Friday, June 18, 2004

Cory Doctorow gave a great speech at Microsoft yesterday about digital rights management (DRM). A taster


"Here's what I'm here to convince you of:

1. That DRM systems don't work

2. That DRM systems are bad for society

3. That DRM systems are bad for business

4. That DRM systems are bad for artists

5. That DRM is a bad business-move for MSFT"

And that was just for starters. It's a bit esoteric if you have not been following the drm and copyright wars but still well worth a read.

"Cryptography -- secret writing -- is the practice of keeping
secrets. It involves three parties: a sender, a receiver and an
attacker (actually, there can be more attackers, senders and
recipients, but let's keep this simple). We usually call these
people Alice, Bob and Carol...

...with dual-key crypto it becomes a lot easier for Alice and Bob to keep their keys secret from Carol, even if they've never met...

...Now, let's apply this to DRM.

In DRM, the attacker is *also the recipient*. It's not Alice and
Bob and Carol, it's just Alice and Bob. Alice sells Bob a DVD.
She sells Bob a DVD player. The DVD has a movie on it -- say,
Pirates of the Caribbean -- and it's enciphered with an algorithm
called CSS -- Content Scrambling System. The DVD player has a CSS
un-scrambler.

Now, let's take stock of what's a secret here: the cipher is
well-known. The ciphertext is most assuredly in enemy hands, arrr.
So what? As long as the key is secret from the attacker, we're
golden.

But there's the rub. Alice wants Bob to buy Pirates of the
Caribbean from her. Bob will only buy Pirates of the Caribbean if
he can descramble the CSS-encrypted VOB -- video object -- on his
DVD player. Otherwise, the disc is only useful to Bob as a
drinks-coaster. So Alice has to provide Bob -- the attacker --
with the key, the cipher and the ciphertext.

Hilarity ensues...

...At the end of the day,
all DRM systems share a common vulnerability: they provide their
attackers with ciphertext, the cipher and the key. At this point,
the secret isn't a secret anymore...

...Here's the social reason that DRM fails: keeping an honest user
honest is like keeping a tall user tall. DRM vendors tell us that
their technology is meant to be proof against average users, not
organized criminal gangs like the Ukranian pirates who stamp out
millions of high-quality counterfeits. It's not meant to be proof
against sophisticated college kids. It's not meant to be proof
against anyone who knows how to edit her registry, or hold down
the shift key at the right moment, or use a search engine. At the
end of the day, the user DRM is meant to defend against is the
most unsophisticated and least capable among us."

Next he tells a story of an honest user a young mum who to avoid the kids getting jam on an expensive DVD tries to make a VHS copy, so that when that gets thoroughly kidified she can copy it again for their use and not have to fork out for another expensive copy of the DVD. This story rings very true with me. I've had to replace one of my son's favourite CDs four times in six years and I only count myself lucky that it has still been commercially available. Cory goes on:

"what this person will do in the long run: she'll find out about
Kazaa and the next time she wants to get a movie for the kids,
she'll download it from the net and burn it for them.

In order to delay that day for as long as possible, our lawmakers
and big rightsholder interests have come up with a disastrous
policy called anticircumvention.

Here's how anticircumvention works: if you put a lock -- an
access control -- around a copyrighted work, it is illegal to
break that lock. It's illegal to make a tool that breaks that
lock. It's illegal to tell someone how to make that tool. It's
illegal to tell someone where she can find out how to make that
tool.

Remember Schneier's Law? Anyone can come up with a security
system so clever that he can't see its flaws. The only way to
find the flaws in security is to disclose the system's workings
and invite public feedback. But now we live in a world where any
cipher used to fence off a copyrighted work is off-limits to that
kind of feedback. That's something that a Princeton engineering
prof named Ed Felten discovered when he submitted a paper to an
academic conference on the failings in the Secure Digital Music
Initiative, a watermarking scheme proposed by the recording
industry. The RIAA responded by threatening to sue his ass if he
tried it. We fought them because Ed is the kind of client that
impact litigators love: unimpeachable and clean-cut and the RIAA
folded. Lucky Ed. Maybe the next guy isn't so lucky...

...Here are the two most important things to know about computers
and the Internet:

1. A computer is a machine for rearranging bits

2. The Internet is a machine for moving bits from one place to
another very cheaply and quickly

Any new medium that takes hold on the Internet and with computers
will embrace these two facts, not regret them. A newspaper press
is a machine for spitting out cheap and smeary newsprint at
speed: if you try to make it output fine art lithos, you'll get
junk. If you try to make it output newspapers, you'll get the
basis for a free society.

And so it is with the Internet...

...

New media don't succeed because they're like the only media, only
better: they succeed because they're worse than the old media at
the stuff the old media is good at, and better at the stuff the
old media are bad at. Books are good at being paperwhite,
high-resolution, low-infrastructure, cheap and disposable. Ebooks
are good at being everywhere in the world at the same time for
free in a form that is so malleable that you can just pastebomb
it into your IM session or turn it into a page-a-day mailing
list.

The only really successful epublishing -- I mean, hundreds of
thousands, millions of copies distributed and read -- is the
bookwarez scene, where scanned-and-OCR'd books are distributed on
the darknet. The only legit publishers with any success at
epublishing are the ones whose books cross the Internet without
technological fetter: publishers like Baen Books and my own, Tor,
who are making some or all of their catalogs available in ASCII
and HTML and PDF.

The hardware-dependent ebooks, the DRM use-and-copy-restricted
ebooks, they're cratering. Sales measured in the tens, sometimes
the hundreds. Science fiction is a niche business, but when
you're selling copies by the ten, that's not even a business,
it's a hobby. "

And so he continues but you should read the original. It doesn't suffer from the indented formatting translation by Blogger. I'm going to have to do something about this template and get and RSS feed plus commenting enabled but time pressures are against me at the moment...

No comments: