DMCA and the Internet of Things

In theory, the Internet of Things -- the connected network of tiny computers inside home appliances, household objects, even clothing -- promises to make your life easier and your work more efficient. These computers will communicate with each other and the Internet in homes and public spaces, collecting data about their environment and making changes based on the information they receive. In theory, connected sensors will anticipate your needs, saving you time, money, and energy.

Except when the companies that make these connected objects act in a way that runs counter to the consumer's best interests -- as the technology company Philips did recently with its smart ambient-lighting system, Hue, which consists of a central controller that can remotely communicate with light bulbs. In mid-December, the company pushed out a software update that made the system incompatible with some other manufacturers' light bulbs, including bulbs that had previously been supported.

The complaints began rolling in almost immediately. The Hue system was supposed to be compatible with an industry standard called ZigBee, but the bulbs that Philips cut off were ZigBee-compliant. Philips backed down and restored compatibility a few days later.

But the story of the Hue debacle -- the story of a company using copy protection technology to lock out competitors -- isn't a new one. Plenty of companies set up proprietary standards to ensure that their customers don't use someone else's products with theirs. Keurig, for example, puts codes on its single-cup coffee pods, and engineers its coffeemakers to work only with those codes. HP has done the same thing with its printers and ink cartridges.

To stop competitors just reverse-engineering the proprietary standard and making compatible peripherals (for example, another coffee manufacturer putting Keurig's codes on its own pods), these companies rely on a 1998 law called the Digital Millennium Copyright Act (DCMA). The law was originally passed to prevent people from pirating music and movies; while it hasn't done a lot of good in that regard (as anyone who uses BitTorrent can attest), it has done a lot to inhibit security and compatibility research.

Specifically, the DMCA includes an anti-circumvention provision, which prohibits companies from circumventing "technological protection measures" that "effectively control access" to copyrighted works. That means it's illegal for someone to create a Hue-compatible light bulb without Philips' permission, a K-cup-compatible coffee pod without Keurigs', or an HP-printer compatible cartridge without HP's.

By now, we're used to this in the computer world. In the 1990s, Microsoft used a strategy it called "embrace, extend, extinguish," in which it gradually added proprietary capabilities to products that already adhered to widely used standards. Some more recent examples: Amazon's e-book format doesn't work on other companies' readers, music purchased from Apple's iTunes store doesn't work with other music players, and every game console has its own proprietary game cartridge format.

Because companies can enforce anti-competitive behavior this way, there's a litany of things that just don't exist, even though they would make life easier for consumers in significant ways. You can't have custom software for your cochlear implant, or your programmable thermostat, or your computer-enabled Barbie doll. An auto repair shop can't design a better diagnostic system that interfaces with a car's computers. And John Deere has claimed that it owns the software on all of its tractors, meaning the farmers that purchase them are prohibited from repairing or modifying their property.

As the Internet of Things becomes more prevalent, so too will this kind of anti-competitive behavior -- which undercuts the purpose of having smart objects in the first place. We'll want our light bulbs to communicate with a central controller, regardless of manufacturer. We'll want our clothes to communicate with our washing machines and our cars to communicate with traffic signs.

We can't have this when companies can cut off compatible products, or use the law to prevent competitors from reverse-engineering their products to ensure compatibility across brands. For the Internet of Things to provide any value, what we need is a world that looks like the automotive industry, where you can go to a store and buy replacement parts made by a wide variety of different manufacturers. Instead, the Internet of Things is on track to become a battleground of competing standards, as companies try to build monopolies by locking each other out.

This essay previously appeared on

Slashdot thread.

EDITED TO ADD (1/5): Interesting commentary.

Posted on December 29, 2015 at 5:58 AM • 39 Comments


Jason SewellDecember 29, 2015 7:11 AM

"Apple's iTunes store doesn't work with other music players."

This hasn't been true for years. Steve Jobs famously fought the music industry on this and won. Consequently, music purchased from the iTunes Music Store has been DRM-free for a long time. Any music player that supports MP4 can play the files.

Mike D.December 29, 2015 7:56 AM

"every game console has its own proprietary game cartridge format"

Uhh, this is pretty much required? Because the cartridge format (and form factor and electrical specs and everything else) are completely dependent on the console's hardware design. Or are you complaining that they don't all just use Blu-Ray or whatever? Whereas your other two examples refer to data encumbered with DRM post-hoc. Or did you mean code signing? Which gets into the whole "should the hardware company look the other way while third-party software damages its hardware and the customer has no recourse because of the third-party's 'AS-IS' EULA?" mess.

MarcosDecember 29, 2015 8:00 AM

And that's the entire reason the IoT isn't going to grow. That is, until manufacturers decide to standardize on something that enables third parties to get on the market (not likely before the heat-death of the Universe).

Until then, IoT will be a bunch of useless gadgets that solve no relevant problem.

JdLDecember 29, 2015 8:35 AM

We can't have this

So, apparently we need more Big Brother, Mr. Schneier's favorite buddy, to fix things?

But is there really a problem? Mr. Schneier might refer to his own words from his lead example: "Philips backed down and restored compatibility a few days later."

In the end, customers rule. We DON'T need the cold dead hand of government trying to "remedy" a problem that doesn't exist.

NarkorDecember 29, 2015 8:40 AM

Techies have decided that copying the ingenuity of others is a legitimate strategy for getting your own island. Have a look at "Hoverboards" - that's your "no intellectual property protection" future right there.

David in TorontoDecember 29, 2015 9:09 AM

I only wish that the customer always ruled. Or at least was in balance.

Keurig did not back down. I had a K1 machine that became defective and when I returned it, it was replaced with a K2 machine. None of my cups worked. And there was no brew your own cartridge. A call to the company was unhelpful. Their call in agent was working from a script that made it sound like they'd done something like Tassimo with the bar code that could alter the processing rather than just shamelessly lock in when the K-cup patent expired. I returned it and sourced a K1. When this fails, old school percolators start looking good.

Sometimes you need to vote with your feet.

LeeDecember 29, 2015 9:21 AM

>>>| "Because companies can enforce anti-competitive behavior this way.."

'Companies' don't ENFORCE this anti-competitive behavior -- the GOVERNMENT does !

Government politicians impose masses of bad laws/regulations restricting productive competition & progress. American government has been harassing citizens, consumers, and businesses for over a century this way --- but Schneier just can't see that government/politicians are the root cause of the problem he otherwise clearly observes.

Philips, in particular, has zero 'power' to enforce anything against consumers and competitors--- government politicians wield that very real anti-competitive power of courts, prosecutors, police, fines, jails, handcuffs, guns and truncheons.

Clive RobinsonDecember 29, 2015 9:35 AM

@ Bruce,

We'll want our clothes to communicate with our washing machines and our cars to communicate with traffic signs.

Only those that want to "abdicate responsibility" will, and with that comes a form of slavery that would not be good for society, which is the death of freedom.

For instance I know I can mix certain lights, darks, colours and cloth types when I do my laundery. Occasionaly I will get it wrong, but I take care to mitigate the issue. It's a responsability, I willingly take, so that I can save time, energy and money. If however my cloths talked to the washing machine, then the washing machine manufacture would be in effect forced to take on the liability for users stupidity. Their only reasonable strategy would be to enforce segregated washes at the lowest settings... I would end up not doing two or three washes a week but three or four a day, simply because it would not alow me to mix white cotton shirts with coloured polly cotton elastin of socks etc.

Why would it be their only reasonable strategy, well because of the "reach for a lawyer stupid" mentality that has become more and more prevalent in the US and other places. That is if you do something stupid, rather than take responsability you hire a lawyer to make you money to sooth your hurt feelings from the embarrassment you have caused yourself... You end up putting ten or twenty bucks of extra product liability on every product, just to keep lawyers in business...

But once the prices do go up, the companies will lobby the politicos, just as the fast food companies did, legislation will be passed to stop the customer litigation but the price won't come down... But worse the litigation prevention will be overly broad, thus the manufacture will be able to sell dangerous items, without having to worry about litigation... Such is the law of "perverse incentives".

EvanDecember 29, 2015 9:43 AM

The Internet of Things is a terrible idea and if it takes the DMCA to prevent it from taking hold, then so be it.

David in TorontoDecember 29, 2015 9:46 AM

I don't think that Bruce's "We can't have this" is calling for big brother. He is calling out that the system is out of balance and isn't working.

* He might be advocating changes to DCMA. And we could only hope it might be less big brother. (Sadly in never seems to work out that way).

* He is likely advocating customers voice their opinions and exert the influence they have.

On IoT - most of it is useless to me but it's coming regardless of what I think or do.

On Apple - once they removed DRM I started buying from them.

Steve MobsDecember 29, 2015 9:51 AM

"Apple's iTunes store doesn't work with other music players."

I just wanted to second the comment by Jason Sewell. Apple has become a (partial) exception to the rule. Since late 2011, the Apple Lossless Audio Codec is officially open source. As far as I understand, the license also includes a patent grant, something which is not the case for the ubiquitous mp3 format (though most of the patents have expired by now or will do so in a couple of years).

stimoceiverDecember 29, 2015 11:24 AM


How long has the forthcoming Internet of Devices, the Internet of Things, been heralded? Years? Decades? And as of yet we've seen very little in the way of the actual implementation and deployment of standards that would enable such to come to fruition.

This article suggests one reason why. But I'd like to suggest another.

Clearly we couldn't really achieve something like the Internet Of Things without something like IPv6. To attempt to do so using IPv4 would have been madness. Possible perhaps, using NAT and other technologies. But surely a pointless exercise in complexity.

And yet it is now over 3 years since World IPv6 launch day and still we find the industry, normally a juggernaut fully willing to impose planned obsolescence upon us all to achieve its ends, still moving at a snails pace when it comes to implementing the open standards and protocols the Internet of Things will require.

What kind of standards will we need? Ubiquitous adoption of IPv6 in our devices and software, our protocol stacks. An IPv6 variant on dynamic addressing capabilities of DHCP. Dynamic routing between peers. Roaming and at least the possibility of interoperability for guest devices. Some of these standards and protocols already exist. And yet they are sorely lacking in the kind of ubiquitous adoption in the real world that signals when a standard is really a standard.

And we have one of the Chief Figureheads of no less than the US Central Intelligence Agency, David Petraeus, waxing poetically about his lust to co-opt and commandeer the as-yet-forthcoming Internet of Things for purposes of spycraft:

"Items of interest will be located, identified, monitored, and remotely controlled through technologies such as radio-frequency identification, sensor networks, tiny embedded servers, and energy harvesters — all connected to the next-generation internet using abundant, low-cost, and high-power computing {...} ."

I'd like to suggest another reason we don't yet have an Internet Of Things. And that is simply, that the evolution of standards required for an Internet Of Things are nearly identical to those we would need to build a truly open, node-centric or device-centric peer routed mesh. A new kind of Decentralized Internet where all one has to do is acquire a radio and put up an antenna and start networking with ones immediate neighbors. Where the only costs of access are the cost of the WAN digital radio and the antenna - and the "costs" of routing traffic for ones neighbors.

Sure it would be slower - at first. But thanks to IPv6 being fully a superset of IPv4, interoperability between such a new, free, peer routed mesh and the current style of proprietary, "tethered to the infrastructure" internet access most of us enjoy, is guaranteed.

We've become so immersed in a networking paradigm of isolated WLAN islands and multiple layers of firewall that we fail to see just how long ago we could have instead OPENED our networks. I understand the security concerns that led the development of firewalls. And I recognize that at least here in the big US city where I live, neighbors rarely talk to neighbors. But now that its the 21st century, hindsight shows we clearly could have had far greater interconnectivity between adjacent nodes years, perhaps decades ago, without sacrificing any more in the way of security than we do now when we forward a port through a NAT firewall. Or when UPNP does it for us.

The time has clearly come to retool the internet to be fully free and fully decentralized. Sure commercial paid ISP access will still exist. But imagine the possibilities for civic scale networking and organizing once we are able to link up entire neighborhoods in a single network. Not-for-profits, hackerspaces, businesses, and tech-savvy consumers could volunteer to establish the backhaul connections.

And the beauty of doing all of this in IPv6 address space is, the network doesn't NEED to exist physically before it can exist logically. In the early stages of adoption when free backhauls are scarce, one could simply connect geographically disparate neighborhood networks through the existing IPv4 network. Something like Teredo in reverse. Future proofing for encryption and anonymity via darknet style routing can be built right in to the protocol stack, but fundamentally this is about creating a streamlined network out of commodity consumer hardware, so most likely the "Layer 3" protocols would be fully open, at least in the beginning, and we could still rely on existing methods such as SSL for encryption.

And since the network is totally free and open, why not build in dual naming for nodes? Those who desire a semi-permanent namespace can use a certificate based authentication of nodes on the same decentralized scale as the backhauls. Think of how the old .us TLD was broken down geographically from most-significant to least-significant. USENET's style of administering the Big-7 groups also comes to mind, although in that case the most-significant and least-significant parts of the namespace are reversed. Names could be cryptographically hashed to radio MAC addresses. This could even allow for roaming.

But that is only one style of naming. USENET also has the "Alt" hierarchy with its first-come, first-serve naming and so it might even be possible for the new network to also embrace this level of freedom, at least for geographically fixed nodes.

I can only speculate as to reasons that some of these advances haven't already happened. Think of just how long Windows had a "Network Neighborhood" right there on Explorer. Due to security fears this was historically used more or less solely in corporate domains and workgroup environments.

But surely open standards could long ago have just as easily been designed for the "Network Neighborhood" to provide user to user messaging, email, forums, content syndication (blog/wall), tiered or access-list based privacy, file transfer, and even something like VLANs for gaming purposes, on the early wired networks - and again, later, on early wireless networks. (I know some of these things did exist - but never in a ubiquitous standard embraced in commodity consumer software and hardware.)

In my opinion, now that the "Internet Of Things" is entering the mainstream consciousness of a far more digitally savvy populace, now that industry is once again making so public a push to develop these technologies that even the CIA is salivating at the possibilities, it is clear to me that there are many, many ethically and globally minded hackers who will not let this opportunity pass: To use the exact same new standards of the Internet of Things to turn the tables on the proprietary commercial internet we now have, and create a truly decentralized network of global scale yet neighborhood and civic relevance. A network far better at routing around surveillance and censorship. A network architecture that encourages interaction between neighbors instead of stifling it.

Its equally clear that the same points Mr. Schneier makes in this article apply to this new technology - and then some. All-inclusive ideas like this are among the biggest threats to the proprietary and the divisive. I wonder - could this be the reason the Internet of Things is taking so long? Could repressive regimes - both governmental and otherwise - have already envisioned this long ago, and carefully steered technology away from such innovations that enable so potentially vast of individual, social and political empowerment and interconnectivity? I am reminded of Eben Moglen's 2012 keynote presentation "Innovation under Austerity" at the Freedom to Connect conference where he gives an anecdote about government interest in thwarting anonymity (in addition to encryption) way back when he was defending Phil Zimmerman and PGP.

This may be our last chance to turn the internet into the free and open civic network it could have been since the beginning.

markDecember 29, 2015 12:08 PM

As I just posted to PC Mag, in response to an article entitled, "Samsung TVs Will Control Your Smart Home": No, the 16-yr-old jerk down the block will control your house, so he can see you in the shower. Or because he's mad at you, or because he can. Or some troll online will do it for that last reason. And because 90%, at least, of people, are too ignorant to lock their front doors... and because Samsung's interest in security on their TVs is on their list of priorities under the heading "we'll get around to it, eventually, and we'll jump on it when there's the class action lawsuit for making our security so poor that 5,280 homes have been pwned.

And computers in your *clothes*? Right... quick, anyone want to bet how soon after they're released that the hack to cause them to fall off the attractive woman/someone's sister/etc?


PS: I can't resist:
Our lady of Communications won a ship-wide bet
By getting into the planet's main communications net.
Now every time someone calls up on an Argo telescreen,
The flesh is there, but the clothes they wear are nowhere to be seen.
-- from Leslie Fish's Banned From Argo, of course

albertDecember 29, 2015 12:25 PM

When we give up control, we put our lives in the hands of the controllers; in our(US) case, the Corporate State.

The IoT is a fad, and I'm sick of hearing the propaganda about how it'll make our lives easier. I'm not even talking about surveillance, that's a given. So is abuse by criminals. I'm talking about mindless* toys for mindless people.
We are experiencing 'soft' fascism (unless one is black, brown, or Muslim; they get the 'hard' kind). Right now, the Propaganda Ministrys efforts are 'good enough' for the Corporate Elite. There's minimal criticism and protest. It's controllable.

It won't always be that way.

As the US slowly slides into 3rd-world status, can the Totalitarian State be far behind?

*until they become smarter that people:) I don't think we'll need full-blown AI for that to happen.
. .. . .. _ _ _ ....

FXLDecember 29, 2015 12:26 PM

When it comes to Keurig, my biggest issue is that they want you to pay for the handle AND the blades. If the coffee maker was free I would have no problem with it only supporting their own cups. But because I paid for it, I expect it to work with what ever coffee I want to put in it.

Then again, I most likely would not get one even if it was free, as those cups are very environmentally wasteful.

When it comes to other IoT devices, my biggest concern is my data. Who owns/controls it? How to I manage sharing it with other people, companies, software?

-- Frank

JG4December 29, 2015 1:04 PM

In patent intellectual property, there is a clear precedent called "first sale doctrine" (or something similar), which holds that once the owner of the patent sells a device based on it, the buyer can do more or less whatever they want with it, including cut it up and build it into their own equipment. The license fee has been paid in full for the use of the patent.

I don't think that it has been tested in software, but a similar concept could apply, where purchasing one copy of the software would allow modification of that one copy, e.g., in your car or in your thermostat, to suit your individual purposes in furtherance of your right to pursuit of happiness through property ownership.

The intent of DCMA was to prevent unlicensed copying, which is a different matter than modifying operation. I suspect that these points have been made quite clearly by many others. I thought that I saw a newsclip posted a few months ago in the comments here, where Congress had recently passed a very modest rollback of a tiny portion of DCMA that allows people to modify code on their own devices. Clearly the EPA and FCC will have something to say about those modifications if they impact pollution of either the airways and waterways or the airwaves.

If I could remember where I put the link, I'd post it here.

Tom ZellerDecember 29, 2015 1:12 PM

FYI - Keurig does now allow refillable pods in its 2.0 coffee makers but it is still true that only Keurig-licensed pre-filled pods will work. p.s. The Keurig pods are convenient but an environmental disaster, with billions of plastic cups landfilled every year. I recycle mine, but it is a giant pain to do so. Most are not engineered to be taken apart.

SterlingDecember 29, 2015 2:48 PM

My Xbox, Playstation, and Wii U all have seem to have the exact same cartridge format. The cartridges are flat, shiny, with a hole in the middle. They look a lot like compact discs.

MarkHDecember 29, 2015 2:56 PM


It seems to me that Bruce's opinion piece incorrectly depicts the relationship between DMCA and proprietary components ... or at least, depicts it too strongly.

In particular, Bruce refers to HP printer cartridges. In the landmark case of Lexmark v Static Control Components, the governing court opinions seem to clearly establish that DMCA does not prohibit reverse engineering for the purpose of making interoperable (compatible) products.

A few years later, when in its successful attack against manufacturers of compatible cartridges, Epson did not invoke DMCA, but rather asserted infringement of patents and copyright.

So, if I understand correctly, DMCA is not necessarily the obstacle to making products that interoperate with other systems.

If anyone knows the legal situation better than I am describing here, please correct what I have posted here!

Fascist NationDecember 29, 2015 4:15 PM

This proprietary software is preventing the governments from secretly surveilling terrorists and child pornographers. There . . . now the law will be changed. I'm certain back doors for government entities built into proprietary software will now be required. Feeling well secured.

JG4December 29, 2015 4:58 PM


Thanks. That was the link that I vaguely remembered. I'd like to see the first sale doctrine extended in statute to cover any firmware or software in any device that you purchase. Back in the day when a 1/2% payroll tax to support retirees seemed like a good idea (it was, but tragically flawed by the rich target that it created), enough amateur radio people raised hell to maintain the right to tinker with radios, including the right to broadcast below 100 milliwatts, and enough aviation enthusiasts raised hell to maintain the right to build experimental aircraft. The right to tinker with computers strikes me as a remarkably similar case, and I'd guess that there are even more people inclined to write their own code than ever were interested in radio or airplanes. It is encouraging that the folks who tinker with cars have gained back some meager right and ability to keep doing it. The advent of inexpensive and powerful transistors for 1 GHz to 100 GHz will open up some new frontiers in networking below 100 milliwatts.

Sancho_PDecember 29, 2015 6:17 PM

@Bruce's essay touches an interesting dilemma:

“No, Your Honor, this information is not encrypted, not at all.
It is just protected by the DMCA.”

Clive RobinsonDecember 29, 2015 6:18 PM

@ Barry Wallis,

The HP link I was trying to remember was the one where HP got told that the DMCA did not count in the EU but the WEEE did, and that in Europe at least it was legal for others to refil ink cartridges etc.

Personaly I think it's well past time that the EU took action against the likes of HP and various mobile phone manufacturers for their blatant profitering by ignoring the WEEE and other EU legislation. If the EU did pull the plug on them then the DMCA argument would become sufficiently weakened that it could not be used to continue to support the business models it created, as the companies operating them would then fall foul of other legislation both in the EU and US.

Marcos El MaloDecember 30, 2015 12:01 AM


Do you really think the U.S. will leave NATO and other treaty organizations that were founded to contain communism, and instead join the non-aligned movement? How do you imagine that happening, how would events unfold? Am I right in understanding that this leaving of NATO will be related to a resurgence of the old Soviet Bloc? Or were you imaging a new 2nd World grouping emerging from . . . What, exactly? Cuba and Venezuela? Are there any other socialist dictatorships out there that could form the basis of a communist bloc?

Also, I'm not at all clear and how IoT fits into this odd realignment you foresee.

ThomasDecember 30, 2015 12:17 AM

> As the Internet of Things becomes more prevalent, so too will this kind of anti-competitive behavior -- which undercuts the purpose of having smart objects in the first place.

Assuming the purpose was "to make money for the manufacturer" it seems to me that the purpose is being served very well.

"Why is my $IOT_THING doing this to me" sounds a lot like "why is $SOCIALNETWORK doing this to me", and the answer is the same: because it's profitable, and because they can.

> Philips backed down and restored compatibility a few days later.

When Win98 came out we were forbidden from 'upgrading' because it 'phoned home' when first installed. Now Win10's "telemetry" features are considered acceptable.

One IoT manufacturer moving a bit fast and being slapped down is not the end of this trend.

NitpickyGamerDecember 30, 2015 3:41 AM

Bruce, I realize you're probably not much of a gamer, but most gaming systems haven't been cartridge-based for a decade. The last mainstream console to use catridges, the N64, debuted in 1996. Modern consoles all use optical media.

It's really only the handhelds (PSVita, Nintendo 3DS) that use carts for their physical copies of games.

WinstonDecember 30, 2015 10:09 AM

The thing with the DCMA and the way it's being leveraged by corporations is that it threatens to breed contempt for the law generally. This the worst thing about this kind of legislation; this is its biggest threat. They may be able to pass it at the time, before people understand what it all implies, but soon enough people will begin to feel the inequity that flows from this kind of law-making.

Once that kicks in, it breeds contempt not just for the unjust law, but for the process of lawmaking generally, and for our institutions and the specific indivudals who compose those institutions. A society composed of people who have a defacto contempt for law and the nation's institutions starts to look a lot like Soviet Russia or any of the corrupt developing nations.

The dynamic in those places was and is: contempt for the law so widespread that it normalized lawbreaking. The lawbreaking then becomes so widespread that law enforcement can't contain it. The perception that law means nothing over all domains takes a hold and the lawbreaking spreads into all corners of society in the form of bribery, offical corruption and the defacto legitimization of the blackmarket.

This is not a society I want to live in. From the non-bankruptability of student loans to the criminalization of mere ideas via software patents to the destruction of pro-social innovations via DMCA to the Citizen's United "legalization" of the corruption and distortion of the fundamentals of our political processes, to the refusal to do anything about climate change, the law is clearly being used as the criminal means to achieve a criminal ends- the unjust enrichment of a big money Congressional donors by asset-stripping the masses of what little wealth and hope they may have.

At some point, Congress is going to be seen as what it is- an institution which has been taken over by criminals. The laws which flowed therefrom are not laws in the Constitutionally normative sense of that word, laws made to promote and preserve the society at large and individual freedom. Instead they are criminal acts perpetrated upon society by a criminal minority who have commandeered the reigns of lawmaking through a variety of means- gerrymandering, corrupt SCOTUS decisions and criminal lawmaking.

When that tipping point comes, future Congresses, composed of the enraged and brutalized victims of this Congress - people whose futures have been destroyed by climate change for instance- will not just repeal the criminal acts of this Congress, they will prosecute their former counterparts as the criminals they are now widely understood to be.

The one thing Nuremberg taught us is that people will not tolerate mass crimes, even if those mass crimes were committed under the cover of law. The power of lawmakers to legitimize any law they pass is not absolute. Not just technoogy, but societal attitudes are changing faster than at any time in history. This allows for the possibility that now-powerful people will see the philosophical and attitudinal basis of their power swept away before their eyes, within their active lifetimes. Instead of taking 40 years to arrest a Pinochet type lawmaker, it takes 20 or 10 or even less.

Futhermore, what constitutes a "crime against humanity" will be defined to meet the realities that people are being forced to live with, say, as a result of global warming or the financial implosion caused by the non-bankruptibility of student loans and the resulting financial bubble. The climate is tracking and exceeding the most pessimistic projections of climate scientists and almost 1 in 30 of all the world's dollars are American student loan debt, and that number is going up, daily.

So technoogy and society is changing at break-neck speed and Congress can't keep up with it all. One of the "new" things we're likely to see that Congress doesn't see coming in the near-future is the prosecution of themselves in the nation's courts by their near-future counterparts accompanied the removal of judges who would stand in the way of that. Those near-future Congressional members will stand in judgement of previous Congresses actions *in their lifetimes* and hold them accountable for the obviously self-serving, corrupt and profoundly injurious actions they took to enrich themselves and their cronies, even if it was under the cover of law.

Anonymous CowDecember 30, 2015 10:49 AM purchased from the iTunes Music Store has been DRM-free for a long time...

That's true; however the format you get is M4A, not MP3, which is what most portable players require. But guess what: go to downloads dot com and you'll find a number of converters that will make MP3s out of M4As.

Now if you're talking about videos from ITunes store: yes we still have DRM issues and/or non-compatible formats. I get one of those free download cards from Starbucks and can only play it on the PC I download it to; I can't move it to another PC or memory stick to put it onto a TV.

Rosa LuxemburgDecember 30, 2015 1:13 PM

Because companies can enforce anti-competitive behavior this way, there's a litany of things that just don't exist ...

It's limiting to think of it as "anti-competitive behavior," while subtly advancing the market fundamentalist myth that competition between businesses is the sole driver of innovation and progress. On the contrary, this is a rational and predictable step by any competitive, profit-maximizing actor: leverage publicly developed, shared standards; develop derivative works; then kick away the ladder to prevent others from benefiting from work that rightfully belongs to the commons. Or, to put it another way, "embrace, extend, extinguish."

This, of course, stifles innovation and progress. If "intellectual property law" had always been what it is today, we'd still be living in the Dark Age. We innovate through collaboration -- by hopping on the shoulders of giants and passing the torch forward to future generations, to mix some metaphors. At the same time, we must preserve the dignity and workers' rights for the technical workers who innovate, but clearly market mechanisms aren't the only way to do this.

As frustrating as the DMCA might be for consumers of coffee and fancy networked LEDs, intellectual property is a serious threat to human life in other domains, such as drug patents. These companies that boost their market share by lobbying for coercive restraints on innovation (ie, intellectual property law) are murderous.

xcel102December 31, 2015 3:58 AM

Agree with others that iTunes music is neither proprietary nor incompatible. Although the .m4a container and the AAC codec are still not as popular as MP3, they're part of the standard and widely supported nowadays. I can play them on my Windows PC, on my Android phone, and in my car's SD card slot. Very rarely do I need to transcode a file into MP3 for someone.

Stuart RitchieJanuary 1, 2016 6:43 AM

@Bruce - OP: the right to data portability is one of the few novel rights legislated by the EU's General Data Protection Regulation. It's not going to go away, because such antitrust thinking lies at the very legal core of EU treaty law. By way of the ubiquitous "law" of unintended consequences, the GDPR thus necessarily will force adoption of open common data standards for IoT devices in Europe (including albeit not focused on security issues). Otherwise, once found to be in breach, even selling such devices might incur fines of up to 4% of worldwide turnover of the entire business, on top of class actions etc. (that says nothing about internal architectures of course, but once you have such mandated interoperability in terms of inbound/outbound data feeds will that even matter any more?)

So at last, if businesses want to sell into Europe, they'll have to get used to complying with the law. In turn this means, ironically, companies will have to adapt to free-market thinking by dismantling proprietary data architectures even in the multi-device context. So this is a massive boost for startups and competition generally. That said, given Phillips' recent embarrassment which is obviously just the tip of the iceberg, common open standards may have been inevitable anyway via consumer pressure, but the GDPR sets a deadline in stone.

@all those who think the DMCA and all this is a conspiracy of big business and/or government: not really, just business as usual. We've known since it was pointed out in that momentous year of 1776 that big business is dependent on government for economic survival in what otherwise might become a free market. The momentous event of 1776 was, as you all know, the first publication of Adam Smith's Wealth of Nations.

@stimoceiver: very interesting points.

@winston: Likewise your comment starts off interestingly, but regrettably you get sidetracked by what may be a logically confused notion of "crime" and "criminal".

stimoceiverJanuary 1, 2016 7:55 PM

@V its funny you mention Fidonet. I dont know much about their underlying architecture but IIRC it was a store-and-forward system like USENET.

More relevant from that era is the transition from bang path notation for email and news to using DNS.

I merely point out a gap in the existing implementation of "neworking" in our daily lives. Here are some others. Why dont our smartphones have the ability to recognize each other, say, on public transportation? It would enable people whose privacy settings include a public facing profile to game or strike up conversation with each other based on mutual interests. Why don't our modern, digitally networked cars include the ability to communicate with other nearby cars? One could go back far enough and ask the same question of television: Why has it remained only a "one-to-many" communications medium for so long?

What consumers dont understand is that we have become so dependent upon infrastructure that we neither own nor control that we put ourselves in a dangerous position. When an entire network of intercommunicating devices exists between multiple devices in your household, over distances measurable in inches and centimeters, some routing traffic for others, the resulting topology may reasonably be termed a mesh. And how much of this mesh will include devices like smart televisions and smartphones, devices with cameras, microphones, and network connections that can be used to surveil? devices that are closed-source and almost always laden with inbuilt vulnerabilities? Especially devices like smartphones where unbeknownst to most, the baseband architecture is sophisticated enough to be running its own, proprietary second operating system administered via infrastructure-facing interfaces only, and already known to be fully capable of doing things like updating the end-user-facing commodity OS or activating the microphone. Today's smartphone vendors could end up being the first vendors of mass market wearable and implantable computing. Do we really want those devices to share the design philosophy of a proprietary baseband architecture and OS, physically and cryptographically secured against end-user rooting and modification?

These same or similar critiques apply to the network architecture itself. Why shouldn't we radically reorient our networking paradigms to include node-centric (mesh) networking? Allowing ONLY proprietary-routed networking ensures the infrastructure-owners will always have the upper hand when it comes to surveillance and data mining.

mbJanuary 11, 2016 2:08 PM

I have brought this topic up numerous times over the last few years with many of my non-technical friends, and they don't really seem to understand the implications of vendor lock-in like itunes or amzaon. I finally resorted to giving a few very literal examples, like imagine if the TV networks had each settled on a different standard, so you could only watch NBC on an NBC television or CBS on a CBS television. What if phillips (dumb) light bulbs only fit in a phillips light socket, or if you had competing electric standards so you would have to have an "Edison Brand" licensed vacuum cleaner and dish washer?

The market would not support it. Learn from History. Edison lost the power standard battle. TV is everywhere, because it was available to every one. Betamax anyone? Does anyone else even remember the Zune?

If corporations want regulated monopolies in the form of copyright and patent protection, then they need to accept some form of regulated compatibility legislation in return. Consumers MUST be able to openly use the product they chose in they way they desire. It will not work otherwise in the long run. History has already proven that.

Clive RobinsonJanuary 11, 2016 4:13 PM

@ mb,

Consumers MUST be able to openly use the product they chose in they way they desire. It will not work otherwise in the long run. History has already proven that.

Two things to note,

1, History is longterm bonuses are very short term, thus shorterm thinking prevails in most C Level positions. Likewise the shareholders are not in it for the longterm.

2, The software industry has shown that "IP" can be licensed entirely, thus the doctorine of "First Sale" never applies, because you are not buying a tangible object but at best renting an intangible number.

If you want to see just how bad this is getting go have a look at what is going on with TPP, it will shock you rigid,

But sadly that is the way Corporate America is "pushing the world" and other countries are "just touching their toes" in response.

WaelJanuary 11, 2016 4:19 PM

@Clive Robinson,

just touching their toes

Do I need to remind you that you already have a yellow card? :)

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.