Schneier on Security
A blog covering security and security technology.
« How to Get Free Food at a Fast-Food Drive-In |
| Lousy Electronic Stamp Security in Germany »
September 10, 2007
Cory Doctorow on DRM
Cory Doctorow has been writing a biweekly column for The Guardian on DRM and the entertainment industry. He's written three so far, and they're all here.
Posted on September 10, 2007 at 12:39 PM
• 37 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Doctorow seems to misunderstanding the risk of what is going on in the same way as some people believe that security is equivalent to encryption. To see successful DRM, you only have to go to China. Understand that most people in China have no chance of getting copies of most of the information that they aren't supposed to get to. Technical measures just add to that and make it easier. For example the great firewall.
DRM is already going the way of providing general facilities for spying on people. E.g. separate processors (well actually processor contexts) guaranteed to do what media empires wish are built into every Symbian R3 phone. In future, once widely deployed, these processors may or may not be used for encryption. Instead, they just have to sample some of the memory going through the system and spot "stolen" information.
At that point you get into a much more legalistic situation; your less computer literate friend has been caught with some music he got through a freenet system you taught him to use. Does he go down for 10 or does he sell you out for 5? Does the fact you only have legal content save you or do you go down for consipricy? If you stop telling your friend how to be free you have already lost.
DRM doesn't have to be perfect; it just has to get some of the free thinkers arrested and the rest afraid to continue to fight. Once you understand that, you understand that the fight is not over the actual copying. The fight is over the continued existence of and widespread use of restrictions free systems (including hardware that can be run in a DRM free mode). Boycotting Vista, for example, is crucial.
Btw: "Semi-weekly" means twice a week. Cory's column, published once every two weeks, is "bi-weekly". Semi = half; bi = two.
What are you talking about?
All DRM fails when a *single* digital version is released with good enough quality. AKA a digital copy from the analog hole. You lose the quality just once.
All the eves dropping,fair use denying DRM in the universe cannot change that. No matter what each side says, digital content can be easily copied.
Oh and in China they have clean rooms *manufacturing* mod chips for game consoles (and even car computers) that are illegal in the US. In fact I have heard some people speculate that the trusted computing push by M$ was to try and force the Chinese to pay for windows.
I have also left out how incompetent the media distribution industry is at getting DRM even remotely right.
Seems the more I learn about security, the more I realize that its more about economics than it is anything else. Perhaps they should find out what the consumer is willing to pay and what value they can provide instead of continuing this DRM arms race.
Oh and for the record. I know at least one honest guy that DRM turned dishonest.
That's true in the same sense as md5 is "broken". Your (well, okay; my) granny can't forge different documents with identical checksums. Your DRM break only matters if you can make real economic impact with it. That means getting to e.g. 40% or more of the customers.
My point is that DRM will not be just a single layer in the long run. There will be DRM like today to keep the honest honest. There will be restrictions to make it difficult to copy non restricted files*. There will be monitoring to catch people trying to work around these restrictions (see the DMCA restrictions on discussing ways around copy prevention).
You may be able to copy the file. The DRM is "broken", but it still "works". Most other people aren't able to get the unrestricted file.
* This is already restricted in some phones; see http://discussions.europe.nokia.com/discussions/...
His essay exposing the mafiaa as suckers was brilliant.
You may be able to copy the file. The DRM is "broken", but it still "works". Most other people aren't able to get the unrestricted file.
Given the widespread use of p2p and the feasibility of it, that's just blatantly false. It has never been easier to get whatever you want in terms of media.
It doesn't matter whether my dad knows how to get a given song or not. His kids know how and they're happy to help.
Like moz, I see this as part of an ominous trend. The politicians and megacorps want more control over what ordinary people can do. Whether a few hackers can circumvent one specific tactic that they are using is not, in the long run, relevant.
Here's another part of the same trend:
It's presented as a measure to make us all safer, but knowledge cannot be un-discovered, so it cannot work. What it will achieve is more State control over what ordinary people can do and say.
"The DRM business model is the urinary tract infection of media experiences: all of the uses that used to come in an easy gush now come in a mingy, painful dribble"
It's good, but aren't all three very close to being the same article?
His explanation of why DRM is impossible is somewhat simplistic too - I can imagine a futue so dystopian that DRM works.
Economics is definitely a factor, but I think it's more of a multidimensional cost/benefit equation, where costs and benefits aren't necessarily quantifiable.
Greg wrote "I know at least one honest guy that DRM turned dishonest." I know a couple. The worst was a guy who wanted to buy "Blake's 7" on DVD, but it was only available on a European DVD that wouldn't play on an American DVD player. So he downloaded it instead and burned it to DVDs. Not only does DRM harm your legit customers, it actively drives away people who WANT TO BE your customers.
I find it interesting that appropriating an artist's work for personal gain is considered to be a worthwhile pursuit, DRM or no DRM. Whether or not it is technically possible is beside the point. I can easily grab a handful of change from the "take a penny/leave a penny" bowl at the checkout line but that doesn't make it right.
[quote]I find it interesting that appropriating an artist's work for personal gain is considered to be a worthwhile pursuit...[/quote]
Funny, the movie and record studios consider it good business.
sehlat sez: "Funny, the movie and record studios consider it good business."
Considering that it many movies cost well into the nine figures to produce, I'm not so sure that it's all "good business".
Maybe I'm just strange but if I get enjoyment or, even better, gain a bit of enlightenment from the work of an artist, I believe that the artist should be able to reap some reward. I also believe that an artist should be able to control how their work is used.
In the rare instance that someone makes a movie or records a piece of music which I feel worthwhile viewing or listening to, I'm more than willing to shell out the price of admission.
Somehow it only seems fair.
The biggest problem I have with DRM is what happens when the company providing it goes bust. All of those items that you paid money for are no longer usable when the OS gets upgraded or when the servers that it needs to call home to no longer respond.
When they have you by the data, your hearts and minds will follow.
You only rent DRMed data. With a CD, I can play it whenever and however I want. I can sell the disc. I don't have to worry about if the record company goes bust or being able to play it on an "authorized" player.
But no matter what media companies do against their customers, there will always be some apologist telling you why it is for your own good. Usually with some outragious analogy. ("You wouldn't kill a policeman. You wouldn't steal his helmet.")
The reason that people purchase items is to be able to use and enjoy them. Adding DRM makes that much more difficult. At a certain poing, you have to break the law to continue to use the things you paid for.
Contemptable laws creates contempt for all laws.
I find that sentences that begin with "I find" are usually incorrect.
Maybe I'm just strange but if I get enjoyment or, even better, gain a bit of enlightenment from the work of an artist, I believe that the artist should be able to reap some reward.
Ok so far.
I also believe that an artist should be able to control how their work is used.
Oooh, and you were doing so well.
If I make a widget and sell it to you, I don't get the right to tell you what you can do with it. (Other than metaphorically speaking, but that would be bad for business.) Neither can I claim, in perpetuity, a portion of your income.
Why should an artist be granted special dispensation?
To draw a parallel with a common subject of this blog, DRM and the TSA's "airport security" have much in common. Both impose their burden solely on legitimate, law-abiding users while providing nothing more than a simple-minded challenge for those intent on breaking the law. Both offer opportunities for people in power to assert control over the lives of their "inferiors" for its own sake, which goes far beyond the supposed purpose of fighting an identified "enemy." And both impose substantial cost and inconvenience, and even the risk of actual harm (e.g., Sony's rootkit copy protection; queues at airport checkpoints that are targets for suicide bombers) while providing only illusory benefit. Both reflect the same mentality that ultimately does more harm than good.
Actually, bi- is ambiguous. It can mean 'every two' or 'twice within.' So articles that appear twice a week are biweekly, and articles that appear every two weeks are also biweekly. The English language is just great sometimes, isn't it?
"Maybe I'm just strange but if I get enjoyment or, even better, gain a bit of enlightenment from the work of an artist, I believe that the artist should be able to reap some reward."
Really? How odd. When the bakery is baking bread and the whole neighborhood becomes more pleasant to smell, no one seems to think that we need to pay them for that. Or that we're even obligated to buy bread from them.
Copyright really only works and makes sense from a utilitarian perspective. The public should give copyrights to authors only in order to encourage them to do things that they wouldn't otherwise do (why buy the cow if the milk is free?), and then only where the benefit to the public is greater than the cost of granting the copyrights, in terms of how expansive the rights are, how long they last, etc. Ideally, we want to produce the greatest possible public benefit.
Would this mean compensating authors for everything they do? It could, but there's nothing that says that it has to, or that it is likely to. Indeed, if the public is better off only paying authors in some circumstances, but not in others (e.g. not paying an author when his book is sold used) then that's the thing to do. Anything else would mean favoring the authors over the public at large, and there's nothing special about authors that entitles them to such privilege. We don't have a law that requires you to pay a fee to a plumber every time you flush the john, but if we were going to treat authors as privileged, why not plumbers too?
So I'm against DRM -- and even having an environment where DRM has a hope of flourishing (I favor revoking copyrights for DRMed works, and having both private and government-funded programs to break DRM and distribute the then-public domain works formerly protected) -- because it seems to be contrary to the public interest any way you slice it. I favor copyright, OTOH, though not necessarily anything like the copyright we have now.
@ Paul Crowley
> I can imagine a futue so dystopian that DRM works.
Yeah, but in that case we'll have _a lot_ more to worry about than not being able to copy content illegally.
So my brother is not very technicaly minded. Anyway one time i was at his place he copied a DVD for a freind. I ask what how he did that. "Oh i just Googled for dvd coping software". It was a windows double click thing. It also "shrinks" the size of the movie to fit into a single layer DVD-+R if needed. Plays in most DVD players nowdays.
DRM does not work. Even the casual copy type person can still copy DVD's rather casually.
So why do i buy DVD's. Because i have a code free dvd player and its hard to beat 5EU for a dvd in terms of convenience.
As for giving money to the artist. Weird Al summed that up nicely:
Those solid gold Humvees.... yea
"Whether a few hackers can circumvent one specific tactic that they are using is not, in the long run, relevant."
Just like a few smugglers weren't relevant with Prohibition.
As fefe pointed out - http://blog.fefe.de/?ts=b83602c2 (German) - the consumer electronics hardware industry has totally commited to providing hardware for people wanting to play copied media. It's a MARKET and it makes good money. Modern Asian media players allow playing ripped files easily and offer a wide array of codecs that only viewers of "illegal" copies have any use for.
Well thank god there will never be any DRM measures put in place to govern vinyl, since that's where 90% of my music comes from.
GO RnR SUBCULTURE!
Torquemada asks: "Why should an artist be granted special dispensation?"
Because art isn't just a "product". In the state of California, for instance, there is a law which states "physical alteration or destruction of fine art, which is an expression of the artist's personality, is detrimental to the artist's reputation . . . and that there is also a public interest in preserving the integrity of cultural and artistic creations." (Full text at http://palimpsest.stanford.edu/waac/wn/wn01/... ).
Many other states have similar laws.
I am told that this law was passed partially to prevent someone from taking a Picasso (albeit a minor one), cutting it up into one inch squares, and selling them.
Disclosure: my SO is a professional hot glass artist and I paint and have sold a handful of my work, so I may have some biases in this matter.
I think that's really cool you and your SO are artists. And whether you were artists or not, I also appreciate your looking out for artists' interests.
But make no mistake, the mafiaa is representing the studio, not the artist. Nor does DRM benefit the artist.
> In the state of California, ...
> there is a law
"This bill would prohibit ... any physical defacement, mutilation, alteration, or destruction of a work of fine art. "
So if I throw away my 3rd grade daughter's art project, I am a criminal?
Or is there a list of officially sanctioned artists?
Steve, I think you are attempting to impose a fine arts sensibility (i.e. where the integrity of the original matters, and exact reproductions are difficult to make) onto popular culture, where the artist's product is mass-produced. This is a mistake.
"I believe that the artist should be able to reap some reward."
Not sure how relevant this is to DRM. Typically, the artist has far less to gain from control of copying than the publisher, and may even benefit from free distribution of the work. The publisher, who controls distribution, does not necessarily care what the artist thinks, or whether the artist would benefit from copy protection.
"I also believe that an artist should be able to control how their work is used."
But in popular culture, you want a lot of people to pay for it. So you need to make your work widely available and market it to make the effort worthwhile. It seems that the restrictions imposed by DRM inconvenience users to such a degree that they either circumvent DRM or don't use the product, and restricting the size of the audience is not consistent with the economics of popular culture, as the recording industry is finding out. There are also some well-established limits to the control the owner of a copyrighted work can have, e.g. fair use, which most parties other than the RIAA, etc., deem to benefit society.
One final note and then I'll move on to something more productive.
Someone asked why artists should be give special "dispensation" in the control of their work and I responded.
As far as I know, there is not any "list of officially sanctioned artists". I have as much protection under the law as David Hockney or Sy Twombly, though I'm a zillion times more obscure and my work goes for a fraction of theirs.
The method of production or reproduction is immaterial. Andy Warhol, among others, used "factory" methods to produce his work. Is it okay to steal a Warhol off the wall or reproduce it without authorization since it was produced by silkscreen rather than a brush?
I'm certainly no fan of the megacorporations who control mass media and culture and if you feel as if you're "stickin' it to The Man" by ripping videos or CDs, then have a nice time. Just remember that it's not just Michael Eisner or Barry Meyer you're ripping off, it's also the person who works in the CD pressing plant or who drives the delivery truck, not to mention the artist who created the music.
The point is, right or wrong, illegal or legal, digital media will be copied. And it will only get worse. This simple fact cannot be changed.
Every time I read something by Cory Doctorow -- both his non-fiction and essays or his novels -- I've found myself really *wanting* to believe him. Generally, his visions of the future are pretty nice places. I'm not sure I buy it, though. Overall, I think we've got a better chance of ending up in a borderline dystopia running on tamper-proof hardware a la Vernor Vinge's "Rainbows End" than in the post-scarcity digital wonderlands that Doctorow seems to assume are inevitable.
Unless something changes radically in our politico-economic order, which I think is unlikely, the media companies have more than enough power to have the penalties for 'piracy' made quite draconian. Start strategically throwing key researchers in prison for significant fractions of their lifetime, and suddenly even a fairly shoddy DRM system can be effective. Some people will still have open, non-DRM-respecting systems, but getting your hands on one will be like buying a kilo of black tar heroin or an RPG-7.
It's sort of the opposite of the old 'rubber hose cryptanalysis' trick; instead of beating someone until they reveal a secret, you flog society as a whole into not looking too hard into one.
I'd really like to live in Doctorow's future, but I may be a little too cynical for it.
There is no such thing. There is only harder to tamper with hardware. And its bloody expensive. The DVD/bluRay player manufactures won't foot the bill for that I promise. And no passing on to the consumer does not really work. We just don't buy the players that are more expensive for less. Just look at the uptake with bluRay and HDDVD. We want good enough for cheap.
And after all this. I still takes only one broken system, or one A/D setup.
"You can't stop the signal"
"Maybe I'm just strange but if I get enjoyment or, even better, gain a bit of enlightenment from the work of an artist, I believe that the artist should be able to reap some reward. I also believe that an artist should be able to control how their work is used."
The artist did reap a reward, they sold their work to Megacorp for money. DRM is an attempt by Megacorp to prevent secondary sales of the data among private parties. If you truly believe what you wrote, then you should also be against the sale of used cars. Did you check with all the artists and engineers who designed your last used car to see if they would permit you to re-use it? Did you compensate them for re-using their work? No? Then you are a hypocrite.
Here's the burning question I have about the whole DRM debate, without taking sides:
Why do people get so worked up about it if they believe their own arguments? I always hear the following two statements from the same camp:
* DRM doesn't work, and can never work
* DRM hinders interoperability, is evil, etc. etc.
OK -- well, if DRM doesn't really work, how does it hinder interoperability for anyone? And if it does hinder interoperability, doesn't that imply that it ... uh ... works? On some level?
This whole "debate" has reminded me a lot of the "John Kerry is both a flip-flopper and a consistent liberal" position from the Republican party in 2004.
JM: It's a lock that only keeps out honest people who don't bother to learn lockpicking - and that honest people are apt to find blocking them from things they have the right to do.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.