The future of DRM
Andrew recently wrote about an interesting idea - a standardized, open source DRM system. The rationale and motivation is thus: Microsoft and Apple (to name two companies with a large stake in pushing the DRM-envelope) have both already developed their own proprietary systems, which both (aim to) work within their own native environments. That is, within Windows and MacOS environments, respectively. This is fine if every consumer only works in one type of environment, and never decides to switch. But for the poor souls that do decide to move away from the corporations’ comfort zones, they’ll quickly find that there’s no support for their DRM-wrapped media on the outside. There can’t be - the systems are proprietary on purpose, ostensibly to protect the rights of copyright-holders, but with the added benefit of pressuring the consumer to stay in line. Things are no better outside of the Microsoft/Apple dichotomy. Any users of open source operating systems like *nix/*BSD will similarly find their content held hostage by over-zealous DRM. And so, Andrew asks, could an open source DRM system be the answer?
It’s a very neat idea on the surface:
So what if a format was devised that was open and freely accessible to everyone, everywhere - an internationally ratified standard for Digital Rights Management that could be implemented on Linux, Windows, Macs, iPods, and every other platform out there. This standard would place some restrictions on sharing (a la the iTunes model) but allow fair use.
The devil might lie in the details, though. For starters, what exactly do we mean by “some restrictions” and “fair use”? I’m no expert on the subject, but my impression is that most of the modern-day strength of DRM lies in its ability to restrict the mobility of the user’s content: I’m allowed to copy my media to this portable device, but not that one. I can play it here, but not there. Inevitably, the DRM system must make the assumption that its current environment in some way supports the effective use of some standard of DRM. But if we allow the content to be copied to another, uncontrollable environment, even one that supports this standard of DRM, there’s nothing to stop the end user from removing this support after the fact, or simply faking the claim of support in the first place.
DRM today is typically closed source, and yet it is still circumvented on a regular basis. Moving DRM into the realm of open source would only hasten that event. A skilled programmer could code their own custom version of DRMnix, which would appear to support the international DRM standard as described in RFC 8793, but in reality would strip any incoming media of said DRM protection before saving it locally in a freely copyable format.
The underlying problem as I see it is a philosophical one: open source is the antithesis of DRM. At some point, any media worth noting has to be viewed, heard, or otherwise experienced. So at some point before being presented to the user, its DRM-laden package has to be unwrapped. It is at this point, if not some easier point along the way, where those precious bits can be intercepted and stored in a non-DRM’ed format. The only eventual option for DRM-supporters is going to be to control every access point all the way down the line. Not just the media files and the DRM software, but the tools you use to access those files, and the tools you use to access to tools. A foolproof DRM system is one in which the Windows/MacOS/whatever environment is in complete control of what you are and are not allowed to do on your computer.
Twenty years from now, this might come to pass, when personal computers are outlawed and instead you have the option of buying an interface terminal, which will plug into your wall next to the power outlet. When you turn it on, it will connect to the ‘net and present you with the option of which operating system you would like to use: GoogleSoft’s Windows, or Apple’s MacOS. Either way of course, every action you take will first be processed by a centralized server belonging to the company of your choice. If every home-based computer were basically a clone of the terminals you encounter at Epcot Centre or your banks’ ATMs, then copyright violations wouldn’t be much of a concern. It’s a bit Orwellian, but I don’t see anything short of this supporting DRM in the long run. But I’ve been wrong before. And for now, in the short term, maybe open source DRM is at least worth exploring.
July 11th, 2006 at 12:39 pm
Wow! Someone actually read that? :)
I guess when I was writing that I was thinking there had to be a common middle-ground. The big thing is that DRM *in its current implementations* goes against the copyright laws (ironic, yes?) That is to say, copyright laws grant the ability to freely copy for personal use, transfer to different media, etc. whereas current implementations strip away your legislated rights in favor of a more tightly controlled (read: financially beneficial) system.
One thing that gets lost in the shuffle often is that copyright laws protect the interests of BOTH parties: the creator AND the consumer. They do *not* give the consumer willy-nilly freedom over the content, but they also do *not* give the creator draconian restriction rights. In my mind, as a musician and friend of musicians, copyright laws are good. However, centrally-controlled and creator-biased DRM is not. DRM that follows the restrictions AND freedoms granted by copyright laws would be the ideal.
An open-source DRM system could be key-based, much like an SSL certificate: I have a personal key that I install on my system(s) that implement this OpenDRM. Any content I purchase would identify itself with that key, would be unplayable without that key, but would be fine to copy, etc. with it.
Of course, you could lose the key, or it could become corrupted. What then? Well, I would argue that you just re-apply and replace the key. The idea isn’t to encumber the media, it’s to hinder mass-production.
You then say “well, what about making copies to give out to your friends? Isn’t that defeating the purpose?” I would argue that it’s not the one-off copies that media companies should be worried about - that’s been happening for ages. What is different now is Internet file sharing - the ability to send out a billion copies.
There’s always the argument of re-writing to implement it without these requirements - strip the DRM out. However, open systems does not necessarily mean vulnerable systems - again look at secure network protocols like SSH SSL. These are uncracked, despite their openness, and they can be used on any platform.
I know that these are fairly weak arguments - this is a “lunch-break” posting, but there *has* to be a better way of doing it that meets both sides halfway. That was just one idea I had.
July 13th, 2006 at 10:07 pm
I think I hear what you’re saying. But take this for instance:
This is perfect; ideal even, in theory. But in practice, all the tricky bits come into play right around “would by unplayable without that key”. There are some very clever ways of trying to make this happen, and maybe someday soon someone will come up with a way of guaranteeing this on a regular basis. But personally, from this vantage point, I don’t see how such a thing could be done. The digital media eventually has to be played, digitally, and so at that point it can be “intercepted” and re-encoded in a non-DRMed format.
This is of course a problem with DRM in general, not open-source DRM specifically. I don’t mean to insinuate in any way that open-source security systems as a whole are more crackable than closed-source ones. But the DRM systems of today are flawed to such an extent that their biggest strength right now lies in their closed-source nature. That’s a really, really bad lynchpin for any kind of security system, and it’s one reason why I think DRM is maybe just a fundamentally unworkable idea; if that’s the best and strongest part of your system, then something is seriously wrong with your system. It’s also why moving DRM into the realm of open-source might be a bad move, at least from the point of view of the corporations.
I definitely agree with your idealism, in that DRM ought to be something that works to protect both the rights of the consumer, and the rights of the artist and their publisher. I just doubt whether the idea is fundamentally workable at all. If it is going to work though, it wouldn’t surprise me at all if it were open-source programming that made it happen.