Former RIAA head Hilary Rosen disagrees with lawsuits and DRM...

Hilary (Hillarious) Rosen, past Chairman and CEO of the Recording Indsutry Assciation of America (RIAA), posts an article on the Huffington Post indicating how she believes that "lawsuits have outlived most of their usefulness". She also states that "The iPod is still too small a part of the overall potential of the market and its proprietary DRM just bugs me." Since DRM is the controversial tie of encrypted content to specific brands of access devices which are under the control of the manufacturer rather than the owner, and thus there is no such thing as non-proprietary DRM, this effectively means that she is opposed to DRM.

If she was a Canadian and believed in Factor funding, she just might be a member of the CMCC.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Open letter to Hilary

I tried to send the following as a comment to that article, but the Movable Type-based site simply exited with an error.


Can you please sit down with an actual technical person (Not a vendor of some snake-oil) and have them explain to you how DRM works.

The basics are this: You digitally lock content such that it can only be opened with the use of a key. The keys are embedded within specific devices where the manufacturers control the operation of the devices, rather than the owner. Since the keys can only be embedded within specific devices trusted not to be under the control of their owners, they are all -- by definition -- proprietary. Your problem with Apple's DRM is not something unique about Apple, but something inherent in all DRM. There is no way around this -- in order to make music as useful to audiences as they were with records, vendor-neutral standards (meaning no DRM) must be used. Music fans need to know that the music they purchase will work on any device they purchase that conforms to that standard (meaning no DRM).

While using technical measures to encode watermarks to know the origins of a file is perfectly fine. Locking content such that only those who have paid for it and received a key (which they can then use with a device of their own choosing) can unlock it is also perfectly fine. These are appropriate uses of technical measures. As soon as you try to tie content to specific brands of access devices, or have devices which obey the commands of the manufacturers rather than their owners, such as turning off when they detect a watermark, you get into a controversial area that is driving people away from major label music, major studios, and so-on.

Speaking to a group of copyright holders about this issue, Stewart Baker, Department of Homeland Security's assistant secretary for policy, said, "It's very important to remember that it's your intellectual property -- it's not your computer. And in the pursuit of protection of intellectual property, it's important not to defeat or undermine the security measures that people need to adopt in these days."

The problem he was speaking about was also not unique to the Sony-BMG RootKit fiasco, but an inherent trait of all the controversial aspects of DRM which can only be avoided by avoiding DRM.

Please do what you can to influence your past colleagues to discontinue the attack on property, privacy, and many other rights that DRM represents. Not only should this abuse of technical measures not be protected in law, but it should be clearly prohibited in law.

Note: There are related comments attached to From "D": Reality in the Palm of our Hands - An Offering from the World of Bill Gates, a related in many ways article from Rosen.

"While using technical

"While using technical measures to encode watermarks to know the origins of a file is perfectly fine"

I'm suprised you'd say that actually. A uniquely identifying watermark in an mp3 is not fine. Unless we're talking about monogrammed bathrobes, a veronymous link between consumer and product is just as surely a violation of privacy, especially when the consumer can't say "no" to the doctoring.

I guess I don't know enough about digital watermarking, but my suspicion is that it a house of straw anyway. Adding artifacts into sound file without impacting quality sounds pretty tricky. I suspect to make it robust against countermeasures it WOULD impact sound quality, opening up an avenue for consumer backlash against it's use.

Either way, with the power of randomness on our side, I see no theoretic reason why one couldn't write a small application to wipe the slate clean so to speak... like putting RFID tags in the microwave for a quick "defrost."


Like key-encryption (public or private), watermarks can be used in many different ways. If the purpose of the watermark is to more easily identify the content, this seems quite reasonable and is useful for the statistical sampling needed for things such as voluntary licensing of P2P networks (IE: there needs to be a way to automate figuring out what files are being shared so the right copyright holders can be compensated).

I also see no problem with a watermark being used to identify who a file was sold to, as long as the customer knows this is the case, and in cases where further sharing of that content requires authorization. I see no privacy violation given it would be the infringer themselves who chose to publicly publish the fact that they are an infringer.

This will discourage the casual infringer, but like all attempts to use technical measures to stop copyright infringement would not deter the more advanced infringer who would simply remove the watermark (just as they can simply remove any other technical measure) before any infringing activities.

Where watermarks are a problem is on the device side, not the content side. As far as I am concerned the copyright holder should be able to encode their content in any way they want (including adding watermarks), but that I should be able to access it with the device of my choice (based on my own personal convictions, and assuming the device conforms to the right communications standard). My devices should obey my commands, and not those of the manufacturer. While a device could tell me that there is a watermark visible/audible, it should never make decisions without my permission (such as shutting off, degrading quality, or whatever). It is my device, and the copyright holder, manufacturer or any other third party should have no say in the control of my property.

>>I see no privacy violation

>>I see no privacy violation given it would be the infringer themselves
>>who chose to publicly publish the fact that they are an infringer.

But that's the old Orwelian line "if you're not doing something illegal, you have nothing to fear."

Besides, this is the wrong tool for the wrong job. In traditional watermarking in money, the idea is that it's hard to reproduce and that the person you're giving the bill to will necessarily require its presence.

Watermarking content is exactly the opposite: it's easy to remove and the person you're giving the file to will more than likely appreciate its absence.

As far as your dichotomy of "casual infringer" vs. "advanced infringer," we've had this debate before, and in practice I think it's a meaningless distinction. It only takes one astute individual to make a unit of content available in a generalised form to others. Think "Darkside_RG" of bittorrent fame. The thinking part only has to happen once, and the rest propagates itself.

It reminds me of that pop-up gophers game at the arcade, except if your mallet misses even one gopher... whoops, everyone on the internet has that song. (Note the shameless pun with the distributed document protocol).

>>As far as I am concerned the copyright holder should be able to
>>encode their content in any way they want

Fine. As long there are no illusions by the copyright holder that it won't be put up on bittorent by sunset. Once that song is released, you are in effect giving it to the world for private listening.

I'm sorry to sound like an existentialist, but the "individual defines everything"

No Illusions.. (Hey, what side am I on anyway ;-)

But that's the old Orwelian line "if you're not doing something illegal, you have nothing to fear."

I don't see how that is the case at all. We aren't talking about a watermark that is ever intended to leave your home, and there is no technology that is "enforcing" the watermark. The concepts of first-sale and other such things don't really apply to content that is separated from any container (IE: you have less rights as someone who purchased a song from iTunes than if you bought the same song on a CD).

I just bought a new television last evening which has a serial number on it. That serial number is stored in a database of the place that I purchased it from and who is offering an extended warranty.

Is it Orwellian that this serial number exists, embedded physically within the hardware (on the box it came in, in databases from the dealer and the manufacturer, etc)? As the "owner" of this television I have the right to mutilate the television and scrape the serial number off, but I am giving up not only the warranty from the dealer and the manufacturer, but also the additional help of the police who may try to locate me if the television is stolen. If all property owners got into the habit of scraping off serial numbers, it would make protecting our property rights that much harder.

While I disagree that works of the mind have an "owner" in a property sense (See the Jefferson Debate), the closest thing that exists is the copyright holder. While you may have purchased the media (container) on which the content is stored, and may dispose of that media in any way you see fit (physical destruction, loan, give away, sell), you do not (under the law) "own" the content. If the copyright holder embedded a serial number (via a watermark) in their content, it is their right to do so. If you choose to unlawfully share that content, and the copyright holder uses their serial number to trace this unlawful activity back to you, then I am fully in support of the copyright holders right to take you to court.

This needs to have limits of course. Within the privacy of your own home you should have the right, unregulated by copyright, to time, space, format and device shift content which you have lawfully obtained. If you need to encode an audio file in a MP3 format in order to take with you on your portable player, and a watermark gets inadvertently corrupted by the encoding process, then you should not be accused of unlawfully mutilating the content. This inadvertent mutilation should not be able to be used as evidence of intent to infringe copyright in a court.

If you are found to be deliberately mutilating the watermark to obscure the origins and authorship of the file, then I have little sympathy for you being found guilty in a court of infringing multiple rights of the copyright holder.

As long there are no illusions by the copyright holder that it won't be put up on bittorent by sunset.

Just because there is no technology that can stop someone from doing something, doesn't mean that citizens generally support this activity, or that the law won't be against them. There is a lot of antisocial behaviour, and I can't immediately think of an example of a technology that can stop antisocial behaviour. This is what we have laws for.

That potential infringer must not be allowed to be under any illusion that publicly sharing is legal if the copyright holder didn't authorize that sharing (yes, even music sharing without authorization is currently infringing in Canada). The full force of the law, via the courts, will be used against them.

Where the law is clear and appropriate, I have little sympathy for the citizen who disobeys the law "just because they can" (that there is no technology or "mommy and daddy" watching over them).

If CRIA had bothered to spend the few moments it would have taken to gather evidence of infringing activity for the 29 filesharers they tried to take to court in 2004, they would likely have won their case (assuming these people had shared what was alleged). The current law gives them the right to sue, whether that is in their best long-term economic interests or not (CMCC members believe it is harmful to their industry to exercise their right to sue music fans).

P.S. I hope that you are aware that the attitude you appear to be displaying is the excuse that some copyright holders have used for their extremism. Fortunately I believe this attitude is the minority and most citizens respect the copyright holders rights to make these choices (and get paid in the manner that they chose). My hope is that unauthorized public sharing will remain a fringe activity of the antisocial, and that the majority of citizens will either obey the license agreements (where reasonable and legal) of the copyright holders, or go to the growing number of competitors offering creativity under more respectable terms.

Free/Libre and Open Source Software (FLOSS) consultant.

Antisocial is perhaps the wrong word

>>My hope is that unauthorized public sharing will remain a fringe
>>activity of the antisocial

Antisocial is perhaps the wrong word. You're talking about acting against the law's consensus, not the social consensus. It has been my observation that "infringing" is not a fringe activity, and most folks I've met would freely admit (at least privately) to having engaged in the activity in one form or another.

The social consensus, as I have observed it to be, says sharing is OK. Should that happen to be the case, you have an activity that people really want to do, easily can do -- and now -- feel fine about doing.

If that happens to be the case, then there's a disconnect between law, and reality. But what would does that mean? Society is wicked? Or perhaps the law needs changing?

New century, new use of the term "bootlegging," same principle.

When it is not yours, it is not called "Sharing".

"The social consensus, as I have observed it to be, says sharing is OK."

When something is yours, sharing is OK and encouraged. When it is something is not yours, sharing is not OK. In fact, I consider it an abuse of the English language to even call it sharing when it is not yours to share.

While things are more complex when we are talking about things which are non-rivalrous (such as creativity), I have not observed the change in the social consensus that you claim exists.

Fortunately for non-rivalrous things such as knowledge it is possible for people to be rewarded for their creativity and share at the same time. All my own creativity is authorized to be shared, and in fact with FLOSS software I am dependant on people sharing my work in order to make my living.

Other people have other business models they are using which are not based on sharing. While I disagree with them I believe it should be their right to make that mistake, and in the long term I expect them to fail. I do not believe it is right, nor do I agree with you that it is has somehow become socially acceptable, for people to take that basic freedom of choice to make a mistake away from creators.

Maybe we just hang out with such very different people that we see a very different world. I simply don't see much evidence that sharing things without the permission of their "owners" or their copyright holders is considered socially acceptable outside of a very small fringe community.

Free/Libre and Open Source Software (FLOSS) consultant.

Open letter to Hilary

This seems like a very patronising piece from Mr Knowitall McOrmond.

Clearly, you've never met

Clearly, you've never met the guy.

term proprietary in this discussion

In general, we in the standards community understand the term proprietary to mean the opposite of standard. Usually, this term is applied to file formats, network protocols, APIs, and the like. Some standards are so open as to be useless --- every vendor has to write extensions to be able to use it. This is to avoided.

My IPsec VPN gateway runs a standard protocol --- RFC2401 IPsec with RFC2407/8/9 IKE. But that doesn't mean that you can connect to it --- you need to have the right key. That doesn't mean that it's proprietary, it means that the system is closed.

In the case of DRM, we could very well have a standard format for DRM.
I.e. a file format that, when provided with the right keys, things can be decrypted. I can even see various manufacturers (Apple, Amazon, iRiver) all implementing this specification, and even providing a public key to which artists could "encrypt" their songs to. The format might even, like DVD format, permit the session key to be encrypted for multiple players at the same time.

In fact, one could even use DVD CCS format --- probably without the weak key. We would have *ALL* of the problems of DVDs: tied selling, long-term access control (vs copying control), no sunset clause on copyright, very high barrier to entry for new manufacturers, etc. You and I could produce our own records, but with the DVD format, would prevented from protected ourselves.

A public-key based system solve some of the problems that DVD format had --- but in general, new entrants to the player market would be unable to play old recordings. As soon as someone reverse engineered any single player (circumvented it -- such as to get it to play an older recording!), the secret would of course, be out.

So, the reason I'm writing is because I think that the term proprietary is not quite right. It's locked against the owner. This matters most for people who want to have players that run on general purpose computers (and my watch may well be a general purpose computer!), but also of course, to legitimate fair-use(rs).

A better term might be "closed", but that probably doesn't express it very well. The manufacturers would, of necessity be a cartel. Maybe that is a good term. There *could* be competing cartels. Maybe a better term would be "mafia" --- mafia's are known to compete, known to kill and exploit their customers, and known to bribe governments to look the other way.

"A public-key based system

"A public-key based system solve some of the problems that DVD format had."

Broadcast encryption schemes have been generally discredited in literature, and I have to agree.

If you can view it, you can copy it. If you can copy it, DRM is broken.

Broadcast Encryption..

We seem to all agree that there is no real-world technical measure that can stop an authorized recipient of a message from infringing copyright. Even if the key is embedded within a "locked device", a technically sophisticated infringer will always be able to extract the key and unlock the device and the content. This will always mean that all the controversial forms of DRM (locks against the owners of devices) are, by definition, broken.

I don't believe that this suggests that all uses of broadcast encryption are broken, or undesirable. I believe that having encrypted content (Streaming Internet, Digital Cable, Satellite, etc) where the decryption keys are made available only to subscribers (sending a small message encoded in the subscribers public key) would ensure that only subscribers could receive/decode the signal. It is true that the subscriber could always infringe copyright (as there is no real-world technology that can stop an authorized recipient from infringing copyright), but it does stop non-subscribers from being able to receive the signal.

It has always surprised me that this type of a system isn't already in-place for satellite television.

When I subscribe to Roger, StarChoice or ExpressView I should be handed a USB-key containing my customer key which I would then plug into the decoder of my choice. I believe that the current decoder boxes are another example of tied selling as I should be able to purchase (or build) a decoder of my own choice (with features I want), not be forced to buy/rent/etc the one picked by the content distributor. The content distributor and/or copyright holders should have no say in the brands of technology I choose to purchase and use to access content.

Free/Libre and Open Source Software (FLOSS) consultant.

Definitions of words...

Different communities use the same terms to mean different things. If you look at the phrase Proprietary Software in Wikipedia you find out that it is being used in a way quite different than its natural meaning (which would be software without owners, meaning software in the public domain). In this case a neologism from the Free Software Foundation was accepted which was intended to mean the opposite of their definition of Free Software.

In the case of a DRM system the "device" is locked against the owner (IE: infringing property rights), but what phrase would we use for the system as a whole? People like Hilary don't seem to understand that there are two components (locked content and a locked device). The content is locked such that it will only work with specific brands of devices (lock #1 which needs a name -- vendor tied? Hilary used the word 'proprietary' herself, whether correct or not) and the device is locked such that it obeys the built-in instructions from the manufacturer rather than its owner (lock #2).

Free/Libre and Open Source Software (FLOSS) consultant.