Designing a More User-Friendly DRM 132
onethumb writes: "As one of the core engineers on MightyWords' (now-defunct) DRM for digital documents, I was impressed by Dmitry Skylarov's great analysis of our work the other day. Planet eBook is now running my reply as their feature article explaining our design goals and decisions for our decidedly user-friendly DRM solution."
Car door locks (Score:3, Insightful)
As much as I oppose the idea of DRM, I believe it's the only barrier in the way of releasing more information in digital form. Sure, some may say e-books and the like will never replace their dead-tree counterparts, but I can think of a few times in which they'd be useful. Take technical books/papers - how cool would it be to just "grep" the doc for the keywords you want instead of hoping they are in the index? Remember a vague passage from a novel you read? Just enter what you recall and we'll search the text for you. The possibilities can be endless.
The only bad thing about this implementation is what happens when/if "MightyWords" goes away? How will I be able to unlock my e-docs if I need to move them to another computer and my software can't contact them? Or, perhaps I am trying to read it on a device temporarily without internet access - then what?
Re:Car door locks (Score:2)
In most DRM approaches, you can't get to the raw data with another program without cracking the DRM. If you could use grep, you could use cp, and then their precious "IP" won't be protected any more.
Re:Car door locks (Score:2)
Re:Car door locks (Score:1)
Re:Car door locks (Score:2)
OK, I searched SourceForge [sf.net] and I found something, csrdrm.sf.net [sf.net]. Is that what you were talking about?
The csrdrm [sf.net] project on sf.net:
Looks interesting, I think. Is it only used on Palm?Re:Car door locks (Score:1)
Read the article "MightyWords" already went out of business. And yes basically you're screwed.
Re:Car door locks (Score:2)
This works sometimes...but, for instance, if I can't remember a particular format-string option for printf, I can look it up in K&R in less time than it takes to dig through VC++ help. (I suppose man 3 printf would be faster, but most of what I do at work is for Win32...and K&R has a nice table in it with all the options which is still easier to use than the manpage.)
Maybe I'm just weird that way, but I like my documentation in dead-tree form. MSDN is OK, but that didn't stop me from buying Petzold, Prosise, and other Win32-oriented programming books when I needed to get serious about coding in that environment. (BTW, those books come with CDs that include the full text, so you can have it both ways. My first instinct is usually to pull the book down from the shelf, though, rather than look it up in the computer.)
Spare keys (Score:2)
THIS INCIDENT prompted me to look for a crack for password-protected PDFs, something I had never considered doing before.
To return to the car analogy, in this case a crack is a lot like keeping a spare key hidden inside your car's frame, because of that time you lost your keys and couldn't get home.
Depends on what the thief wants to steal (Score:1)
It really depends on what the thief wants to steal. If he wants your stereo, he'll happily smash a window to take it. If he wants your car, he won't smash a window. Replacing a smashed window will cost you $100-$200. A brand new stolen car will sell for $500-$1000 to a chopshop (yes, a $50,000 vehicle will only fetch $1000). It's too expensive to break a window.
It all comes down to the value of the item being protected. If the cost of the item isn't that much more than the cost of stealing it, then people won't bother. If stealing it damages the item too much (broken windows or crappy quality VCDs) people won't bother. DRM companies need to figure that out.
Re:Depends on what the thief wants to steal (Score:2)
Re:Car door locks (Score:2, Insightful)
I thought I would mention something regarding the car door analogy.
Many people seem to be missing the point here. The point of the analogy is not the status of the car, which of course is a piece of property, but the level of security. A car is not hard to steal, but most people don't steal it. That is the point. The point is not whether a car is worth stealing or who owns it. Similiarly, the Mightywords DRM was not designed to protect the content perfectly, or even very well. It was designed to keep the average honest person honest about their purchase, and to allow easy use of the product. This is also true with car doors. This is Don's point in his reply to Dmitry. Arguing the nature of the digital property in the context of the car door analogy just shows the lack of understanding of the analogy in the first place.
Also, as people have noted, it is impossible to secure digital content when it must be decoded at some point into a plain-text format in a system which is not proof to tampering. Mightywords understood this and made a compromise.
Karl
Naive or DMCA dependant? (Score:4, Insightful)
I'm not exactly sure what you were going for here. I mean sure, a determined car thief might be able to steal the car in the real world, but they can't create a simple, easy to use tool to do so and distribute it to every single person in the world (who could possibly be interested in cars).
They also can't distribute the stolen car to every single person who could want a car on earth either.
But they can do those things with e-books. Were you guys just a victim of your own analogy, or were you hoping on the DMCA to keep people from distributing cracking tools?
Re:Naive or DMCA dependant? (Score:1)
You mean a slimjim? True, they aren't distributed to "every single person in the world" but I doubt this "tool" is either.
No, I don't. (Score:2)
Someone, would be able to analyze the car and possibly build an electromagnetic system to open the locks (total speculation, btw. no idea if that's actually possible) and break the crypto in the starter key. They'll need a sophisticated setup in order to replicate this.
but for software, they can just take that sophisticated setup, zip it up and throw it on Gnutella. In a few days anyone who cared will be able to do what the 'determined' person would do.
Re:No, I don't. (Score:1, Informative)
Re:Naive or DMCA dependant? (Score:1)
Re:Naive or DMCA dependant? (Score:1)
They also can't distribute the stolen car to every single person who could want a car on earth either
If only they could - only one car would ever get stolen.
Same thing. (Score:2)
Just think about it. You buy a $10k car, and suddenly the sum total of the human population steals $60 trillion from you!
Re:Same thing. (Score:1)
suddenly the sum total of the human population steals $60 trillion from you!
I feel so poor!
Re:Naive or DMCA dependant? (Score:2)
I think that what Don MacAskill is saying can be interpreted as a very sensible statement: that people don't generally bother to steal cars, because the relationship between the difficulty to get a stolen car, and the amount you have to pay to get a car, and the extra utility you get from a car you actually own, is such that few people bother.
So, extending that analogy, stealing copyrighted content has to be difficult enough that, given how useful and easy-to-acquire non-stolen content is, most people will purchase the non-stolen content.
At present, and I can speak only for myself, I use "stolen" content - and I will go ahead and use the semantics of the content "owners" even though I disagree philosophically with the principle of owning abstractions - because it is, overall, easier to get (price aside) and more useful. If content owners reverse THAT relationship, in which ease-of-theft is a factor but not an overwhelming one, they can get people to buy their content.
Now, THIS really bust my gut. Only copyrighted content counts? Slashdot's thousands of hits per day (millions? I don't know) don't count as content distribution?
Content distribution HAS caught on, just not among the sector of people who expect to make money from conditions imposed by scarcity.
Re:Naive or DMCA dependant? (Score:3, Insightful)
So, extending that analogy, stealing copyrighted content has to be difficult enough that, given how useful and easy-to-acquire non-stolen content is, most people will purchase the non-stolen content.
This is tough, though. Almost by definition, DRM technology makes the non-stolen content less useful by restricting what can be done with it, where you can use it, etc. As a result, the stolen content is often more useful. This is the fundamental flaw in all DRM technology. It punishes the legal user by giving them handicapped content. When you try to charge more for something that does less, don't be suprised if sales suck.
Pirated content usually has the attributes of being cheap, useful, and easy to find. For some content (say music), the "legal" content is expensive, crippled, and hard to find. No wonder it doesn't sell. I think the only long-term strategy which will work is to actually make the legal content cheap, useful, and easy to find. It will always cost more than free pirated content, but if it's competetive people will buy it. By leaving out DRM, it can be useful (and cheaper too, since DRM is just uneccessary overhead). It's the "easy to find" where I think legal content can get the upper hand. There need to be prosecutions of the people who actually make copyrighted content available in an easy-to-find manner. Pirated content can't be eliminated, but it can be pushed underground where it's not easy for the general public to find. It's not even very hard to do. The software industry does a pretty good job of keeping pirated software underground so that it's not easy to find. I think this is the answer to the "ease of theft". The DRM only has to be cracked once to extract the unprotected content. And lots of people will specialize in exactly that. Look at software copy protection. No body has ever invented something which can't be cracked. But, for things to be easy to steal, they have to be easy to find. And that's the key. Make sure any warez site that shows up on google gets shut down. Find the folks who are putting 100GB of pirated music up on a fat pipe for anyone to take (note I am not advocating trying to shut down the basic tools, but going after the people who are actually illegally distributing copyrighted material.) As long as your average user can't easily find the pirated material, the legal stuff looks more attractive.
Re:Naive or DMCA dependant? (Score:2)
From the original post: "An analogy we used often during development was that of car door locks. A determined thief would be able to get into any car door through numerous means. All car door locks really do is prevent your average everyday person from violating your car's security and stealing your sunglasses. But it doesn't get in the way of your use of the car. "
From the reply to which I am responding: "I'm not exactly sure what you were going for here. I mean sure, a determined car thief might be able to steal the car in the real world, but they can't create a simple, easy to use tool to do so and distribute it to every single person in the world (who could possibly be interested in cars)."
Pehaps you haven't heard of this new tool
Re:Naive or DMCA dependant? (Score:1)
Tom
Re:Naive or DMCA dependant? (Score:2)
But they can do those things with e-books. Were you guys just a victim of your own analogy, or were you hoping on the DMCA to keep people from distributing cracking tools?
A thief can do the same thing with a print book and a photocopier. Or, to the low-tech extreme, pencil and paper. Nothing is or can be immune to copying. If you can see or hear it, it can be copied. That is a risk that an author takes when he or she releases a work.
If you want to be absolutely sure that no one will be able to copy your work, you must keep it to yourself.
DRM will not work and can not work for the simple reason that the data must, at some point, be unlocked. Once it is unlocked ("autorized" or not) it can be copied.
Re:Naive or DMCA dependant? (Score:1)
If someone asks you if they can borrow your car, you say "sure, but I need it back in an hour". If someone asks you to borrow an ebook, you say, "hold on, I'll run you off your own copy". Until something exists that takes the copyrighted content away from the original owner, real world analogies don't apply.
Re:Naive or DMCA dependant? (Score:1)
We though, perhaps wrongly, but we'll never know, that if we built a DRM that was easy to use and unobtrusive, people wouldn't bother cracking it. They wouldn't have to. Why? Because we allowed a lot of things other DRMs didn't:
- They can print their book all they want.
- They can read it on their desktop, laptop, palm, etc.
- They only have to enter their username and password *once* per device, it unlocks automatically every time after that.
- No extra downloads, plugins, or anything. Just Acrobat, which tons of people (hundreds of millions, according to Adobe) already have.
- Most of the time, it was "pre-unlocked" during the download process, so the user didn't ever have to enter a username and password, unless they copied it to another device.
- If they wanted to share it in the office, just like you might want to share a magazine, all you had to do was pass along your username & password too. Causes you to pause, but you might do it for relevant business documents and such.
- You're encouraged to send it along to friends without the username & password so they can buy it directly from within the document.
I could go on and on... In short, there aren't a lot of reasons to bother breaking it. We tried to make it painless for grandmas to use.
Don
Re:Naive or DMCA dependant? (Score:1)
Morals definately contribute to people not stealing each other's cars, but so does the difficulty of picking a lock and the potential of being caught if you just broke the glass.
Anyone Know of Privacy Friendly DRM? (Score:2, Insightful)
Security is never free (Score:5, Insightful)
-russ
Re:Security is never free (Score:2)
By the way, have you noticed the opposite meaning of words in such terms like copy-"protection" or digital "rights" management, etc.? Does it remind you something [powells.com]? Like the Ministry of Truth? Yes, I linked to Adobe eBook version of George Orwell's 1984, how ironic... "THIS TITLE IS NOT TEXT-TO-SPEECH COMPATIBLE"
To be more optimistic, I'm just reading "Secure Programming for Linux and Unix [dwheeler.com]", a great book released under the GNU Free Documentation License [gnu.org]. Fortunately, not everyone is a copy-"protection" freak yet.
Re:Security is never free (Score:2)
It would be even more amusing to harness the collective power of the open source community to simplify this task. Create an online repository for text, divided up and numbered by page. Have 50 or so people buy the ebook, and let them "sign up" for 10 pages each. Their responsibility would be to copy their assigned pages into plain text, then upload the result to the repository. With a coordinated effort like this, an entire ebook could be replicated in under 30 minutes
Uh oh, I'd better shut up before they arrest me for discussing a circumvention method...
Re:Security is never free (Score:3, Insightful)
This reminds me the Copyrighting fire [gnu.org] by Ian Clarke:
Great text. There's much more of good stuff on the GNU Philosophy [gnu.org] website. One of my favorite copyright-related texts from the GNU Philosophy is The Right to Read [gnu.org] by Richard Stallman. It sounded funny and silly for many people when it was published over five years ago, now it's more actual and terrifying than ever before. It's something which everyone should read before starting any discussion about e-books and DRM.Re:Security is never free (Score:2)
Actually, the whole point behind DRM is to restrict usage, of which copying is one type of usage that is usually prohibited. It's clear that you know this, but that first sentence is the too-simplified version that most people believe (and some unscrupulous DRM proponents will be satisfied with having people believe this because they know many people won't go for the much more restrictive leases DRM allows)
Re:Security is never free (Score:1)
Repeat after me:
Voilá
Voilá
Voilá
Voilá
Voilá
Now go, and bring up that red-haired stepchild of a violin no more!
Great but broken analogy (Score:5, Insightful)
I love the analogy he uses, but there's a major flaw in it. On the car-door-lock side you have the owner, the car, the lock, and the thief. On the digital rights management side you have the copyright holder, the document, the DRM, and the consumer. It's easy to see that the car owner maps to the copyright holder, the document maps to the car, and the DRM maps to the lock.
So, who's the thief? When selling this technology to their customers (the copyright holders) the thief doubtlessly maps to the consumers, or at least some subset of them.
But when describing it to consumers, there is a tendency for the consumer to project themselves onto the car-owner (making, I suppose, the copyright holder map to the manufacturer), especially since it is their ease-of-use that's being considered. "After all," most consumers would think "I'm not a thief." This leaves them with the totaly false impression that they are somehow the ones being protected.
So it may not be perfect as an analogy, but it is fantastic> as a sales pitch.
-- MarkusQ
Flamebait??? (Score:2)
To whoever modded the parent post "-1 flamebait":
Re:Flamebait??? (Score:1)
Re:Great but broken analogy (Score:5, Insightful)
A better analogie is: People don't normally steal a pack of gum, since it is pretty cheap and easy to just walk into the store and buy one.
Today's DRM gum would make you have to sign license documents when buying the gum, agree to pay royalties on the gum if you resell it, and a device physically attached to the gum that reports back to the store every time a piece is removed to chew.
It's a pain in the butt, thwarts customers, and in the end it's easier to steal than buy.
Re:Great but broken analogy (Score:1)
Perhaps if you had to physically sign a license agreement for each CD you bought maybe we wouldn't even need DRM. The problem isn't that the consumer accidently copies copyrighted works. Its that they aren't aware that their CDs are copyrighted and should not be copied. And those implied licenses like the kind on software that say you agree to the license by installing the app, with little to no mention of the details of the license in their easy click-through installations, are the same things that confuse consumers. They don't know what they are agreeing to, so they don't know when they break the law. This is like posting a police officer in every home because we know that some Americans break the laws they haven't read, in their own home.
Re:Great but broken analogy (Score:2)
Re:Great but broken analogy (Score:2)
That's clearly what they want you to think. But consider: why do we care about they thief's ease-of-use? We don't, unless the thief is realy just the customer--remember that the car-lock analogy has only two parties; the car owner and the thief. Unless they are transfering rights to the customer (which I doubt) that mapping doesn't leave room for both a customer and a thief.
A better analogy might include a third party (so that we could distinguish between the users who we want to make things easy for and the thiefs we want to stop) like so:
If this were the analogy they'd used, there would have been a mapping for the thief, but it would include people that the user wanted to give access to. And thus it would be harder to sell to the user.It's even worse when the deal is structured as a sale rather than a rental. Would you purchace a car that could only be driven by people authorized by the dealership at the time of purchase?
In any case, this second analogy isn't what they used (or at least, it isn't what was stated in the article) and thus my original objection stands.
-- MarkusQ
Re:Great but broken analogy (Score:1)
More likely- only authorized by your insurance company or DMV/highway patrol.
When I was a kid (might be different in your state/time period), if I'd gotten my license while living at home, my parents would have had to pay male-teenager insurance whether I was allowed to drive the car or not.
If my parents had a thumbprint-activated car, maybe the insurance company would give them a break.
A GPS, governor and timer in the car might be another way to get a break on insurance- teenager can only drive towards home after 10pm. Can only drive in a 10 mile radius around home/school/work.
This sounds like a boon to the parent, but what about when the system breaks down or you just want junior to pop down to the store for a carton of milk @ 11pm?
Another party that might be interested in what you do with "your" car might be the lien-holder or leaser. No driving too fast or skipping service with "our" car sir.
-M
Re:Great but broken analogy (Score:1)
For 99% of the people, they never even saw a username & password dialog... Instead, the document simply opened right up for them every time, with their name embedded down in the bottom-right corner.
I think it fits as an analogy because essentially what we tried to do was take something that was inherently painful and difficult to use (DRM) and make it as easy, or eaiser, than car door locks are. We wanted to make it so easy to use, that cracking it didn't even cross your mind.
I think we mostly succeeded. It's too bad our principles wrapped us up before we were even near death.
Don
Re:Great but broken analogy (Score:2)
I can respect that, even if I'm not sure how you hoped to accomplish it. When you say "so easy to use that cracking didn't even cross your mind" I understand you to mean something like "so easy to use the way we wanted you to that using it in ways we didn't want you to didn't even cross your mind."
That works as long as the user doesn't intrinsically want to do something that your client (the copyright holder) doesn't want them to. At that point, you have decide who's side you're on--ease of use doesn't enter in to it.
I happen to be of the old "you can't copyright a number" school. I hold that the whole concept of "digital rights management" is flawed, since there is not (IMHO) any such thing as digital rights to be managed. *smile* I think people should be allowed to count as high as they like, without being expected to pay royalties when they reach certain really big numbers. But that doesn't mean I can't appreciate when people like yourself try to find a middle ground.
-- MarkusQ
Re:Great but broken analogy (Score:2, Insightful)
I should note that getting copyright holders to agree to our less-restricted DRM was like pulling teeth sometimes. One of the reasons we had to implement a DRM at all (it was something like a 51% / 49% vote for DRM over no DRM... very close) was to appease them. Without their content, we couldn't even try our concept.
I happen to think that there needs to be a balance between customer needs and copyright holder's. Most DRMs err on stripping away all or nearly all customer rights, but we tried to get somewhere in between where all parties are happy. Deciding where to draw the line is difficult.
I'm afraid that without some sort of control, many copyright holders will prevent their content from ever showing up digitally, which I think would be a shame. It's not nearly as simple to digitize and transmit a book as it is other forms of media, so without their involvement, it might never happen.
Don
A shining example... (Score:3, Insightful)
Re:A shining example... (Score:2)
I would guess the final thing that MightyWords should do if it goes out of business is to release a reader that does not deny access to the content.
DRM Balance (Score:2, Interesting)
I think that with 'friendly' DRM, that balance is between Privacy and Weak Protection.
If the DRM is supposed to be very effective, there will be privacy concerns because the authorison to the rights for certain media will have to be attached to static identifiers, this allowing the unique identification or people or computers. Of course many of us would not want that.
On the other hand, if we avoided the privacy issues, the DRM would become too weak because it would be more difficult to attach the right to play music or watch a movie to any one person and no other, allowing people to create hacked 'identities' and such.
Judging from the article, it seems these guys are taking the strongerp protection route (which makes sense if they want to make a product that will satisfy industry) since they talk about forcing a user to unlock the content once and only once, and they want a cross platform uid/passwd which is unique to your identity.
as with all IT things (Score:1)
Smartest business decision ever: (Score:1)
This is a core decision to any successful product, hardware, software, anything!
History has provided us the answer and it has been : A good product that's easy to use will make us more happy than if you make more money cause I am forced to suffer your paranoia. If it's easy and smart people will buy, if it's a hassle, screw you!
Re:MS's choice (Score:1)
DRD, not DRM (Score:2, Insightful)
The correct term should be "Digital Rights Denial." Once you call it by the correct name, the debate is clarified.
So, apparently lack of good DRD is the main "obstacle" to getting information into digital format? Well, here's a simple solution: Don't put your information in digital format. Wow. That took a rocket scientist.
lol, if only people (esp. slashdot eds) (Score:2, Funny)
User Friendly mean a compromise in security? (Score:1)
This raises one question to me. Does making something user friendly have to compromise security?
I think it does not. I think that it requires an great detail of planning and development that most companies are too profit hungry to forgo.
A good DRM... (Score:2, Insightful)
...is a null DRM.
We don't want to keep tripping over bits of locked data all over the place.
We think it's bad having to comply with the .doc 'standard'.... well, just wait until 50% of your files are locked/ registered/ timelimited/ self-deleting/ copy-number-tracked/ require internet connection etc. etc. in 20 different 'management' schemes...
Information transcends physical constraints... but all these clever people keep forgetting that.
UID PSWD (Score:1)
Oh, wow. (Score:2)
There were several pages about each title available -- Summary, Free PDF Preview, Table of Contents, and a script generated Author Info -- and all pages. For example, the sample link here (now dead) would display a page with Free PDF Preview of the "Making Sense of the C++ Pointer" book.
http://www.mightywords.com/browse/ details_bc05.jsp?sku=MWBCBZ&private Label=false&display=preview
From the Free PDF Preview page there was a link to a PDF file with a preview exists:
http://download-prod.mightywords.com/ MW/BC/MakingSenseoftheCP_ MWBCBZ_p.pdf.
After you paid for the title, you would get the following link to download full version of the eMatter:
http://download-prod.mightywords.com/ MW/BC/MakingSenseoftheCP_ MWBCBZ_e.pdf
The download links for preview and full version differed only by the last character before the extension -- 'p' for preview and 'e' for complete eMatter. So, an unauthorized user could download the full versions of any eMatter.
Man, you guys were MORONS!
Anyone with a hex editor and a working knowlage of javascript could have downloaded and hax0red your books for free. They wouldn't even need a p2p program, or a complex tool like DeCSS!
Re:Oh, wow. (Score:1)
But the general idea was to allow fair-use copying, prevent casual thievery, and be easy-to-use.
Hard-core security wasn't a concern *at all* since it would make the document difficult to use.
Ease of use, and the ability for the consumer to do *what they wanted* (such as copying, sharing, and printing) was a core design goal.
Don
Oxymoron (Score:1)
Re:Oxymoron (Score:1)
MS Patent Question (Score:1, Redundant)
Is this one of those things that many years after the fact, when they get around to marketing their own product, they turn around, and tell everyone else that they are in violation of the MS Patents, and either cease and desist, or give up the family jewels?
Do we face a situation where people are doing all of Microsoft's work for them? Why should we bother?
Talk about stifling innovation!
Re:MS Patent Question (Score:2)
Good. I support as broad a DRM scheme as possible. (Score:3, Insightful)
hoped, eventually handhelds, no extra purchase required for each device.
I was thinking the other day - what happens if electronic books become so prevalent and useable that entire libraries become available via e-book formats, and public facilities use electronic books as a large part of their libraries?
Libraries are required to provide reasonable access and facilities for all sorts of people, such as the deaf and blind. In that case, any restrictions on OS or devices used for the books would raise discrimination issues.
I am aware that a bookseller may restrict the rights to books in any way that they choose. However, there is a subgroup of printed matter - publically available government and court documents, for instance - that may be presented in e-book format. A broad DRM scheme is ideal for this sort of material - you still are able to keep track of who has the material, and to regulate available copyright issues (government documents wouldnt have these issues, but some "public interest" type material might) without overburdening people or forcing them to use a particular OS or device to read the material.
drm is the start, but where will this end? (Score:1)
You cannot manage non-existent rights. (Score:2)
To couch the attempts to stop this in terms of rights is futile. It is solely within the realm of legal fiction that any such "right" must be couched. The car analogy is perfect because it shows the facile argument that IP prponents use to justify their position is flawed. If the theif takes the care then you lose the amenity of the car. There is loss. If the theif takes your copy of the content then you lose the amenity of the content. There is loss. Copying content is not the same.
Now don't misunderstand. As far as I am concerned IP does not exist, but that is unimportant for my point here. What is important is the DRM that persists in portraying copying of content as theft is doomed to fail because COPYING IS NOT THEFT (in the context of loss of amenity in which theft is by necessity placed) and so the idea of "managing these rights" is just stoopid.
Re:You cannot manage non-existent rights. (Score:1)
Since we did make some attempt to prevent mega-easy outright theft of the content, while not preventing the original customer their fair-use rights, I still consider it to be a DRM. Just a DRM done "The Right Way" (or at least a big step in that direction).
Don
Re:You cannot manage non-existent rights. (Score:2)
By definition, a DRM system is supposed to ensure that this is impossible without the permission of the content owner. In my opinion, the players in the game are worrying about the wrong things. DRM's should be there for things like pay-per-view services (Which I've little problem with so long as there's other stuff to watch- make it all pay-per-view/listen/etc. and I give up on your stuff completely...) but for things like DVD, eBooks, etc. it should be a one-time transaction. If they do like many have suggested, make it uneconomically viable for infringement (Which doesn't mean using a DRM, which paradoxically makes it more viable to infringe on the copyright of the content...) then they'll have a heck of a lot less infringement going on and they'll still make something around what they're making now- it's just that a LOT more people will be buying into their stuff.
Simple, industry solution (Score:1)
Re:Simple, industry solution (Score:2)
Of course, such a scheme would require a decent key distribution framework, and certificate authorities, as well as the need for handling anonymous distribution (yes user #mumblyfoo has a copy, which someone paid for, but we don't know who). The issue of key escrow to handle failed companies also arises. Personally, I think these are workable.
The big hot area of DRM, of course, is he entertainment industry. My understanding is that even strong crypto-based DRM isn't enough for those control freaks. They want to ensure that even if content is cracked, it can't be redistributed. This, of course, is not technically possible. It may be legally possible by making everyone a criminal, of course.
Sklyarov has a point (Score:4, Insightful)
As long as you only do whatever you are allowed to do with your content anyway (quote it, show excerpts, give copies to friends), nobody will care - and are not _able_ to care. If it finds its way out on file-sharing places, it can be picked up, and the original buyer can be contacted.
Now the original buyer might well not be the one streading the content, but he or she could give information about who else had access to it, and thus the content holders could track down whoever did the deed. Even if there is no legal way to force the buyer to reveal anything (and I don't think there is), the possibility of being implicated in a mess like this is enough for the majority of people to stay away from spreading stuff beyond what they're allowed to.
And that's exactly what this _should be about (and what the car analogy is about as well): people determined to break the law by selling counterfeit copies (or that have an overriding political urge to spread others' content far and wide) will find ways to do so, just like no 'real' car thief is stopped by locks and alarms (even alarms only work because not every car has them; it's easier to steal a car without it).
What you want to stop is incidental spreading, by people that should know better. By having onerous protection systems that force people to break them just to use the content in ways they have a right to do - and expect to be able to - the barrier is gone to then just spread it as far and wide as they want. By locking down too tight, the providers actually increase the amount of copyright violations. It's like warning lights for seatbelts. Some people got so tired of hearing that buzzer whenever they put their briefcase on the passenger seat, they clicked the seatbelt permanently in place - and prevented it from being used when there _was _ a passenger in the car.
/Janne
Re:Sklyarov has a point (Score:2)
Re:Sklyarov has a point (Score:1)
That was done years ago when MS applications came on floppy disks. The first disk in the install set had to be run without the write protect so it could write your registration information onto it, or it would not proceed to install.
Ways around it:
1. Every time you want to install, make an extra copy of the first disk and install using that. But you must never have installed using the original disk 1. (Lather, rinse, repeat.)
2. Download one of the install disk 'cracks' that were available that allow you to enter new reg info each time.
I exepct that something similar would come out for buyer id-stamped content.
Re:Sklyarov has a point (Score:1)
Yes, there would be cracks for this, no doubt. The point I was trying to make is that there will always be ways around it. But if the system is non-intrusive enough, most people will not bother with defeating the ID stuff, as they can use the content the way they like anyway. The vast majority of people do want to be honest and pay their way if they are given the chance and feel they get their money's worth (which, in the case of CD:s, they really aren't today).
What you want to stop is the casual copying of content. As you say, Windows was and is fairly easily crackable, but MS still does very well, as most people finds it too much of a hassle. If/when they go for a subscription model, and crack down even more on the use of a single copy for multiple machines, this picture will of course change...
/Janne
Re:Sklyarov has a point (Score:1)
When reading or printing the document, the original purchaser's full name was embedded in the lower-right corner of the document. My other posts here outline our fair-use stance, but basically, peopel were encouraged to copy, print, and share their documents. They can do that with a magazine, right? Shouldn't be any different for our eMatter.
It was a key feature from day one, and I don't know why I didn't mention it in the article. Silly me.
Don
Re:Sklyarov has a point (Score:1)
> the original purchaser's full name was
> embedded in the lower-right corner of
>the document. My other posts here outline our
> fair-use stance, but basically, peopel
> were encouraged to copy, print, and share
> their documents. They can do that with a
> magazine, right? Shouldn't be any
> different for our
Assuming you had the worlds greatest, unbreakable DRM system, it is insecure if you allow people to print, because once it is on "insecure" paper, all someone has to do is print, scan, and OCR it. Do you really think they are going to OCR their full name imbedded in the lower right hand corner?
And as far as that goes, the only way you are going to have totally secure e-versions, is to not have paper copies available. Where does everyone think all the books on "alt.ebooks" are coming from? Sure the average person isn't going to scan a book and OCR it. But all it takes is one dedicated person and a place to post.
usurper_ii
Re:Sklyarov has a point (Score:1)
/Janne
Re:Sklyarov has a point (Score:1)
Don
Re:Sklyarov has a point (Score:2)
You're close. Very very close.
What you actually want to embed in the content is the identity of the creator.
You see, it'a all about reputation. If you come across a cool thing on KaMorphSter, you want to know who created it. Maybe they've done other cool stuff you'd like to have. Extracting the embedded creator information will tell you this; you won't give a damn about who bought that particular copy.
Where copying is ubiquitous and cheap, reputation becomes a chief unit of currency. The MPAA and RIAA understand this. That's why the Internet terrifies them; it completely shuts them out of the reputation-brokering business.
Schwab
Watermarks are very very weak... (Score:2)
Kjella
Keeping the honest people honest (Score:2)
Most telling statement. (Score:4, Insightful)
MightyWords is due kudos for implementing a system that was easier to use then to crack, but their withdrawal from the market highlights the fundamental flaw in any DRM system.
The best analogy I've come up with for DRM content (any DRM including DVD) is that the content is in a safe with a little window in the side. Both the safe and the window have combination locks on them. If you have the right window code, you (personally) can peer through the window and view the content in a limited way. eMatter has a pretty big window, but you still have to go to them to get the combination. When the copyright on the content expires, or if you want to make fair use copies of parts of it, you are allowed to open the safe, take out the content, and manipulate it directly.
Only, you aren't. When the inevitable happens and the code holder goes titsup, you are boned. Specifically, if you want to make use of the content in any way - even perfectly legal uses - you are absolutely required to break the law.
As we've seen in the DeCSS case, the DMCA trumps fair use. You're still allowed to use fair use as a post facto defence for the act of copying the content, but not as a pre facto justification for obtaining the tools that let you do it. In other words, obtaining or possessing a safe cracking kit is illegal regardless of the use you put it to. Cracking the safe is actually legal, but obtaining (or creating) the tool to do it is not. Astonishing, but that's exactly what the DMCA says.
The SSSCA will just make this worse, as it will mandate hardware that will only look through the little window. Even if you break the law to obtain tools to open the safe and get at the content (quite legally if the copyright is expired), you won't (legally) be able to obtain hardware that will touch that content.
Again, eMatter is one of the best attempts at DRM I've seen, but it still demonstrates how fundamentally flawed DRM is, because it requires you to prove your innocence while giving no guarantees that you will be able to continue to do so. It illustrates the vital distinction that you are not buying content, you are licensing a limited and revokable right to access content. There's a big difference, both in theory, and as the collapse of MightyWords now shows, in practice.
Digital Rights Denial Will Always Suck (Score:2)
They are morraly wrong and in violation of the spirit of US copyright laws. Copyright is a created right which only exists by positive govenment action. It is not like natural rights such as speech which require negative government action to deny. The goal of US copyright law was to enlarge the public domain without unduely limiting people's natural rights. To do this, the framers of the constitution granted a 14 year exclusive franchise to publish works to the creators of the work. That 14 year franchise could be renewed once if the original author was alive. The framers of the constition were well aware of the evils of exclusive franchises, especially ones that forbade the spread of knowledge, but balanced that evil with the good of enlarging the public domain. The laws made sense for dead tree and other physical media publications. They don't make sense in the digital world. Low and non existant costs of duplication remove the need for copyright in the first place as anyone who wants to can add their thoughts to the public domain. Secondly but more important the viewing tool is also the tool of creation and an enforcement of a franchise on that tool is a clear violation of free speech. To achieve their ends, publishers must control ALL digital devices. They must deny my right to create and share software. Indirectly they will gain the ability to deny the creation and sharing of ALL information. There are few things more morraly reprehensible than violations of free speech. Without free speech, there is no truth. Without truth there can be no justice. Without justice there is only the rule of the strongest, amoral anarchy. Digital Rights Denial is the law to end all laws.
Re:Digital Rights Denial Will Always Suck (Score:1)
We wanted to make it as close to a magazine as possible without outright allowing free transmission.
I think we struck the right balance.
Don
Re:Digital Rights Denial Will Always Suck (Score:2)
Aha! There you have it. What's wrong is republishing other people's work. Well, there ARE LAWS against that. Enforcing them has nothing to do with softare.
I'm not wrong to see where this is going, regardless of what prommises you make me. If You stick software on My machine that makes it so You can make files that I can't delete, and You can keep me from doing other things, then You OWN my machine not me. If such things become required, as many publishers and telecomunications firms would like, then what happens on my machine will be under someone else's control or I will go to jail. Sorry, that's unAmerican.
There are laws against shooting people. It is unconstitutional to make laws against owning arms.
Domesday book... (Score:1)
If the Domesday book on laserdisk became unreadable due to technology drift in just a couple of decades, it seems likely that DRM schemes will have the same problem. Fortunately in the case of the Domesday book, there is an analog hardcopy to fall back on.
It is disturbing to think that our civilization might entrust its new works of art to DRM schemes that make accessibility to the work dependent on the perpetual business success of the vendor.
DRM A Broken Approach to An Already Solved Problem (Score:4, Insightful)
The industry tried copy protection, and even before the recent mathematical proof proving that secure copy protection, or DRM, was impossible the industry learned from its own experience that copy restrictive technologies were both ineffective in stopping copyright violation, and harmful to their legitimate customers and, therefor, to their product.
The industry learned, however, that even a modicum of personal accountability suffices to stop most forms of copyright violation, and that nothing short of a depopulated world will ever stop it all. The solution was quite simple: serialize the product and/or stamp the user's identity onto each piece of software sold. We don't know if there is a mechanism in place to trace serial number N of product P to the credit card number used to purchase it, and hence to the purchaser, but we as consumers do know it is certainly possible, and that alone makes the vast majority of people reluctant to share software illegally, even with their close friends.
Not everyone, mind you, as warez sites obviously demonstrate, but the vast majority. So much so that the software industry thrives, despite a complete lack of copy restriction technologies, or DRM, whatsoever, and despite a much greater vulnerability to such copying than eBooks, music, or film will ever be. Software has no equivelent alternative revinue streams like live concerts or cinemas, yet it has learned to thrive and prosper in an environment that copyright-obsessed yet technology-naive control freaks, like the sort currently lobbying congress to gut, even outlaw, technologies fundamental to the internet and personal computing, would assume to be inimical.
The problem of copyright violation and the "threat" the ability to make unlimited, perfect copies of a product has already been confronted, addressed, and successfully solved by the software industry, without DRM, without laws like the SSSCA, and finally without, and prior to, the DMCA.
eBook authors, musicians, and movie producers need to learn this, and need to seriously look at the motives their publishers, recording companies, and studios have for persuing technological restrictions on a problem for which an elegant social and legal solution stressing personal accountability have already solved. That motive, of course, is to secure their parasitical place as dominant middleman, with power over both the artists and their fans, at the expense of both and at the expense of the art they have usurped "ownership" over.
Where can i get a job like this? (Score:1)
PS. Would anyone be interested in buying the DRM system i just developed: Basically, the media (cd/dvd etc..) comes with a special label stuck on the front that says: "for every cd bought, we save one 3rd world childs life. If you pirate this cd, you are killing a poor little child, can you handle the guilt??" and it has a picture of a sick and starving mine victim on it.
Don't worry, your company doesn't have to actually donate any money, all you have to do is put a little notice on the back in 1pt font saying "x company does not donate money to charity and may not actually save one life per cd. all rights reserved"
Please note that i plan to sell this DRM system for allot of money (3 million) and it is (c) Theodore Allardyce 2002. If i see any such labels on cds, i will know who to sue.
[This post is protected under the Allardyce DRM 1.0 - I will personally save one starving and sick 3rd world mine/aids/torture victim child for every +1 mod. Can _YOU_ handle the guilt??]
A good DRM? (Score:1)
The editors are trolling! (Score:1)
Re:The editors are trolling! (Score:1)
Cool, but who is this guy? (Score:1)
car locks != DRM, but... (Score:2)
But there are two important lessons you can learn from car locks. One is that they aren't absolute security; anyone who bothers to spend a few hours learning how can steal any car in less than five minutes. The other is that cars are rarely stolen anyhow, because car thieves get caught and severely punished. Go after the thieves, don't cripple the product.
A DRM of our own devising (Score:1, Insightful)
riaa and mpaa.
All histrionics aside, that is the inevitable
choice.
What part of this don't status quo geeks understand?
Current Geek stategy is stupid.
If you wait til they roll out their DRM it will
be too late ( for 95%) of us.
If we came out with a drm that respects legitimate fair use, which file sharing mp3
with people who haven't ponied up for music, is NOT, then while they dithered it would become a
standard.
If the riaa and mpaa then objected to a drm
that most people thought was fair, they would look like greedy bastards (to everyone, not just
clued in geeks) for wanting more.
of course, some l33t types would actually rather
play cat and mouse with the System.
in short, a fair use drm ( so i can make compilation cd's and time shift tv- not to file
swap) now or Riaa-mpaa-Microsoft benefits hell
within a couple of years.
*sigh* I guess it's back to CP/M (Score:2)
"open source operating system" (Score:1)
and since when is "Open source" an OS?
The "open source operating system" is the OS that runs on a network whose machines run GNU/Linux, BSD, AtheOS, FreeDOS, and other operating systems whose kernel, shell, and included applications are OSI Certified open source software [opensource.org].
ObDRM: None of the OSI Certified operating systems place the kernel or GUI under a digital-rights-denial system (unlike retail Windows XP). Windows XP does have one advantage, however: in the cartoon world, it can turn a laptop into a jetpack. (Read More... [userfriendly.org])
Re:Counter Point ... (Score:1)
Well, trolling is a kind of fishing...
Re: Sharing (Score:2)
It wouldn't really make a difference if we copied the books. Once I've read one, I'm unlikely to read it again soon. In a way, we're already duplicating information when sharing the books in the old fashion. The difference seems to be that physically copying is illegal, which is a completely arbitrary statement. Our legal sharing scheme is already 'taking money from the artist' because we're not buying duplicates.
It's completely arbitrary and unphysical to say that a person owns some thing. The idea with car keys is that of convenience: you're always sure nobody else has used your car, so you know where to find it, in what condition. Once you can duplicate cars with zero effort, this problem is meaningless.