Tuesday, November 07, 2006

DRM: What It Is And Why You Should Care

Just in time for Christmas shopping, the portable digital music market is about to change. There are currently two independent digital music ecosystems: Apple's iTunes+iPod, and Microsoft's "PlaysForSure" framework. iTMS media can be played on iPods. PlaysForSure media (from Napster, Musicmatch, Wal-Mart, URGE, MSN, FYE, etc.) can be played on PlaysForSure players (from a variety of manufacturers). The change that is coming is that Microsoft is discontinuing its MSN music store, and launching its own interlocked media player and media store.

When Microsoft launched the original Xbox, it spent millions of dollars in marketing and selling consoles at a loss in order to secure their foothold on the gaming market. Microsoft intends to enter the portable media player market the same way: by subsidizing hardware costs, offering free and exclusive content, integration with Windows and Xbox Live, and an aggressive marketing campaign. This launch will not go unnoticed. Everyone and their grandmother knows what an Xbox is, and Microsoft is determined to spend enough money to ensure that very shortly, everyone and their dog knows what a Zune is too.

The problem is, Zune, PlaysForSure, and iTunes/iPod are totally mutually incompatible. If you buy or have bought music or video from any of these three, it will not be compatible with players compatible with either of the other systems. This incompatibility has nothing to do with technical specifications, or different music encoding technologies (MP3/AAC/WMA) and everything to do with DRM. They are broken by design. Basically, it would be as if Toyota cars would only accept gas from 76 stations, Hondas only accepted Shell gas, and GM cars only accepted BP: not because of technical differences like diesel vs. gasoline vs. electric, but simply because GM owned BP and Toyota owned 76, and they found that the requirement "encouraged" customer loyalty.

I consider myself to be a technophile. I think digital media distribution over the Internet is an excellent idea: indeed its time has come and it has the potential to revolutionize the market for the benefit of the consumer in terms of content availability and cost, but I refuse to embrace digital downloads as long as the content providers are abusing DRM to take away my rights as a consumer.

A brief history lesson is in order:

Remember Napster? No, not the company that bought their name and logo after they went under, the "real" Napster, and I don't mean Seth Green from The Italian Job. I mean that file-sharing program where you could get any song you wanted: when music was free and the Internet was filled with dancing hamsters, peace, and love (well, except for the peace part.)

Napster was digital music distribution before DRM. Before Apple made the online music downloading business a profitable venture for the record companies with their iTunes Music Store, and they did it with DRM. DRM, is a cryptic algorithm that stands for Digital Rights Management. I say cryptic, because on the face of it, it sounds like a good thing, after all, we all like "Rights" and "Digital" means computery and futuristic hi-tech "Wi-Fi" magic sort of stuff, and "Management" makes it all organized and easy to do, right? See, "Digital Rights Management" is the same kind of Orwellian doublespeak as "downsizing" or "ethnic cleansing." You can make anything sound good by giving it a pretty name, the question is, what is DRM, and what exactly does it do?

DRM is basically encryption. If Alice wants to send a message to Bob without Charlie being able to read it should he happen to intercept it anywhere along the way, Bob will give Alice an encoder that only Bob can decipher (or Alice will give Bob the decoder), and when Alice sends Bob the message, she will encrypt the message first. That's all well and good, and there's nothing wrong with encryption per se. After all, it's just a tool. Tools aren't good or bad, they're just powerful.

(With DRM, Alice is the supplier, Bob is the hardware, and Charlie is the consumer.)

Way back in the day when DVDs were just coming out, the motion picture industry (in the form of the DVD Forum) decided they would do something about all the movies in VHS format that were being mass reproduced in eastern countries and sold in the west either as "bootleg" copies on the street, or as "pirated" counterfeits on store shelves. What they did was they encrypted every movie on DVD and split the world into six regions, each with a different key:
  1. USA/Canada
  2. Europe/Japan/Middle East/Egypt/South Africa
  3. Korea/Thailand/Vietnam/Borneo/Indonesia
  4. Australia/New Zealand/Central & South America
  5. Most of Asia and Africa
  6. China

A seventh region was set aside for airlines and cruise ships. They gave each region a separate key that was loaded into DVD players sold in that region and was used to encrypt DVDs marketed for that region. This concept is known as region coding.

Artificially dividing the world DVD market into six segments meant that they could offer different pricing schemes in different regions. The same DVD could be sold for one price in developing nations, and a higher price in a developed country. It also meant that rights guaranteed to the consumer by the doctrine of First Sale could be effectively suspended over these boundaries. First Sale is the right of a person who has legally obtained a copy of a copyrighted work to lend, sell, or rent that copy to anyone, anywhere without the permission of the copyright holder. Basically, if the latest Harry Potter book is being sold in the UK but not in the US, and I'm there on vacation, I can buy a copy and once the first sale of the item makes it mine I can sell, lend, or give it to anyone I want, including someone in the USA, even if that book hasn't been released in the USA, or if that book has a different price here. The trouble is, if there's a DVD that's been released in the USA but not in Europe, I can't just get one at Target and send it to Matthew in Worcester, because he doesn't have an American DVD player. Similarly, an American can't buy a European DVD on eBay, even one that isn't for sale on this side of the pond, because it won't work with his DVD player.

The DVD Forum also controls who gets to produce DVD players, since only they can give a manufacturer the right to legally use their keys and trademark logos. Any manufacturer who doesn't make their DVD players to the DVD Forum's spec won't be able to sell DVD players, because they won't have the necessary keys. This is why most DVD players do not allow you to skip unskippable content such as promotional materials ("commercials") at the beginning of a disc. This is known by the friendly term "user operation prohibition."

[Note: some DVD players can be made "region free" (able to decode any DVD) in violation of DVD Forum contracts by a firmware hack, or in some cases a sequence of buttons on the remote control. A Norwegian man known as DVD Jon has reverse-engineered the DVD encryption scheme and published the results, making it possible (though technically illegal in most areas: see next paragraph) create and use non-sanctioned players, most notably on computers running Linux.]

In 1998, the Digital Millennium Copyright Act (DMCA) was passed into law in the United States. Similar laws were passed in countries around the world in order to implement provisions set up by treaties related to the World Intellectual Property Organization, an agency of the United Nations. Among other things, the DMCA makes it illegal to break encryption if the function of that encryption is to protect a copyrighted work.

So what does this all have to do with portable music and video players? What the content providers have done at the insistence of the media companies is to basically make a separate region code for each consumer, while at the same time locking down the content so that it can only be played on players made by a specific company (except in the case of PlaysForSure, where it is a group of companies).

The effects of locking down content to a particular customer:
  • The customer is prevented from violating the copyright on the media, because no one else can play it, even if they had the file. If I buy a CD, it's easy for me to rip it to an unencrypted file and distribute it using a peer-to-peer network. Stopping file-sharers is an expensive and lengthy legal process, and it's bad press for the litigating company. This is good for the consumer because it enables the media companies to release their content without fear of rampant copyright violation.
  • The customer loses his right to transfer his license to play the content through sale, rental, gift, or inheritance. This is bad for the consumer, because it reduces the value of the content.

The effects of locking down content to a particular brand of player:
  • The company that makes that player has a self-granted monopoly on players for the customer's music. This is bad for the consumer. Since there is no competition, the incentive for the company to continue to produce innovative and inexpensive players is significantly reduced.
  • If the company goes out of business, stops producing quality players, or reduces functionality, the customer cannot switch to the competition without either abandoning their entire collection of media, or paying for it a second time.
The effects of DRM, even if it does not lock down the content to a particular customer or player:
  • The consumer loses his right to change the format of a file for use with a different kind of player. As a consumer, I have the right to rip my CDs into MP3 (or another format) to play them from my computer's hard drive, in my car, or on my portable MP3 player. If ten years down the road, another format comes along to play music, I have the right to transfer the music on my CDs into that format. DRM makes this unfeasible, and the DMCA makes it illegal to do this with media that is restricted by DRM.
  • Copyright is temporary. When the media that is restricted by DRM enters the public domain, the DRM will still prevent access to the media. This is bad for the consumer and the public, since it enforces copyright beyond its stated purpose:
    "The Congress shall have power... To promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries;" ~ United States Constitution, Article I, Secton 8
  • Consumers are prevented from taking the technology into their own hands and innovating new features and new ways of interacting with media. The software industry would not be where it is today without innovative contribution (and competitive pressure) from open source and community-driven software. The Firefox web browser is an example of consumer-driven open source software galvanizing the market, and causing others to innovate in order to remain competitive. DRM effectively locks out anyone who isn't authorized to make a player from contributing to player innovation.
Having said all that, DRM is not all bad. After all, it's just a tool, and it does have legitimate uses. Music subscription services are an example of good uses of the technology. A music subscription is not like a purchase. The consumer does not expect the right to re-sell or rent the music to another person, nor is he concerned about the ability to play the content on future generations of players. He is simply paying for the right to unlimited access as a single customer to a large library of music for a limited time. This business model would not be possible without DRM. Under a subscription service with DRM restricted media, but no vendor lock-in for the players:
  • The consumer is prevented from violating the copyright on the media by the DRM.
  • DRM does not give the supplier of the media content an anti-competitive advantage over other suppliers. If another supplier has a better deal, the customer has no barrier to switching to the new provider.
  • DRM does not give the manufacturer of the media player an anti-competitive advantage through consumer lock-in. If another player manufacturer has a better deal, the customer can switch to the new device and still play the same content without paying for it again.
  • Because this is a rental agreement, the consumer does not lose any rights to transfer the media to another person. The same effect can be achieved by one person canceling his subscription and the other person starting his own.
  • Because this is a temporary arrangement, copyright expiration is not an issue.
  • Because this is a temporary arrangement, it can be tailored to whatever devices or formats that the market demands at the moment.
Subscription services such as Napster, URGE, and Musicmatch are a good thing for the music industry, both the consumers and the producers, and were made possible by DRM. However, not all of us want to pay a monthly fee in order to have access to our favorite music. Some of us want to "keep" the music that we like. Currently, we can either buy that music on physical media (such as a CD) or we can pay for a license to download and play it.

You'll notice I didn't use the word "buy" for downloaded music. That's because it's not a real purchase, but merely a contract between the consumer and the copyright holder that grants him certain rights. Those rights are not the same rights granted to a consumer who buys that same music on a CD: they are significantly restricted, and they shouldn't be. There shouldn't be a technical and legal barrier that prevents consumers from doing with downloaded music the same things that they do with music purchased on CD. When was the last time you bought a cassette tape? Do you really expect that the CD format will be around forever? CDs are technologically grandfathered in to an era before DRM. Unless consumers assert their rights in the next generation of media, they will lose them.

The "analog hole" refers to an inherent flaw in the idea of DRM: if it can be played, it can be recorded in analog. It is therefore argued that DRM isn't all that bad after all, because it can always be circumvented. The problem with this is that making an analog recording of digital media is inherently lossy. Burning a CD of iTunes tracks and then ripping it without encryption is like printing a picture, and then taking a picture of the printout with your digital camera. Not only does it waste paper (or a CD in this case--though some people who employ this process use a virtual CD to eliminate waste), but the copy you end up with is inferior to the copy that you started out with. In the process of translating from AAC to CDA and then back, information is thrown out. The analog hole is also shrinking. With newer technologies and each iteration of DRM, it will get harder and harder to make an acceptable copy of a DRM-restricted file. Windows Vista has protections built-in to the graphics system to prevent next-generation DVDs (Blu-Ray and HD-DVD) from being recorded onto a computer.

To me, it seems rather silly for the music industry to refuse to allow their content to be downloaded without DRM, while at the same time the same music is for sale: unencrypted, and at a higher quality on CD. If someone really wanted to publish that music on the Internet, all they would have to do would be to buy the CD, rip it, and distribute it. DRM is not iron-clad either. There are ways of breaking it for those who are determined to do so. The real effect of DRM is to stop casual copyright infringement: the person who has a large collection of ripped tracks and, since they can't be tracked to him and he might as well do it as not, shares them with his 10,000 closest friends on a peer-to-peer network.

The proper solution to this problem is simple: watermarking. Watermarking is a way to uniquely identify something without encrypting it. The simplest way to do this would be for the media store to add an ID3 tag to each track identifying the account number with which that track was purchased. There are more complicated ways of watermarking, but it doesn't need to be that fancy: just enough to make someone think twice before they illegally distribute the files: something that makes them take steps to "break" the files. The benefit of watermarking is that it isn't DRM: the law-abiding customer doesn't lose any of his rights: he can still format-shift and transfer ownership, and since a watermarked file doesn't require an encryption key to play, he can play it on any player on the market.

Another solution to the piracy problem is for the media store to offer a reasonable price (considering the limited nature of licensed music, and the fact that distribution costs are so low), say "we trust you" to its customers, and then rely on the goodwill of the customer to abide by a reasonable license in order to support their favorite bands (this implies that the bands aren't being exploited by the record companies). Emusic is a subscription service that allows you to download a certain number of DRM-free tracks per month. The tracks you download are yours to keep, burn to CD or other media, and play on whatever device you want, forever.

It is my hope that the introduction of the Zune into the digital media marketplace wakes consumers up to the anti-competitive ways in which DRM is being used, and that as a result, consumers will demand to retain the same rights in digital purchases as physical purchases, and the many competing independent DRM schemes will be consolidated into a unified, open standard that respects consumer rights.


  1. I don't have any portable media players and don't think I will get one soon. When I am home and want to listen to music I use my computer or put on a commercial-free music channel on TV (nice feature provided by the digital cable folks I work for) and when I am in my car I listen to CDs of my favorite songs (and I don't mind listening to them over and over again until I bother to change the CD).

    I actually stopped by to say that I plan to see you on September 29, 2007. I will be going to Southern California then and imagine that you will be going down there, too. :)

  2. DRM . . . I think apple and microsoft should have to play nice with eachother!

  3. So do I. The problem is, the consumers are the ones who have the responsibility to make them play nice, and the consumers, by and large, don't know about DRM. It's very easy for monopolies and oligolpolies to divide and conquer consumer interest.