Schneier on Security
A blog covering security and security technology.
« Terrorism Laws Used to Stifle Political Speech |
| Exploding Baby Carriages in Subways »
October 10, 2005
Musicians tell Fans How to Beat Copy Protection
In any security system, it's important to understand who the attacker is and who the defender is. In digital-media copy protection (usually called Digital Rights Management), it can get complicated.
The music industry has been selling the technology to everyone -- Congress, the public -- by claiming that they're defending the rights of musicians. But more and more musicians are realizing that their interests are better served by freely copyable music.
Now, in the most bizarre turn yet in the record industry's piracy struggles, stars Dave Matthews Band, Foo Fighters and Switchfoot -- and even Sony BMG, when the label gets complaints -- are telling fans how they can beat the system.
Read the whole article.
Posted on October 10, 2005 at 12:18 PM
• 35 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
This is just the latest chapter in the foolishness of the recording industry. The recording industry has fought tooth and nail against technology changes. They need to change their business model to adapt to technological changes instead of fighting it.
RIAA - move forward. Don't dig your heels in and deny that the world has changed around you. Find a way to distribute music AND generate profit. iTunes and other online outlets are a good start.
On reading this post, it bothered me that the main statement is far from impartial:
>> But more and more musicians are realizing that their interests are better served by freely copyable music
The language ("more and more", "realizing") is anything but impartial. It makes claims without supporting them, clearly favoring one direction without justifying that choice; rather than describing a phenomena, it describes an agenda.
In reality, the short term interests of *some* musicians are served by people freely copying it, the interests of others are not. And long term interests are yet another ball of wax - if music were free, of course the labels would go away. But then, without the constant promotion, would music take such a central role? would we have another megastar? Maybe. Maybe not.
Well, Dave Matthews has long supported bootlegging his music, even going so far as to allow bootleggers to place their recorders on the sound board to achieve the best sound quality. So this isn't really a new or surprising step for him. But his fans know that this is because his best music isn't his recorded stuff, but the "jam" music that comes out of his live music. Fans who buy his music AND get the bootlegged live stuff know they're getting two different experiences, and like it that way. Not so for studio-produced "musicians" whose shows are simply canned, lip-synched versions of their recordings. It's equally unsurprising that recording artists of that ilk -- and the labels who market them -- are more interested in revenue that can be made from CD and single sales. So really, who benefits from cracking protection methods really depends on what kind of music they are trying to sell.
@Yaniv: but is another megastar needed anyway? isn't all that billion dollar stardom totally absurd and dispatched from music as in art anyway?
Some time back, in the Bolivan water wars, a Callifornia company, operating under auspices of a World Bank Loan program, claimed all the water in that country belonged to them, and the citizens had to even pay for the rain from the skies.
It shouldn't be too long now for the music industry to claim they own all the music, even that sung by angels, and want payments even for humming along (or the notes generated from breaking wind and associated internet advertisements). iTunes anyone?
Many successful musicians makes very little of their income from CD. The bulk of their income comes from touring (concerts tickets, souvenirs, ...).
DRM could affect their most profitable revenue source if it turns their fans away from their concerts. So if they could help their fans defeat the DRM on their own CDs, they could benefit economically.
Fascinating twist. It seems at the heart of this issue is the transfer of rights from the artist to the corporation that promotes them. If musicians retained (more) rights to their own information, then they could distribute it (more) freely, which of course would be considered unfair competition by corporations, who (paid for the promotion, rights, etc. and) undoubtedly say they deserve reimbursement for the costs...so when you start to peel back all the layers an incredibly convoluted economic partnership appears that criminalizes the flow of certain ideas in order to maintain a generous margin and cover inefficiencies.
On the other hand, I look at the hard shift that Metallica went through -- from refusing to license t-shirts, etc. to deciding that if anyone was going to make money on their logo, it should be them -- and expect that musicians who give away their music for free will eventually fight to prevent anyone else from selling it for a profit without their approval. And then you're right back to the question of how to enforce rights in an overly efficient model, like the problems with a GNU General Public License, no?
This also reminds me of the discussion about the Hymn project:
The choice between DRM and "all music is free" is a false choice.
The music industry survived for decades without DRM--even with people making mix tapes and sharing with friends. We have a great example of what a music industry would look like without DRM--and it looks profitable to me.
I've never done any music filesharing, but DRM still gets very much in my way of doing other fairly mundane activities. If an artist tells me how to circumvent their DRM, they haven't lost a cent. A buy the CD, I re-burn the CD without DRM, and I throw the original away. At which step do they lose money?
I found Dave Matthews Band on a P2P network. Downloaded a couple of tracks and subseqently went out and bought all the bands albums and am still doing so (the song that my wife and I danced to at our wedding was one of DMB's). I don't recall DMB ever touring the UK so apart from 2 hits, one minor, years ago. How would I have heard of them! Same goes for Counting Crows, Vertical Horizon, etc. ........
ps : They also played DMB at the RSA Conference (the Seti - 2000 I think) - thought I should have something "security" related in the post.
While some musicians make their money live, others create music that cannot performed live and others are so fearful of crowds that their live performances are poor (Van Morrisson, Liz Phair). The artist should still get to decide what is free - fans don't always act in the best interests of the artists they claim to like.
But, to the point of the topic: The majors have taken things to a point where they are harming the interests of musicians by alienating fans that used to spend money. DRM has angered people who would never make illegal copies and some of us are refusing to buy the DRM records because they are too much of a hassle to deal with. So this year I've skipped on purchases from bands I rather enjoy (Kings of Leon, Black Rebel Motorcycle Club) as well from as breaking artists like Kasabian (who being new, would be better served by giving away a taste for free - instead they have DRM that makes their release iPod-proof).
It is in response to consumers like me that Sony is backtracking. Their artists know that paying fans are getting annoyed. But they still don't get it. I knew how to hack their DRM before they told everyone how. I don't want to do extra work - I buy 5-10 records a week (maybe a little less now since majors are doing more DRM) and don't want to mess around with figuring out what to do with each one if I want a copy for the car and on my MP3 player.
The people stealing music are going to do it one way or another. Those of us who pay for CDs want convenience. Instead we are asked to install secret software on our machines that might as well be spyware for all we know. It seems like no ones interests are being well served.
The comment above should have contained a link to affbrainwash.com/archives/020414.php
One thing that most people don't understand is that the bands in this instance don't own the copyrights to their recordings. The labels do. This is because they have been coerced by the lure of fame into signing them over as part of their recording contracts. So it's interesting to note that each of these bands could be found guilty of a criminal act in violation of the DMCA. Wouldn't the lawyers have a field day with this case (if it were to be prosecuted)?
There is one thing, everybody seems to forget about: Nobody needs the music industry. Music has been there since mankind is. The "music industry" has been around for some decades, telling everybody how important they are, fooling around and making obscene amounts of money. Obviously this couldn't go on forever. Today they have become obsolete; every musician could distribute his work on his own, free or protected, as download or as a full featured CD via mail order. What the recording industry is doing right now is blackmailing governments to manifest their claims into laws, before anybody will notice, that we will better off without them.
Am I missing something here? Isn't this "copy protection" just another scheme where the CD has an autorun feature to install a bit software that watches for copy attempts and blocks them? I would think that simply turning off autorun would defeat any copy protection system the labels could come up with. If they can't run code on a machine, they can't control what that machine does. It's not like you can embed code in the audio tracks themselves.
DRM hurts the "honest" user. This is nothing new...
I feel that I should link to the Cory Doctorow anti-DRM talk that he gave to Microsoft as it seems relevant. It is a long, but worth while read.
But then again we shouldn't be surprised with what the Recording/Music Industry is doing as listening to music on your computer is a privilege and we should all just buy a regular CD player!
re: Am I missing something here? Isn't this "copy protection" just another scheme where the CD has an autorun feature to install a bit software that watches for copy attempts and blocks them?
some of them deliberately create lots of errors on the cd so that while they play ok, albeit with your error checker running flat out, your pc cd player has trouble copying them. In other words they're deliberately selling you a faulty product.
Another method is to create dummy sessions on the cd which again confuses your pc cd but not a 'normal' cd player.
Irrespective of anybodies wishes DRM (in the offline format) is snake oil (Bruce why have you not put the DRM sellers and promotors into the dog house?).
Put simply DRM will only work when the remote host can be fully trusted. It is not possible to ensure that an offline system can be trusted, let alone fully. And arguably online systems as well cannot be fully trusted (this is because in the case of DRM the customer at some point ends up with unprotected data).
There is plenty of evidence of this DeCSS, the Linux X-Box hacks etc etc etc. Even if Intel etc build in TCB/DRM into the CPU it will still be possible to circumvent it. Basically you build an emulator of the chip and open up the data and pipe it somewhere else (ie a hard disk)...
By the way doing this is somewhat less hard than the breaking of DES was.
The real question is if DRM is not just theoreticaly Snake Oil but Practicaly as well, what is the motivation of the various groups promoting it.
It has become clear to many system manufactures (Sony included) that more money can be made from unprotected systems than protected (this is because the cost of protection is not negligable and in FMCE products even a few cents per item can be fatal for a new product).
The Artists now are also are comming round to the same opinion, ie DRM costs them more than it makes/saves them...
So who is left, could it be that the dinasour record companies are begining to feel the icy draft of extinction...
It is worth noting that the vast majority of musicians make nothing from recordings--in fact many if not most loose money getting their music distributed by a major publisher.
How do the musicians make money? They practice their art and perform! How is this surprising to anyone?
It's true that piracy does take a huge chunk out of the pockets of the industry. If it were me, I'd be upset and want my money and my products to be safe from piracy. Funny thing is that the pirates aren't the home/P2P user. Most of the pirated CD and DVD I've seen still have the anti-copy protection on them, just like the original. In fact they are the original. The real piracy is happening during the print stage. They won't quiet this barking dog by cutting the tail off.
"How do the musicians make money? They practice their art and perform! How is this surprising to anyone?"
Um... it's surprising to me that you ignore so much of the industry. I'm a recording engineer and producer. I'm a musician, but my art is in making a recording. You simply cannot generalize (see my post above).
When I have performed as a musician, my tours generally lost money - they were merely a part of the publicity machine. Sure mega acts make money touring, but those of us on the indie scale are playing for gas money and would make more cash working at the 7-11 (and some of us have more lucrative IT careers that we skip pay on - which makes us lucky in that at least we aren't poor). Still, I'm told by fans that they're happy to see us come and play. Even though we're not big, a good many people enjoy our performances and our records. But not everyone pays for our work, and they othen have elaborate justifications for why they snuck into the show or downloaded an illegal copy of our record.
I don't know your band and I'm guessing I've never heard them or of them but if I there was an easy way to download your music for free I might decide that I love your work and then BUY your albums and come to your shows.
Nah, you're right, hide the music away, you'll make more money that way.
The recording industry, and to a lesser extent the movie industry, exists only because of one technology - the ability to record a performance in a semi-permanent media.
It used to be very difficult to produce and distribute the recorded media, which gave a significant competitive advantage to the industry in question -> if you wanted to hear a performer, you either had to see the performer live, or you had to buy into not only the recording industry's individual product (the phonographic record), but also in a sense into the entire distribution model the industry used to produce and sell records.
Technologically speaking, this is no longer the case -> the entire distribution model is completely broken by the ability of an end-consumer to copy and distribute recorded works.
I find it interesting, from a business analysis standpoint, that the recording/movie industry is relying upon a legal avenue to secure their monopoly *over a distribution model* rather than attempting to remove the distribution model from their profit center entirely. In the long run, this *will* fail - you can't halt this sort of technology with a court order.
I'm not attempting to justify illegal music/movie downloading (I have purchased, at great cost, all of the music that I enjoy), I'm simply stating the reality of human nature.
On a tangent, very few people point out that the recording industry itself uses elaborate justifications to protect its "intellectual property"... which only exists due to a specific version of the technology in question.
The recording industry did not exist prior to the invention of the phonograph. Artists who wanted to make music for a living either toured or found a patron, depending upon the contemporary sociological environment. It was a harsh environment to be a musician, or a theatrical performer.
Prior to the invention of the phonograph, "ownership" of music consisted entirely of whatever version of copyright existed for the music itself (again, taken in historical context - we're talking about a long stretch of time before the phonograph), not for an individual performance.
Suddenly, however, with the existence of a recording technology, a musician has magically gained "ownership" over a recording of his/her performance. I'm not arguing that this should not be the case, I'm simply saying that people seem to *assume* this is true.
It can certainly be argued that in fact the musician has *no* right to the performance at all. Why should they? They had nothing to do with the invention of the recording device. I don't believe that a percentage of the music sales are garnished by the original inventor of the compact disc. I have yet to see a compelling argument that supports this underlying presumption.
Sure, I agree that artisitic expression in and of itself is a "good". I agree that those who are gifted artists (whatever their media) should be encouraged to perform, and should be compensated for their work in the same way that any artisan should be able to make a living doing what they love and producing something that is beneficial to society. However, I also don't believe that an entire industry should be able to legally protect its monopoly over an outdated technology in order to protect its primary revenue stream.
The recording industry, and to a lesser extent the movie industry, is not pushing DRM to protect the sanctity of an individual recording, they're pushing DRM to protect their distribution model.
I think the critical point here is one of our moderator's favorite terms: AGENDA.
As I understand the story, the music studios have always been a "rainmaker racket", which initially branched out from the similar rackets which already managed live performances.
The original "deal" was "well, if you don't want to sign an *exclusive* contract with us, why should we let you use *our* studio facilities?" Over time, the "studios" gained a stranglehold on distribution, through both records and radio, until they could dictate their own terms to aspiring artists. Of course, some acts managed to gain enough renown and accumulate enough money to keep the studios from declaring them "out of fashion" when they demanded a fair share of the profits.
There weren't too many of those... at first. But they accumulated over time, and the technology to compete with the "official" studios kept getting cheaper.... And since the studios had been screwing the artists so badly, some of the successful groups started sponsoring their own production paths, which they then shared with new artists. After a while, the studios couldn't really keep a lid on the "independents" anymore.
Now they're stil trying to keep that old "rainmaker" business going, but the situation has changed too much -- it's just too easy now for people to get their music out on their own, and even get paid for it without going through the studios. The whole DRM push represents their attempt to regain control over the situation, but I'm pretty sure it's just too late for that -- largely because they've so alienated the folks who are actually *creating* stuff, that many of those artists have gone over to open revolt. The agenda of the artists no longer matches that of the studios, and no amount of technological bullying is going to change that.
I spent most of yesterday afternoon at the home of a friend of mine whom retired from the whole music performing art scene a number of years back. He wasn't a mega-star of any sort--but he did make a decent living at it. No, he isn't rich, but I don't know many musicians whom have that in mind as their primary purpose.
I think, quite frankly, that there will always be employment for sound engineers, recording engineers, sound crews and techs, and also for the whole advertising and promoting crew out there (again, most of whom make their living off of dealing with the small-time performing artists). The idea that DRM is at all protecting these jobs is FUD, just as your employer asking you to sign an NDA (which then can be used to prevent you from working in the only field you know for an indefenite time period in many places) to keep your job is also FUD.
Are you done with the FUD yet?
The Sunncomm DRM that Sony/BMG have been using is completely iPod-compatible...on a Mac. The Mac version of iTunes happily rips the disc without a problem, since the Windows drivers have no effect.
(I still don't buy "CDs" using this technology, though I've compromised my principles a bit and will buy DVDs that come with a "bonus audio disc" that uses Sunncomm's DRM.)
"is completely iPod-compatible...on a Mac"
Don't you mean that it doesn't work on a Mac because Apple has chosen not to support it (yet), not to mention Sony-BMG are anti-Apple DRM (because Fairplay is closed to them) so some Sony-BMG CDs might not work on Macs?
Funny, someone told me it couldn't be copied so for kicks I ran CDEX against it and it worked fine. While it was ripping the CD owner looked up some article somewhere and found how to rip it - using CDEX.
Like Ahnold said, "you must have been very proud of yourself." Yeah, i kinda was.
And honest to god I deleted the files I ripped. It was some Dave Matthews CD and I just can't stand his music (sorry Dave, no offense, you prolly wouldn't like mine either)
| The recording industry, and to a lesser extent
| the movie industry, is not pushing DRM to
| protect the sanctity of an individual recording,
| they're pushing DRM to protect their distribution model.
More accurately, they're pushing DRM to protect their revenue. Its all about the money.
They know their distribution model is dated. They know that digital distribution is the future. They just haven't figured out how to keep themselves as critical part of the process, while they're growing tired of Steve Jobs and his whole "not raising prices" crap.
In the CNN article it says that Sony/BMG is instructing people how to (illegally?) beat the copy right protection.
Under the provision of the Digital Millennium Copyright Act (DMCA) that is designed to protect content by making it illegal to disable technology that protects the content. It says that you can't distribute tools that break or circumvent measures that control access to copyright works.
So aren't they or the agents on the phone going to be charged by the RIAA for the DMCA violation. The act makes no mention that I could see of the owner being exempt.
To me the strangest part of DRM is that it only affects the purchasers of legitimate copes. The pirates have no trouble at all.
I have small children, and whenever I buy a CD, I immediately make a backup copy and only let them use the copy. That way, when they (inevitably in a few weeks) destroy it, I just repeat the process. With DVD movies, it's too much of a pain becuase of the copy protection, so I don't do it. So I'm going to have to go buy another copy of anything I still want. But the pirates have no trouble: Look on any of a number of legitimate websites, and there are tons of obviously pirated DVD copies advertised for sale.
The "kiddie" pirates who rip the music / video / whatever and post it have more patience than I and go ahead an defeat the copy protection. As usual, DRM only protects against non-existent threats, because those are easier to defend against.
Are these people STILL clinging to "physical media," like CDs and DVDs? Oh, how twentieth-century.
DreamWorks had to restate a quarter's profits as a loss. Why? Because millions of plastic DVDs were returned un-sold to their warehouse by retailers. What if those DVDs had not existed? What if they were not needed? What if "you pay for it, now you download it, and it's yours?" Every sale that actually occurred would be pure-profit, and every sale that didn't occur would cost nothing. There would be NO "inventory."
=This= is the direction that this industry =is= going, and the record label's refusal to acknowledge this simply shows that they are still clueless. (But these same folks ALSO objected to ... cassette tapes, playing songs on the radio, digital tape, the iPod ...)
I do not believe, not for a second, that the world has suddenly become filled with thieves. Rather, it was filled with people who wanted things to be different, changed the picture, and did not stop and wait for the record labels to bless what they were doing. As a result, Apple's on-line music store is now the second busiest commerce site on the Internet, right behind Amazon. I rest my case.
"DRM only protects against non-existent threats, because those are easier to defend against."
DRM protects agains the very real threat to the media distributers profits due to "fair use".
In your own example, "fair use" (making backups of CD's) is reducing the profits of the distributer (as you don't have to keep buying the same CD).
I've just had to buy a second copy of a game 'cos the backup didn't work and the original snapped in 2 when my daughter tried to remove it from the cover.
I'm an artist and i do a ton of online work,a lot of it i have seen on other peoples pages,on there myspace accounts,all kinds of uses and my names on it so each time some one sees it i have reached one more person with my work and in this way the distribution via other peoples use is a huge help to me but i also understand that if they kept the money from selling my work or just gave it to people who would have bought it i would take some $$$ damage but this easy answer to this is to make work WORTH paying for.i make most of my money by doing CUSTOM jobs for people who see my work floating around. on the same note i rent a ton of movies but does that take money away from the artist?if i like the movie i will buy it but if i never buy anything all of the money goes to blockbuster or what ever video store i rent from or the people on eBay i buy DVDs from but i guess that's OK as those people make the money the CD and DVDs bring in that the artist never sees....ether way i will buy a CD or DVD if its good but most work out there is so low level and feels so recycled that i would never wast 20$ on it,people need to put more in to there work and give reason to buy in to it other then flashy ads and redundant themes and lyrics overlayed to generic chords and beats.give me a reason to support the artist (or the business men who hand them there 5% royalty that is) and i will
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.