK Fred, then what exactly IS the answer to the P2P dilemma? Because you don’t favor individual lawsuits, you don’t favor P2P liability, or much of anything else. This is what infuriates me most about the Lessig-ites; they give lip service to the P2P problem but then lambaste each and every legal solution proposed. In my opinion, if you can’t even support the lawsuits against individual users, then you essentially don’t believe in ANY sort of copyright enforcement.

People who don’t like the RIAA’s litigous agenda need to come up with a workable alternative. Too many people on the anti-RIAA side like to criticize every attempt to enforce current copyright laws without suggesting alternative enforcement mechanisms, and without proposing an alternative legal regime. I’m not comfortable with simply shrugging at wide-spread piracy and telling the RIAA to lower their prices and stop whining.

I do, however, have two caveats. First, I think the EFF’s report does highlight some abuses. Getting sued by a deep-pocketed corporation is an extremely intimidating experience, and it’s probably true that some of the RIAA’s targets were wrongly accused. So we should all be thinking about the legal balance that’s created between the RIAA and accused file-sharers. It might be that a legal regime designed to go after commercial pirates is too heavy-handed to deal with individual file sharers.

Secondly, I think the EFF might be right on the empirical question: that in the long run, these kinds of lawsuits aren’t going to prevent widespread use of P2P software. That doesn’t make piracy OK, and it doesn’t mean the RIAA should stop suing people, but it does mean that they should be thinking hard about what they’ll do if, a decade and 100,000 lawsuits from now, they find that peer-to-peer software is more popular than ever. It might be that there just isn’t any way to stop piracy short of shutting down the Internet. If that’s true, then at some point laws are going to have to change to reflect that reality. It would clearly be a bad idea to have a law that’s universally ignored. But I have no particular insights about what the new legal regime ought to look like.

SHARE: