July 14, 2004

New DRM Coalition to Raise Barriers to Entry for Competitors

- Posted by

Oh, wait, that isn't the spin they're putting on their organization.

C|Net News brings us news of this new DRM coalition (Tech, Hollywood heavyweights create content coalition). Note that it is the big companies that are pushing this, not the small, innovative companies. Coincidence? I don't think so.

Several high-profile technology companies and movie studios are expected to announce Wednesday that they have formed a coalition to ensure that high-definition video and other content cannot be pirated in home networks.
The article talks about protecting "content" and movies. However, there is no mention of protecting audio. Hmmm ... why might that be? Whatever happened to SDMI?

Same old story. Piracy will continue. Large corporations will be protected from innovative upstarts. Isn't that how capitalism in the 21st century is supposed to work?

July 07, 2004

TiVo vs. Media Center Edition vs. INDUCE Act (IICA) vs. Broadcast Flag

- Posted by

A couple of weeks ago Eric Harrison wrote a head-to-head comparison of Windows Media Center Edition and TiVo. (TiVo versus Media Center Edition PC's - finally!). TiVo won, partly because the original Windows machine had all sorts of defects, but mostly because TiVo is a more solid performer. Paul Robichaux's comparison goes into more depth about the MCE (Media Center Eye for the TiVo Guy).

Jupiter Research analyst Michael Gartenberg looks at Harrison's comparison and adds some thoughts of his own, as JR is working on a report on standalone DVRs (Tivo comparison to Windows Media Center):

First, the PC is more flexible. If I want to store and view my pictures, music and other video content, burn to DVD, copy to a portable media player and stream that content to other devices in my home, I can do that with the PC and not with the TiVo. The MCE EPG is also more flexible. Try and record the West Wing on TiVO, just the 7pm episodes shown on channel 44, not the other boradcasts. You can't do it. It's a snap on MCE. (why would you want to? to record a series according to airdates so you can watch the episodes in order). On the other hand, my TiVO never crashed, locked up, missed a scheduled record or any other annoying issue. Clearly the dedicated funcitonality makes for a more stable platform. Part of the MCE experience issue is that it's still a PC. You still need to exit to the shell to get some things done. You need to re-boot from time to time. If MCE is going to make inroads in the next year it needs to be able to shed the PC experience and live 24/7 as a consume electronics device.
Here are my thoughts. I already have a TiVo. I already have a PC. Most of the people who are considering buying a TiVo already have a PC as well. If the TiVo could simply talk to the PC, then they (and I) could get the benefits of consumer electronics reliability and the flexibility of a PC without having to buy a whole new, rather expensive PC.

So why don't DVRs offer this flexibility? They get sued into oblivion: EFF Archives: Newmark v. Turner Broadcasting System. Need I mention that the IICA (née INDUCE Act) will make bringing such company-resource-draining lawsuits easier? Or that, in a little less than a year, the government will burden such capability with mandatory DRM: Digital Television Liberation Front?

July 06, 2004

Why I Support New DRM Standard for Oscar Screeners

- Posted by

Over the holiday weekend, the AP reported that the Academy of Motion Picture Arts and Sciences (the people who bring you the Oscars) were considering a new anti-piracy technology that would include giving Academy voters special hardware to play DVDs keyed for a single player in order to thwart screener piracy (Studios Eye New Anti-Piracy Technology). Ed Felten explains why this might work as a security tchnology for Academy screeners, but not for mass-market DVDs (Fancy DRM For Academy Screeners?).

I must say, I applaud these efforts by the MPAA to act consistently (Props for Jack Valenti). It may not keep their films from getting onto the internet, but it demonstrates that they aren't hypocrites. Read on for some other reasons (in no particular order) I applaud this move:

  • It is a tacit acknowledgment that movie industry insiders are a significant part of the online movie infringement problem.
  • It is a tacit acknowledgement that CSS encryption for DVDs no longer has significant piracy-fighting capability even for such limited distribution.
  • It treats Academy members the same as consumers, like criminals.
  • Academy viewers will have to deal with many of the frustrations of DRM'd equipment (incompatibility, higher probability of service requirements).
  • A seemingly minor, but important perk goes away. Academy viewers will have to deal with the prohibitions on sharing that Hollywood wants to impose on consumers generally. Even Valenti bragged that he (and many others) would let friends and family borrow screeners:
    [M]ost of [the recipients of screeners], as I did, gave some movies to relatives and friends who in turn gave them to friends, who gave them to friends...
    I doubt Academy viewers are going to appreciate not being able to share with friends and family, sort of like how the broadcast flag will keep people from sharing recorded TV episodes with friends and family.
And hey, while we're at it, why not a few more restrictions to protect the content? I see no reason that screeners should function after Academy voting is completed, so why not have the players burn out their EEPROM after a secure clock shows that voting is over? This will let Academy voters experience yet another proposed type of DRM that will force content expiration unless the system is constantly in communication with a central licensing authority.

Quote of the Day: Telecom and DRM Edition

- Posted by

Telepocalypse discusses why DRM is bad for communication networks (DRM - enemy of telecom):

Ultimately, telecom is about communications, not media. DRM inhibits communications. That’s the opposite of what you’re after. If we’d had DRM before the Internet became widely available, telcos would have sold a lot less dial-up and broadband, and the industry would have even more unlit fiber than it does today.

June 28, 2004

Prove DRM Works - Eliminate the DMCA

- Posted by

For some reason, some people refuse to understand that no DRM system will do anything more than delay determined attackers (there is no way you can provide cyphertext, algorithm and key and not expect your system to be cracked). Once broken, whatever content the DRM was intended to protect will become available on the filesharing networks. The logic is pretty simple and compelling. Yet, there remain people who insist that DRM still works. I argue that it isn't DRM that works but, rather, the anti-circumvention provisions of the DMCA that are doing the work (Potemkin Village - What Secrets DRM Encryption is Really Hiding).

Still, you have arguments such as those from science-fiction author Jerry Pournelle (DRM: The Issues). His basic argument is that DRM can work "good enough." He analogizes DRM to copyright law. Sure, copyright law won't stop all infringers, but it stops enough that he can make money. Funny that he uses law as an example. Precisely. The technology of DRM isn't what is stopping people, it is the legal impediments to sharing DRM cracks (DMCA) that prevent some people from breaking DRM.

Jupiter Research analyst Michael Gartenberg's argument is a bit more perfunctory (I'd have to disagree with Cory Doctrow's position on DRM):

DRM does work and it can be good for business and acceptable to consumers. While most folks might prefer no DRM, that's just not viable in today's world and most consumers will accept DRM solutions. That's not just my assertion, data driven research backs it up. That's a difference between opinion and analysis.[emphasis in original]
Well, glad we have that cleared up! Just trust Gartenberg. Again, why does DRM work here? Is it because DRM is a technical marvel defeating all who attempt to break it? No, DRM works only because the law says it does. Why not simply say:
The DMCA does work and it can be good for business and acceptable to consumers. While most folks might prefer no DMCA, that's just not viable in today's world and most consumers will accept DMCA solutions because the law gives them no choice.
There is a simple way to prove whether DRM works: get rid of the DMCA. If DRM actually worked as a technical matter, there would be no reason for there to be a law making the distribution of circumvention devices illegal, since there would be no circumvention devices.

Oh, wait, it is the companies that sell and use DRM that are the biggest supporters of the DMCA. What does that tell you about the technical effectiveness of DRM?

June 23, 2004

A Logical DRM Speedbumps Strategy

- Posted by

Everyone who is reasonable about the DRM debate agrees that DRM is not going to keep protected content off the filesharing networks forever. All DRM will eventually be broken and, at the very least, the analog hole will for the forseeable future remain an open path for copyright infringement. However, let's assume for the nonce that DRM can significantly delay the spread of protected content onto filesharing networks.

This leads to one of the problems with DRM that I've noted before (Speed Bumps on Your Car). DRM typically outlives its usefulness:

Long after DRM has provided whatever "speed bump" effect it can, consumers are still inhibited from many perfectly legitimate uses of a work. Indeed, many of the costs of DRM are backloaded. DRM likely doesn't create much of an initial issue for many. However, down the line, when people purchase new PCs or devices, DRM is likely to make transfers from old to new devices more difficult or impossible. Looked at from a long term perspective, DRM seems an extremely poor choice if all you're interested in is short term benefit.

I stand by my analysis. But recent DRM debates here and on Copyfight have given me an idea. Read on...

Microsoft is soon to unleash a new DRM technology code-named "Janus" (Rental Nation). What's special about Janus? Well, Microsoft isn't the first developer to create DRM with this capability, but they are the biggest (Microsoft to Publicly Preview New DRM Technology):

Janus includes a "secure clock" that is designed to time-out subscription content for which a customer's license has expired.

But what if we reversed the concept and applied it to DRM? Why not a "secure clock" that is designed to time-out DRM after a set period of time after the DRM has lost whatever speedbump effect it had? Once the DRM has timed out the consumer is left with a non-DRM'd file. I don't see any technical reason why this cannot be done. If DRM can erase expired content, it can also erase DRM.

How long before the latest music has managed to become widely available on the filesharing networks? A few weeks, months? Why not have the DRM time-out over a set period, such as 3 months? Such a strategy would certainly indicate that those using DRM are doing so only in order to reduce piracy. It would treat honest customers with a lot more respect than they are getting now. Heck, it might even become a copynorm. People would certainly be more supportive of a DRM strategy that was more narrowly targeted at infringers and infringed on fewer of their rights.

Of course, I doubt that any major content producer would adopt such a strategy. Why? Because I don't think that the purpose of DRM is to reduce piracy (Why Use DRM If It Doesn't Work? and Potemkin Village - What Secrets DRM Encryption is Really Hiding).

DRM and Darknets: A Response to Brad Hutchings

- Posted by

I'm not really sure who Brad Hutchings is, but he is a frequent pro-DRM, pro-extensive-copyright commentator on Copyfight. Anyway, in response to my post on Cory Doctorow's Microsoft Research DRM talk, he had a number of comments (Cory on DRM @ Microsoft). Actually, his last comments had portions that I agree with (and, in fact, have said previously). However, I post here to distinguish where he and I disagree. Read on...

Basically, Hutchings is making the argument that if you increase the friction (difficulty in obtaining desired files) in a filesharing network, then legal purveyors of the same files will look correspondingly more attractive. Absolutely! Increase the costs of filesharing and decrease the costs of legal downloading and eventually people will shift to legal downloading. For example, see my post, Defining Speedbumps:

This is the approach I've advocated all along, generally referring to it (somewhat misleadingly) as "carrot and stick." Raise the cost (time, convenience, legal bills) of illicit filesharing and lower the cost of legal filesharing (lower prices, broad library, open formats). Once the cost of illegal filesharing is more than the cost of legal filesharing, people will choose the legal alternative.

It is important to realize that there are different costs for different demographics. For example, college students generally have more time than money. The costs to them of searching through spoofed files for a good rip are lower relative to the costs of a harried thirty-something who is actually earning a salary. The issue is to design systems that raise or lower the appropriate costs for particular demographics. In the example above, one policy response might be to increase surveillance of and legal attacks on filesharers at university ISPs (raising the costs of illicit college student sharing) and/or to provide reduced prices for legitimate files to university ISPs (lowering the costs of licit college student sharing).

Of course, this is obvious. Any system is going to have to make legal access easy/cheap and illegal access inconvenient/expensive or it isn't going to work. [emphasis in original]

Where Hutchings and I disagree is whether DRM makes sense as part of this strategy. From his last comment on the post (as of this writing):
A quick review for you... The paper ignores darknet contamination by "noise", more likely in a global darknet than a localized one to make content unfindable, I don't think that's what they meant by "SPAM", as the purposes outside darknets seem different to me. But it could be they just glossed over it.

I think what Brad means here is what is commonly referred to as "file spoofing". Yes, spoofing is one means of increasing the costs of finding the right files (heck I even mentioned it in my quote above). Eventually, I believe spam will also be a serious problem for open nets (lightnets?). Here is a quote of mine (not the earliest) making the same point about spoofing in January 2003 (Hollywood Fears Fighting Piracy):
Spoofing is not 100% effective, but it doesn't have to be. All Hollywood has to do is make P2P sufficiently onerous to use that most or many people would rather purchase the legitimate product. As the article notes, there will likely be an attempted arms race as P2P networks develop new methods to foil spoofing. However, this is a race that the P2P networks are almost certainly doomed to lose. The reason is that the more control is put in the system (control necessary to foil spoofing) the more legally liable the networks or the users of the networks become.

In other words, Hutchings, I get it. I got it a long time ago.

However, what does DRM really have to do with spoofing? Spoofing does one thing: it increases the time necessary to find the desired file. This has two effects. If the time is great enough, some people will choose to pay for the file from a legitimate source. But only some. There will still be some who will choose to search and find a good copy though it takes significant time. This is the second effect, it increases the time for each generational copy. However, even if you stretch out the period of time for each generation of distribution a bit, DRM still doesn't buy you much in the way of protection. See, Speedbumps On Your Car.

Wall or Bridge?

Next, Hutchings looks at the network architecture:

To your contention about effectiveness, I quote from the article: On the other hand, if the darknet is made up of isolated small worlds, even BOBE-weak DRM systems are highly effective. That pretty much makes the point I have been making all along if you step back and realize that not everyone has or uses Kaazaa. FWIW, I do see DRM strength usually having rapid diminishing returns. The authors identify the meta-issue of DRM-crack techniques on the darknet. Yes, anything can be cracked, both theoretically and in practice. Once a crack is known or made, its spread is not affected by its difficulty. But if you put an 8 foot wall in front of your prospective, er, "borrower", they will often find it cheaper to just buy than to climb or walk clear around the wall. That's my point and I sticking to it.

Indeed. But without a network, piracy is usually too much of a pain to participate in significant amounts regardless of DRM. It isn't all that difficult to copy VHS tape to VHS tape, even with the advent of Macrovision. However, most people simply didn't do it because it wasn't worth it when high quality tapes are priced to buy. On the other hand, if Hollywood was still pricing videotapes and DVDs at about a $100 each, there would have been much more incentive to piracy. It would be interesting to see how well the DRM wall would have worked in such a case. But Hollywood lowered their prices to reasonable levels so we can't really test that theory.

Interestingly, the prosecutions for violating the DMCA have all been against people who have access to a network. So, even if we assume that you are right and DRM is effective for those not connected to the network, why prosecute those who promulgate cracks on the internet? Isn't that the issue we are really debating? Additionally, let's take music as an example. Apple's iTunes requires you to have a network connection capable of downloading music. With rare exceptions, if you can download iTunes, you can connect to KaZaA. If people who use iTunes aren't using KaZaA, it has nothing to do with iTunes' DRM. If iTunes didn't have DRM, wouldn't it be even more attractive to users of KaZaA and not the reverse? If anything, doesn't iTunes DRM increase the relative desirability of KaZaA? In such a case isn't DRM more of bridge encouraging people to go pirate than a wall discouraging piracy?

Given that Hutchings concedes that DRM has a limited lifespan for benefits, don't DRM's costs outweigh any benefits once that lifespan is used up? Even if DRM is successful in the short term, in the long term it has costs. Unfortunately, no prominent DRM system degrades over time.

Finally, Hutchings looks at the network theory:

Another theme of the paper from a graph-theoretic perspective is "connectedness". Think of as the theoretical ability for me to get some object from a friend of a friend of a friend. But practically, what matters most is "flow", not that I am connected, but that I can find and it can be transfered to me efficiently. The authors give mention to issues around this (bandwidth, storage, etc.) but don't see it as the central issue. I do, because if I want something, an existence proof does not cut it. Again, if it's less difficult to buy than to seek out a "free" copy, decent people will generally do the right thing and buy.

Absolutely. But show me what popular major media (television, film, music) is not readily available on the filesharing networks even if there is consumer DRM. Heck, many films show up before they are released to the theaters, let alone ripped from the DVD. If you have a broadband connection and aren't getting your media for free from the filesharing networks, it is for some reason other than DRM.
If I had one wish it's that the copyfighters would not blanket call DRM ineffective, because (a) it actually is and (b) a lot more context is needed to predict how effective it might be.

I would argue that it is the proponents of DRM who need to provide a lot more context to explain how effective DRM is.

June 22, 2004

Potemkin Village - What Secrets DRM Encryption is Really Hiding

- Posted by

Cory Doctorow is not the first person to say it, nor will he be the last, but he certainly said it well in his popular talk on DRM he gave at Microsoft (Microsoft Research DRM talk):

DRM systems are broken in minutes, sometimes days. Rarely, months. It's not because the people who think them up are stupid. It's not because the people who break them are smart. It's not because there's a flaw in the algorithms. At the end of the day, all DRM systems share a common vulnerability: they provide their attackers with ciphertext, the cipher and the key. At this point, the secret isn't a secret anymore.

However, DRM does hide (sort of) secrets, they just have nothing to do with the plaintext. Read on...

Of course, everything that Doctorow says about DRM's effectiveness is correct. There will never be DRM for consumer media that can't be broken. It simply cannot prevent determined attackers from breaking it; at best, it merely slows them down for a relatively trivial period of time.

The fact that DRM will always fail isn't why DRM is important. From a technical point of view, DRM is a joke. Really, the long term usefulness of any particular DRM scheme isn't in the technology, but in the law that defends the technology. Once broken, all of DRM's usefulness is provided by statute, by the anti-circumvention provisions of the DMCA.

For example, CSS, the DVD encryption scheme, was broken years ago. Anyone with half a clue can now get ahold of DeCSS and decrypt DVDs. Yet, Hollywood studios still encrypt DVDs, not because of the remaining efficacy (none) of the encryption scheme, but because the encryption scheme is the pass that gets them in the legal door of the draconian DMCA. No manufacturer of DVD players refrains from making a DRM-free DVD player because they are stymied by CSS, but because the draconian penalties for violating the DMCA are more than adequate deterrence.

Why, then, are companies spending so much money on researching and developing "robust" DRM systems? Even if you spend millions on development, in the unlikely best case scenario, your encryption scheme will last for a few weeks or months. After the DRM scheme is broken, all the research and development dollars spent on making strong DRM no longer provide any return. The only return is coming from the fact that you have DRM at all, because the DMCA doesn't care whether the DRM is weak or strong. The DMCA only cares if it is "effective," which most people take to mean, well, pretty much that it is an encryption scheme, period

For example, I don't see any reason why a slightly more sophisticated version of a Vigenere Cypher wouldn't trigger DMCA protection for a media that used it. The company using the slightly modified Vigenere Cypher would have all the legal protections with few of the costs. No one could sell a device that used the same cypher without permission without running afoul of the law. So, why not?

I think it is because it would demonstrate quite clearly what the DMCA is really about. Obviously weak encryption would make it clear to everyone that the DMCA isn't about stopping pirates, but controlling the market and raising barriers to entry. In contrast, if you use a "robust" DRM scheme, it looks like you are really concerned about piracy, that the DMCA is really protecting something very valuable.

DRM is hiding a secret, but it is doing so much as a Potemkin Village hides a secret.

Metaphors Gone Wild: On Pies, Ships, Regressive Taxes, DRM and Microsoft

- Posted by

First, I just want to be clear when that I'm talking about "DRM" here, I mean DRM backed by force of law, that is, the DMCA's anti-circumvention provisions. It would hardly be important to discuss DRM at all except that the law makes it illegal for companies to provide circumvention devices. All DRM will be cracked, and without law prohibiting the distribution of circumvention devices, there would be hardly any sense in spending money on DRM at all.

Last week, on Copyfight, I wrote up a short piece on Cory Doctorow's rightfully popular piece on DRM (Cory on DRM @ Microsoft). In my piece, I agreed with four of Doctorow's five theses. I disagreed with his ultimate conclusion that DRM is bad business for Microsoft. Fellow copyfighter Wendy Seltzer disagreed with me (DRM Is Bad for Monopolists, Too). Read on for more of my thoughts on the issue...

In the comments section of Wendy's post, I attempt to clarify my point that Microsoft may benefit from DRM because it fears true competition. I stand by that point. Without the lock-in DRM provides, the ability of a company like Microsoft to hold on to its customers through the seismic shift of the open source revolution is seriously degraded. Yes, a world without DRM creates a bigger pie, but you only get a slice of that bigger pie if your company can survive in the new world that pie represents. Many companies can't or won't make the transition to a new pie.

Now I believe that Microsoft will make the transition, but it takes a while to steer a corporate supertanker like Microsoft onto a new course (though Microsoft is much more nimble than any previous corporate colossus). DRM slows the pace of transition to a new pie, allowing Microsoft to shift course more readily. Plus, there is little risk in this strategy for Microsoft. If DRM is a failure in the long-term, then Microsoft can easily strip DRM from its products when the long-term costs begin to be felt, while taking advantage of any short-term benefits. Stripping DRM from products is much easier than adding it after the fact (i.e., CDs). If, as a corporate entity, Microsoft is unable to see the value of removing DRM when the long-term costs become apparent, that simply feeds my argument that dumb, uncompetitive companies like DRM.

A Regressive Innovation Tax

Another way to look at this issue is to view DRM as a tax, an analogy that Arnold Kling has made and I agree with (Taxing Hardware to Eliminate Copyright?). However, not only is DRM a tax, it is a regressive tax. The effective tax cost of DRM bears much more heavily on small, innovative startups than on huge, established behemoths.

The way it works is like this: Imagine that you are a startup with a great new idea for dealing with copyrighted works, say, a way to record your CDs onto a handy little digital player, or a digital video recorder that let's you back up video on your computer's hard drive. If you build your product without strong enough DRM, you're going to get sued and maybe the lawsuit alone will put you out of business regardless of its merits. This is a regressive tax on innovation. Startups have a hard enough time getting investment without having to deal with the risks of a Hollywood-backed lawsuit. For a company as big as Microsoft though, while costly, a lawsuit concerning a single product would not threaten the viability of the company.

However, why would Microsoft want to risk a lawsuit at all? Let the small fry defend the frontiers of copyright. Once the court decision is in, Microsoft will be able to adapt whichever way it goes, while the competitor paid the court-based taxes Hollywood demands of every new copying-related consumer technology. Only if the costs are too onerous will Microsoft have to get involved, and if that is case, Microsoft is likely to have many allies in the fight. So, ultimately, Hollywood is paying for barriers to entry on behalf of Microsoft.

Alternatively, the small company can build DRM into its products. This is monetarily expensive, but there are greater expenses. For example, convincing media companies to make their content available in these new formats requires serious negotiating muscle. The moguls aren't going to cut deals with every startup that comes by with a good (or even brilliant) idea. However, when Microsoft calls to make a deal, Hollywood will definitely take the phone call and there will be real negotiations. After all, it isn't as if Apple's DRM was significantly better than what other DRM creators were offering. But Steve Jobs can make himself heard in Hollywood. In contrast, Hollywood's negotiations with startups are more properly termed "demands and conditions" if they take place at all. This is also part of the regressive tax that is DRM and big established companies like Microsoft and Apple benefit from it. Why would they give it up?

Frank Field makes similar points in response to my Who is Bullying Who? post (Our Own Reality TV Show). Field sees these costs, but he thinks they apply to the PC OEMs. I disagree, I don't see anyone threatening to sue PC manufacturers for tertiary copyright infringement for providing third-party software that might be liable for contributory infringement. Before Hollywood goes after Dell, they are going to go after the download sites like If and when such threats exist, then OEMs will have a real dog in this fight. A quick note, however: consumer electronics manufacturers (a pool in which some OEMs are dipping their toes), are one of the groups that has to pay this regressive innovation tax.

Field argues that, "The trick to stopping DRM is going to be finding a way to get the interests of Microsoft and the other software/OS vendors and the hardware OEMs and the consumers aligned." The problem I see with regard to Microsoft is that they are quite happy paying the regressive DRM tax in the short term, so long as costs of the tax are less than the short term benefits of increased barriers to entry. We haven't gotten to the point yet where the long-term costs have been sufficiently felt.

June 21, 2004

Who is Bullying Who?

- Posted by

Robert Heverly has been blogging up a storm on Displacement of Concepts recently and he has several good posts on Cory Doctorow's recent speech at Microsoft on DRM including, I wish I had said that and Still More on Cory's Talk. In a slightly longer post, Heverly disagrees (Not Wanting to Bully, but Not Having That Choice) with a posting by Microsoft evangelical blogger Robert Scoble defending MS's use of DRM (Cory wants Microsoft to be a bully with the RIAA).

Scoble argues that:

Cory wants us to bully the RIAA and push a format that is easily copyable (for music, at least). He says that's exactly what the VCR industry did (yes, he says, they got sued, and won, and were repaid hansomely in the marketplace). Interesting argument. I don't agree with Cory that that'd be a good thing for Microsoft to do. I want to see us avoid the courtroom if at all possible and avoid situations where we're bullying anyone.

Heverly responds:
But Scoble's take is just plain wrong. Microsoft, by including DRM in its technology and not providing the option to operate without it, is bullying consumers. Even in Scoble's own framework, it's not really a "bully or not bully" choice; it's a "who to bully" choice. Put (hopefully) a bit more articulately, it's a question of where Microsoft's own interests lie, and it seems in the eyes of most people, that they lie with the consumers (remember, the customer is always right). [italics in original]

However, I'm not sure that Microsoft is the one doing the bullying in either case. Why, if the RIAA and MPAA are the ones threatening lawsuits over technology, they aren't the bullies? When Scoble is saying that Microsoft should avoid the courtroom in such a case, he is merely saying that Microsoft should accede to the bullying. Of course, one would think that if any company could stand up to litigious bullies, it would be Microsoft. Thus, the real reason must be that Microsoft sees supporting DRM as in its interest. So, I guess Heverly is right after all, Microsoft is on the side of the RIAA and MPAA in bullying consumers.

For more of my thoughts on Cory's speech, see:
my comments here: DRM Is Bad for Monopolists, Too
Cory on DRM @ Microsoft

April 07, 2004

The Broadcast Flag Treaty - Draft Available

- Posted by

Well, technically, the treaty is called the WIPO Treaty for the Protection of Broadcasting Organizations, cuz heaven knows they're all faced with extinction. The draft treaty will be discussed June 7-9 by WIPO's Standing Committee on Copyright and Related Rights (SCCR), which will then "decide whether to recommend to the WIPO General Assembly in 2004 that a Diplomatic Conference be convened." A diplomatic conference can adopt a treaty. The treaty will not go into effect, however, until a certain number of countries have acceded to it. The draft of the treaty is available here: Consolidated Text for a Treaty on the Protection of Broadcasting Organizations [PDF].

This treaty is really a nasty bit of work. It will give broadcasters, not copyright holders but broadcasters, a number of exclusive rights in their broadcasts, such as fixation, reproduction and distribution, whether or not the broadcast is of a public domain work. Moreover, the treaty would require signatories to prevent circumvention of those rights.

Oh yeah, the treaty would also apply to "cablecasters" and the United States (all alone on this one, apparently) wants the treaty extended to cover "webcasters." What exactly constitutes a webcaster isn't entirely clear, perhaps only streaming, perhaps HTTP. While the US is not a signatory to the previous treaty on broadcast, our efforts on negotiating this one indicate we are likely to sign on.

Read on for a look at this monstrosity...


EFF's Consensus at Lawyerpoint, an anti-broadcast flag blog, reported on the origins of this treaty back in August 2002 (Europeans push WIPO Broadcast Treaty to create "fixation rights"). Last October James Love, director of the Consumer Project on Technology, wrote (with comments and suggestions from EFF's Cory Doctorow) an excellent analysis of an earlier draft of the treaty ([DMCA-Activists] On the Proposed WIPO XCasting Treaty). CPTech maintains a website tracking the treaty (The proposed WIPO Treaty for the Protection of the Rights of Broadcasting, Cablecasting and Webcasting Organizations).

Sui Generis Copyright-like Protection for Broadcasts

The treaty would give (among others) the following rights to broadcasters, cablecasters and, if the US has its way, webcasters: fixation, reproduction and distribution. Of course, there is no limit on what is covered by the treaty, as long as it is "broadcast" and consists of "sounds or of images or of images and sounds" (although why they couldn't just say "images and/or sounds" is beyond me). In other words, broadcast of public domain works like Dawn of the Dead would be covered along with works for which the broadcaster owns the copyright. Heck, you could start a radio station that exclusively broadcast Creative Commons-licensed freely distributable works and keep anyone from recording your broadcast.

Why bother with copyright? Simply "broadcast," or in the US's version, "webcast" all your material. Instead of connecting to an FTP server to get video or music you would connect to an ongoing "webcast" of the media, so that way, the broadcaster can keep control of the media even if it isn't copyrightable.

Article 8
Right of Fixation
Broadcasting organizations shall enjoy the exclusive right of authorizing the fixation of their broadcasts.

No more VCR, DVD-R or TiVo for you. So much for time shifting. Goodbye Sony v. Universal, it was nice knowing you.

This is the mandated broadcast flag. If the broadcaster doesn't want you recording it, you don't have a right to.

Article 9

Right of Reproduction

Alternative N

Broadcasting organizations shall enjoy the exclusive right of authorizing the direct or indirect reproduction, in any manner or form, of fixations of their broadcasts.

Alternative O

(1) Broadcasting organizations shall have the right to prohibit the reproduction of fixations of their broadcasts.

(2) Broadcasting organizations shall enjoy the exclusive right of authorizing the reproduction of their broadcasts from fixations made pursuant to Article 14 when such reproduction would not be permitted by that Article or otherwise made without their authorization.

More broadcast flag goodness. Even if you are allowed to record it, the broadcaster can control how you can reproduce it. That way, if you want to shift the latest Sopranos from the TiVo in the living room to your laptop to watch on the plane, the broadcaster can stop you.

The US and, for some reason, Egypt support alternative "O", which protects broadcasters from reproductions of unauthorized fixations.

Article 10

Right of Distribution

Alternative P

(1) Broadcasting organizations shall enjoy the exclusive right of authorizing the making available to the public of the original and copies of fixations of their broadcasts, through sale or other transfer of ownership.

(2) Nothing in this Treaty shall affect the freedom of Contracting Parties to determine the conditions, if any, under which the exhaustion of the right in paragraph (1) applies after the first sale or other transfer of ownership of the original or a copy of the fixation of the broadcast with the authorization of the broadcasting organization.

Alternative Q

Broadcasting organizations shall have the right to prohibit the distribution to the public and importation of reproductions of unauthorized fixations of their broadcasts.

In other words, no filesharing of broadcasts. Don't you dare make the fixation you made of ABC's broadcast of the President's State of the Union address (SotU) available on KaZaA.

Article 11

Right of Transmission following Fixation

Broadcasting organizations shall have the exclusive right of authorizing the transmission of their broadcasts following fixation of such broadcasts.

Don't webcast what you've saved previously. Not only can't you put your fixation of the SotU on KaZaA, you won't be able to webcast it either.

Now, governments can make the same exceptions to these broadcasting rights as they "provide for, in their national legislation, in connection with the protection of copyright in literary and artistic works." But they don't have to. Nor is it clear to me, under recent copyright decisions, that the Constitution requires the US to do so.

Term of Protection and Formalities

Article 15
Term of Protection
The term of protection to be granted to broadcasting organizations under this Treaty shall last, at least, until the end of a period of 50 years computed from the end of the year in which thebroadcasting took place.

Great. Copyright isn't long enough we have to provide protection for the broadcasts for fifty years in addition? So, forty years from now, when your grandchildren want to use a clip from television today to illustrate a report on the popular culture of their grandparent's era, they'll have to clear permissions with the television station that broadcast the clip (assuming we still have television stations then).

The previous treaty had a length of twenty years and, as we all know, broadcasters in countries that signed the treaty have suffered greatly from this length.

Article 18


The enjoyment and exercise of the rights provided for in this Treaty shall not be subject to any formality.

No pesky registration requirements or anything. That way it is very difficult for people to know who owns the rights to what decades from now.

DMCA for Broadcast Flag

Article 16
Obligations concerning Technological Measures
(1) Contracting Parties shall provide adequate legal protection and effective legal remedies against the circumvention of effective technological measures that are used by broadcasting organizations in connection with the exercise of their rights under this Treaty and that restrict acts, in respect of their broadcasts, that are not authorized or are prohibited by the broadcasting organizations concerned or permitted by law.
Alternative V
(2) In particular, effective legal remedies shall be provided against those who:
(i) decrypt an encrypted program-carrying signal;
(ii) receive and distribute or communicate to the public an encrypted program-carrying signal that has been decrypted without the express authorization
of the broadcasting organization that emitted it;
(iii) participate in the manufacture, importation, sale or any other act that makes available a device or system capable of decrypting or helping to decrypt an encrypted program-carrying signal.
Alternative W
(2) [No such provision]

This is the equivalent of the passage in the WIPO Performances and Phonograms Treaty (WPPT) that the US used as one of the justifications for the passage of the DMCA. So, not only does this treaty require a broadcast flag, it will be illegal to circumvent it.

Article 17
Obligations concerning Rights Management Information
(1) Contracting Parties shall provide adequate and effective legal remedies against any person knowingly performing any of the following acts knowing, or with respect to civil remedies having reasonable grounds to know, that it will induce, enable, facilitate or conceal an infringement of any right covered by this Treaty:
(i) to remove or alter any electronic rights management information without authority;
(ii) to distribute or import for distribution fixations of broadcasts, to retransmit or communicate to the public broadcasts, or to transmit or make available to the public fixed broadcasts, without authority, knowing that electronic rights management information has been without authority removed from or altered in the broadcast or the signal prior to broadcast.
(2) As used in this Article, “rights management information” means information which identifies the broadcasting organization, the broadcast, the owner of any right in the broadcast, or information about the terms and conditions of use of the broadcast, and any numbers or codes that represent such information, when any of these items of information is attached to or associated with 1) the broadcast or the signal prior to broadcast, 2) the retransmission, 3) transmission following fixation of the broadcast, 4) the making available of a fixed broadcast, or 5) a copy of a fixed broadcast being distributed to the public.

And don't try to make your copy of the broadcast of the State of the Union look like a legal, unbroadcast version.

Article 21

Provisions on Enforcement of Rights

(1) Contracting Parties undertake to adopt, in accordance with their legal systems, the measures necessary to ensure the application of this Treaty.

(2) Contracting Parties shall ensure that enforcement procedures are available under their law so as to permit effective action against any act of infringement of rights or violation of any prohibition covered by this Treaty, including expeditious remedies to prevent infringements and remedies which constitute a deterrent to further infringements.

Many people argued that the WPPT didn't require the US to pass the DMCA, as Congress concluded, because the US already adequately protected the rights of copyright owners. As the US doesn't protect any "broadcast" rights (other than some "theft of service" stuff), this provision would pretty much require a US Broadcast Flag DMCA law to be passed.


This is bad, bad, bad. What more can I really say?

March 22, 2004

Copyfight - The Remix

- Posted by

Donna Wentworth has made her blog, Copyfight, a must-read since its beginning. That is why I am honored to join her and some most excellent colleagues in continuing Copyfight as a group blog. I will be posting along with Elizabeth Rader, Jason Schultz, Aaron Swartz, and Wendy Seltzer. Read the greeting message: Copyfight--the Expanded Edition. The blog description:

Here we'll explore the nexus of legal rulings, Capitol Hill policy-making, technical standards development and technological innovation that creates--and will recreate--the networked world as we know it. Among the topics we'll touch on: intellectual property conflicts, technical architecture and innovation, the evolution of copyright, private vs. public interests in Net policy-making, lobbying and the law, and more.

I'll continue to post here, of course, especially my longer pieces.

March 09, 2004

Intel on the "Server in the Closet"

- Posted by

Well, just after I posted the last article on "Technology Advances for 'Server in the Closet'," I came across a recent speech by an Intel honcho on the subject. Louis Burns is Vice President, General Manager, Desktop Platforms Group for Intel and he goes into some depth about where Intel thinks these things are going (Intel Developer Forum, Spring 2004 - Louis Burns Keynote).

Surprisingly, the speech is really quite good at describing the potential for such devices and Burns seems to almost get it. I highly recommend reading the full article.

The basic concept is straightforward: "It's simply giving users what they want, any content on any device, anywhere in their home. Simple to say, difficult to do, but exactly what they're asking us for." Unfortunately, implementation is not straightforward, especially when you try to accomplish two opposed things at the same time, such as implementing DRM and making things easy and transparent to connect to each other. For example, Intel is sucking up to the MPAA:

We talked earlier, it really has to deliver on what we call premium movie content. Doing your own personal pictures or videos is cool, but we need premium movie content.
So with that in mind, we've been working very closely with Movielink. Movielink is one of the first movers, the fast movers on delivering premium movie content through the IP network.

Yeah, integrated DRM, that is what consumers want. That will make it easy to get content on any device, anywhere.

The other problem is that Burns shorts the potential for content creation and sharing outside the home. Near the end of the speech he devotes two whole paragraphs to the idea of consumers creating content. The example he uses, organizing and manipulating your digital photos, is pretty lame given the incredible possibilities. There is also little talk about how one would then share their creations in an effective, efficient way.

Still, this is an important vision statement from Intel.

via PVR Blog

February 18, 2004

Speed Bumps on Your Car

- Posted by

One frequent justification you see for the use of DRM with copyrighted files is the so-called "Speed Bump scenario", which Derek Slater discusses here (Technology as Speed Bump). The basic idea is that, although DRM won't stop filesharing, it is useful in slowing the initial dispersion of copyrighted files as the number of initial uploaders will be reduced. The idea seems to make a lot of sense initially, but ultimately is not such a good idea.

First, for DRM to be at all effective, it will have to be backed up with something like the DMCA anti-circumvention provisions. Suffice to say that the DMCA is extremely problematic. Odd that such a draconian law is needed to justify a mere "speed bump." The words "sledgehammer" and "fly" come to mind.

Second, there is a serious issue regarding how effective the speed bump will be. Yes, you might reduce the number of initial uploaders. However, the spread of a file through P2P filesharing is exponential. What this means is that you have to think of effectiveness in terms of exponential generations. Let's say, for example, that without DRM there will be 256 initial filesharers. With DRM you manage to reduce the number of initial filesharers to 8. This would be an amazing reduction in the number of initial filesharers, only 1/32 of the number without DRM. However, assuming that the exponent of distribution is 2, you've only delayed the spread of the file by 6 generations. Even if the length of time for each generation is 4 hours, you've only slowed the distribution a single day. Whoop-de-do.

Once you are past the "speed bump" delay, you'd better have other ways to deal with files already in distribution. If you don't you might as well give up. In any case, you have to really wonder if all the DRM effort is really worth such short delays.

Third, there is another issue that creates serious cost/benefit issue. The problem with DRM as a speed bump is that it doesn't go away. Even if DRM is effective in the short term (which I think unlikely), its costs are long term. Long after DRM has provided whatever "speed bump" effect it can, consumers are still inhibited from many perfectly legitimate uses of a work. Indeed, many of the costs of DRM are backloaded. DRM likely doesn't create much of an initial issue for many. However, down the line, when people purchase new PCs or devices, DRM is likely to make transfers from old to new devices more difficult or impossible. Looked at from a long term perspective, DRM seems an extremely poor choice if all you're interested in is short term benefit.

Speed bumps make sense on some streets and parking lots. It doesn't make sense to attach them to your car.

February 12, 2004

DRM Dystopias on Parade

- Posted by

Mary Hodder has some excellent reporting from the Digital Media Summit in New York this week (Digital Media Summit Day 1). Below is a sample. Read the whole thing:

Media people still assume they are in control, and the case in point is the title of one of the first panels: The Broadcast Advantage or the Network Dominance Niche: Why the programming and advertising giants continue to deliver and maintain mass audience loyalty. I attended the first 10 minutes [that] this was debated. But still they assumed there was still control. They are arrogant, and it is a big part of the reason the public is so angry with media companies, and the press for that matter, and will keep wanting more ability to rip, mix and burn their media and to design their own experiences, and talk about it with both their friends and the makers of the content they buy.

February 09, 2004

P2P and Pornography: Cheap is More Convenient

- Posted by

The New York Times (reg. req.) has written an article on the different approaches that pornography companies are taking with regard to P2P (The Pornography Industry vs. Digital Pirates). The responses range from "It's direct marketing at its finest" to tactics similar to those used by the RIAA. This is not surprising, however, due to the fact that music and pornography industries are structured very differently. After all, no one would be surprised that book publishers aren't going after filesharers, since ebook sharing isn't nearly as big a threat to book publishers as music sharing is to music publishers.

On of the key paragraphs for me was near the end of the article:

Pornography merchants say that they have the advantage over free file-sharing networks, at least for now. They say the networks are not well suited to the needs of their consumers, who like images and movies that push their very specific buttons for, say, blondes or cheerleaders.

Basically, you can still sell porn despite free P2P versions because there are other barriers to access that a legitimate site can easily overcome. Unlike MP3s, for example, images and many pornographic videos on P2P networks have atrocious metadata. Because MP3s are relatively metadata rich, it is easy for someone to search for particular artists or songs. If you had to rely solely on filename (as much pornography must), it would be much more difficult to find the music you want.

As the paragraph notes, people are often interested in particular types of pornography (i.e., foot fetish, smoking fetish). Finding such images would be as difficult as searching music only by genre. You can find it, but the search is much more burdensome than searching for specific artists. I think radio, for example, helps reduce search costs for music. There is no equivalent of radio for pornography.

Anyway, pornography and music are different markets and their responses to filesharing will be different. However, there are lessons for the music market. Number one, convenience is worth money. A site that can make it easy for me to find music I will like and get that music for me when I want it is more valuable than an inconvenient, hit-or-miss P2P experience. As a porn entreprenuer says:

"Free is very anarchistic and hard to deal with, and you don't know what you're getting," said a pornography entrepreneur who goes by the online pseudonym T. Lassiter Jones. "Cheap is more convenient."

The formula for the record companies to survive is simple: raise the cost of using P2P networks (through lawsuits, bogus tracks, etc.) and provide convenient, inexpensive legitmate access to music. Once the cost of the legitimate source is less than the costs associated with P2P, then P2P will no longer be a major threat. Percentages might fall, but the overall market will likely grow.

In this model, DRM is a mistake. DRM does not significantly raise the cost of P2P (the music gets on the network anyway), but does decrease the value of access to authorized music files.

It works for pornography.

February 06, 2004

P2P Industry Association is Not Your Friend

- Posted by

C|Net News reports that the Distributed Computing Industry Association (the P2P industry group), has proposed a third business model for legally sharing music via P2P (Trade group proposes new P2P music model). You can read the details of all three models in a Power Point presentation (ever hear of open formats DCIA?): P2P Music Models [PPT].

Like their other models, this model has a snowball's chance in H-E-Double-Hockey-Sticks chance of succeeding, but then the DCIA isn't really interested in success, they are just interested in acting as if they want a solution. However, to the extent that they are proposing solutions that give the music industry a chance to control the market, the DCIA is essentially fronting for the RIAA. So let's take a look at this "new" model:

The model is a joke from the introductory sentence:

Sell content to consumers in the P2P marketplace - first by digital watermarking and DRM, then through uploader incentives and user participation programs.

Ummm, and why would people want to buy something they can get for free? Why will people download music files with DRM when they can, just as easily, download files without DRM? This makes absolutely no sense. Which brings us to "Phase 1":

Introduce digital watermarking system and apply DRM to copyrighted music in P2P distribution regardless of point-of-origin

What planet do these guys come from? Seriously. What sort of draconian, totalitarian solution will be required to ensure that all copyrighted music that enters P2P distribution networks has DRM and watermarking? This is simply ridiculous. It is hard to believe they can say this with a straight face. However, wouldn't Hollywood love this solution? All content would be ID'd and protected by DRM. I say that the DCIA can take my non-DRM, non-watermarking Ogg Vorbis ripper when they pry the keyboard from my cold, dead fingers.

Maybe We Can Bribe Stupid People, aka Phase 2

Incentivize active file sharers with revenue-sharing program for upgrading and applying DRM to music files they redistribute

This is a really great way to identify uploaders, who will presumably have to provide all sorts of identifying information to the RIAA in order to get their share of the funds. These readily identifiable uploaders better make sure they aren't sharing non-DRM'd copyrighted files or they will be in for a world of legal liability. This, of course, would tend to make their ability to redistribute much less than those who don't play nice with the RIAA/DCIA.

In any case, how in the world will they implement this? Will uploaders get paid for each download? Will uploaders get paid for each DRM wrapper that is opened? If so, how will the RIAA/DCIA keep track? Will each uploader have to create a unique DRM wrapper? The problems here are not trivial.

Also, explain to me again why P2P is the best way to implement this system? Why not just use webpages?

All Your Files Are Belong to Us, aka Phase 3

Ubiquitously deploy ID/DRM system to protect consumer-produced as well as label-produced musical works

Well, of course consumers should be able to participate in this DRM'd paradise. After all, if consumer-produced music wasn't properly DRM'd then we would be swamped with lots of non-DRM'd files in the P2P network, which would make it much, much harder to stop the non-authorized filesharing of copyrighted music.

Although this would be "voluntary" ("Develop technologies to permit consumers to insert file-fingerprints and register their own recorded musical works for P2P distribution" [emphasis added]), in the end it would become mandatory for all filesharing:

After full marketplace acceptance, evaluate TBD methods for potentially filtering unknown music files in manner acceptable to all affected parties

Gee, isn't that what the RIAA is asking for now? Thanks for nothing DCIA.

February 04, 2004

DRM - False Privacy Savior

- Posted by

On the Moore's Lore blog Dana Blankenhorn makes the provocative claim that DRM will be useful as a privacy protection measure (Mobile DRM Argument Misses The Point). Dana points out a major issue the world of "always on" raises, that of privacy. When almost everything we do is generating wireless data, such as our blood sugar levels, refrigerator contents, and garden soil moisture levels, we will certainly want to protect much of that information from prying eyes. Dana's response is to promote the use of DRM as a privacy protection measure.

This is not such a good idea for a variety of reasons.

First, it would essentially propertize our privacy. There are a number of major concerns regarding propertizing privacy, especially the fact that it is unlikely to solve many of our problems. Without going into a major critique here, Pam Samuelson has written a good introduction to many of the issues involved: Privacy as Intellectual Property? [PDF].

Second, enabling DRM in everything is far more likely to be privacy corroding. Anonymity would be very difficult to assure when everything is digitally signed and encrypted.

Third, DRM is a technical solution, not a policy or social solution. Dana claims that,

Under DRM the holder of the content has the absolute right to control where it goes, and the conditions under which it is used. Right? Isn't that what you want, when the content is personal, even intimate, knowledge about you, your body, your possessions? Isn't that the very basis of privacy?

But this isn't true. My ability to control information about me has far more to do with my ability to negotiate with those who will have access to information about me then the technical protections I choose. For example, people can choose not to use a grocery store card that tracks their purchases, but that is going to have a significant impact on their wallets (which leaves no choice for many people). I can choose not to enable cookies on my browser (yeah, right). Each of these privacy-protection solutions is technologically impeccable and completely within my theoretical power, but their ability to protect practically non-existent. DRM will not change this.

There is also a strange dissonance in Dana's position. Dana says that, "Once you buy something, whether it's a can of peaches, a microwave, or a song by Nelly, it's yours." However, why wouldn't the same apply when the grocery store "buys" my grocery-shopping habits in return for everyday lower prices? Why wouldn't the grocery store "own" that data? After all, that data was generated with the grocery store, they are partially responsible for generating that data in the first place.

Privacy is an important issue in the "always on" world, and DRM may play some role in the solution with regard to particular problems and specific threat concerns. However, there is simply no reason to believe that DRM should be "baked into the World of Always-On" in order to protect privacy.

January 15, 2004

HP's Corporate Schizophrenia

- Posted by

Late last week Hewlett Packard Chief Executive Carly Fiorina declared that starting this year all HP digital entertainment products will use software that respects the copyrights of artists. In other words, HP would become one of the leading proponents of DRM (HP Goes Off the Rails).

This week, Fiorina is celebrating the fact that HP raked in the bucks selling Linux-related products and services in 2003, according to a C|Net News article (Linux brings in $2.5 billion for HP). HP is selling Linux-based collections of hardware and software, as well as thin clients that plug into central Linux servers. Revenues for Linux-related products and services in 2003 increased $500 million or 25% over 2002. Sounds like a nice, healthy, growing business to be in.

Apparently, not a business HP really wants to see take off, however. Someone at HP should inform Fiorina that DRM and Linux don't work too well together.

Here's an idea Fiorina: the heck with sucking up to Hollywood; start selling Linux-based digital entertainment products to consumers. Who wouldn't want a central Linux server that sends multimedia to a bunch of thin clients throughout the house?

January 13, 2004

DRM as Protectionism

- Posted by

One of the main reasons that Hollywood has been such a proponent of DRM (such as fighting to protect CSS) is not simply to protect against internet movie piracy (which remains a minor irritation at best), but to protect region coding, which allows movie studios to release the same DVD in different markets at different times, or slightly different DVDs in different markets. This form of price discrimination is a traditional means for copyright holders to maximize revenue, but in the digital age requires major restrictions on consumers to make it work. So, for example, if someone from the US buys a DVD while on vacation in Europe, they won't be able to play it back in the US.

Hollywood, of course, would love to have region coding even further mandated by law and international treaty, but if they are successful, they may not like the ultimate results.

The Competitive Enterprise Institute has a brief article on efforts by some ministers of culture to have cultural goods exempted from free trade agreements (The New Protectionism). The organization in question, International Network on Cultural Policy (INCP), seeks to help countries "develop strategies to promote cultural diversity," which generally means excluding US cultural products to some degree.

How interesting it would be for the INCP to take up the banner of region coding in order to enforce restrictions on the flow of cultural goods. This is really not that far fetched. DRM is a wonderful tool that governments can use to enforce all variety of censorship.

November 10, 2003

Sony's CD DRM Makes a Comeback

- Posted by

WIRED publishes a Reuters wirestory on Sony re-launching its ConnecteD CD Extras format as a new type of DRM (Sony's User-Friendly Copy Block). Love the title for the piece - where did it come from? The press release? Simply more evidence of Sony's consumer electronics schizophrenia. How long before someone like Alex Halderman writes a critique of Sony's DRM as devastating as Halderman's analysis of SunnComm's (Analysis of the MediaMax CD3 Copy-Prevention System).

November 06, 2003

The Problem with Incompatible DRM

- Posted by

C|Net News has an interesting piece on the incompatibilities created by the use of DRM (Stalemate on digital content?). The underlying video might be standard MPEG, but the differing DRM used by two different systems makes the formats incompatible. You can't listen to Windows Media Audio (WMA) on iPod, and you can't listen to Advanced Audio Coding (AAC) iTunes on anything but iTunes.

This is sort of like the war between Beta and VHS, except here you have un-DRM-encumbered formats such as MP3 and Ogg Vorbis. Are Microsoft and Apple secretly trying to reduce the market success of their licensed music downloads?

November 05, 2003

Broadcast Flag Loophole Watch - Manufacture for Export

- Posted by

Okay, so I've been reading the FCC's Broadcast Flag requirements and I've noticed what appear to be a couple of potential loopholes for those interested in maintaining consumer rights past the July 1, 2005 deadline (Report and Order and Further Notice of Proposed Rulemaking). According to the FCC's new report, it is illegal for manufacturers and distributers in the US to provide non-DRM'd equipment (effective July 1, 2005) to US citizens, but perfectly legal to manufacture the devices here and sell or distribute them overseas:

§ 73.9009 Manufacture for Exportation.
The requirements of this subpart do not apply to Demodulators, Covered Demodulator Products or Peripheral TSP Products manufactured in the United States solely for export.

The FCC, apparently, believes that foreigners won't be pirates, but US citizens and residents will. Either that, or the FCC believes that foreign residents deserve to have media functionality that US citzens don't.


This reminds me of the old cryptographic requirements, only in reverse. In the earlier days of the web, there were a number of websites that provided cryptographic programs for download, as long as the downloaders were in the US, since it was illegal to export the programs, but not to distribute them domestically. The websites offering the programs for download made some attempt to block people from downloading the programs overseas.

Here, the situation is reversed. It is illegal to distribute domestically, but not to export. Thus, you can write an open source demodulator without DRM, as long as it is solely for export. I imagine you can make the program downloadable, as long as you make some effort to ensure people can't download the program from within the US.

This is a significant improvement over the DMCA, which prohibits virtually all distribution. Under the DMCA, you can't distribute DeCSS at all. Under this regulation, you could distribute the equivalent of DeCSS, as long as you distributed it only to those outside the US. Thus, for open source software developers in the US, they can distribute their work overseas (which will then be redistributed right back to the US).

Caveat: This is based on a quick reading of the regulation. I may be missing something that closes this loophole.

November 04, 2003

FCC Mandates Broadcast Flag

- Posted by

Salon reports that the FCC has approved the Broadcast Flag (FCC approves Internet anti-piracy tool):

While all five commissioners supported the order, Jonathan Adelstein, one of two Democrats on the five-member panel, said the decision did not safeguard viewers' privacy.


What a title for the Salon article! Even worse is this quote from the Viacom/CBS Statement On 'Broadcast Flag':

Today's decision by the FCC is an historic step forward for consumers.

Read the FCC press release (FCC ADOPTS ANTI-PIRACY PROTECTION FOR DIGITAL TV [PDF]). From the "facts" in the press release:

The broadcast flag protects consumers’ use and enjoyment of broadcast video programming. The flag does not restrict copying in any way. [emphasis added]

Technically true, but extremely and exceedingly misleading. Were the definition of "lie" all but emptied of content by politics, I would call this a lie.

Press Statement of Chairman Michael K. Powell [PDF]

Because broadcast TV is transmitted "in the clear, " it is more susceptible than encrypted cable or satellite programming to being captured and retransmitted via the Internet.

And this occurs, how? Plain and pure ignorance on the part of the chairman of the FCC.


Mindful of our ongoing obligation to speed the digital transition and to promote the viability of free over-the-air broadcasting in the digital age, we have navigated a solution that embraces protection and deters piracy without sacrificing innovation or frustrating consumer expectations.

The wisdom of Solomon in action. I imagine that piracy will plummit very soon.

By protecting against digital piracy, we also encourage entertainment companies to deliver via free over-the-air broadcast its most valuable programs.

What protection would this be? Is it the same strength of protection that is keeping DVDs (some of the most valuable programs) off of the internet?

I am hopeful that any court review of this decision can occur before the effective date of our rules.

Yeah, I would imagine so.


Commission action here strikes me as warranted because we are fast approaching a situation wherein new technologies will provide arguably too much power to those who would infringe and pirate the rights of digital creativity.

Translation: Damn that new technology! Heaven forbid people should be able to do only what major corporations have been able to do in the past. You just can't trust the public, only corporations must be allowed to make such decisions.

Consumers would be forced to use a technology not because it provides consumer options or preserves fair use, but because they have no choice. Corporate interests would have trumped consumer interests. Reasonable uses of content by viewers could -- probably would -- be restricted, costs would rise and technology innovation would be hindered. I believe that today’s item, although not perfect, creates an opportunity wherein consumers will have a choice of user-friendly digital content protection systems and wherein the reality of competition will encourage content providers and equipment manufacturers to develop technologies that allow reasonable consumer uses of programming such as copying, recording, and sending digital content securely over the Internet. A technology that locks reasonable personal use of digital content will not be chosen by consumers. Nor will a technology that hampers innovation be accepted by the manufacturers of consumer electronics products.

Which is precisely why the FCC has to mandate the use of the technology, because otherwise, people wouldn't accept it.

The broadcast flag should be about protecting digital content, not about tracking Americans’ viewing habits. Protecting personal privacy is too important to leave to chance.

But it is perfectly acceptable to leave to chance protecting First Amendment rights and fair use. After all, as noted above, consumer surely would not adopt a technology that didn't protect privacy, would they?

As a final matter, I note that I vote for today’s Order with the understanding that it will not affect the rights or remedies available under our nation’s copyright laws and cognizant that it is Congress that ultimately sets national policy in this critical and sensitive area.

Yeah, right.


We are undertaking the digital television transition to benefit consumers and usher in opportunities for new and innovative ways consumers can watch, record and enjoy television. A digital world is likely to accommodate more consumer uses of content that do not run afoul of the copyright laws, and as-yet-undetermined innovative features for time and space shifting, excerpting, and transferring content lawfully. We have no way of knowing who or what will be the next TiVo-like innovation to come forward and be enthusiastically embraced by consumers.

But, we will put these mandates in place that will make such innovation extremely costly. Under the regime as promulgated, would we even have TiVo or the VCR? I think not.

With the case-specific and evolutionary nature of fair use, it is a hard concept to define technologically and not impact it legally. Yet the Commission has no authority to do the latter.

So, the FCC just goes with a technological solution ... legal uses be damned.

By providing some basic assurance that the high value content that is broadcast over digital television will not be widely and indiscriminately redistributed online, we give greater incentive for content producers to make that content available on free over-the-air television.

What is this assurance? It is NON-EXISTENT ... the flag will NOT keep content off the internet, it will only impede legitimate users (and pirates too incompetent to be of any concern).

As we take steps to protect free over-the-air digital broadcast television against the powers of the Internet, we must be cautious, for the sake of consumers and the entertainment industry itself, not to trample its lawful use or inadvertently stifle the next innovative distribution model that could revolutionize the entertainment industry.

Too late. You just did exactly that. Would the internet even exist if the devisers had to show how their technology robustly protected television?

November 03, 2003

Introducing Beloved Comrade Palladium

- Posted by

DocBug has a nice short commentary on "Trusted" computing (Trusted Computing). He uses an analogy I haven't heard before, that trusted computing is similar to the political officer in Soviet military units. Apparently, communist political officers "were great as long as you believed in what the Communist Party stood for." Trusted computing is the same, as long as you agree with the rules, having them be enforced is great. Bonus distinction, however, "you won't get shot for refusing to use TC on your computer."

October 31, 2003

Pumpkin Carving DRM

- Posted by

SpookMaster is one of the leading websites for those interested in advanced jack-o-lantern patterns. The website is a commercial enterprise, and though they have some free designs, they make money by selling the pumpking carving patterns. They have somewhat traditional designs such as "Frankie" and "The Bewitching Hour," as well as more contemporary designs, such as "Arnold Schwarzenegger." You might think that it would be relatively easy to copy the patterns which are shown on the site, and thus avoid paying for the patterns, but you would be wrong. Be sure to pay attention to the copyright notice:

If you try to copy an example pumpkin from the website you get the message These sample patterns look just like the real thing but they are NOT CARVEABLE. The sample patterns have been designed to look exactly like the carved patterns but with a few minor (unnoticeable) changes that make them impossible to carve. We don't do this to be mean, we do it to protect our business. [emphasis in original]

For added fun, try to copy and paste from their website and see what happens.

Readers may also be interested in the copyright notice on this Jack-o-Lantern Bookmark Crochet Pattern:

This pattern is COPYRIGHT © Jackie Karp 2002
Do NOT post on other web sites, crochet groups etc or copy illegally. It is free for personal use ONLY! Do not pass it on to other people via email or by copying it as you are taking traffic away from this site by doing so

October 28, 2003

Next Gen DVD - Now Even Less Useful!

- Posted by

What is this? 1997? The Register reports that the DVD Forum has decided not to create a standard for a higher storage capacity DVD, but rather to offer a standard for "Enhanced DVDs" that will permit users to connect to password protected internet sites for more data (Next DVD spec. to offer Net access not more capacity). This makes sense, why?

Call me crazy, but I'm thinking that greater capacity on DVD disks would permit you to put all that additional web content right on the disk itself, and not require an internet connection to access the data. Storing the data on the disk has other advantages as well ... such as reducing the need for bandwidth and servers. Do you really trust Hollywood studios to maintain these servers indefinitely? Is this data going to be updated and changed on a regular basis? I highly doubt it. If it is not going to be updated, why not put it on the disk?

This might be interesting, if the studios were going for a community play, and allowing consumers to upload/download content they've helped to create, such as alternative playback menus ala MovieMask. I kind of doubt it, however.

One thing this will likely do is reduce the resale value of used DVDs. Essentially, each DVD will have a unique key (why else use keyed data). If access to the information available through this key is at all useful or desirable, a couple of things will happen. Hackers will rip the DVD, copy the key, and then sell the DVD. The key will likely be promulgated to many other users and will eventually be banned by the motion picture studio servers, much as compromised activation keys for software titles are banned. Used DVDs then, will have less value than new DVDs, just as used software (which is tied to servers, ala Blizzard) is much less valuable.

The same thing will happen to rental DVDs. If you are really interested in the extras, using Netflix or Blockbuster might not be such a good idea, since the keys their disks use may have been compromised.

A networked DVD player, that would be useful. A networked DVD player with a hard drive that could interface with the DVD, that would be innovative. A higher capacity DVD player, that would be worth paying for. "Enhanced DVDs"? DVDs are already "enhanced." Connecting to some website won't make them better.

October 27, 2003

Copy Protection Robs the Future Deja Vu

- Posted by

Dan Bricklin, co-author of the seminal VisiCalc among many other accompishments, notes on his blog that in a demo of the upcoming Windows OS "Longhorn" - Bill Gates demonstrated backwards compatibility by running a 20-year old version of VisiCalc (VisiCalc, Longhorn, DRM, and Larry Magid's weblog). Backwards compatibility is cool. But, where did that copy of VisiCalc come from? According to Bricklin, "the only reason I have a copy that can still work is that someone kept a 'bootleg' uncopyprotected copy around." [emphasis in original]

Except for the fact that someone ignored copy protection, Gates might not have had a copy of VisiCalc to show off. And that copy was only 20-years old! No book degrades that quickly and there is no reason bits have to degrade. However, with copy protection, bet on decay. For more information, see Bricklin's famous essay, Copy Protection Robs the Future.

via Dan Gillmor

FCC to Regulate Whole Internet?

- Posted by

I wrote about this earlier today (FCC to Regulate Routers - Critics of Broadcast Flag Get Mainstream Press) but it bears emphasis and should be very worrisome if true, as Ed Felten notes on Freedom to Tinker (Broadcast Flag Confusion). There is a downright scary quote in today's New York Times' (reg. req.) article on the Broadcast Flag (Critics Press Case on TV Piracy Rules):

An F.C.C. official said, for instance, that the broadcast flag could contain software code that was recognized by computer routers in a way that the program would self-destruct after passing through three routers while being e-mailed by a user.

Felten is right when he says,

Somebody is really confused here about how the Internet works. Maybe it's the reporter, or maybe it's the FCC source, or maybe (God forbid) both.

If this statement bears any connection to reality, it's cause for serious worry. I can't think of any way of translating the statement into a technically coherent form that doesn't involve the FCC redesigning the basic workings of the Internet.

Microsoft DRM - Headaches to Come?

- Posted by

Vnunet has an interesting article on the likely problems Microsoft's new digital rights management tools in MS Office 2003 and MS Windows 2003 will cause (Rights tools could bite back). While it might seem great to some that they will be able to set a time limit on emails (so they "self-delete" after a particular period) or to make sure that some emails will only be read by certain groups, the problems such systems will cause may outweigh any potential benefits. Lawyers are already familiar with the problems their clients have run into by putting certain things into emails; DRM might encourage a potentially false feeling of security for email once again. Imagine the difficulties careless use of such features can create: co-workers having to jump through loops to get information they should be able to easily obtain. How long before someone in a company adopting MS's new tools causes vital information to be deleted due to inadvertently setting a "self-delete" date?

DRM tools can be useful if managed carefully to meet specific needs. They just create headaches (or worse) if not.

DRM Companies Fund Felten's Attacks on DRM

- Posted by

Famed computer science professor Ed Felten runs the Freedom to Tinker blog, where his discussions of cryptography, security, copyright and freedom and technology generally are deservedly popular. Popularity comes with a price, however. In this case, the cost is the expense of bandwidth. In order to offset some of his costs Felten decided to try Google AdSense (ADS). The system puts AdWords on the bottom of the individual entry pages for Freedom to Tinker. The ads are supposed to be "relevant to what your readers see on your pages."

Interestingly, the ads on Felten's site are almost all for copyright/patent enforcement and digital rights management - topics upon which Felten has strong opinions, most of which would not be viewed favorably by the advertisers. I'm not sure which is more ironic - Felten advertising DRM systems - or DRM companies funding Felten through advertisements.

Be sure to read the comments on Felten's site.

FCC to Regulate Routers - Critics of Broadcast Flag Get Mainstream Press

- Posted by

After a week in which it seemed that only the proponents of the Broadcast Flag were getting their voice heard, two articles in the mainstream press provide more of the critics' perspective. WIRED extensively quotes Broadcast Flag foe Fred von Lohmann of EFF (A Case of Piracy Overkill?). Nevertheless, it seems that the FCC is determined to make the terrible mistake of implementing a Broadcast Flag. The mistake might be worse than previously thought, according to the New York Times (reg. req.) article (Critics Press Case on TV Privacy Rules):

An F.C.C. official said, for instance, that the broadcast flag could contain software code that was recognized by computer routers in a way that the program would self-destruct after passing through three routers while being e-mailed by a user.

That's right. The FCC is thinking about regulating email routers so that they scan and filter emails for the Broadcast Flag. That is such a stupid idea I don't know what to say.

And what does "three" routers have to do with it? Is it okay to send email with television shows if it only goes through one router? These officials are unbelievably clueless. Really.


Salon has an excellent article on this as well (Hollywood to the computer industry: We don't need no stinking Napsters!).

October 23, 2003

The Fragility of Data

- Posted by

The Shifted Librarian reminds us how fragile modern data storage devices are by pointing to a librarian and archivists guide to preserving CDs and DVDs (Please Do Not Feed the DVDs). The HTML guide can be found here (Care and Handling of CDs and DVDs: A Guide for Librarians and Archivists) or in ([PDF]). Jenny reports from a recent librarian's conference A/V panel:

One person in the audience said his library gets only a dozen or so circs out of their DVDs because they are used so heavily and they don't hold up well. Judy from Schaumburg said her library gets a much higher circ rate, with some lasting as long as 120 circs.

One of the reasons I oppose DRM so strongly is because data storage is really quite fragile. Without the ability to freely copy, it is easy for information to be lost.

October 20, 2003

Future of Digital TV Threatened By More Than Broadcast Flag

- Posted by

The Broadcast Flag issue is incredibly important, see, among many others Copyfight (What's the Deal?). Then let your Reps, Senators and the FCC Commissioners know how you feel, either through EFF or

However, the Broadcast Flag isn't the only issue that puts the future of unrestricted digital television in doubt. Case in point, the New York Times (reg. req.) reports on what may be the coming death of stand alone personal media recorders, such as TiVo (Can Cable Fast-Forward Past TiVo?). A couple of quotes to consider:

"This really is the last stand for the stand-alone boxes; this is a dying product," Aditya Kishore, an analyst for the Yankee Group, a technology consulting research firm in Boston, said in a telephone interview. "This is the last Christmas for the stand-alone TiVo box, or any stand-alone DVR box. By next year, the DVR functionality will be widely available in a wide range of other devices, including the set-top boxes."
"We believe that over time, DVR technology is going to be the standard," said Mark W. Jackson, an EchoStar senior vice president. "Everyone is going to have it. It's just a question of when - and who they get it from, of course."

I certainly hope that the Yankee Group analyst is wrong, because otherwise the question asked by Mr. Jackson becomes much more important. What the NY Times is reporting is that the cable and satellite companies are bundling personal media recorder capabilities with their services and this will eliminate the market for independent devices. The problem with this is that it also gives the cable and satellite companies control over the function of such devices. Skipping commercials, recording anything you want, and networking the device with other devices will almost certainly be restricted. Sounds an awful lot like the broadcast flag.

October 17, 2003

Microsoft on iTunes for Windows

- Posted by

Everybody's been talking about the advent of iTunes for Windows, but what does Microsoft have to say? Nothing good, apparently, (Q&A: Choosing a Digital Music Service for Windows Users):

iTunes captured some early media interest with their store on the Mac, but I think the Windows platform will be a significant challenge for them. Unless Apple decides to make radical changes to their service model, a Windows-based version of iTunes will still remain a closed system, where iPod owners cannot access content from other services. Additionally, users of iTunes are limited to music from Apple's Music Store.

What I find interesting is that the Windows spokesperson (Dave Fester, General Manager, Windows Digital Media Division), goes on to talk about how bad iTunes is because it is a closed system:
As I mentioned earlier, this [iTunes' closed system] is a drawback for Windows users, who expect choice in music services, choice in devices, and choice in music from a wide-variety of music services to burn to a CD or put on a portable device. Lastly, if you use Apple's music store along with iTunes, you don't have the ability of using the over 40 different Windows Media-compatible portable music devices.

Apparently, Windows users don't want choice in their operating system or media formats, but really care about it with regard to music. In any case, how long will this choice last, do you think? My guess is just long enough to smoke Apple once again. Microsoft doesn't mind supporting a variety of hardware vendors, but how long will any middleware service built solely on a foundation of MS technology survive?

I especially like the last sentence:

When I'm paying for music, I want to know that I have choices today and in the future.

Precisely. Which is why I'm avoiding all these closed services like the plague. Ogg Vorbis Rules!

October 15, 2003

SunnComm Brouhaha Continues

- Posted by

As I noted on LawMeme (SunnComm to Sue Halderman Over Critical Academic Report and SunnComm Backs Off on Threat to Sue), SunnComm first threatened to sue, then retracted the threat of lawsuit for Alex Halderman's report on their MediaMax CD3 DRM technology. Read the report here (Analysis of the MediaMax CD3 Copy-Prevention System).

However, the fact that SunnComm won't sue hasn't stopped SunnComm from continuing to say very foolish things. You can read Ed Felton's note (SunnComm's Latest), a fisking of some of SunnComm's comments on GrepLaw (Right. Uh-huh.), or Derek Slater's comments (Thanks But No Thanks for the License, SunnComm).