DMCA, DRM & Piracy

The New York Times reports on the latest way that the DMCA is stifling technological innovation:

The Internet, in theory, can offer a selection of video programming that even the most advanced cable systems cannot match, and technology is helping improve the often grainy quality of online video.

But the cable and satellite companies are becoming concerned about providers of video programming using the Internet to reach customers directly.

Larry Kramer, the president of CBS Digital Media, has explicitly called the network’s Internet video strategy a “cable bypass.”

Yuanzhe Cai, the director of broadband research at Parks Associates, said: “We are seeing a lot of experimentation in terms of video programming through the Internet, and a lot of people are going to want to sit back and watch it on their TV. The big hurdle now is the digital rights issues of the studios and content owners.”

TiVo is caught in the middle. Its current digital recorder is capable of viewing programming from the Internet. Indeed, it recently did a test that allowed its users to download movies offered by the Independent Film Channel. “There is more video content that is coming down the broadband pipes,” said Tom Rogers, TiVo’s chief executive, referring to high-speed connections. He argued that TiVo’s technology could be important in helping providers that put programs on the Internet to gain a wider audience.

So what’s the problem?

Continue reading →

SHARE: 2 comments

Over at the PFF blog, co-blogger Solveig Singleton has some points about the connection between fair use and DRM technology. Some are fair points, others I disagree with, but I think this one is particularly worth commenting on:

DRM does respond to demand. Take interoperability, for example. This is important to consumers. Thus the market began with many types of not-particularly-interoperable DRM. But now there are all kinds of interoperability ventures going on for all types of media. It’s unlikely the market will converge to one… but it is converging.

Lots of people are talking about DRM interoperability. But so far, none have been widely deployed. There’s a good reason for this: genuinely interoperable DRM is a contradiction in terms.

Why? It’s difficult to explain in non-technical language, but I think the fundamental reason is this: the restrictions of a DRM scheme are enforced by devices, not files. That means that every single device that accesses DRMed content must be tightly controlled to ensure it doesn’t become a conduit for unauthorized access to the copyrighted materials.

Therefore, a truly interoperable DRM system–one which anyone is free to participate in–isn’t just a difficult technical challenge. It’s a flat contradiction in terms. A DRM scheme’s security is only as strong as its weakest device. Every software has bugs, and each time a new device is built, it’s a new opportunity for a hacker to examine it and find flaws. Moreover, as flaws are found (which there always will be) the DRM scheme must be constantly upgraded to fix those flaws. Those upgrades must be done in a synchronized fashion, otherwise upgrades to one device might break compatibility with the others. Coordinating those updates becomes harder as the number of licensees increases.

As a result, the specifications for the DRM scheme must remain secret, and every compatible device must be approved by the owner of the DRM scheme before it’s allowed on the market. You can have “interoperability” in the very limited sense that Microsoft’s DRM scheme is interoperable: multiple companies all share Microsoft’s DRM format and so their files can be shared. But that works because the participating companies are all Microsoft licensees, and Microsoft tightly controls who is allowed to participate and what kinds of devices they’re allowed to make.

Real interoperability as it has existed in the technology industry, is quite different. Modern PC hardware is a good example of this. The processor, the memory, the hard drive, the mother board, the graphics card, and plenty of other parts are all built to publicly available specifications. For each part, there are multiple vendors (Intel and AMD for processors, Seagate and Western Digital for hard drives, ATI and nVidia for graphics cards, etc) competing for the business of computer builders. Any new company that knows how to build a part better or cheaper can build it without asking anyone’s permission. No one–Microsoft, IBM, Intel, or anyone else–has the power to exclude anyone from the PC industry or dictate what features a new PC device can have.

The “interoperability” that DRM builders are talking about isn’t like that at all. DRM interoperability is a closed system, with only those vendors who’ve gotten the permission of the DRM maker allowed to participate. If someone wants to do something that the DRM maker isn’t interested in, that’s just too bad.

Why does this matter? The PC industry has been so astonishingly innovative precisely because there wasn’t a central authority approving every device before it went on the market. Innovation often happens precisely when people mix-and-match technologies from different vendors in ways unforseen by either. And it’s vital that new firms be allowed to enter the market, even if their products threaten the market position of entrenched firms.

Moreover, hobbyists and open-source programmers are completely locked out of DRM schemes. Hobbyists can’t be given access to the secret specifications of DRM systems because there’s not way to prevent them from sharing them with others, or to inspect their devices to make sure they implement the DRM scheme successfully. Open source projects are locked out because by definition, the operation of an open source application cannot be secret, and anyone could modify open source applications to disable the DRM restrictions. The first successfully personal computer (the Aople II)was built by a hobbyists. And the most popular web server (Apache) and the #2 and #3 web browsers (Mozilla/Netscape/Firefox and Safari/Konquerer) are built on open source foundations. If you exclude hobbyists and open source programmers from the DRM marketplace, you’re forgoing a lot of potential innovation.

DRM vendors (and before that, copy protection vendors) have a long history of making promises they couldn’t deliver. Every DRM scheme ever made has been broken. Yet they continue to promise that the next scheme will work better. By the same token, DRM vendors are promising a bright future where all DRM schemes will work seamlessly with each other. But that will never happen, because open DRM, like unbreakable DRM, is a contradiction in terms.

SHARE: 6 comments

The EFF has a new study out surveying the results of more than two years of RIAA lawsuits against file-sharers. I’m ordinarily sympathetic to the EFF’s arguments, but in this case, I agree with Adam:

OK Fred, then what exactly IS the answer to the P2P dilemma? Because you don’t favor individual lawsuits, you don’t favor P2P liability, or much of anything else. This is what infuriates me most about the Lessig-ites; they give lip service to the P2P problem but then lambaste each and every legal solution proposed. In my opinion, if you can’t even support the lawsuits against individual users, then you essentially don’t believe in ANY sort of copyright enforcement.

People who don’t like the RIAA’s litigous agenda need to come up with a workable alternative. Too many people on the anti-RIAA side like to criticize every attempt to enforce current copyright laws without suggesting alternative enforcement mechanisms, and without proposing an alternative legal regime. I’m not comfortable with simply shrugging at wide-spread piracy and telling the RIAA to lower their prices and stop whining.

I do, however, have two caveats. First, I think the EFF’s report does highlight some abuses. Getting sued by a deep-pocketed corporation is an extremely intimidating experience, and it’s probably true that some of the RIAA’s targets were wrongly accused. So we should all be thinking about the legal balance that’s created between the RIAA and accused file-sharers. It might be that a legal regime designed to go after commercial pirates is too heavy-handed to deal with individual file sharers.

Secondly, I think the EFF might be right on the empirical question: that in the long run, these kinds of lawsuits aren’t going to prevent widespread use of P2P software. That doesn’t make piracy OK, and it doesn’t mean the RIAA should stop suing people, but it does mean that they should be thinking hard about what they’ll do if, a decade and 100,000 lawsuits from now, they find that peer-to-peer software is more popular than ever. It might be that there just isn’t any way to stop piracy short of shutting down the Internet. If that’s true, then at some point laws are going to have to change to reflect that reality. It would clearly be a bad idea to have a law that’s universally ignored. But I have no particular insights about what the new legal regime ought to look like.

SHARE:

Not much in the case of Sony’s latest clumsy attempt at copy protection. The Register links to a report at Sysinternals that investigates the sketchy things that Sony does to prevent you from making too many copies of its CDs:

The Sony CD creates a hidden directory and installs several of its own device drivers, and then reroutes Windows systems calls to its own routines. It intercepts kernel-level APIs, but then attempts to disguise its presence, using a crude cloaking technique. Disingenuously, the copy restriction binaries were labelled “Essential System Tools”. But the most disturbing part of the tale came when Russinovich ran his standard rootkit-removal tool on the post-Sony PC. “Users that stumble across the cloaked files with a RKR scan will cripple their computer if they attempt the obvious step of deleting the cloaked files,” he writes.

So here’s my question, in all seriousness: how would the DMCA apply to this case? Poorly-written device drivers can be a threat to your computer’s stability and security–not to mention that it apparently slows down your computer even when you’re not playing a CD. But maybe removing it would constitute circumvention of a copy-protection scheme? Maybe I can remove it when the CD is not in the computer, but I have to allow it to be re-installed when I’m playing the CD? Would an anti-virus program that prevents it from being installed constitute a circumvention device? What if I disable the “autorun” feature in Windows? Is that circumvention?

The DMCA debate often proceeds as though “circumvention” is a clearly defined, obvious concept. But I think this example shows that it ain’t so. I assume that disabling auto-run (which requires changing one value in the registry isn’t illegal, but then where do you draw the line? Does “circumvention” require a minimum amount of technological sophistication? Or does the law simply require that I keep badly written device drivers on my system forever if they were put there as part of a DRM scheme?

SHARE:

James DeLong has a good post on the copyright issues raised by Google Print. He highlights past cases in which property rights have been changed to reflect changing technological and institutional realities:

The controversy highlights one of the most important dimensions of property rights, in both theory and practice, which is that property rights regimes are not cast in stone. They are established under a particular set of technological and institutional conditions, and as these change some rethinking and evolution is required and inevitable.

Such change is tricky business, because any concession that property rights are malleable turns into a handy excuse for massive rent-seeking. One road to riches is to persuade governments to redefine property rights so as to take what other people had and give it to you, pleading the need for adaptation to new circumstances.

I actually think there’s a fairly clear distinction to be drawn between changes to property rights on the one hand, and clarifications on the other hand. He talks about the case of airplanes. In theory, property law said that a property owner owned all the air above his land, but with the advent of commercial aviation, that doctrine quickly fell by the sayside. Here’s DeLong’s take:

So, obviously, there was a massive transfer of property rights in the heavenly sphere away from landowners to the nascent aviation industry. You can say that property rights were simply redefined so as to recognize the reality that you do not really own all the way to the sky, or you can say that pre-existing rights were indeed taken, a la eminent domain, and that compensation was due, but that the value of the right to the landowner was zero, so the compensation due was zero. But there is still a redefinition involved because, obviously, the right to extract ransom from airplanes, once they have been invented, is not zero.

I think there’s a third way to think about it: property rights were neither re-defined or transferred. Rather, an ambiguity in the existing rules was resolved. The common law property rights doctrines that existed at the time of the Wright Brothers flight had been developed over centuries by judges who had never seen, and probably couldn’t have imagined, commercial airflight. So while the official doctrine was that you owned the air above your land, it wasn’t clear what that meant. No one had ever been able to fly, so what exactly constitutes tresspass wasn’t well-defined. You could make a plausible argument that flying over someone’s land at 10,000 feet was so fleeting a presence on any particular landowner’s land (indeed, it might be difficult to determine exactly whose land a particular airplane passed over) that it didn’t merit being called tresspass.

Continue reading →

SHARE:

I’ve got a new article up at Reason about a disingenuous argument that’s often heard in copyright debates: that those who defend the traditional scope of copyright (including principles such as fair use and limited terms) are really just opponents of intellectual property who want to (as Jame DeLong put it a couple of months ago) “abolish intellectual property rights in favor of some mystical commune wherein all IP is free as the air and creators are compensated by government.”

Now obviously there are a few IP anarchists out there who want to do precisely that. But that’s not the position of mainstream copyright industry critics. Rather, they are defenders of America’s copyright traditions, which delimits the rights of copyright holders to ensure that copyright does not smother innovation or impoverish our culture.

These are complicated issues. Products like Google Print and Grokster raise difficult questions about how the law can best ensure that artists and authors are compensated without stifling what are undeniably important technological advances.

But it seems that a lot of people on the other side don’t like dealing with these nuances. So instead, they’d like to frame the debate as being a disagreement over “property.” There’s a “pro-property” side that thinks piracy is bad, and an “anti-property” side that doesn’t think piracy is a big deal, just as in Kelo, there was a pro-property side that wanted to rein in eminent domain abuse and an anti-property side that doesn’t think eminent domain abuse is a big deal.

Efforts like the Grover Norquist’s Property Rights Alliance, which I discuss briefly in my article, are all about convincing people on the libertarian and conservative right that that’s what’s at stake. By putting the RIAA, MPAA, et al side-by-side with anti-Kelo activists, they subtly reinforce the idea that they’re fighting the same battle–that, like the eminent domain debate, it’s an argument between a pro-property right and an anti-property left. As I explain in my article, that’s not what’s at stake, and it’s vital that that framing not be allowed to dominate the copyright debate.

SHARE:

Walt Mossberg has a great column criticizing digital rights management technology. He gets the fundamental point that DRM harms consumers by needlessly restricting how, when, and where they can consume content they have legally purchased:

I believe that consumers should have broad leeway to use legally purchased music and video for personal, noncommercial purposes in any way they want–as long as they don’t engage in mass distribution. They should be able to copy it to as many personal digital devices as they own, convert it to any format those devices require, and play it in whatever locations, at whatever times, they choose.

And he suggests boycotting DRM’ed products, such as copy-protected CDs, that overly restrict consumer choice.

However, he makes a fundamental error:

Instead of using DRM to stop some individual from copying a song to give to her brother, the industry should be focusing on ways to use DRM to stop the serious pirates–people who upload massive quantities of music and videos to so-called file-sharing sites, or factories in China that churn out millions of pirate CDs and DVDs.

Princeton CS professor Ed Felten’s reaction is right on the money:

This is a nice vision, but it’s not really possible. It’s abundantly clear by now that no DRM system can stop serious pirates. A DRM system that stops serious pirates, and simultaneously gives broad leeway to ordinary users, is even harder to imagine. It’s not going to happen.

No one has ever invented an un-crackable DRM system. When a new DRM system is released, it invariably takes just a few weeks for someone to release a cracking tool.

That’s not a coincidence. Bits are inherently copyable. Building an un-copyable bit isn’t just a difficult engineering challenge. On a general-purpose computer, it’s impossible. If a computer can read a piece of data, it can make a copy of it. The best you can do is to obfuscate the content so that figuring out how to make the copy is difficult and time-consuming. But that kind of obfuscation won’t stop a professional pirate or a hobbyist cracker with a lot of time on his hands.

Incidentally, it’s worth noting that probably the world’s most famous DRM cracker, Jon Lech Johansen has moved from his native Norway to San Diego to work for Michael Robertson, the the founder of the ill-fated MP3.com and (later) Lindows/Linspire. Johansen produced software to crack the copy-protection on DVDs at the age of 16, and more recently he’s cracked the copy-protection on Apple’s iTunes Music Store. It’s not clear what he’ll be doing, but it’s a safe bet that Hollywood and the recording industry won’t like it.

SHARE: 2 comments

After reading James DeLong’s defense of Patrick Ross’s CNET article on the DMCA, I have to admit that I was being unfair to call the article “incredibly confused.” I interpreted Patrick to be saying that the DMCA literally allows consumers to break contracts they’ve made with content providers. But after reading DeLong’s defense, it’s clear to me that what Patrick meant is that a digital rights management scheme is like a contract in the sense that it allows publishers to place various restrictions on the use of their intellectual property and sell it at different prices. While this isn’t literally a contract (as Patrick might concede) perhaps it’s contract-like device that allows certain beneficial transactions to occur (such as a limited-time online rental of a movie) that would otherwise be impossible.

There’s a kernel of truth to this argument. Certainly if a content producer knows that renting videos online will lead to rampant piracy and destroy the market for purchasing videos, the producer will be reluctant to offer a rental option. Consumers clearly don’t benefit from fewer choices.

But this analysis misses two important points. The first is philosophical: a DRM isn’t a contract, and in several important ways, it’s not even very similar to a contract. As I noted in my previous post, the DRM “contract” is entirely one-sided. Its terms are set by the publisher and the publisher has the power to unilaterally and retroactively change them. If Apple sells a song to a consumer, it is under no obligation to ensure that the DRM scheme enforces the terms stated at the time of sale. Apple is free to change or reduce the functionality available to the consumer (such as reducing the amount of burning permitted) and the consumer has absolutely no recourse.

Continue reading →

SHARE: 2 comments

I’ve got a new article up about the recording industry’s short-sighted strategy to online music downloads. I point out that digital rights management technologies don’t prevent piracy, but they do treat their customers like criminals and give people like Steve Jobs control over their customers.

I think it would be great if it became conventional wisdom that DRM technology is the perpetual motion machine of the 21st century. DRM is fundamentally contrary to the way computers work, because there’s no such thing as an uncopyable bit. You can write software to obfuscate your data, thus making copying more cumbersome, but that just makes cracking it more time-consuming, not fundamentally more difficult. Every few years, technology companies promise a new generation of copy-protection that will actually work. And each generation, they fail miserably.

The sooner the folks at the RIAA and MPAA realize that, the sooner they’ll stop hassling their paying consumers with arbitrary and pointless restrictions that penalize their customers while doing nothing to stop pirates.

SHARE: