June 23, 2004

DRM and Darknets: A Response to Brad Hutchings

I'm not really sure who Brad Hutchings is, but he is a frequent pro-DRM, pro-extensive-copyright commentator on Copyfight. Anyway, in response to my post on Cory Doctorow's Microsoft Research DRM talk, he had a number of comments (Cory on DRM @ Microsoft). Actually, his last comments had portions that I agree with (and, in fact, have said previously). However, I post here to distinguish where he and I disagree. Read on...

Posted by Ernest at 3:28 AM

Basically, Hutchings is making the argument that if you increase the friction (difficulty in obtaining desired files) in a filesharing network, then legal purveyors of the same files will look correspondingly more attractive. Absolutely! Increase the costs of filesharing and decrease the costs of legal downloading and eventually people will shift to legal downloading. For example, see my post, Defining Speedbumps:

This is the approach I've advocated all along, generally referring to it (somewhat misleadingly) as "carrot and stick." Raise the cost (time, convenience, legal bills) of illicit filesharing and lower the cost of legal filesharing (lower prices, broad library, open formats). Once the cost of illegal filesharing is more than the cost of legal filesharing, people will choose the legal alternative.

It is important to realize that there are different costs for different demographics. For example, college students generally have more time than money. The costs to them of searching through spoofed files for a good rip are lower relative to the costs of a harried thirty-something who is actually earning a salary. The issue is to design systems that raise or lower the appropriate costs for particular demographics. In the example above, one policy response might be to increase surveillance of and legal attacks on filesharers at university ISPs (raising the costs of illicit college student sharing) and/or to provide reduced prices for legitimate files to university ISPs (lowering the costs of licit college student sharing).

Of course, this is obvious. Any system is going to have to make legal access easy/cheap and illegal access inconvenient/expensive or it isn't going to work. [emphasis in original]

Where Hutchings and I disagree is whether DRM makes sense as part of this strategy. From his last comment on the post (as of this writing):
A quick review for you... The paper ignores darknet contamination by "noise", more likely in a global darknet than a localized one to make content unfindable, I don't think that's what they meant by "SPAM", as the purposes outside darknets seem different to me. But it could be they just glossed over it.

I think what Brad means here is what is commonly referred to as "file spoofing". Yes, spoofing is one means of increasing the costs of finding the right files (heck I even mentioned it in my quote above). Eventually, I believe spam will also be a serious problem for open nets (lightnets?). Here is a quote of mine (not the earliest) making the same point about spoofing in January 2003 (Hollywood Fears Fighting Piracy):
Spoofing is not 100% effective, but it doesn't have to be. All Hollywood has to do is make P2P sufficiently onerous to use that most or many people would rather purchase the legitimate product. As the article notes, there will likely be an attempted arms race as P2P networks develop new methods to foil spoofing. However, this is a race that the P2P networks are almost certainly doomed to lose. The reason is that the more control is put in the system (control necessary to foil spoofing) the more legally liable the networks or the users of the networks become.

In other words, Hutchings, I get it. I got it a long time ago.

However, what does DRM really have to do with spoofing? Spoofing does one thing: it increases the time necessary to find the desired file. This has two effects. If the time is great enough, some people will choose to pay for the file from a legitimate source. But only some. There will still be some who will choose to search and find a good copy though it takes significant time. This is the second effect, it increases the time for each generational copy. However, even if you stretch out the period of time for each generation of distribution a bit, DRM still doesn't buy you much in the way of protection. See, Speedbumps On Your Car.

Wall or Bridge?

Next, Hutchings looks at the network architecture:

To your contention about effectiveness, I quote from the article: On the other hand, if the darknet is made up of isolated small worlds, even BOBE-weak DRM systems are highly effective. That pretty much makes the point I have been making all along if you step back and realize that not everyone has or uses Kaazaa. FWIW, I do see DRM strength usually having rapid diminishing returns. The authors identify the meta-issue of DRM-crack techniques on the darknet. Yes, anything can be cracked, both theoretically and in practice. Once a crack is known or made, its spread is not affected by its difficulty. But if you put an 8 foot wall in front of your prospective, er, "borrower", they will often find it cheaper to just buy than to climb or walk clear around the wall. That's my point and I sticking to it.

Indeed. But without a network, piracy is usually too much of a pain to participate in significant amounts regardless of DRM. It isn't all that difficult to copy VHS tape to VHS tape, even with the advent of Macrovision. However, most people simply didn't do it because it wasn't worth it when high quality tapes are priced to buy. On the other hand, if Hollywood was still pricing videotapes and DVDs at about a $100 each, there would have been much more incentive to piracy. It would be interesting to see how well the DRM wall would have worked in such a case. But Hollywood lowered their prices to reasonable levels so we can't really test that theory.

Interestingly, the prosecutions for violating the DMCA have all been against people who have access to a network. So, even if we assume that you are right and DRM is effective for those not connected to the network, why prosecute those who promulgate cracks on the internet? Isn't that the issue we are really debating? Additionally, let's take music as an example. Apple's iTunes requires you to have a network connection capable of downloading music. With rare exceptions, if you can download iTunes, you can connect to KaZaA. If people who use iTunes aren't using KaZaA, it has nothing to do with iTunes' DRM. If iTunes didn't have DRM, wouldn't it be even more attractive to users of KaZaA and not the reverse? If anything, doesn't iTunes DRM increase the relative desirability of KaZaA? In such a case isn't DRM more of bridge encouraging people to go pirate than a wall discouraging piracy?

Given that Hutchings concedes that DRM has a limited lifespan for benefits, don't DRM's costs outweigh any benefits once that lifespan is used up? Even if DRM is successful in the short term, in the long term it has costs. Unfortunately, no prominent DRM system degrades over time.

Finally, Hutchings looks at the network theory:

Another theme of the paper from a graph-theoretic perspective is "connectedness". Think of as the theoretical ability for me to get some object from a friend of a friend of a friend. But practically, what matters most is "flow", not that I am connected, but that I can find and it can be transfered to me efficiently. The authors give mention to issues around this (bandwidth, storage, etc.) but don't see it as the central issue. I do, because if I want something, an existence proof does not cut it. Again, if it's less difficult to buy than to seek out a "free" copy, decent people will generally do the right thing and buy.

Absolutely. But show me what popular major media (television, film, music) is not readily available on the filesharing networks even if there is consumer DRM. Heck, many films show up before they are released to the theaters, let alone ripped from the DVD. If you have a broadband connection and aren't getting your media for free from the filesharing networks, it is for some reason other than DRM.
If I had one wish it's that the copyfighters would not blanket call DRM ineffective, because (a) it actually is and (b) a lot more context is needed to predict how effective it might be.

I would argue that it is the proponents of DRM who need to provide a lot more context to explain how effective DRM is.

  Comments and Trackbacks (

Ernest, I'm just a guy with a little software company. I've used "DRM" on much of the software throughout my career (before and after DMCA) quite effectively to stimulate sales. I've gone through every conceivable emotion and reaction to those who think I should give them the product of my work with no obligation on their part to pay. Curiously, I've never sent a DMCA takedown notice. I have seen my DRM activation codes appear on pirate sites, and have taken limited action to deal with them. Unlike most software guys, I have friends and acquaintences in the art and music world, and strangely enough, we have a lot of common ground in both out journeys and our current perception of the challenge of getting users to become paying customers.

Education-wise, I have a an B.S. (cum laude and Phi Beta Kappa) and M.S. in Information and Computer Science from a top CS school, focus on algorithms and data structures, and a focus within that on graph theoretic problems. So I am intellectually flattered to see network arguments being made in social contexts, but am quite entertained when they overlook the distinction between connectivity and flow (or just finding a path). The argument "all DRM can be broken, therefore it is ineffective" suffers from this problem. Among my peers of BS-level CS grads, I know that for the better part of 15 years, there has been active disinterest in the hard theory side of things, and by implication, even more total disinterest in graph theory stuff. Applied engineering curricula gloss over many useful techniques without getting to the meat of the subject. So without being too proud of myself and my pedigree, I do perceive that many of social arguments that appeal to graph theoretic notions lack depth and rigor.

It is a truism in my business though that protected software sells more. There are a variety of competing explanations and a lot of competing strategies for protecting. They are, when you get down to it, no different conceptually than DRM for music. Let me put it this way... With DRM, I live comfortably on software I sell and DRM'd software I write that others sell. Without DRM, I would starve or work for lousy companies (which probably use DRM to ensure their own sales). With DRM, I am able to tell my customers it is OK to share the software but not the codes. And I get a lot of sales that way. I have never had a paying customer complain about the DRM scheme. On the few occasions customers have had trouble activating it, the problems were identified and resolved in a couple e-mails.

So, to sum up, think of me as the existence proof that DRM can be an effective means of increasing sales (dramatically). When you argue wholesale against DRM and the DMCA, you argue against my ability to make a living. I don't take it personally because my side of the argument owns Congress through our convenient proxies (MPAA, RIAA, BSA, etc.). OK, I'm just kidding about that ;-). I do trust that readers of our back-and-forth will arrive at their own informed opinions. And I'm not shy about juggling raw meat around hyenas ;-).

Anyway, you wanted to know who I was. Oh, Dana just posted a picture of me on Moore's Lore. I am the one in the yellow sweatshirt.

Posted by Brad Hutchings on June 23, 2004 07:11 PM | Permalink to Comment

  Post a Comment
  Remember personal info?
  Email this entry to a friend
Email this entry to:   
Your email address:   
Message (optional):   

  Related Entries