Schneier on Security
A blog covering security and security technology.
« UK Police and Encryption |
| Risks of Losing Portable Devices »
July 28, 2005
Monopolies and DRM
Two years ago I (and others) wrote about the security dangers of Microsoft's monopoly. In the paper, we wrote:
Security has become a strategic concern at Microsoft but security must not be permitted to become a tool of further monopolization.
A year before that, I wrote about Microsoft's trusted computer system (called Palladium -- Pd for short -- at the time):
Pay attention to the antitrust angle. I guarantee you that Microsoft believes Pd is a way to extend its market share, not to increase competition.
Intel and Microsoft are using DRM technology to cut Linux out of the content market.
This whole East Fork scheme is a failure from the start. It brings nothing positive to the table, costs you money, and rights. If you want to use Linux to view your legitimately purchased media, you will be a criminal. In fact, if you want to take your legitimately bought media with you on a road trip and don't feel the need to pay again for it -- fair use, remember -- you are also a criminal. Wonderful.
Intel has handed the keys to the digital media kingdom to several convicted monopolists who have no care at all for their customers. The excuse Intel gives you if you ask is that they are producing tools, and only tools, their use is not up to Intel. The problem here is that Intel has given the said tools to some of the most rapacious people on earth. If you give the record companies a DRM scheme that goes from 1 (open) to 10 (unusably locked down), they will start at 14 and lobby Congress to mandate that it can be turned up higher by default.
Posted on July 28, 2005 at 7:25 AM
• 28 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
What about AMD and IBM with his upcoming Cell processors?
And this should suprize who? Microsoft is scared to death of Linux, while Intel is scared to death of AMD. So why shouldn't they partner with each other on this. My thinking is, let them. It will suck for a while, then it will blow up in their faces like an atomic bomb.
Once everyone becomes tired of having to pay for every copy of a piece of content they want for each piece of hardware they want to play it on revenue will start to dry up. Once that starts to happen, the Talent (creators of the content) will realize that DRM is very detrimental to them getting paid, they will go independant (yes, even the movies) and make much more.
With the tools available today, there is no reason why artists can't team up and create, distribute, and market their own products without the help (ha, ha) of the media companies (including MS and Intel).
Security wise, what make them think that it won't be broken within 30 minutes of it being released anyway. I am always impressed by the ability to "hackers" to defeat copy protection.
That is the paradox of freedom and capitalism.
Freedom is the right for capitalism while capitalism benefits from lack of freedom, choice and "fair use".
That is why I would like my government, to stand up in important cases like these, instead of reacting. IT Security will become the moneymaker of the 21st century...
I think that freedom and capitalism are not tied together. In fact, capitalism (as every form of government) is a force to take freedom away.
This is very clear when you watch Magia Russica, it is a documentary about animators that worked during the Soviet era in Russia. All of them, and even one (Russian animator) that I questioned myself during the Anima Mundi festival of this year, were unanimous to say that they were more free to create during the socialism era then now.
Sure there were some taboo subjects, like you should not talk about the government (unless you're saying good things) or sex, but otherwise they were free to create and their films were shown to the people regardless of the theme. Now to be able to produce you have to have your script approved by sponsors, producers and many other capitalists before you even begin to produce (and if the trend follow they will probably want you to do a animated clip for the Russian britney spears look alike of the week).
All of this DRM and monopolies are here to taken your freedom away, and yes they are capitalism in their souls. Remember that the pure capitalism is the one that kept workers 10hours or more a day for a minimum wage during the industrial revolution and now is firing people in the 1st world countries to employ cheap (almost slave sometimes) workers from poorer countries.
It is very hard to speak about freedom in these days that it became a hype word and the US government is using it as an excuse to invade and conquer their oil.
Guillaume, I believe, is conflating what benefits capitalism with what benefits sellers.
Capitalism, which encompasses concepts of private ownership and a free market, per se does not get benefits. Perhaps you could define benefits to capitalism as increase in mindshare or greater degrees of implementation.
In my opinion:
Capitalism is the economic manifestation of freedom. Democracy is the political manifestation of freedom. The free market will self correct and kill microsofts power without any government force. Most people do not like to sit around and wait for this so they have monopoly laws. The free will of the people will eventually destroy undemocratic tyranies without force, but most people dont like to sit around and wait for that so they pick up guns and kill.
To read the claim that there was more creative freedom in the Soviet era at first was funny as hell, but when I think about it you might be right(note i say creative freedom, not freedom in general). However, your reasons and mine are probably different as to why you are right. That being said, about the only soviet era animation I am familiar with is a brown bear character that my russian friends tell me was the russian winny-the-poo. Perhaps its the evil capitalists manipulating my information sources limiting my exposure to the genius of the truely free soviet era animators, or perhaps they were too busy starving to death to make much else.
I am not trying to argue that DRM or monopolies are good by the way.
Capitalism is not a government. Capitalism is not a force. Capitalism is an economic system. In fact, capitalism is an economic system that tries to extricate itself from excessive government intervention.
DRM is a coercive control that is anti-capitalist because of the limitations that coercive monopolies put on the free market.
The bad guys here are the crooked players in the market; do not seek to vilify the theoretical economic system that the market partially resembles.
Isn't Linux already mostly cut out of the legitimate content market since you have to use DeCSS libraries to watch most DVDs?
'DMCA' is a four-letter word ;-)
How do you decide who the "bad" guys are if capitalism by its nature has the concept of "invisible" hands that says you can do whatever you want. However, this "invisible" hand limits what is possible for you to do and be successful. Where does it say anything about right and wrong?
I don't believe that capitalism is the problem, nor do I think is a bad thing. I think the real problem in all of these scenarios (in OP) is that greed is a factor for doing business, not competition.
In all of Microsofts decisions for the past 5-10 years, greed is the number one reason. Same can be said for Intel and others. Capitalism, by intended nature, should promote competition, however it does allow wrong doing and greed to rise to the top if the consumers don't react.
We as consumers need to use our number one freedom and purchase those things which benefit us. There is no benefit these days to using either Intel or Microsoft exclusively. Many will argue that, but there are options (or could be options) given the right amount of consumer interest.
However I feel differently when it comes to the governments involvement regarding technology. They've crossed the line way too many times and are beginning to become the greatest stiflers of innovation. Monopolies and Greed can do all they want, however government is the real problem.
Just a note. Capitalism does not need demoracy (cf China), nor does democracy need capitalism (though it often seems to).
It was the scientific managers that discovered that 10+ hour days were less productive than 8 hour days, and that 6-7 day work weeks were less productive than 5 day workweeks.
Work and productivity have a non-linear relationship. Which is why 7 hour days are less productive than 8 hour days, and 9 hour days are less productive than 8 hour days.
The crooked players in the market are the ones that want to coerce you into purchasing your product, and they also want the state to enforce the prohibition against purchasing their competitor's product.
If you force your workers to work 10 hour days, after a period of time, they become less productive than ones who worked 8 hour days. In the linked article are links to some research showing that for the construction industry, it takes 6 weeks of 10 hour days to become less productive, and more error prone than 8 hour schedules.
*Sigh* The real losers in unfettered (read: unregulated) capitalist systems are the engineers, and thus consumers who benefit from their innovation.
Whether it be "rational" buyers or "fair" laws, corruption must be kept in check, or it is inevitable that the strong will be naturally inclined to distort the market and steal innovation or kill the weak.
But all that being said, even the fact that Microsoft may or may not be a monopoly is less significant than the fact that their success has been mainly credited to their founders' highly competitive spirit coupled with an outspoken opposition to any "creative commons". I was going to write more on this, but here are just a couple points that come to mind:
- Gates seems to hate the idea of something being free because he does not believe society can benefit unless clear financial profit is possible. You might call this a form of extremism. For example, he stated in a recent interview that any sort of advocacy for "free culture" is akin to Communism (http://news.com.com/Gates+taking+a+seat+in+your+den/2008-1041_3-5514121.html?part=rss&tag=5514121&subj=news.1041.5).
- It seems that Linux was able to gather momentum without profit due in a large part to highly educated engineers and scientists around the world who saw the benefits from the open discourse and associated rapid innovation without Microsoft's corporate-run taxation model. In other words, the transfer of capital did not have to flow directly from consumer to someone who claimed to have cornered/patented the IP...
- Microsoft is so steeped in Gates' vision that is seems they have only just started to realize that they should have focused on more than just a blinding series of functionality releases for profit instead of performing real due diligence sans fanfare. This is a bitter pill for most developers who see profit as the only true reward, not true confidentiality/availability/integrity, etc. The last time I checked, Microsoft was still swimming with marketing and business relationship managers while the top engineering talent was lacking, pulled away to companies that promised some degree of support for intellectual freedom or even opportunities in the creative commons. It is even more interesting to note that the EU is set to bypass the US in engineering graduates, most of whom are perhaps less susceptible to the American dream of successful marketing campaigns and litigeous machinations:
America needs to learn to adapt to the new paradigm, or it will continue to fall behind.
As an aside, the open-source beer project in Denmark is yet another sign that great innovation in the commons will be coming out of the EU until the US gets its economic principles back in gear:
It's a shame, but some companies spend a large part of their energies crushing their competition, while others simply try to build the best products and let their customers choose them freely.
Monopolies (mandated and de facto) are always part of the former because they spend their energies maintaining the privileged position rather than creating new innovations and better services.
MSFT is a prime example. They "borrow" ideas from other companies all the time and then dominate the markets because of their monopoly in the PC desktop market. When they hired away lots of top engineers, it was good for MSFT. But as soon as a competitor hires their person, they go to court.
The courts are generally most useful for the rich and powerful, like monopolies. They are unfriendly for everyone else because of the legalese (requires you to hire a lawyer just to file papers and do other procedures "correctly"), costs and slow progress.
But I think that DRM will die on the vine unless mandated by law, which is surely something those monopolists are hoping for.
Wow, feel the idealism. And then puke because of the smell of it. Sure, I can be idealistic too, but this is pathetic. So, lets start by getting a few of things straight:
1) A true Capitalist Free Market system has no formal rules about business other than the sanctity of contracts (something true nowhere in the world that I know of--incorporation is actually a separate branch of law, by the way),
2) Customers do not act in a rational manner anywhere near 100% of the time, so any economic theory (pure free market capitalism for instance) based on the supposition that they do is destined to fail in one way or another,
3) Politics and business have been irreversibly intertwined since the very begining--the US of A being a good example (the choices of going into war against England in 1775, and formally declaring independence in 1776 were very much economic decisions), and anybody whom wishes to think otherwise is welcome to dream (and to be disappointed),
4) Any time when general knowlege is on the wane and overt greed (often called business interest) is on the rise the citizens' will find that their rights are being taken away by proxy (as opposed to true representation).
I think that we could all continue to add to this list (without overlapping) for quite a while--so I'll stop here.
RvnPhnx said it better than I could.
I'd like to add that often democracy (form of government) is often at odds to capitalism (form of economics). Since capitalism usually does not encourage equality, while democracy encourages political equality. I'm not saying, necessarily, that capitalism is bad here.
The political compass (politicalcompass.org) has an interesting analysis about this debate on "freedom vs. capitalism".
Basically, it says that the one-dimensionnal political spectrum, born in France after the revolution, is not descriptive enough.
Instead, it describes the spectrum of political views in a two-dimensionnal array.
The left/right dimension is economical (Stalin would be at the extreme left, Pinochet at the extreme right). Then, there's the libertarian/authoritarian dimension (with Gandhi on the libertarian side for instance, and Hitler on the authoritarian end)
One dimension is not related to the other. Hitler was extremely authoritarian, but his position on economy was somewhat centric (see the Volkswagen example). Gandhi and Stalin had similar opinions on the economic dimension, but of course, their views on civil liberties were completely different.
Sorry to hear that. Have you seen a doctor about your condition?
I do not mean to entirely sidestep your abstract reasoning with regard to your understanding of market forces, but the concrete issues with Microsoft's approach to security are hardly explained by the US War of Independence. I would think your own example would be bucket-inducing for you, but I'm obviously not a Doctor.
Microsoft's strategy to address DRM and open-source is so far about as successful as Sun's strategy to address Microsoft. Microsoft has been able to handle several major shifts (TCP/IP being one of their better retoolings, if that tells you anything), but marketing security has been repeatedly mishandled for a very simple reason -- their ideology is out of step with reality and while their market dominance used to be a sufficient crutch for most areas of functionality, it only backfires with regard to the openness needed for security.
@Davi I was actually attempting to kill the verbal war about economic vs. government issues so that discussion would focus on your first posting. It obvously didn't work. ;-) We seem to agree on more than you think (at the moment). Keep in mind my last formal training was as an engineer.
@Chris Caydes I actually think that you need to start using many more dimensions that even the two mentioned to even begin to get a solid understanding of where various politicians/political systems "lie" with respect to one another. Nonetheless, yours is an interesting observation. Now if we can figure out how to work market issues into that ;-).
The answer is simple. Make enough noise about it so that some other firms (like AMD) will see it as an opportunity to make some money by not joining the DRM bandwagon. Don't support products you don't like.
Speaking of noise, here's an interesting development with regard to yesterday's BlackHat presentation on Cisco IOS flaws:
"In the latest case, ISS and Lynn contacted Cisco in April to report their process for using a vulnerability in IOS to run a program on a Cisco router. The networking giant the vulnerability in the operating system, but did nothing to prevent attackers from running programs on the devices using the broad techniques Lynn described, the researcher said.
During his presentation, Lynn outlined an eight step process using any known, but unpatched flaw, to compromise a Cisco IOS-based router. While he did not publish any vulnerabilities, Lynn said that finding new flaws would not be hard."
I guess one way to be try and ensure security does not become a tool of a monopoly -- openly disclose vulnerabilities (that have an imminent threat to consumers). This reminds me of the guy that used a simple black marker pen to defeat the Sony optical medial DRM. But it begs the regular questions of what is "fair warning" and what happens when they try to silence you.
Hey! Don't jump the gun. I'm writing about that right now. It'll be posted by morning.
Ooops. Sorry about that. Didn't mean to "expose" anything. ;) Wait, what constitutes "morning"?
In the meantime, here's a beautiful look at Microsoft security. I could say many things, but I think it speaks for itself quite nicely:
Microsoft "demanded that those who wanted Windows updates, other than security improvements, had to download an Active X program that sniffed their operating system to see if their OS had been pirated. It took about 24 hours for hackers to come up with a solution involving IE script, the hackers claim."
I've seen numerous sources that say you just need to go to the windowsupdate page, enter the following command in the address bar, and press enter:
Apparently that's all that is required (obviously doesn't do much here on my non-Windows system). The message seems to be spreading all over the net already, which gives some degree of credibility, but I suspect YMMV. I wonder if it will take Microsoft more than 24 hours to come up with another solution or an interesting explanation. Let's hope it's not "when we started thinking about this problem, we never expected anyone to not want to submit to our licensing hassles, and we never thought anyone would object to us presuming you are guilty until proven innocent..."
@ Davi Ottenheimer
I've also written about that for tomorrow. Don't you people ever go to sleep?
(Clearly I need to institute open threads on this blog.)
What we are witnessing is nothing but a reintroduction of feudalism through controlling access channels to the digital networks. We see this in mobile, in payments, in cable-tv and now in OS/Palladium.
Backed by government that have lost sense of purpose (protecting freedom)and turned towards controlling citizens in the name of "security", a cartel of companies define an "open standard" that enforce feudalism.
The next phase is the battle between cartels on which cartel will takeover the others. Are paymens stronger than mobile? Are TCG stronger than banks?
You can chose which among the cartel to be your master, but someones slave you will be - unless someone or something breaks the trend for "trusted computing".
We need to prepare an exodus from this world of digital feudalism.
"Don't you people ever go to sleep?"
No. But it ~is~ time to go to the pub. 8^)
Amen. The feudalists have gotten clever, though.
A solid framework that allows folks who create content to distribute their works outside of the feudal estate and still recognise a healthy revenue is needed. We need a free (as in speech) iTunes that distributes mp3s, rather than AAC (or .ogg, for that matter).
As a side note, I think that Microsoft's licensing hassle is fantastic and wish to encourage them as often and as deeply as possible.
An anti-piracy initiative that worked would force two thirds of the existing Microsoft user base to either purchase a legitimate copy or use something else.
If the anti-piracy initiative is truly odious, many of them will switch to a free OS and some will buy Macs.
Either way, Microsoft is hard at work encouraging a heterogenous computing environment, and I'm all for it. You go, Microsoft!
sorry if I took too long to answer and also sorry if I am being a little bit off topic here.
I never read your article (sorry no time), but it seems to me, that this is relative, a highly intellectual task would require some time before one can start to be productive (like programing), but once in focus it could take a larger time in the job. While in others less intellectual tasks, that involve repetitiveness or physical force one could become productive almost immediately, but on the other hand would become tired faster.
This seems to me that is all about squeezing the most "work" you can for the minimum pay to achieve the maximum profit. I don't believe in that, we are achieving a point that we could worry less about profit and more about people. I am not saying that socialism is better, or that this other system is better. All I am saying is that capitalism does not work that well.
Sure, it tries to get the government out of the way because in a capitalism the ones with the money are the ones with the power. Economy and government are all about power, a pure capitalism (the one without any interference from the government) generate monopolies and large conglomerates that we see today (that is why the USA has laws against monopolies).
Since this large enterprises can buy anything, including laws and the government that's exactly what they are doing. DRM, ridiculous patents and MS getting a "get out of jail" card are the visible side of this.
As I said above, both economics and governments are manifestation of power and power is against freedom. There is no such thing as free people, you cannot do what you want, and in many aspects this is a good thing (your neighbor cannot kill you just because he didn't liked the music you were listening a bit too loud, for instance).
There are levels of freedom, in Brazil (where I live) we are relatively free in terms of taboos with sex related stuff in the other hand we are much poorer and very few people can afford to travel around the country much less to the exterior. American society is much more closed to nudity and sex in general, but the normal people have the money to be able to come and go both inside the country or to other countries. This is only a single instance that popped in my head, but in reality freedom cannot be measured in simple terms, or maybe not even in very complex terms.
I simply don't like the way that the word freedom is quickly becoming a marketing word to sell, or as an excuse to impose, US government policies to other countries and cultures.
about soviet animation, you should watch the documentary "magia russica". There were several animation studios in Russia that produced many, many things and from the samples in that movie I would dare to say many high quality stuff (I do love animation :-) ). What I can say, from what the people on the documentary stated and from what I heard personally from Igor Kovalyov (that works now for Klasky Csupo, the studio that is behind much of what you can see in nicklodeon) is that do miss the sovietic era and the freedom to create they had than.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.