Level: Intermediate Peter Seebach (developerworks@seebs.plethora.net), Freelance author, Plethora.net
01 Nov 2005 Whether you're a buyer or a seller of a product, the essential goal of standardization is to make interoperability possible, allowing communication with anyone else using the same protocol and media. In some cases though, vendors have specific reasons for not being compatible -- and those vendors have developed a standard for incompatibility, digital rights management (DRM). The goal of DRM is to limit compatibility because things which are compatible can be copied and distributed freely. In this installment, Peter Seebach looks at a potential oxymoron -- standards designed to subvert and prevent interoperability.
The essential goal of standardization is to make interoperability
possible.
Whether you're buying or selling a product, standardization makes your life
easier -- a standard for media allows you the freedom to buy whatever media reader you
like, confident that you can use the broad variety of compatible media. A
standard protocol allows communication with anyone else using the same
protocol.
In some cases, vendors have specific reasons why they don't want to
be "quite" compatible. The umbrella term is digital rights management (DRM).
The goal of DRM technology is to simply limit compatibility because
things that are compatible can be copied and distributed freely. The
majority of DRM technology is aimed at ensuring that people pay for products
they might otherwise just make copies of.
However, some DRM technology has
other goals. DVD region coding affects the playback of media rather than
the copying of it; even the original media is restricted.
Ironically, a number of standards have to do with DRM --
these
standards exist to subvert and prevent interoperability. The
tension between the inherent nature of standards and this particular usage of standards
produces a variety of interesting counter-examples, technical curiosities,
and other things worth closer examination.
What is interoperability?
Interoperability is one of the things people talk about when promoting
standardization. The idea is that things which comply with a standard can be
used together. If I have two devices with IEEE 1394 ports, they should be
able to talk to each other. If I have two devices which advertise
compatibility with the USB 2.0 spec, they should be able to communicate.
Any drive which reads Compact Disc media should be able to read any Compact
Disc. A device sold as an MP3 player should play MP3 files.
Once for
about six hours, I owned an RCA "Lyra" device, sold as an MP3 player, which could play
only files in a special format that a proprietary program created; actual MP3
files came out as static. The company advertised the device as an MP3 player,
but in fact, it wasn't compatible with the MP3 standard. The DRM technology
they used to restrict playback to files generated by an "approved" program
had the side-effect of making the device incompatible with my computer.
Interoperability is such a benefit to everyone that it almost seems too obvious to
mention the fact. Would you buy a CD containing
music which you could listen to at home but not in the car? No.
Would you buy a CD player which could play only some of the available
music on CDs? No.
Interoperability allows vendors to sell their products to a wider audience, making those products more desirable. It makes them more
useful.
On its face then, the notion of intentionally limiting interoperability
seems crazy. However, the DVD standard has been carefully designed to do
just that, by a mechanism called region coding. The idea is that
the world is divided into regions. A DVD that will play in one region will
not play in another. This contradicts the very idea of having a standard
to begin with. Why even bother calling the incompatible devices by the
same name?
To be fair, a DVD need not be coded for a specific
region. Interoperability
is not outright forbidden by the specification. The specification merely allows for
attempts to prevent interoperability.
Reasons for control
The idea of limiting interoperability like this did not appear out of
thin air.
People want to constrain interoperability for a number of reasons. This concept represents a battle between hardware vendors who generally like maximal interoperability and data dealers who have
some reasons to limit it. DVD region coding is, as the name suggests, largely
about controlling where movies are released.
Another variety of DRM, copy protection, is based on the desire to
keep more
than a limited number of entities from interoperating with a given product
at once. A program for an established platform can interoperate with -- run
on -- millions of computers. Some vendors, however, prefer to get
paid millions of times (once for each of those millions of copies) rather than getting paid
once and having millions of copies made.
Similarly, music vendors have
expressed grave concerns about the potential for many users to interoperate
with a single CD. The elaborate rules on DAT machines for keeping track of
"allowed" copies and such were a great example of a feature which had the
primary effect of adding substantial cost to a platform to no one's actual
benefit.
For an example (which isn't quite DRM, but is an excellent example of
vendor control),
look at the way cheaper inkjet printers control print cartridges. Some
printers out there are physically identical but won't take each others'
cartridges, or a cheaper printer takes only the more expensive cartridges.
A large portion of the cost of building such print cartridges is the elaborate
techniques used to keep you from using cheap generic ink, keep you from
refilling cartridges, and so on. This is especially common on unusually cheap
inkjet printers which might be sold at a loss in order to generate the more lucrative
sales of ink cartridges -- in other words, give away the razor and sell the blades. (See
Resources.)
The fundamental justification for standardization is economic. Standards
are
driven by the economic goals of communities that realize that shared
interoperability improves return on investment. DRM is driven
by the economic goals of vendors who believe that limiting interoperability
will in some way improve their return on investment, generally at the expense
of everyone else's ROI.
Making other companies cooperate
A mystery remains. It is obvious why people selling movies might like to
restrict access to those movies so they can control sales, engage in marketing
campaigns, and do all the other things vendors love to do. What is not
obvious is why the seller of a DVD player would want to provide for such
limitations.
Actually, the answer is simple -- there is licensing for the technology;
a player that won't enforce these restrictions can't get licensed.
Friction exists between DRM efforts and the work vendors often do on
compatibility. High-end CD-ROM drives which do their best to accommodate
defective media might not work with some copy-protection schemes which depend
on the drives failing in predictable ways; the copy protection scheme might
falsely identify an original disc as a copy. Ink and toner vendors, who
want to sell cartridges for popular printers, fight fiercely against the
efforts of printer vendors to monopolize sales of supplies for their printers.
When to use DRM and similar technologies
If you can avoid DRM and like technologies, do. DRM technologies are
very inconvenient to regular
users. The chance of a technique withstanding serious efforts at bypassing
it is miniscule (Resources); the chance of it inconveniencing legitimate users is high.
A famous example is a company selling music on CD-shaped things (Philips, it
is said, denied them the use of the Compact Disc logo) which caused the
firmware in some CD-ROM drives to crash, resulting in a drive that could only
be opened by physical force. No one was impressed. (Actually, the editor of this article was impressed: She didn't realize that it was possible to create a piece of aluminum-in-plastic that could keep a CD-ROM drive from ejecting. Such a piece of sabotage is impressive!)
Jim Baen of Baen Books explained his company's choice to distribute many
books in completely unprotected formats:
Because not only are our readers, in the main, not
thieves, but because there is nothing there that is stealable.
Baen's experience (and he has several years of experience, complete with
records showing the results) has been that making an electronic copy of a book
available for free does not hurt sales of that book (Resources). Lest
people think this has been tried only with old titles that aren't selling,
the company has at least twice put out hardcover, first-edition books with the
entire book text on CD-ROM and blanket permission to copy and distribute
that text non-commercially. (I bought both of them within a week or so of
their release.)
Curiously, many DRM advocates (and groups such as the RIAA) are quick to
claim that unrestricted copying has deleterious effects, but supporting data is very slim. The people who have actually tried the experiment
and made something easy to copy have, thus far, reported consistently positive
outcomes.
Don't think for a moment that DRM will have any real effect on organized
attacks. The folks that send all that spam about complete suites of Adobe
software for US$20 are not going to be deterred by any DRM system you ever
see.
What to do when you have to use DRM
In some cases, economic considerations or licensing might require the use
of
DRM technologies. A number of considerations can minimize the
harm this does to interoperability and the essential goals of standardization.
The first and most important is full disclosure. If you are selling
round silvery plastic things which do not fully conform to the Compact Disc standard, you have an ethical obligation to warn people (and for those of you who might be morally challenged, you might also have a more concrete legal obligation -- so you might as well be safe). Make sure that all retail packaging clearly warns potential users about known incompatibilities, whether they are intentional or not. (You know, like those application-software bugs that the company likes to call "features.") If you sell a thing which is intended to play in CD players but not to be readable on a computer, be sure to warn the consumer. Some consumers (myself included) haven't used an actual CD player to play an actual CD in years.
Try to find ways to work within standards as much as possible. In some
cases, a technological solution is not the best one at all. For instance, tying
customer support to licensing may provide sufficient incentive for people to buy a product without any need for elaborate copy protection and hardware dongles.
Restrictions on number of uses are a bad choice. Apple has gotten some
fairly
strongly worded negative feedback from a few early adopters whose habit of
buying each slightly faster PowerBook ran them out of "authorizations" for
some iTunes songs.
Following are some other concerns to keep in mind if you just have to use
DRM technology.
Explore standard options
Silly as a standard designed to limit interoperability might be, it's a
lot
better than no standard at all. For instance, though many users dislike
region coding, at least you can generally predict it. (Not always, though. I once had
some backups I burned to DVD that refused to mount because they allegedly had the
wrong region code.)
Investigate the existing options -- if there are any -- and
see what people think about them. Check bulletin boards for complaints. A
copy-protection scheme which causes a substantial number of legitimate users
to learn to bypass it is not helping the vendor or the emptor.
Be very careful to consider the impact of a DRM scheme on your standards
compliance. The Compact Disc format is a real standard, designed to allow
interoperability. Many attempts to subvert this with DRM have resulted in
failure to comply with the CD standard -- and thus have disqualified the
resulting media from being considered Compact Discs. (And if you think a few extra copies is damaging to your sales numbers, see what being branded "non-compatible" can do to your product campaign!)
Failure to comply
with a standard can hurt you badly since consumers quickly learn which round silvery things aren't really Compact Discs and might not work in their
standard hardware.
Cut your losses
Whatever you are hoping to accomplish by adopting DRM, remember that it
will only work some of the time (as in "you can only fool some of the
people. . . "). Do not try to eliminate every possible hole in your
system. It's impossible, and the marginal cost is huge. Worse yet, the
marginal harm done to the legitimate users who are trying to use your
product within the intended boundaries is even larger. I have been tasked
to find workarounds for the copy-protection scheme of dozens of games (and
even once of an operating system) when the copy-protection scheme didn't work correctly.
I have determined that it's not worth it. Lots of your potential customers
will come to the same conclusion.
The fact is, a few DVD players out there shipped with a
"factory testing" mode can play DVDs from any region. There are people
out there who have bought a US$70 program with the sole intent of being able
to burn copies of your copy-protected CD or just bypass the copy protection
entirely.
Don't sweat it. You can't beat everyone all the time. Trying to do
so will just make things worse.
Do not, under any circumstances, file silly lawsuits over this. Most of
what the publicity will do is only end up hurting you -- as an effective deterrent, individual lawsuits are a bust. Everyone has heard the story of a student who realized
that a company's elaborately researched scheme to prevent a CD from being
ripped into MP3s could be defeated by holding down the shift key, and was
promptly sued for US$10 million in damages (the suit was withdrawn
the same day). This kind of behavior does not
endear one to users.
Legitimate users
Don't forget that legitimate users are out there. If you try to
keep them from doing something perfectly reasonable, your best hope is that they will simply bypass your copy protection. Your worst fear is that they find a competing technology (after all, if you weren't in competition with someone else, you wouldn't be worried about DRM now would you?), adopt it, and entice their friends to adopt it, too.
My laptop has 17GB of CD-ROM and DVD-ROM image
files on it, carefully constructed to allow me to run programs that think
they need the original program CD to run. I travel a lot and I play a lot
of video games -- I have no intention of carrying an extra twenty CDs around with me,
many of
which it would be impossible for me to buy replacements of today. So instead, I use CD image files mounted in virtual drives. For most
games, that works. For the remainder, well, let's just say I have been known to chew up many
hours of your technical support time getting a game debugged. And if you spend
more money paying for the support than I paid you for the game, you lose.
It might be that I am in some way offending the sensibilities of the
developers whose games I bought (and which I now run using drive emulation). Remember, though: They got their money. They have
no grounds for complaints. The copy protection is still inconveniencing me, but it's inconveniencing me a little less than it used to. If a program's
copy protection is too annoying, I will generally find a workaround.
And an important point to consider -- I'm still a legitimate user. I'm
buying software retail (I even tend to buy things for full price when they're new). Likewise, I have four crates full of CDs, all carefully stored away in case I ever want to re-convert them into MP3s.
If your poorly-designed DRM forces legitimate users to break your copy
protection, consider it too intrusive and back off. In fact, one
developer did disable the SecuROM copy protection because a new
version of the protection algorithm prevented the game from running on many
computers. This was a smart move, designed to ensure that they didn't lose a potential market for their product. Once again, when the people who pay you US$50 for your product have to download cracks from the Internet to avoid problems (in some cases, actual physical damage to machines!), it's a clear sign that you have taken things too far.
Even DRM advocates run afoul of this. Michael Gartenberg, a DRM
proponent, said in a personal blog entry:
I finally took matters into my own hands. With a little help from a
lovely free program, I was able to take all my MSFT .lit files and convert them to unprotected .PDF files for Tablet viewing and Word files that converted easily to eReader format.
Feel no shame, Michael; that's just the reality of the situation. DRM
which doesn't work perfectly for a legitimate user will be
bypassed.
Why it doesn't work
Science fiction writer (and giver-awayer of many books) Cory Doctorow, in
his presentation to Microsoft®, explained it very simply.
Any DRM technology has to make it possible for the user to use your material. If it's based on encryption, you have to give them some way to decrypt the
material to see it. And any system based on handing people the cipher
algorithm and the key along with the ciphertext is not going to stay secure
for long.
That's why it doesn't work. The next question is whether we should try
to
make it work -- the answer is no. The fact is, this is all about trying
to undo the economic benefits of standardization, and it's not worth it, even for those who support it with the most vigor.
Every experiment has consistently shown that DRM technology is not achieving its
users' goals. Publishers and authors who give away free books make more money; according to Baen Books, putting up a book for free on its Web site increased sales of that book, not just other books by the same author. Musicians who give away free music make more money (Janis Ian has talked about this a lot; see Resources).
Work on DRM consumes a lot of time and a lot of money, trying to develop a
technology that by its very definition can't actually sustain or achieve
the goals for which it is designed. The more elaborate our attempts to
enforce DRM by law or by technology, the more resources we're wasting trying to undo all the progress we've made towards interoperability and efficiency.
Resources -
Brad Wardell, who has made a living selling games without copy
protection, argues that copy protection is useless or worse. (From JoeUser.com)
-
In this most
excellent talk to the suits at Microsoft, Cory Doctorow, a published author who gives his books away online, discusses DRM technologies (more specifically, he concludes that they don't work, they're bad for business, bad for artists, bad for users, and to drive the point home, bad for Microsoft).
-
Of course, it could be worse; some DRM systems install
a rootkit on your machine, permanently interfering with system
maintenance and creating new security holes.
-
In FiringSquad (home of the hardcore gamer), Jakub Wojnarowicz points out
that Brad Wardell's (see the first Resource) most famous and successful
game, Galactic Civilizations, doesn't use any copy protection.
-
Welcome to the Baen Books Free
Library -- Baen just gives books away, no copy protection, at all. It works great.
-
Speaking of which, many science fiction
writers post complete stories online, for free. They don't seem to be the worse for wear.
-
Janis Ian writes about the ballyhoo over DRM raised by the music industry, how little she fears having people "steal" her music online, and how much sales of CDs increase every time they post new free downloads on her site.
-
After an amazing response to previous article, Janis Ian tells us some of the
things she learned -- my favorite quotes Steven Levy in Newsweek: "Why are the record labels taking such a hard line? My guess is that it's all about protecting their internet-challenged business model."
-
Tim O'Reilly alerts us to Authors Guild plans to sue Google over its online library search technology -- it claims the search will hurt authors' rights. (From the New York Times)
-
Company uses lawsuit to outlaw "SHIFT" key. As the Daily Princetonian points out, this lawsuit disappeared as quickly as it was proposed. And, SunnComm's abrupt reversal of plans to sue for circumventing their copy protection
scheme is a fascinating read.
-
A DRM advocate explains why he had to bypass some DRM.
-
Luckily for nearly everyone, courts have not upheld attempts to use copy-protection law to protect print cartridges from being replaced with functional equivalents.
-
If you can sell cartridges in one country for more than in another, why
not use region coding (like HP in this example) to keep people from importing the cheaper cartridges?
-
Richard Stallman takes us to a terrifying future where they've outlawed book-sharing, making book-lenders outlaws.
-
Seems lots of different approaches exist to circumvent Apple's DRM
FairPlay, including hymn and JHymn, Real Harmony, and PyMusique.
-
This BBC article notes that DRM efforts seem poised to have two effects: No guarantee that they'll prevent piracy and could mean more confusion for consumers with further fragmentation of file formats.
-
Of course, there's been plenty of talk about open source digital rights
management delivery systems -- the EFF still thinks that no DRM is a good DRM.
-
Ken Kutaragi, president of Sony Computer Entertainment, said recently
that Sony's earlier insistence on being overly proprietary about content caused the company to lose out on sales. In fact, according to this story, the company is now showing consumers how to get around its DRM.
About the author  | 
| | Peter Seebach is a perfect example of DRM -- he is usable in your system, but just try to replicate him! |
Rate this page
| 
