DMCA, DRM & Piracy

This BusinessWeek column sounds very sensible:

Situations like this, together with the Sony BMG mess, have given the whole concept of DRM a bad name. To win public acceptance, the industries involved–content, information technology, and consumer electronics–are going to have to put maneuvering for advantage aside and stick to clear, consumer-first goals. Above all, users should not have to notice the existence of the particular DRM as long as they abide by clearly stated copying limitations. Digital content should use standard DRM technology built into players such as iTunes and Windows Media Player. And any content should play on any device that can physically display it, without regard to operating system.

The entertainment industry has a great opportunity for new markets, and the PC and consumer-electronics industries have an opening for new products. But realizing this potential will require all of them to show some respect for their customers.

This is an admirable sentiment. There’s just one problem: “standard DRM technology” is a contradiction in terms. There’s never been such a thing, and there never will be. DRM technology is proprietary by necessity.

As I’ve argued in the past, DRM schemes must be proprietary formats, with a single authority (say, Apple or Microsoft) setting the rules and deciding who may participate. Moreover, the security of the format is inversely proportional to the number of devices that adopt it. Every new device is another opportunity for hackers to break it.

I think it’s hard to over-estimate the importance of this point. It’s easy to gloss it over in policy debates, to assume that achieving interoperability is just a technical problem that the geeks are working on and will solve in a few years. But it’s not. Building an interoperable DRM is like making a cat that barks.

The problem is that the vast majority of the people who write about technology policy aren’t programmers. They don’t really have a clear idea of what DRM does, so they don’t have the technical background to evaluate the claims of the DRM snake-oil salesmen. When a big technology company announces an “open” DRM format, the tech press reports on it dutifully, without really pressing the company for details.

If they did, I suspect that they would find that the various “open” and “interoperable” DRM schemes now being developed are vapor-ware: years from completion and with a lot of the implementation details not quite worked out yet. It’s easy to talk about interoperable DRM in the abstract. But so far, no one has succeeded in actually implementing such a system. That’s not a coincidence, because what they’re trying to do is, as Ed Felten puts it, a “logical impossibility.”

SHARE: 4 comments

I have to admit I’m surprised and a little saddened to see that Overpeer is being shut down. Overpeer worked for the recording industry to pollute peer-to-peer networks with bogus versions of its songs. Apparently, the peer-to-peer networks have instituted new user-rating systems that have made Overpeer’s tactics increasingly ineffective.

I’m surprised it happened so quickly. It was of course inevitable that the peer-to-peer programs would adapt by offering users ways to filter the bad songs out of the system, but I would think Overpeer could take countermeasures, such as automated positive rankings of the bogus songs. But it seems the peer-to-peer networks won this particular arms race in just three years.

This, I think, is one more data point in favor of the thesis that the record labels need to focus less on the stick of preventing piracy (although they should certainly do some of that) and more on the carrot of providing users with easy-to-use, convenient, and affordable legitimate download options. They’ve made some baby steps in the right direction, but they still mostly sell low-quality audio files encumbered with irritating and restrictive “digital rights management.” Improving the quality of the songs they sell online, and abandoning digital rights management, would be important steps toward enticing customers back into the legal fold.

In the long run, I think they’re going to need to be more radical. Google is probably the best model. Google gives away online services worth billions of dollars and funds their efforts with ads. So here’s one model: imagine if the recording industry set up free, ad-supported Internet radio stations. They could do things that ordinary radio stations could never do. For example, users could be required to fill out a survey giving some basic demographic information (age, zip code, industry). Then the ads on each Internet radio stream could be targetted at that individual user. Advertisers could also buy up ads to play with particular playlists, of which there could be thousands. The Britney Spears playlist might have ads targetting teeny boppers, while the oldies playlist would have ads targeted at middle aged people. This could conceivably generate considerably more revenue than traditional radio stations, since advertisers will pay more for precisely targetted advertising.

To be clear, I’m not claiming that peer-to-peer infringement is acceptable, or that the RIAA should stop trying to prevent it. But I also think they have to face the fact that, sooner or later, this is a war they’re likely to lose. So they need to be thinking about what they’re going to do if that happens. You can, in fact, compete with free, (Google has made billions doing just that) but it requires more creativity than the recording industry has shown to date.

SHARE: 2 comments

I don’t want to turn this blog into a Felten-summary service, but I couldn’t resist linking to a pair of fantastic posts over at Freedom to Tinker.

First, Ed Felten explains why we shouldn’t be surprised that MediaMax, like XCP, has security flaws. Security is all about managing risk, and SunComm, like First4Internet designed their software with reckless disregard for the risks it might impose on users. So while the particular bugs that have been discovered were almost certainly an honest mistake, those bugs would have been much less harmful had they not been so cavalier about disregarding ordinary security practices in developing their spyware-like software.

In his second post, Prof. Felten explains that it wasn’t a coincidence that both XCP and MediaMax behaved like spyware. By its nature, DRM software is designed to restrict how users use their computers. Obviously, most users would rather not have that software on their computers at all. So in order to function, the software must deceive the user into install itself, and then must avoid detection and/or resist removal. And what do you know, that’s exactly the same design parameters that spyware authors face. Is it any wonder they came up with similar solutions?

Anyway, he explains all of this much better than me, so go read his first post and his second post.

SHARE:

James DeLong: “I am not a programmer.”

He can say that again!

He’s got a whole post on the implications of multi-threading for open source software. All he really proves is that he doesn’t understand the software development process:

IMHO, much of the general discussion of FOSS, Microsoft, patents, and other software issues has been based on an unspoken premise that software is a mature industry, with its great leaps of innovation behind it, and that public policy should be devoted not to fostering innovation but to turning software into a cheap commodity and to preventing its purveyors from milking products for which they have already recovered the creation costs.

If this premise is wrong, if the situation is one in which massive leaps of creativity are needed, along with the funding for such leaps, then a great many currently popular policy recommendations–such as “no software patents” or “FOSS preferences”–go out the window.

It’s hard to even know where to start. I don’t know of anyone on the copyleft side who bases their support for FOSS on this “unspoken premise.” (although it is, by definition, unspoken, so who knows?) Open source advocates argue that their development model is a better way of fostering innovation because it allows for the collaboration of thousands of the brightest people around the world. They believe they are the cutting edge of software development, at least in certain domains. For example, there’s a reason that Apache, MySQL, PHP, and Perl are among the most popular tools in web development.

The policy implications he cites are just non-sequiturs, and they show the same tendency to misrepresent (or maybe just fail to understand) his opponents. Programmers oppose software patents because they impede innovation by requiring software companies to hire lawyers in order to navigate the patent landmine. As is explained here, software is different from other kinds of inventions. Now, DeLong might not find that argument persuasive. But he should at least do us the courtesy of characterizing our arguments accurately. If he’s going to knock down straw men, he should make some effort to choose straw men that are at least tangentiallly related to his opponents’ actual argument.

The “FOSS preferences” argument is equally nonsensical. That debate is about things like office software and mail servers. These are not applications at the cutting edge of high-performance computing. Whatever the merits of using commercial software in such circumstances, certainly promoting the development of better multi-threading software isn’t one of them. If someone proposes FOSS preferences in the military or the National Weather Service, then we can talk, but as far as I know no one has.

These errors, I think, are a symptom of DeLong’s general cluelessness about how software actually works. Virtually every sentence he writes about technology is confused. (As just one example, some of the highest-performance commercial operating systems are “basically a spin-off of 1970s Unix.” So what?) I could make this already too-long post even longer by fisking every sentence of his post and correcting all the confusion found therein. But what would be the point? DeLong clearly feels his understanding of law and economics trump geeks’ understanding of how the policies he advocates affect their profession.

When geeks complain that software patents are impeding their work, he misrepresents and belittles their arguments without bothering to understand them. When they point out that open source development methods have compelling advantages for certain kinds of applications, he misrepresents and belittles their accomplishments without really understanding them. When we complain about the fact that DRM technologies lock open source software out of access to digital media, he pats us on the head and tells us that open source software isn’t that great anyway.

The problem is that most of the people making policy are just as clueless about technology as he is. So when he makes clueless but plausible-sounding arguments, most of them can’t tell the difference. And because he’s got a JD from Harvard and most geeks don’t, his arguments tend to carry more weight than ours do.

He says he “wants to hear more from the tech community.” That’s great. I just wish he’d listen.

SHARE:

I don’t have a lot to add to Jim’s insightful post about software piracy and the varying approaches to it. I agree with Techdirt that the methodology they’re using appears to be bogus–obviously, not everyone who’s currently pirating software would purchase it if they weren’t able to get a pirated copy. Their hand-waving (and, to my mind, unpersuasive) response to this argument is on page 14 of their report.

I also agree with Techdirt and Jim that it’s unfortunate that the BSA is funding shoddy research, because I agree with their conclusion: software piracy is bad for all of us because it reduces incentives for software development. (whether cracking down on software piracy is the best use of scarce police resources is a more complicated question) Bogus research like this paper make it much easier for the anti-IP radicals of the world to merely dismiss everything the pro-IP side has to say, which I think is a mistake.

But if you’ll forgive me for jumping on my soapbox, I’d like to point out what the software industry is not doing, for the most part, in the face of widespread piracy of its products: it’s not resorting to anything resembling digital rights management, at least for ordinary consumer software. When I buy a copy of Office or Photoshop, I typically have to enter a serial number, but that’s about it. It doesn’t try to limit the number of times I can install the software on my computer. It doesn’t install spyware-like monitoring programs deep in the bowels of my operating system.

Continue reading →

SHARE: 2 comments

The Business Software Alliance is touting a study reporting that: “Cutting the global piracy rate of 35 percent by 10 percentage points over four years could generate 2.4 million new jobs, $400 billion in economic growth and $67 billion in tax revenues worldwide.”

Tax revenue, huh? Sounds like a wonderful public-private partnership brewing. (Yes, sarcasm.)

What’s interesting about it is the interpretation or lack of interpretation being given the study in various quarters.

TechDirt, where I read about it first, provides a lot of interpretation:

Every so often the Business Software Alliance comes out with a press release, based on a study they paid IDC to do, where they misrepresent the issue of illegal software copying. They make huge claims that anyone with half a brain can see is incorrect. . . . The BSA pretends that every copy of software would have been bought if the copy wasn’t available. That seems to be their basis for saying it would help stimulate economies. They say things like: “Some companies know they are losing 40 percent of their business. If they could recoup that, they could employ more people.” Indeed, any company would like to sell more product–but many of the people copying software could never afford it, and never would buy it–so it’s pretty difficult to say they’re really “losses.” At the same time, the BSA seems to completely discount the other side of the equation. That is, companies who are illegally copying software are saving money that they can then invest in hiring more people. Also having the software often makes companies more productive, thereby helping the economy.

Over on another favorite resource, IP Central, the recounting of the BSA report entertains no such skepticism. Indeed, the conclusion is treated as obvious: more law enforcement. PFF was equally uncritical of the previous report, which TechDirt, a sensible market-oriented site, lambasted.

PFF is a good group of friends, old and new. They had a nice holiday reception last night and I took the opportunity to encourage a few of said friends to read TLF and, specifically, to engage with Tim Lee because he has a lot to say. (I ought to hurry and publish this post because he probably will have something to say about the BSA report before me if I don’t.)

Copyright is not only about income for content producers, but also overall welfare. More nuance in our thinking about copyright seems warranted and a more careful discussion of the issues among us free-market-types is needed.

SHARE: 4 comments

Ed Felten has a great post on the cynical logic of digital rights management as it played out in the Sony spyware case. It’s worth reading in full, but I can’t do better than to quote his damning conclusion:

Running through this whole convoluted tale are two consistent threads. DRM is used as a weapon not against infringers but against market rivals. And when companies use DRM to undermine compatibility, law-abiding customers lose.

Go read it.

SHARE:

As an employee of a right-of-center think tank, I’ve had my share of accusations thrown at me that I’m in the pay of corporate America, so I don’t say things like this lightly, but after reading the recently-founded Property Rights Alliance’s defense of the DMCA, I have to say: the RIAA and MPAA should ask for their money back. A few of the most obvious and embarrassing errors:

However, “fair use,” the term often identified with the right to use certain copyrighted intellectual property without permission from or payment to the patent holder, is deceptive rhetoric that masks the real effects of this term. Fair use is inherently perverse to patent holders, intellectual property corporations, and most importantly, to the American consumer.

Now, I’m not a lawyer, but I’m pretty sure there’s no such thing as a fair use doctrine in patent law. And in any event, HR 1201 doesn’t make any changes to patent law. It’s hard to see how you can even begin to have an intelligent discussion of the merits of Boucher’s legislation if you don’t even know the difference between a patent and a copyright. This was clearly written by someone who doesn’t have the first clue what he’s talking about. It continues in the same vein:

Fair use provisions stated in [HR 1201] allow for the manufacturing and dissemination of hacking devices that circumvent copyright protections and infringe on patents, so long as these products are “capable of substantial non-infringing uses.”

HR 1201 allows you to infringe patents? That’s certainly news to me. I suspect it’s news to Rep. Boucher as well. And strangely, the text of the bill does not include the word “patent.”

Then we have this gem:

Providing an exemption for any device that has non-infringement purposes effectively destroys all protections of copyrighted material.

I bet Justices Stevens and O’Connor will be surprised to learn that they abolished copyright law when they established precisely that standard in 1984. Who knew that America had no effective copyright protections until Congress enacted them in 1998?

I could go on, but you get the point. I vigorously support the right of corporate America to hire people to promote their point of view in the legislative arena. But for their own good, they really ought to choose hired guns who know what they’re talking about.

SHARE: 4 comments

Occasional TLF co-blogger Solveig Singleton has some very sensible comments about the pending lawsuits against Sony BMG. I largely agree with her that the actual damages of Sony’s actions are pretty small, and that these class action lawsuits are more likely to enrich lawyers than compensate consumers. I still think the lawsuits should go forward, however, especially given that Sony has yet to pull its other spyware, MediaMax, from the shelves, despite well-documented problems.

The part of her argument that I found most interesting was this paragraph:

It isn’t the technical characteristics of something alone that determine its legal treatment (whether or not we should think of it as an “attack”), it is partly the intent of the actors. Set aside the intent issue for a second and look at the tech. Is it really always clear what is a “pure” hacker tool and what is not? Isn’t it likely that in future programmers might well continue to experiment with “hacker tools” to see if they can use principles in those tools for a useful purpose? Isn’t the argument that there is such a thing as a purely useless and bad tech usually made by advocates of tech bans? Are we saying that all software always has to be easily removable and detectable? By everyone? What about security software or content filters used by parents or schools or employers? Suppose experts could find and remove it but not beginners? Suppose a DRM system was hard to find or hard to remove, but didn’t create a security vulnerability to outsiders? Or suppose it did, but was easy to find and remove? There are a million possible permutations of technology here–hard to imagine the legal system coming up with a top-down rule that makes sense for all of them, especially at this early stage of the game. Markets adapting after the fact are much more flexible.

I wholeheartedly agree. And I’m curious how Ms. Singleton would apply this reasoning to the DMCA. After all, the DMCA is a “tech ban” on a class of devices, namely “circumvention devices,” (which in practice means any devices that interoperate with DRM’ed devices without the permission of the DRM creator). It’s quite true that some “hacker tools” might be useful in software like parental controls. It’s equally true that some “circumvention tools” have legitimate uses as well. For example, as long as Hollywood refuses to create a DVD player for the Linux operating system, any software to play DVDs on Linux is by definition a “circumvention device.” Likewise, any utility to convert songs from the iTunes Music Store format directly to the Windows Media format (so they can be played on WM-based MP3 players from Dell, or Sony) is a “circumvention device.” I could give lots of other examples.

In short, the line between legitimate software and piracy tools isn’t clear-cut, and, to paraphrase Ms. Singleton, it’s hard to imagine Congress coming up with a top-down rule that makes sense for all of them. Which is why it was stupid for Congress to legislate such a rule in 1998. Markets adapting after the facts would, as she says, have been much more flexible.

So is there some distinction I’m missing? Or is Ms. Singleton a closet supporter of the DMCRA, which would repeal the “top down rule” Congress imposed on this market in 1998 and allow market actors to experiment with the potentially beneficial uses of circumvention technology?

SHARE: 18 comments