Why DRM is Bad

With all the publicity over Sony's rootkit lately, there's been a lot of discussion about DRM - whether it's always bad, or sometimes justified, and how far it should go (especially with the advent of things like Trusted Computing). While most people seem to agree that Sony's tactics were terr ibly, horribly wrong, regardless of their opinion of rightness of the DRM, I'm worriedthat the focus might shift from "DRM is wrong" to "rootkits are wrong", and that DRM that doesn't make use of rootkits will somehow become acceptable simply because they are better by comparison.

So I decided to write this article about why DRM is bad, regardless of the particular mechanisms used to enforce it. I think that we can all agree that badly implemented DRM, installed whether or not you click 'cancel', that leaves your machine open to malicious attacks is bad; what I want to get across here is that well implemented, polite DRM is still bad. I'm trying to focus on definitive statements rather than general vague anti- (or pro-) DRM opinions; and while DRM and piracy are obviously closely connected, I'm not going into piracy issues. Musicians, production companies, and everyone else involved in making a CD (down to the company that prints the artwork) all deserve compensation for their work; the relative proportions and the resulting overall costs are something that I'm not qualified to judge. All I can say is that a different business is clearly needed, and I don't think that slapping DRM onto the existing business model is the way to go.

Note that most (if not all) of these ideas are not mine; I've culled them from various sources, mostly Bruce Schneier's blog. I've tried to include individual attributions, but note that these may be paraphrased. Feel free to mail me if you feel that I've misquoted anyone, and I'll do my best to correct it. The bits in italics are me.

---

DRM is ineffective:

Any DRM scheme is inherently circumventable, since there is always "analog hole" (Ian Woollard, amongst others [1]). What this means is that you can always capture the analog output when you play the media using the DRM-enabled player, either using software like FreeCorder, or by simply recording the output using an external device (like people who record a cinema movie on a digital camcorder). Obviously this is time consuming, and quality may be lost in the process, but this can be minimized.

This point is reiterated by another poster: the real purpose of DRM is not to prevent piracy. There is always the analog hole. All it takes is for ONE competent person with good audio equipment to make the conversion and it can spread throughout the world in minutes. It's the spreading that needs to be stopped in order to prevent the piracy. DRM does nothing to stop the spreading. (Lyle [1])

The economically significant piracy cannot be stopped by any sort of DRM for which there has been any public knowledge. It's done in large modern plants in remote corners of the world which can turn out thousands of copies of optical media an hour. No DRM measure to date has even slowed them down. (WW [1])

Now analyst house Gartner has discovered that the technology can be easily defeated simply by applying a fingernail-sized piece of opaque tape to the outer edge of the disc. This renders session two — which contains the self-loading DRM software — unreadable. "The PC then treats the CD as an ordinary single-session music CD, and the commonly used CD 'rip' programs continue to work as usual. Moreover, even without the tape, common CD-copying programs readily duplicate the copy-protected disc in its entirety," Gartner (which is at pains to say it doesn't endorse the use of rip technology) explains. So Sony's DRM technology is not going to prevent tech-savvy home users - much less pirates - from copying CDs to their heart's content even though it loads "stealth" software onto the PCs of the less informed. "After more than five years of trying, the recording industry has not yet demonstrated a workable DRM scheme for music CDs," Gartner concludes. [2] Again, it's just harming or inconveniencing your average Joe on the street, the legitimate user who actually pays for his music, and not stopping the even vaguely technically savvy pirate.

Tech-savvy fans won't go to the trouble of buying a strings-attached record when they can get a better version free. Less Net-knowledgeable fans (those who don't know the simple tricks to get around the copy-protection software or don't use peer-to-peer networks) are punished by discs that often won't load onto their MP3 players (the copy-protection programs are incompatible with Apple's iPods, for example) and sometimes won't even play in their computers.
Conscientious fans, who buy music legally because it's the right thing to do, just get insulted. They've made the choice not to steal their music, and the labels thank them by giving them an inferior product hampered by software that's at best a nuisance, and at worst a security threat.
As for musicians, we are left to wonder how many more people could be listening to our music if it weren't such a hassle, and how many more iPods might have our albums on them if our labels hadn't sabotaged our releases with cumbersome software. (Damien Kulash [6])

DRM violates fair use and fair dealing:
Music, movies, and software are the most common consumer IP purchases so I will use those as examples. When you purchase one of these products, you have the right to make personal backups. You have the right to let friends listen to or view the content you purchased. You have the right to let friends use your software on your computer. You also have the right to use this IP on any make or model of hardware that is capable of accessing the content you purchased. DRM can and is being used to remove some of these rights from consumers and it is for this reason that DRM on IP is a bad thing. (Jimmy Palmer [3])

DRM kills fair use (time shifting, quoting, etc...) and kills the right of re-sale (NathanB [1])

The real purpose of DRM is to circumvent the existing laws which allow personal recordings. To stop you from making a copy of your best friends CD - something that is legal in most countries, I believe. (Lyle [1])

More legally significant may be that, to the limited extent they work at all (preventing misuse as defined by the suits and attorneys), these DRM measures forcibly interfere, on a programmed and inflexible basis, with existing rights. Fair use allows for personal copies for backup purposes, for transfer to other media of the purchased content (ie, to an 8-track for playback in the car), and so on. No DRM thus far recognizes any of this. (WW [1])

A fair-use argument for DRM:
Regardless of your politics on the matter, the fact remains that content owners have, under US and International law, the right to control the distribution of intellectual property which they own. What is needed is a way for content owners to control how many times their content can be backed up and how they can allow fair use while at the same time disallowing the rampant piracy that happens today. Microsoft’s DRM technology facilitates all of this as does that being touted by its competitors. (Dave [1])

Counter-Argument:
Fair Use isn't codified into law. So "what is considered" is REALLLLL different depending on who you ask. Perhaps not surprisingly, Sony consideres it a lot more tightly than I do.
I would also make a comment along the lines of "This Sony saga shows that DRM software is inherently untrustable, and means that you have to install software with unknown functionality and reporting techniques" - but then that's true of any closed-source software that you install, not least your operating system. (Don [1])


DRM takes away your control:
Many people will argue that their DRM scheme is fair and they can do whatever they want with the content they purchased. Their DRM agreement allows them to burn X copies to CD and they can authorize X computers for use. What most of these people do not know is that their DRM agreement also says that any or all of these rights can be revoked at any time. Another thing that most of these people do not know is
that they do not actually own the digital copy for which they just payed 99 cents they are being allowed to use this content so long as the IP owners allow. (Jimmy Palmer [3])

Microsoft is not a content owner. I expect my operating system vendor to be looking out for my best interests, and not for the best interests of content owners. Or do you really not mind if the company who sells you a lock for your home door also gives a copy of the key to media companies, so they can more easily control the distribution of their intellectual property? (Bruce Schneier [1])

A very senior Microsoft employee has given a statement to the press disavowing Sony's use of technology that takes control away from users:
"A personal computer is called a personal computer because it's yours," said Andrew Moss, Microsoft's senior director of technical policy. "Anything that runs on that computer, you should have control over."
I could not agree more! Unfortunately, Microsoft's whole current business model is built around systems that take control away from users (See, for example, EFF's Seth Schoen's excellent four-part report on Microsoft's new trusted computing/rights management program, which treats the computer's owner as an attacker and works to shut her out of her own system).
I wonder if this is Microsoft's new official policy -- will they include owner override (a proposal to let computer owners override trusted computing) in their trusted computing plans? (Cory Doctorow [5])

DRM reduces your choices:
Piracy is a smokescreen for the real reasons for DRM: vendor lock-in (once you've bought a bunch of DRMed iTunes songs, you're not likely to buy anything else but Apple hardware that uses that DRM.) (NathanB [1])

This exposes one of the things about DRM that most people miss: it doesn't really matter what permissions a given DRM grants or prohibits (as fun as it might be to point out the absurdity of a DRM that keeps you from listening to your own music). The important thing about DRM is that it gives the company or consortium that controls the DRM control over who can use the DRM.
So Apple can make an iPod and shut Real and Microsoft and Sony out of it. Napster can make a subscription music service and shut Apple out of it. And so on. (Cory Doctorow [7])

If you don't like the conditions a vendor puts on the his/her product, nobody is forcing you to buy it. (Dave [1]) Well, that's true *if* there are other options. But where a specific artist is locked into a specific label, which uses a specific DRM - well, you don't have anywhere else to buy it from, do you? And yes, in theory you could just do without it, but it make for a very boring world. Again, in theory, if no-one bought DRMed products, economic pressure would force them to sell non-DRM products, but I don't see that happening - if only because, DMCA or no DMCA, people will buy DRM products and unDRM them themselves .

There's a whole article on backwards compatibility on the DRM Blog - it's well worth reading in it's entirety, but here's my favourite paragraph: "Content owners want us to buy DRM'ed music not just because they think that the DRM protects their assets. They want DRM on their content because it forces consumers into a Walmart-style brand of consumerism in which we truly consume the product; we use it a few times and we throw it away, because it's cheaper just to buy a new one than to actually buy the higher quality, longer lasting item."(Ginger Cox [4]).

---

This is just a small sampling of what I've come across on the subject, and that in turn is a small subset of what's out there. If you're at all interested, I recommend you do some more searching on the subject, because it's just getting Unauthorized lyrics sites are being threatened - a lot of activities that were okay when it was done by hand are now somehow not okay because it can be done large-scale over the net. Which is why I say that the business model has to change. There is even talk about closing the analog hole
by forcing "devices (consumer electronics, computers, software) manufactured after a certain date respond to a copy-protection signal or watermark in a digital video stream, and pass along that signal when converting the video to analog. The same goes for analog video streams, to pass on the protection to the digital video outputs" (via BoingBoing) This article ("RIAA Bans Telling Friends About Songs") is currently a joke - but it doesn't seem too unlikely.
The world is changing, and we need to help shape it into one where fans aren't treated like thieves and everyone is compensated for their work and everyone lives happily ever after :P

---

[1] http://www.schneier.com/blog/archives/2005/11/sonys_drm_rootk.html#comments
[2] http://www.theregister.co.uk/2005/11/21/gaffer_tape_trips_up_sony_drm/
[3] http://www.drmblog.com/index.php?/archives/79_ERM_Follow-Up.html
[4] http://www.drmblog.com/index.php?/archives/75_DRM_and_Tech_Mortality_Rate.html
[5] http://www.boingboing.net/2005/11/21/microsoft_trusted_co.html
[6] http://www.boingboing.net/2005/12/06/musician_drm_screws_.html
[7] http://www.boingboing.net/2005/12/05/sony_rootkit_ripped_.html