DRM and Sony

As a nerd, I sometimes forget that topics that are familiar and important in my world do not always carry the same level of interest (or outrage) among non-nerds. This is sometimes awkward, since I have friends and colleagues on each end of the playground.

For those who are not already aware, DRM is an acronym for Digital Rights Management – the entertainment industry’s latest term for copy-protection. DRM does for digital content (music, movies, games) what syphilis does for dating.

Anyone already familiar with the history of DRM as it relates to copyright (and can easily name each Star Wars film in which Boba Fett appears), can skip over the “DRM” section and proceed straight to the spectacular boner that Sony pulled, under the “Sony” section.

DRM

The whole DRM issue revolves around the right to “fair use” of digital content on one side, and the protection of copyright on the other. In Universal City Studios v. Sony Corporation of America (the “Betamax” case), The Supremes ruled that the recording of broadcast television for the purpose of time-shifting was not copyright infringement but, instead, fair use. This interpretation has since been expanded to include activities like making personal backups of purchased content. This decision plus the doctrine of first sale (which says that one can sell or give away a copyrighted work that was legally purchased) give consumers some rights when it comes to digital content.

However, two important developments occurred that, in combination, have record label and movie studio executives freaking up one side of the board room and down the other:

  1. Media formats that can be copied without degradation
  2. The emergence of file sharing networks such as Napster, Grokster, Gnutella, LimeWire and BitTorrent

We are no longer talking about Jim recording The Eagles Greatest Hits from vinyl to cassette and then giving it to Dave. Now anyone with a computer and some time can obtain high quality copies of music and video for free.

The Recording Industry Association of America (RIAA) and the Motion Picture Association of America (MPAA) have responded in two important ways to this situation – legislation and DRM.

Legislation: In 1998, they purchased a law from Congress called the Digital Millenium Copyright Act (DMCA), that criminalizes attempts to circumvent copy-protection, but is so broadly worded that I am technically breaking the law by trying to guess one of my own passwords. With the DMCA in place, the RIAA and MPAA are trying out a novel business model – suing their customers.

DRM: Through proprietary hardware and software, various companies in the business of selling copyrighted content are attempting to place restrictions on how the content can be used, e.g., limiting the number of times a purchaser can play the content or make a copy, interfering with an individual’s ability to move content from one device to another, etc. The stated reason for these restrictions is to combat piracy. In reality, DRM does nothing to prevent piracy, due to:

  1. Shoddy implementation
  2. The nature of digital media (as Bruce Schneier puts it, “Bits are inherently copyable, easily and repeatedly.”)

All it takes is for one clever individual to strip the DRM from a given digital file and make it available online. That file can then be downloaded by as many individuals as care to do so. The **AAs are attempting to impose physical rules on a digital realm, with predictable results. Whenever the latest scheme doesn’t work, they fall back to litigation.

The only way to make DRM effective would require such sweeping, draconian, backward changes to the entire digital media distribution/consumption model as to make one ask the question, “What problem are we trying to solve again, and why?” So, of course, that’s the legislation the **AAs tried to purchase next. The Consumer Broadband and Digital Television Promotion Act (CBDTPA), was draft legislation that would criminalize any technology that didn’t have DRM implemented that was capable of reading digital content. This means DRM built into the hardware of every television, PC, DVD/CD player, satellite radio receiver, game console, etc. The legislation is dead, for now, but special interests have very deep pockets and longevity on their side.

DRM is a barrier to what digital consumers want – interoperability. People want to use the content that they paid for however they want, and the doctrine of first sale says that this is okay. Unfortunately, if that content includes DRM, exercising your rights makes you a criminal, on account of the DMCA. It’s true, some people don’t care that their purchased content has DRM, because it hasn’t gotten in their way. Yet. When it does – they have a hard drive crash and lose every song they bought from a particular online provider because they cannot restore a unique key, or they decide on a different brand of portable player and cannot port their collection to it, or they hit the restricted number of copies on a given song – they will most likely change their tune.

As to piracy, some argue that DRM pushes more people to break the law. There are people who purchase a song online, then download the same song via a file sharing application so they can have a DRM-free copy in the format of their choice. In many ways, the RIAA created this situation and now they’re trying to sue the genie back in the bottle. The technology to sell online music was available for years before iTunes opened its doors. Why? Because the RIAA resisted, and continues to resist, the new distribution model. Motivated purely by greed and control, the RIAA wants to keep things the way they’ve always been. Smart organizations adapt to and capitalize on changing markets. Not the RIAA, though. If the RIAA had been in the buggy whip business circa 1900, their profits would still be thriving because they would have successfully lobbied to get a kickback on every gallon of gas sold, the way they do today with blank, recordable media.

Piracy is a legitimate problem, but it’s mostly a physical one, i.e., the illegal distribution of CDs and DVDs in overseas markets. The figures that the RIAA quotes for losses due to online piracy are grossly inflated. For one thing, they reason that every song downloaded via a free file-sharing application would have otherwise been purchased. And not just the song, the whole CD. In addition, their figures conveniently fail to factor in their own reduction in new releases over the same period, or the state of the economy. Online music piracy is simply not the boogeyman that the RIAA dresses it up to be; it’s a specter that they use to their advantage. The RIAA record labels are not about to go out of business because of piracy.

Sony

Sony (remember Sony from the Betamax ruling?), is now a major player in music and movies. In recent news, they placed DRM software on at least 19 CD releases, with disastrous results. When a consumer attempts to play one of these CDs on hus computer, hu is greeted with an End User License Agreement (EULA) which, among the incomprehensible snarl of legalese common to all EULAs, includes language which states:

“…this CD will automatically install a small proprietary software program (the ‘SOFTWARE’) onto YOUR COMPUTER. The SOFTWARE is intended to protect the audio files embodied on the CD, and it may also facilitate your use of the DIGITAL CONTENT. Once installed, the SOFTWARE will reside on YOUR COMPUTER until removed or deleted.”

What the EULA doesn’t state is that the SOFTWARE is a rootkit (malicious software which cloaks its presence) which will bugger up your machine if you attempt to remove it without Sony’s help, and provides writers of trojan horses and viruses with a ready-made mechanism for cloaking themselves. In Sony’s eyes, these must be acceptable tradeoffs to prevent you from making more than three copies of the Neil Diamond CD you just bought.

Sony is already facing six, count ’em, six separate lawsuits in the fallout of this invasive, ill-conceived DRM tactic. They’re in full damage control mode, but remain strangely unapologetic. They insist that the software poses no threat, despite three “in the wild” trojans having already been identified as exploiting the security hole created by their software.

There is a movement on Slashdot to popularize the phrase “Infected with DRM” to characterize more accurately what companies like Sony are doing, as opposed to what EULA language like “facilitate your use of the DIGITAL CONTENT,” does to illuminate the issue.

In a way, I am grateful for what Sony has done. By making a move so clearly lacking in foresight and which so clearly places its own interests ahead of its customers, Sony has created a furor which might well reach people who hadn’t previously given one thought to DRM or how it affects them. I think I’ll get Sony something nice this Christmas. I know! Foot bullets. I hear they’re running low.