p2pnet: Control through DRM

p2pnet.net News View:- How can liberal thinkers trust transnational corporations more than their own neighbors?

One of the most interesting areas to be politically involved in at the moment is technology law. This is an arena where, “To err is human, to really fowl things up requires misunderstanding a computer”.

When you take political positions offered by various groups and filter them through an understanding of how computers work, you end up with conflicting situations. And I say that as someone who's been building, repairing and programming various types since 1981.

The most heated debate in digital copyright today centers on Digital Rights Management (DRM). Most people commenting on DRM do so from the interpretation offered by those selling it: that it gives copyright holders digital control over whether someone can copy their work. They claim that with DRM in place, only those who are authorized to copy will be able to.

The problem is, the technology needed to directly accomplish this goal can't exist.

At the point where a copy might be made, only two entities have control: the owner of the device, and the DRM vendor. Copyright holders can never be given direct control and must always chose between which of those two groups they trust most. These DRM vendors are transnational corporations headquartered predominantly in the United States.

Ironically, in Canada, it's parliament's Heritage Committee, and the various creator organizations, such as the writers' union, that have been rushing to ratify the 1996 WIPO treaties, which would give additional legal protections for DRM. These treaties are based on the same laundered policy proposals (1995 Lehman report) that were implemented in the highly controversial Digital Millennium Copyright Act (DMCA) in the USA.

Heritage has traditionally been a cultural sovereigntist and opponent of the negative effects of media concentration. Thus far, it's had the opposite opinion on this area of policy. We need to realize as creators and as liberals that we don't want legal protection for DRM, but that we do need strong legal protection FROM DRM.

If you don't understand DRM and TPMs, you are not alone as this technology is misunderstood by both proponents and opponents . When the Canadian Internet Policy and Public Interest Clinic (CIPPIC) documents their opposition to DRM, they do so based on the intended effects of DRM as stated by the proponents of DRM, not based on the actual effects based on an understanding of the technology.

One of the strongest proponents of DRM has been the recording industry. Past RIAA ceo Hilary Rosen recently sent a letter to Apple complaining about the fact that she could not copy her music to competing media players, even though this the intended purpose of the DRM which her industry demanded that Apple adopt with their iTunes service.

When you properly interpret her complaint what she is really saying is that Apple should have signed up to the Microsoft controlled DRM which the recording industry has been promoting, rather than use competing DRM which Apple would have independent control over. The suggestion that Apple become dependent on Microsoft would have been market suicide. It turns out that Ms. Rosen is now an on-air business and political commentator for Microsoft's MSNBC, and thus is simply promoting the special interests of her new employer.

To understand the limits of technology, and how misunderstandings are being abused, it's important to examine what it's useful for, as well as what it's not so useful for, and one of the best ways to discuss this is to take a look at cryptography.

In its simplest form, cryptography can be seen as mathematics which take a message (called “plaintext”, even though it can be music or any other message) and encrypt it. This is called “cypertext" and it, which can't be decrypted without the right math to return it to plaintext, which usually calls for an encryption key. We can think of this process as putting a message into a locked box and then unlocking it with specific keys so we can read it.

Cryptography has two categories of keys: symmetric and public.

With symmetric, the key that locks the box is the same one that unlocks it. If you want to send me a message, you lock it with a specific key and send it to anyone who has a copy of that same key. This is the type of key most people are familiar with in the physical world - ie, the key that unlocks your door is the same one that locks it, and anyone with access to it can make a copy.

Public key cryptography is a bit different in that there are a pair of keys. If you lock the box with one of the keys you must unlock it with the other. You can't lock and unlock the box with the same key.

This type of system is extremely powerful because it allows us to keep one key secret, never making copies. The other key is made public. If you want to send me a message that you want to be certain only I can open, you encrypt it with my public key, and I decrypt it with my private key. If I want to know for certain that it came from you, I can ask you to encrypt it in your private key. Then, when I decrypt it with your public key, I know it really did come from you.

When you mix these types of keys together, you end up with a technology that can protect privacy and authenticity.

Privacy is protected because an unauthorized person wouldn't be able to decrypt the message without having the right keys.

Public key cryptography protects authenticity in that you know the message decoded with a specific public key was encoded by a specific private key. And you know who the person is who has access to that private key.

Copyright, however, is a type of legal protection that seeks to limit what can be done by authorized recipients of a message. For an audience member to open the message and view it, they need access to the appropriate key. Once they've opened the message, they have access to the plaintext,and can technologically do anything they wish with that message.

DRM keys are embedded

The way DRM deals with this is by embedded the keys within multimedia devices instead of handing them out.

As an example, every DVD player has a key that's specific to a manufacturer and which can decrypt the encrypted movies. A DVD movie is encrypted with a symmetric key and key information is encrypted in each of the public keys where the DVD player manufacturer is trusted to obey a legal agreement it has with those who encode the movies.

The theory is: this will stop people from making copies. But if you understand computers, you know you can easily open any DVD player and extract its key. These keys aren't a secret because they're publicly distributed inside consumer electronics. While it may be illegal to extract them, in reality, this has little meaning.

In other words, this technology has an absolutely minimal effect on criminal behavior.

It does, however, have an effect on law abiding citizens.

You'll notice that a DVD player can only play a movie if that movie was encoded to the key embedded in the DVD player. We've effectively created a system that ties the watching of a movie in with a DVD player authorized by those who encoded the movie.

This legally protected tie between encoded content and devices authorized to access the content is what past RIAA CEO Hilary Rosen was complaining about with regards to online music services such as iTunes. This type of tied selling is something that should be regulated by the Government under competition laws.

And as I've already pointed out, the people who encode the movies have agreements with those who have the decoding keys. Moreover, they'll only encode the movie if they have an agreement.

This agreement could be innocent in that it requires that the device obey copyright restrictions. But it could also contain clauses meant to control markets in other ways.

One of the known controls relates to regional encoding meant to ensure a movie released in North America will only be viewable on a North American DVD player. So if you're traveling and buy a movie outside of North America, you won't be able to watch it on your North American player. And there can easily be many other controls that give further power to those who hold them.

It turns out the people who control these keys strongly influence exactly what content will be distributed, with an effect that could be far worse for creators than those understood from media concentration.

While the stated purpose was to protect the interests of creators, we find we've instead created a situation where creators are forced into positions where their ability to reach an audience depends solely on powerful media intermediaries.

As a creator, I long ago decided that no matter how many private citizens infringe my copyright, I trust citizens a whole more than I do any media intermediary.

My audiences are people with whom I can build healthy relationships, but copyright law still exists as a tool to stop people who continue to infringe my rights.

I strongly oppose DRM because it effectively takes control away from me and my audiences, and transfers that control to powerful media intermediaries.

And I see these as a far greater threat to my rights than any amount of copyright infringement.

Russell McOrmond - p2pnet contributing editor

[McOrmond is an independent author (software and non-software) who uses modern business models and licensing (Free/Libre and Open Source Software, Creative Commons).]

Also posted to: Rabble Babble

And linked from: BillBoard Post Play, The Importance Of ... Law and IT BLOG

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

illegal to disassemble hardware?


if you understand computers, you know you can easily open any DVD player and extract its key. These keys aren't a secret because they're publicly distributed inside consumer electronics. While it may be illegal to extract them, in reality, this has little meaning.

You seem to claim is it illegal to dissemble a DVD player to learn its hardware and software secrets. To the best of my knowledge this would be no different than pulling apart my toaster (from a legal standpoint of course.) I haven't signed any agreements with the manufacturer of a DVD player not to pull out any embedded keys, so contract law cannot apply. While the DMCA likely applies in the USA, what law makes this illegal in Canada?