Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Technology Your Rights Online

Designing a More User-Friendly DRM 132

onethumb writes: "As one of the core engineers on MightyWords' (now-defunct) DRM for digital documents, I was impressed by Dmitry Skylarov's great analysis of our work the other day. Planet eBook is now running my reply as their feature article explaining our design goals and decisions for our decidedly user-friendly DRM solution."
This discussion has been archived. No new comments can be posted.

Designing a More User-Friendly DRM

Comments Filter:
  • Car door locks (Score:3, Insightful)

    by kill-hup ( 120930 ) on Friday March 08, 2002 @09:04AM (#3129871) Homepage
    Any real determined thief won't mess with the locks when the car's covered in breakable glass ;)

    As much as I oppose the idea of DRM, I believe it's the only barrier in the way of releasing more information in digital form. Sure, some may say e-books and the like will never replace their dead-tree counterparts, but I can think of a few times in which they'd be useful. Take technical books/papers - how cool would it be to just "grep" the doc for the keywords you want instead of hoping they are in the index? Remember a vague passage from a novel you read? Just enter what you recall and we'll search the text for you. The possibilities can be endless.

    The only bad thing about this implementation is what happens when/if "MightyWords" goes away? How will I be able to unlock my e-docs if I need to move them to another computer and my software can't contact them? Or, perhaps I am trying to read it on a device temporarily without internet access - then what?

    • ...Take technical books/papers - how cool would it be to just "grep" the doc for the keywords you want instead

      In most DRM approaches, you can't get to the raw data with another program without cracking the DRM. If you could use grep, you could use cp, and then their precious "IP" won't be protected any more.

    • As much as I oppose the idea of DRM, I believe it's the only barrier in the way of releasing more information in digital form. Sure, some may say e-books and the like will never replace their dead-tree counterparts, but I can think of a few times in which they'd be useful.
      First of all with "e-books" (i.e. with text which you don't control) there's no much advantage over the paper version. I can do more with the paper version.
      Take technical books/papers - how cool would it be to just "grep" the doc for the keywords you want instead of hoping they are in the index? Remember a vague passage from a novel you read? Just enter what you recall and we'll search the text for you. The possibilities can be endless.
      Forget about grep [gnu.org] or textutils [gnu.org], they will never be digital "rights" management friendly. Oh, you meen what Adobe will give you to process the text you read?
      The only bad thing about this implementation is what happens when/if "MightyWords" goes away? How will I be able to unlock my e-docs if I need to move them to another computer and my software can't contact them? Or, perhaps I am trying to read it on a device temporarily without internet access - then what?
      Then you have a bad luck, because with digital "rights" management you don't have digital rights.
      • I was thinking it would be funny to suggest someone start work on an open-source, GPL'd DRM scheme. Luckily I checked SourceForge first, because there already is such seemingly contradictory work going on.
        • I was thinking it would be funny to suggest someone start work on an open-source, GPL'd DRM scheme.
          :) That's the best idea I've ever heard about DRM!
          Luckily I checked SourceForge first, because there already is such seemingly contradictory work going on.
          There is, really? What's the name of this project? We should promote it!

          OK, I searched SourceForge [sf.net] and I found something, csrdrm.sf.net [sf.net]. Is that what you were talking about?

          The DRM option for
          C Spot Run [32768.com] is an external library with decompression and decryption. If you were refered here by C Spot Run then you are missing a module of the form csrdrmXX.prc where the XX is some number and letter combination.

          The csrdrm [sf.net] project on sf.net:

          Project: C Spot Run Digital Right Management
          Digital Rights Management example library for C Spot Run.
          Foundry Member: :Handheld Foundry
          • Development Status: 5 - Production/Stable
          • Environment: Other Environment
          • Intended Audience: Developers, End Users/Desktop
          • License: zlib/libpng License
          • Operating System: PalmOS
          • Programming Language: Assembly, C
          • Topic: Cryptography
          Project UNIX name: csrdrm
          Registered: 2002-01-15 21:13
          Activity Percentile (last week): 0%
          Looks interesting, I think. Is it only used on Palm?
    • The only bad thing about this implementation is what happens when/if "MightyWords" goes away?


      Read the article "MightyWords" already went out of business. And yes basically you're screwed.
    • Take technical books/papers - how cool would it be to just "grep" the doc for the keywords you want instead of hoping they are in the index?

      This works sometimes...but, for instance, if I can't remember a particular format-string option for printf, I can look it up in K&R in less time than it takes to dig through VC++ help. (I suppose man 3 printf would be faster, but most of what I do at work is for Win32...and K&R has a nice table in it with all the options which is still easier to use than the manpage.)

      Maybe I'm just weird that way, but I like my documentation in dead-tree form. MSDN is OK, but that didn't stop me from buying Petzold, Prosise, and other Win32-oriented programming books when I needed to get serious about coding in that environment. (BTW, those books come with CDs that include the full text, so you can have it both ways. My first instinct is usually to pull the book down from the shelf, though, rather than look it up in the computer.)

    • To test the service for a client, I purchased and downloaded one of the articles that my client had put on Mightywords. The purchase and download were painless enough, but then I tried to read the content offline. BEEP -- you MUST authenticate online before you can read the content! Which renders the content useless for any non-connected machine, and probably raises privacy issues as well (someone else can get into that if they like), not to mention making the content inaccessable whenever Mightywords is not available. IIRC, the document was also tied to the registry of the machine it was downloaded to, so could not have been transferred to a portable for reading elsewhere.

      THIS INCIDENT prompted me to look for a crack for password-protected PDFs, something I had never considered doing before.

      To return to the car analogy, in this case a crack is a lot like keeping a spare key hidden inside your car's frame, because of that time you lost your keys and couldn't get home.

    • " Any real determined thief won't mess with the locks when the car's covered in breakable glass ;)"

      It really depends on what the thief wants to steal. If he wants your stereo, he'll happily smash a window to take it. If he wants your car, he won't smash a window. Replacing a smashed window will cost you $100-$200. A brand new stolen car will sell for $500-$1000 to a chopshop (yes, a $50,000 vehicle will only fetch $1000). It's too expensive to break a window.

      It all comes down to the value of the item being protected. If the cost of the item isn't that much more than the cost of stealing it, then people won't bother. If stealing it damages the item too much (broken windows or crappy quality VCDs) people won't bother. DRM companies need to figure that out.
      • Huh? I doubt the chop shop will care or reduce their pay because a window is broken. Glass is one of the few things that chop shops can't sell because insurance usually covers glass 100% and thus people have no incentive to find cheaper glass.
    • Re:Car door locks (Score:2, Insightful)

      by Xney ( 141561 )

      I thought I would mention something regarding the car door analogy.

      Many people seem to be missing the point here. The point of the analogy is not the status of the car, which of course is a piece of property, but the level of security. A car is not hard to steal, but most people don't steal it. That is the point. The point is not whether a car is worth stealing or who owns it. Similiarly, the Mightywords DRM was not designed to protect the content perfectly, or even very well. It was designed to keep the average honest person honest about their purchase, and to allow easy use of the product. This is also true with car doors. This is Don's point in his reply to Dmitry. Arguing the nature of the digital property in the context of the car door analogy just shows the lack of understanding of the analogy in the first place.

      Also, as people have noted, it is impossible to secure digital content when it must be decoded at some point into a plain-text format in a system which is not proof to tampering. Mightywords understood this and made a compromise.

      Karl
  • by autopr0n ( 534291 ) on Friday March 08, 2002 @09:07AM (#3129881) Homepage Journal
    An analogy we used often during development was that of car door locks. A determined thief would be able to get into any car door through numerous means. All car door locks really do is prevent your average everyday person from violating your car's security and stealing your sunglasses. But it doesn't get in the way of your use of the car.

    I'm not exactly sure what you were going for here. I mean sure, a determined car thief might be able to steal the car in the real world, but they can't create a simple, easy to use tool to do so and distribute it to every single person in the world (who could possibly be interested in cars).

    They also can't distribute the stolen car to every single person who could want a car on earth either.

    But they can do those things with e-books. Were you guys just a victim of your own analogy, or were you hoping on the DMCA to keep people from distributing cracking tools?
    • ...but they can't create a simple, easy to use tool to do so and distribute it to every single person in the world...

      You mean a slimjim? True, they aren't distributed to "every single person in the world" but I doubt this "tool" is either.
      • A slimjim won't get you into a car with electronic locks and a cipher'd chip in the ignition.

        Someone, would be able to analyze the car and possibly build an electromagnetic system to open the locks (total speculation, btw. no idea if that's actually possible) and break the crypto in the starter key. They'll need a sophisticated setup in order to replicate this.

        but for software, they can just take that sophisticated setup, zip it up and throw it on Gnutella. In a few days anyone who cared will be able to do what the 'determined' person would do.
        • Re:No, I don't. (Score:1, Informative)

          by Anonymous Coward
          yeah - my car has all the sophisticated crap and all you have to do is shove a wedge in the upper-left corner of the driver's-side door and sick a pole in to push the electronic 'unlock' button. I would say that this is just as easy for the 'average' person as downloading a crack, as the 'average' person doesn't undersand much outside of http:// and things like that are getting harder and harder to find on webpages.
    • Well the slim jim was a pretty widely used tool to steal cars. The question is not about toll availability it is about the moral alignment of the masses.
    • They also can't distribute the stolen car to every single person who could want a car on earth either

      If only they could - only one car would ever get stolen.

      • I mean, if they were willing to accept a free car, then it's patently obvious that they totally would have been willing to pay full price for it. And not only that, but that they were planning to as well.

        Just think about it. You buy a $10k car, and suddenly the sum total of the human population steals $60 trillion from you!
    • Obviously, in this case, the DMCA couldn't prevent anyone from distributing cracking tools - unless every java development environment under the sun is a circumvention tool. Also, I have a question - what happens if you convert one of these MW-books to post-script? Does pdf2ps fail? I don't really know anything about the pdf standard.

      I think that what Don MacAskill is saying can be interpreted as a very sensible statement: that people don't generally bother to steal cars, because the relationship between the difficulty to get a stolen car, and the amount you have to pay to get a car, and the extra utility you get from a car you actually own, is such that few people bother.

      So, extending that analogy, stealing copyrighted content has to be difficult enough that, given how useful and easy-to-acquire non-stolen content is, most people will purchase the non-stolen content.

      At present, and I can speak only for myself, I use "stolen" content - and I will go ahead and use the semantics of the content "owners" even though I disagree philosophically with the principle of owning abstractions - because it is, overall, easier to get (price aside) and more useful. If content owners reverse THAT relationship, in which ease-of-theft is a factor but not an overwhelming one, they can get people to buy their content.

      ... digital distribution of content would really catch on.

      Now, THIS really bust my gut. Only copyrighted content counts? Slashdot's thousands of hits per day (millions? I don't know) don't count as content distribution?

      Content distribution HAS caught on, just not among the sector of people who expect to make money from conditions imposed by scarcity.
      • he relationship between the difficulty to get a stolen car, and the amount you have to pay to get a car, and the extra utility you get from a car you actually own, is such that few people bother.

        So, extending that analogy, stealing copyrighted content has to be difficult enough that, given how useful and easy-to-acquire non-stolen content is, most people will purchase the non-stolen content.


        This is tough, though. Almost by definition, DRM technology makes the non-stolen content less useful by restricting what can be done with it, where you can use it, etc. As a result, the stolen content is often more useful. This is the fundamental flaw in all DRM technology. It punishes the legal user by giving them handicapped content. When you try to charge more for something that does less, don't be suprised if sales suck.

        Pirated content usually has the attributes of being cheap, useful, and easy to find. For some content (say music), the "legal" content is expensive, crippled, and hard to find. No wonder it doesn't sell. I think the only long-term strategy which will work is to actually make the legal content cheap, useful, and easy to find. It will always cost more than free pirated content, but if it's competetive people will buy it. By leaving out DRM, it can be useful (and cheaper too, since DRM is just uneccessary overhead). It's the "easy to find" where I think legal content can get the upper hand. There need to be prosecutions of the people who actually make copyrighted content available in an easy-to-find manner. Pirated content can't be eliminated, but it can be pushed underground where it's not easy for the general public to find. It's not even very hard to do. The software industry does a pretty good job of keeping pirated software underground so that it's not easy to find. I think this is the answer to the "ease of theft". The DRM only has to be cracked once to extract the unprotected content. And lots of people will specialize in exactly that. Look at software copy protection. No body has ever invented something which can't be cracked. But, for things to be easy to steal, they have to be easy to find. And that's the key. Make sure any warez site that shows up on google gets shut down. Find the folks who are putting 100GB of pirated music up on a fat pipe for anyone to take (note I am not advocating trying to shut down the basic tools, but going after the people who are actually illegally distributing copyrighted material.) As long as your average user can't easily find the pirated material, the legal stuff looks more attractive.

    • From the original post: "An analogy we used often during development was that of car door locks. A determined thief would be able to get into any car door through numerous means. All car door locks really do is prevent your average everyday person from violating your car's security and stealing your sunglasses. But it doesn't get in the way of your use of the car. "

      From the reply to which I am responding: "I'm not exactly sure what you were going for here. I mean sure, a determined car thief might be able to steal the car in the real world, but they can't create a simple, easy to use tool to do so and distribute it to every single person in the world (who could possibly be interested in cars)."

      Pehaps you haven't heard of this new tool ... it's called a hammer. Let's you into the car everytime. Super high-tech 8^} (note that the original poster was talking about getting into the car and stealing sunglasses , not stealing the car. The analogue being stealing the content, not the MightyWords source code.)
    • Their point is that the average consumer will not look at a warez site for a copy of a text. They will just buy a copy from a legit source. Actually that depends on what the text is. If its one of chapters.ca favourite "Chicken soup for the Jewish soul" I really can't see hordes of eleet hackerz distributing a copy illegally.

      Tom
    • They also can't distribute the stolen car to every single person who could want a car on earth either.

      But they can do those things with e-books. Were you guys just a victim of your own analogy, or were you hoping on the DMCA to keep people from distributing cracking tools?


      A thief can do the same thing with a print book and a photocopier. Or, to the low-tech extreme, pencil and paper. Nothing is or can be immune to copying. If you can see or hear it, it can be copied. That is a risk that an author takes when he or she releases a work.

      If you want to be absolutely sure that no one will be able to copy your work, you must keep it to yourself.

      DRM will not work and can not work for the simple reason that the data must, at some point, be unlocked. Once it is unlocked ("autorized" or not) it can be copied.
    • I think the analogy breaks down when you consider what happens to the car after it has been stolen: the original owner no longer has the car. This is not so with an ebook, where the original content still resides on the owner's hard drive (indeed, he may not even know that it has been copied).

      If someone asks you if they can borrow your car, you say "sure, but I need it back in an hour". If someone asks you to borrow an ebook, you say, "hold on, I'll run you off your own copy". Until something exists that takes the copyrighted content away from the original owner, real world analogies don't apply.
    • No, actually, we were relying on people to Do The Right Thing.

      We though, perhaps wrongly, but we'll never know, that if we built a DRM that was easy to use and unobtrusive, people wouldn't bother cracking it. They wouldn't have to. Why? Because we allowed a lot of things other DRMs didn't:

      - They can print their book all they want.

      - They can read it on their desktop, laptop, palm, etc.

      - They only have to enter their username and password *once* per device, it unlocks automatically every time after that.

      - No extra downloads, plugins, or anything. Just Acrobat, which tons of people (hundreds of millions, according to Adobe) already have.

      - Most of the time, it was "pre-unlocked" during the download process, so the user didn't ever have to enter a username and password, unless they copied it to another device.

      - If they wanted to share it in the office, just like you might want to share a magazine, all you had to do was pass along your username & password too. Causes you to pause, but you might do it for relevant business documents and such.

      - You're encouraged to send it along to friends without the username & password so they can buy it directly from within the document.

      I could go on and on... In short, there aren't a lot of reasons to bother breaking it. We tried to make it painless for grandmas to use.

      Don
  • by Anonymous Coward
    Many of the DRM systems I've seen require me to identify myself. ME NO WANT TO DO THAT. Check out EPIC on this: Privacy and DRM [epic.org].
  • by Russ Nelson ( 33911 ) <slashdot@russnelson.com> on Friday March 08, 2002 @09:08AM (#3129885) Homepage
    The whole point behind DRM is to restrict copying. That is, the specific intention is to make some uses of the information completely impossible. There is No Way to make this completely transparent. Security is never free. So, really, it's an oxymoron to call any DRM "user-friendly". DRM is inherently user-unfriendly, because it exists to prevent the user from doing some things.
    -russ
    • DRM is inherently user-unfriendly, because it exists to prevent the user from doing some things.
      You're right. And we have to remember that when I want to "pirate" a book for a large scale, I will always be able to copy it manually. It's much easier than with music or films, because everyone who can use a text editor, type writer or a pencil will always be able to make a copy-friendly version. And there's only need for one such version of every book. (It reminds me a story about a young pirate named Mozart.) To much work? I've already seen hundreds of such books in BBS's ten years ago. Copy-"protecting" books makes no sense. Are these fanatics planning to make the pencil illegal? Because that's the only way to have working digital "rights" management for books. (And by "working" I mean that only criminals will be able to copy, because they always will.)

      By the way, have you noticed the opposite meaning of words in such terms like copy-"protection" or digital "rights" management, etc.? Does it remind you something [powells.com]? Like the Ministry of Truth? Yes, I linked to Adobe eBook version of George Orwell's 1984, how ironic... "THIS TITLE IS NOT TEXT-TO-SPEECH COMPATIBLE"

      To be more optimistic, I'm just reading "Secure Programming for Linux and Unix [dwheeler.com]", a great book released under the GNU Free Documentation License [gnu.org]. Fortunately, not everyone is a copy-"protection" freak yet.

      • Re: Copying ebooks manually...

        It would be even more amusing to harness the collective power of the open source community to simplify this task. Create an online repository for text, divided up and numbered by page. Have 50 or so people buy the ebook, and let them "sign up" for 10 pages each. Their responsibility would be to copy their assigned pages into plain text, then upload the result to the repository. With a coordinated effort like this, an entire ebook could be replicated in under 30 minutes :)

        Uh oh, I'd better shut up before they arrest me for discussing a circumvention method...
        • It would be even more amusing to harness the collective power of the open source community to simplify this task. Create an online repository for text, divided up and numbered by page. Have 50 or so people buy the ebook, and let them "sign up" for 10 pages each. Their responsibility would be to copy their assigned pages into plain text, then upload the result to the repository. With a coordinated effort like this, an entire ebook could be replicated in under 30 minutes :)
          Actually, it's not only a great anti-DMCA pirate illegal hacker circumvention mechanism, it could be really useful for books, for which the copyright protection period has already expired. Something like Wikipedia [wikipedia.com] of books. Well, not exactly like Wikipedia, because there would be original books, not anything new. Actually, it would not be like Wikipedia at all... :) But the spirit would be similar, i.e. to provide free knowledge to everyone. If there is such a project, I will help for sure.
          Uh oh, I'd better shut up before they arrest me for discussing a circumvention method...
          Yeah! It would be a great and unbreakeable digital rights management method, but no, thanks to pirates and hackers like you, it's already cracked! We should put such evil geniuses like you into jail! Maybe then I could sleep without worrying that cruel pirates are stealing my intellectual property. After all, if they steal my entire intellectual property, I won't be intelligent any more!

          This reminds me the Copyrighting fire [gnu.org] by Ian Clarke:

          I was in the pub last night, and a guy asked me for a light for his cigarette. I suddenly realised that there was a demand here and money to be made, and so I agreed to light his cigarette for 10 pence, but I didn't actually give him a light, I sold him a license to burn his cigarette. My fire-license restricted him from giving the light to anybody else, after all, that fire was my property. He was drunk, and dismissing me as a loony, but accepted my fire (and by implication the licence which governed its use) anyway. Of course in a matter of minutes I noticed a friend of his asking him for a light and to my outrage he gave his cigarette to his friend and pirated my fire! I was furious, I started to make my way over to that side of the bar but to my added horror his friend then started to light other people's cigarettes left, right, and centre! Before long that whole side of the bar was enjoying MY fire without paying me anything. Enraged I went from person to person grabbing their cigarettes from their hands, throwing them to the ground, and stamping on them. Strangely the door staff exhibited no respect for my property rights as they threw me out the door.
          Great text. There's much more of good stuff on the GNU Philosophy [gnu.org] website. One of my favorite copyright-related texts from the GNU Philosophy is The Right to Read [gnu.org] by Richard Stallman. It sounded funny and silly for many people when it was published over five years ago, now it's more actual and terrifying than ever before. It's something which everyone should read before starting any discussion about e-books and DRM.
    • The whole point behind DRM is to restrict copying

      Actually, the whole point behind DRM is to restrict usage, of which copying is one type of usage that is usually prohibited. It's clear that you know this, but that first sentence is the too-simplified version that most people believe (and some unscrupulous DRM proponents will be satisfied with having people believe this because they know many people won't go for the much more restrictive leases DRM allows)
  • by MarkusQ ( 450076 ) on Friday March 08, 2002 @09:09AM (#3129890) Journal
    An analogy we used often during development was that of car door locks. A determined thief would be able to get into any car door through numerous means. All car door locks really do is prevent your average everyday person from violating your car's security and stealing your sunglasses. But it doesn't get in the way of your use of the car.

    I love the analogy he uses, but there's a major flaw in it. On the car-door-lock side you have the owner, the car, the lock, and the thief. On the digital rights management side you have the copyright holder, the document, the DRM, and the consumer. It's easy to see that the car owner maps to the copyright holder, the document maps to the car, and the DRM maps to the lock.

    So, who's the thief? When selling this technology to their customers (the copyright holders) the thief doubtlessly maps to the consumers, or at least some subset of them.

    But when describing it to consumers, there is a tendency for the consumer to project themselves onto the car-owner (making, I suppose, the copyright holder map to the manufacturer), especially since it is their ease-of-use that's being considered. "After all," most consumers would think "I'm not a thief." This leaves them with the totaly false impression that they are somehow the ones being protected.

    So it may not be perfect as an analogy, but it is fantastic> as a sales pitch.

    -- MarkusQ


    • To whoever modded the parent post "-1 flamebait":

      Whould you mind posting a brief explanation of how you came to the conclusion that I was trying to start a flame war? Or, alternatively, why you modded me flamebait? I can't see offhand how anyone could (or would want to) even disagree with the parent post, let alone feel strongly enough about it to flame me.

      -- MarkusQ

      • Will you people stop asking for explanations of moderations? If it's really that important to you, metamoderate and be done with it. The moderation system on Slashdot is the best troll around!
    • by Stiletto ( 12066 ) on Friday March 08, 2002 @10:03AM (#3130133)

      A better analogie is: People don't normally steal a pack of gum, since it is pretty cheap and easy to just walk into the store and buy one.

      Today's DRM gum would make you have to sign license documents when buying the gum, agree to pay royalties on the gum if you resell it, and a device physically attached to the gum that reports back to the store every time a piece is removed to chew.

      It's a pain in the butt, thwarts customers, and in the end it's easier to steal than buy.

      • Perhaps if you had to physically sign a license agreement for each CD you bought maybe we wouldn't even need DRM. The problem isn't that the consumer accidently copies copyrighted works. Its that they aren't aware that their CDs are copyrighted and should not be copied. And those implied licenses like the kind on software that say you agree to the license by installing the app, with little to no mention of the details of the license in their easy click-through installations, are the same things that confuse consumers. They don't know what they are agreeing to, so they don't know when they break the law. This is like posting a police officer in every home because we know that some Americans break the laws they haven't read, in their own home.
    • I think the thief maps out to people who would use the IP without paying for it, hmmm?
      • I think the thief maps out to people who would use the IP without paying for it, hmmm?

        That's clearly what they want you to think. But consider: why do we care about they thief's ease-of-use? We don't, unless the thief is realy just the customer--remember that the car-lock analogy has only two parties; the car owner and the thief. Unless they are transfering rights to the customer (which I doubt) that mapping doesn't leave room for both a customer and a thief.

        A better analogy might include a third party (so that we could distinguish between the users who we want to make things easy for and the thiefs we want to stop) like so:

        A rental car company wants to prevent unauthorized drivers from driving the rental cars. This includes not only potential thiefs, but also (say) members of the rentor's family that aren't explicitly listed on the contract. So the key the ignition lock to a simple thumb-print device that only recognized people that are programmed into it by the owner (who is
        not the user). It is easy for the rentor to use, and imposible for their friends and families. They can drive it themselves, but they can't lend it.
        If this were the analogy they'd used, there would have been a mapping for the thief, but it would include people that the user wanted to give access to. And thus it would be harder to sell to the user.

        It's even worse when the deal is structured as a sale rather than a rental. Would you purchace a car that could only be driven by people authorized by the dealership at the time of purchase?

        In any case, this second analogy isn't what they used (or at least, it isn't what was stated in the article) and thus my original objection stands.

        -- MarkusQ

        • Would you purchace a car that could only be driven by people authorized by the dealership at the time of purchase?

          More likely- only authorized by your insurance company or DMV/highway patrol.

          When I was a kid (might be different in your state/time period), if I'd gotten my license while living at home, my parents would have had to pay male-teenager insurance whether I was allowed to drive the car or not.

          If my parents had a thumbprint-activated car, maybe the insurance company would give them a break.

          A GPS, governor and timer in the car might be another way to get a break on insurance- teenager can only drive towards home after 10pm. Can only drive in a 10 mile radius around home/school/work.

          This sounds like a boon to the parent, but what about when the system breaks down or you just want junior to pop down to the store for a carton of milk @ 11pm?

          Another party that might be interested in what you do with "your" car might be the lien-holder or leaser. No driving too fast or skipping service with "our" car sir.

          -M
    • That's a good point, but I feel like we made our DRM unobtrusive enough that you never felt like you were being called a thief.

      For 99% of the people, they never even saw a username & password dialog... Instead, the document simply opened right up for them every time, with their name embedded down in the bottom-right corner.

      I think it fits as an analogy because essentially what we tried to do was take something that was inherently painful and difficult to use (DRM) and make it as easy, or eaiser, than car door locks are. We wanted to make it so easy to use, that cracking it didn't even cross your mind.

      I think we mostly succeeded. It's too bad our principles wrapped us up before we were even near death. :(

      Don
      • I think it fits as an analogy because essentially what we tried to do was take something that was inherently painful and difficult to use (DRM) and make it as easy, or eaiser, than car door locks are. We wanted to make it so easy to use, that cracking it didn't even cross your mind.

        I can respect that, even if I'm not sure how you hoped to accomplish it. When you say "so easy to use that cracking didn't even cross your mind" I understand you to mean something like "so easy to use the way we wanted you to that using it in ways we didn't want you to didn't even cross your mind."

        That works as long as the user doesn't intrinsically want to do something that your client (the copyright holder) doesn't want them to. At that point, you have decide who's side you're on--ease of use doesn't enter in to it.

        I happen to be of the old "you can't copyright a number" school. I hold that the whole concept of "digital rights management" is flawed, since there is not (IMHO) any such thing as digital rights to be managed. *smile* I think people should be allowed to count as high as they like, without being expected to pay royalties when they reach certain really big numbers. But that doesn't mean I can't appreciate when people like yourself try to find a middle ground.

        -- MarkusQ

        • You're correct. We tried to think of the most common things people would want to do with their purchased content, but it would be impossible for us to anticipate every use. This is a very good point.

          I should note that getting copyright holders to agree to our less-restricted DRM was like pulling teeth sometimes. One of the reasons we had to implement a DRM at all (it was something like a 51% / 49% vote for DRM over no DRM... very close) was to appease them. Without their content, we couldn't even try our concept.

          I happen to think that there needs to be a balance between customer needs and copyright holder's. Most DRMs err on stripping away all or nearly all customer rights, but we tried to get somewhere in between where all parties are happy. Deciding where to draw the line is difficult.

          I'm afraid that without some sort of control, many copyright holders will prevent their content from ever showing up digitally, which I think would be a shame. It's not nearly as simple to digitize and transmit a book as it is other forms of media, so without their involvement, it might never happen. :(

          Don
  • by kawika ( 87069 ) on Friday March 08, 2002 @09:09AM (#3129891)
    ...of why DRM is not ready for prime time. MightyWords goes out of business and legitimate content licensees (uh, users in normal-speak) are denied access to their content. The same thing happened with Circuit City DivX. Any DRM scheme that can't even outlive its parent company should never escape from the lab.
    • I though that when the CC DivX thing died, they did some remote update to all the DivX players (at least the ones that dialed in after the decision) that pretty much told the player to go away and just play anything put in it.

      I would guess the final thing that MightyWords should do if it goes out of business is to release a reader that does not deny access to the content.
  • DRM Balance (Score:2, Interesting)

    As with most problems with complex issues, there is a balance which must be struck.

    I think that with 'friendly' DRM, that balance is between Privacy and Weak Protection.

    If the DRM is supposed to be very effective, there will be privacy concerns because the authorison to the rights for certain media will have to be attached to static identifiers, this allowing the unique identification or people or computers. Of course many of us would not want that.

    On the other hand, if we avoided the privacy issues, the DRM would become too weak because it would be more difficult to attach the right to play music or watch a movie to any one person and no other, allowing people to create hacked 'identities' and such.

    Judging from the article, it seems these guys are taking the strongerp protection route (which makes sense if they want to make a product that will satisfy industry) since they talk about forcing a user to unlock the content once and only once, and they want a cross platform uid/passwd which is unique to your identity.

  • as with all complicated IT things, user friendliness = non-existant.
  • Quote: "... our core focus was on usability, rather than security. Security precautions were a secondary concern."

    This is a core decision to any successful product, hardware, software, anything!

    History has provided us the answer and it has been : A good product that's easy to use will make us more happy than if you make more money cause I am forced to suffer your paranoia. If it's easy and smart people will buy, if it's a hassle, screw you!
  • DRD, not DRM (Score:2, Insightful)

    by dskoll ( 99328 )
    I hate the term "Digital Rights Management". It's a bland euphemism.

    The correct term should be "Digital Rights Denial." Once you call it by the correct name, the debate is clarified.

    So, apparently lack of good DRD is the main "obstacle" to getting information into digital format? Well, here's a simple solution: Don't put your information in digital format. Wow. That took a rocket scientist.

  • could spell sklyarov correctly... dmitry must be getting pissed by now.... : P kev
  • Base on the EX-Manager of R&D's reply they seemed to take the approach that in order for something to be user friendly, security has to be compromised.

    This raises one question to me. Does making something user friendly have to compromise security?

    I think it does not. I think that it requires an great detail of planning and development that most companies are too profit hungry to forgo.
  • A good DRM... (Score:2, Insightful)

    by Bongo ( 13261 )

    ...is a null DRM.

    We don't want to keep tripping over bits of locked data all over the place.

    We think it's bad having to comply with the .doc 'standard'.... well, just wait until 50% of your files are locked/ registered/ timelimited/ self-deleting/ copy-number-tracked/ require internet connection etc. etc. in 20 different 'management' schemes...

    Information transcends physical constraints... but all these clever people keep forgetting that.

  • What then with the username and password would stop me and a bunch of friends from all using the same UID and PSSWD? Wouldnt that defeat the purpose?
  • From the Sklyarov artical [planetebook.com]

    There were several pages about each title available -- Summary, Free PDF Preview, Table of Contents, and a script generated Author Info -- and all pages. For example, the sample link here (now dead) would display a page with Free PDF Preview of the "Making Sense of the C++ Pointer" book.

    http://www.mightywords.com/browse/ details_bc05.jsp?sku=MWBCBZ&private Label=false&display=preview

    From the Free PDF Preview page there was a link to a PDF file with a preview exists:

    http://download-prod.mightywords.com/ MW/BC/MakingSenseoftheCP_ MWBCBZ_p.pdf.

    After you paid for the title, you would get the following link to download full version of the eMatter:

    http://download-prod.mightywords.com/ MW/BC/MakingSenseoftheCP_ MWBCBZ_e.pdf

    The download links for preview and full version differed only by the last character before the extension -- 'p' for preview and 'e' for complete eMatter. So, an unauthorized user could download the full versions of any eMatter.

    Man, you guys were MORONS!

    Anyone with a hex editor and a working knowlage of javascript could have downloaded and hax0red your books for free. They wouldn't even need a p2p program, or a complex tool like DeCSS!
    • It was a little more complex than that, since the PDFs themselves were encrypted (admittedly, with Adobe's flawed solution).

      But the general idea was to allow fair-use copying, prevent casual thievery, and be easy-to-use.

      Hard-core security wasn't a concern *at all* since it would make the document difficult to use.

      Ease of use, and the ability for the consumer to do *what they wanted* (such as copying, sharing, and printing) was a core design goal.

      Don
  • "User-friendly DRM" is an oxymoron.
  • by Alien54 ( 180860 )
    Just how extensive is the MS patent of the DRM OS?

    Is this one of those things that many years after the fact, when they get around to marketing their own product, they turn around, and tell everyone else that they are in violation of the MS Patents, and either cease and desist, or give up the family jewels?

    Do we face a situation where people are doing all of Microsoft's work for them? Why should we bother?

    Talk about stifling innovation!

    • My question is how can there be a patent on something that has been proven not to exist. DRM has been proven not to be mathematically possible, yet MS has a patent?
  • 2.Cross-platform (Windows, Mac, and any flavor of Unix we could) 3. Useable across all devices a user possessed - desktops, laptops, and, we
    hoped, eventually handhelds, no extra purchase required for each device.


    I was thinking the other day - what happens if electronic books become so prevalent and useable that entire libraries become available via e-book formats, and public facilities use electronic books as a large part of their libraries?


    Libraries are required to provide reasonable access and facilities for all sorts of people, such as the deaf and blind. In that case, any restrictions on OS or devices used for the books would raise discrimination issues.


    I am aware that a bookseller may restrict the rights to books in any way that they choose. However, there is a subgroup of printed matter - publically available government and court documents, for instance - that may be presented in e-book format. A broad DRM scheme is ideal for this sort of material - you still are able to keep track of who has the material, and to regulate available copyright issues (government documents wouldnt have these issues, but some "public interest" type material might) without overburdening people or forcing them to use a particular OS or device to read the material.

  • isn't drm one of the first steps towards giving up control over the computer you own? your own computer keeping you from accessing data on your disc - a pretty pervert indea, I think.
  • You give digital content to someone (and by give I mean deliver in usable form) and the problem is if they make a _copy_ they still have the original. That is, the natural way of things is that the content can be distributed with loss to the people who have the content.

    To couch the attempts to stop this in terms of rights is futile. It is solely within the realm of legal fiction that any such "right" must be couched. The car analogy is perfect because it shows the facile argument that IP prponents use to justify their position is flawed. If the theif takes the care then you lose the amenity of the car. There is loss. If the theif takes your copy of the content then you lose the amenity of the content. There is loss. Copying content is not the same.

    Now don't misunderstand. As far as I am concerned IP does not exist, but that is unimportant for my point here. What is important is the DRM that persists in portraying copying of content as theft is doomed to fail because COPYING IS NOT THEFT (in the context of loss of amenity in which theft is by necessity placed) and so the idea of "managing these rights" is just stoopid.
    • Our solution specifically encouraged fair-use copying, sharing, and unlimited printing. So by your definition, I guess we weren't a DRM.

      Since we did make some attempt to prevent mega-easy outright theft of the content, while not preventing the original customer their fair-use rights, I still consider it to be a DRM. Just a DRM done "The Right Way" (or at least a big step in that direction).

      Don
      • I see it less as a DRM and more as a secure delivery vehicle- it basically allows download from anywhere, but you only get to use it if you pay for it. Once unlocked from your system, it could be distributed indefinitely.

        By definition, a DRM system is supposed to ensure that this is impossible without the permission of the content owner. In my opinion, the players in the game are worrying about the wrong things. DRM's should be there for things like pay-per-view services (Which I've little problem with so long as there's other stuff to watch- make it all pay-per-view/listen/etc. and I give up on your stuff completely...) but for things like DVD, eBooks, etc. it should be a one-time transaction. If they do like many have suggested, make it uneconomically viable for infringement (Which doesn't mean using a DRM, which paradoxically makes it more viable to infringe on the copyright of the content...) then they'll have a heck of a lot less infringement going on and they'll still make something around what they're making now- it's just that a LOT more people will be buying into their stuff.
  • The only DRM system that could work would be a unit that could transfer media (music or otherwise) to and from any possible device that you would ever want to play it on (but it would make sure it was only on 1 device at any time). Is this possible? Yes, it's called USB, USB 2.0 or 1394 (Firewire). But all manufacturers would have to agree on a DRM protocol/system, again, this doesn't work for all cases (CD-players) - this would only work with mp3 players, etc.
    • Well, there are simpler approaches: content that is encrypted with the public key corresponding to a unique private key that all your equipment shares. So, you could copy all you want, but display would be controlled. This causes some problems for fair-use excepts (if you can excerpt, you an excerpt and reassmble the entire work), but they can be probably overcome by replacing the excerpt with a proxy for same.

      Of course, such a scheme would require a decent key distribution framework, and certificate authorities, as well as the need for handling anonymous distribution (yes user #mumblyfoo has a copy, which someone paid for, but we don't know who). The issue of key escrow to handle failed companies also arises. Personally, I think these are workable.

      The big hot area of DRM, of course, is he entertainment industry. My understanding is that even strong crypto-based DRM isn't enough for those control freaks. They want to ensure that even if content is cracked, it can't be redistributed. This, of course, is not technically possible. It may be legally possible by making everyone a criminal, of course.

  • by JanneM ( 7445 ) on Friday March 08, 2002 @09:43AM (#3130053) Homepage
    One way to handle this better would be to not restrict copying at all; instead, embed the identity of the original buyer into the content. Note that that does _not_ require the company or anybody else to register who bought the book, movie or whatever, just that the buyer can be identified from the content itself.

    As long as you only do whatever you are allowed to do with your content anyway (quote it, show excerpts, give copies to friends), nobody will care - and are not _able_ to care. If it finds its way out on file-sharing places, it can be picked up, and the original buyer can be contacted.

    Now the original buyer might well not be the one streading the content, but he or she could give information about who else had access to it, and thus the content holders could track down whoever did the deed. Even if there is no legal way to force the buyer to reveal anything (and I don't think there is), the possibility of being implicated in a mess like this is enough for the majority of people to stay away from spreading stuff beyond what they're allowed to.

    And that's exactly what this _should be about (and what the car analogy is about as well): people determined to break the law by selling counterfeit copies (or that have an overriding political urge to spread others' content far and wide) will find ways to do so, just like no 'real' car thief is stopped by locks and alarms (even alarms only work because not every car has them; it's easier to steal a car without it).

    What you want to stop is incidental spreading, by people that should know better. By having onerous protection systems that force people to break them just to use the content in ways they have a right to do - and expect to be able to - the barrier is gone to then just spread it as far and wide as they want. By locking down too tight, the providers actually increase the amount of copyright violations. It's like warning lights for seatbelts. Some people got so tired of hearing that buzzer whenever they put their briefcase on the passenger seat, they clicked the seatbelt permanently in place - and prevented it from being used when there _was _ a passenger in the car.

    /Janne
    • There is a rather large problem with this idea though - A lot of automatic ordering systems aren't gonna know the difference between an order from John Doe and _SuPaAmAsTaHaXx0r_. If he's got money, it's his...and it's not terribly hard to find/use anonymous money on the Internet. With all the e-commerce trying to move to totally electronic systems, how long will it be before the kiddies are taking advatage of this and employing a "buy once, share infinitely" mentality?
    • "One way to handle this better would be to not restrict copying at all; instead, embed the identity of the original buyer into the content. Note that that does _not_ require the company or anybody else to register who bought the book, movie or whatever, just that the buyer can be identified from the content itself."

      That was done years ago when MS applications came on floppy disks. The first disk in the install set had to be run without the write protect so it could write your registration information onto it, or it would not proceed to install.

      Ways around it:

      1. Every time you want to install, make an extra copy of the first disk and install using that. But you must never have installed using the original disk 1. (Lather, rinse, repeat.)

      2. Download one of the install disk 'cracks' that were available that allow you to enter new reg info each time.

      I exepct that something similar would come out for buyer id-stamped content.

      • In this case, your Id information would already be embedded in the file when you receive it.

        Yes, there would be cracks for this, no doubt. The point I was trying to make is that there will always be ways around it. But if the system is non-intrusive enough, most people will not bother with defeating the ID stuff, as they can use the content the way they like anyway. The vast majority of people do want to be honest and pay their way if they are given the chance and feel they get their money's worth (which, in the case of CD:s, they really aren't today).

        What you want to stop is the casual copying of content. As you say, Windows was and is fairly easily crackable, but MS still does very well, as most people finds it too much of a hassle. If/when they go for a subscription model, and crack down even more on the use of a single copy for multiple machines, this picture will of course change...

        /Janne
    • I didn't mention it in the article, but we did do this.

      When reading or printing the document, the original purchaser's full name was embedded in the lower-right corner of the document. My other posts here outline our fair-use stance, but basically, peopel were encouraged to copy, print, and share their documents. They can do that with a magazine, right? Shouldn't be any different for our eMatter.

      It was a key feature from day one, and I don't know why I didn't mention it in the article. Silly me.

      Don
      • > When reading or printing the document,
        > the original purchaser's full name was
        > embedded in the lower-right corner of
        >the document. My other posts here outline our
        > fair-use stance, but basically, peopel
        > were encouraged to copy, print, and share
        > their documents. They can do that with a
        > magazine, right? Shouldn't be any
        > different for our

        Assuming you had the worlds greatest, unbreakable DRM system, it is insecure if you allow people to print, because once it is on "insecure" paper, all someone has to do is print, scan, and OCR it. Do you really think they are going to OCR their full name imbedded in the lower right hand corner?

        And as far as that goes, the only way you are going to have totally secure e-versions, is to not have paper copies available. Where does everyone think all the books on "alt.ebooks" are coming from? Sure the average person isn't going to scan a book and OCR it. But all it takes is one dedicated person and a place to post.

        usurper_ii
    • One way to handle this better would be to not restrict copying at all; instead, embed the identity of the original buyer into the content. [ ... ]

      You're close. Very very close.

      What you actually want to embed in the content is the identity of the creator.

      You see, it'a all about reputation. If you come across a cool thing on KaMorphSter, you want to know who created it. Maybe they've done other cool stuff you'd like to have. Extracting the embedded creator information will tell you this; you won't give a damn about who bought that particular copy.

      Where copying is ubiquitous and cheap, reputation becomes a chief unit of currency. The MPAA and RIAA understand this. That's why the Internet terrifies them; it completely shuts them out of the reputation-brokering business.

      Schwab

    • ...compared to encryption. Comparing two (or ten) different copies to find the watermark and either remove it completely or at least mix it to an invalid watermark is *trivial*. The only place I've heard that it actually works is with classified documents, where getting multiple copies is a big pain in the butt. Also you wouldn't be able to resell it (your name = you get the blame) or borrow it (friend makes mp3s of your cd, you get the problems) without risk. I'd rip the watermark off such a cd and reburn it faster than lightning, just for those reasons alone.

      Kjella
  • I think that OneThumb's point is well made. Most DRM systems are trying so hard to be unbreakable that they become too inconvenient to use. Any scheme can and will be broken, so if you can find the right balance between ease of use and security, then most people will be happy to 'be honest'. It's like video games that require you to insert the original CD, even after you've entered in the license key, etc. I'd bet the majority of "no-cd crack" users are like myself and just hate putting a cd in the drive all the time.

  • by Rogerborg ( 306625 ) on Friday March 08, 2002 @09:51AM (#3130086) Homepage
    • Legitimate users were able to get authorization as many times as necessary (before company closure on January 12, 2002). Now MightyWords does not perform authorization anymore, so it would seem that legitimate users of MightyWords eMatter are now out of luck, unless they have access to a "backdoor" to restore access to the purchased titles.

    MightyWords is due kudos for implementing a system that was easier to use then to crack, but their withdrawal from the market highlights the fundamental flaw in any DRM system.

    The best analogy I've come up with for DRM content (any DRM including DVD) is that the content is in a safe with a little window in the side. Both the safe and the window have combination locks on them. If you have the right window code, you (personally) can peer through the window and view the content in a limited way. eMatter has a pretty big window, but you still have to go to them to get the combination. When the copyright on the content expires, or if you want to make fair use copies of parts of it, you are allowed to open the safe, take out the content, and manipulate it directly.

    Only, you aren't. When the inevitable happens and the code holder goes titsup, you are boned. Specifically, if you want to make use of the content in any way - even perfectly legal uses - you are absolutely required to break the law.

    As we've seen in the DeCSS case, the DMCA trumps fair use. You're still allowed to use fair use as a post facto defence for the act of copying the content, but not as a pre facto justification for obtaining the tools that let you do it. In other words, obtaining or possessing a safe cracking kit is illegal regardless of the use you put it to. Cracking the safe is actually legal, but obtaining (or creating) the tool to do it is not. Astonishing, but that's exactly what the DMCA says.

    The SSSCA will just make this worse, as it will mandate hardware that will only look through the little window. Even if you break the law to obtain tools to open the safe and get at the content (quite legally if the copyright is expired), you won't (legally) be able to obtain hardware that will touch that content.

    Again, eMatter is one of the best attempts at DRM I've seen, but it still demonstrates how fundamentally flawed DRM is, because it requires you to prove your innocence while giving no guarantees that you will be able to continue to do so. It illustrates the vital distinction that you are not buying content, you are licensing a limited and revokable right to access content. There's a big difference, both in theory, and as the collapse of MightyWords now shows, in practice.

  • I don't care what prommises people make about my "fair use rights" and ease of use, what they are going to do is cripple my computer with their code. The bottom line is that publishers don't want me to be able to copy a file. To accomplish this they must own my computer. My computer must have their code and must do what their code says and no more. Publishers will seek to outlaw free software and are the enemy.

    They are morraly wrong and in violation of the spirit of US copyright laws. Copyright is a created right which only exists by positive govenment action. It is not like natural rights such as speech which require negative government action to deny. The goal of US copyright law was to enlarge the public domain without unduely limiting people's natural rights. To do this, the framers of the constitution granted a 14 year exclusive franchise to publish works to the creators of the work. That 14 year franchise could be renewed once if the original author was alive. The framers of the constition were well aware of the evils of exclusive franchises, especially ones that forbade the spread of knowledge, but balanced that evil with the good of enlarging the public domain. The laws made sense for dead tree and other physical media publications. They don't make sense in the digital world. Low and non existant costs of duplication remove the need for copyright in the first place as anyone who wants to can add their thoughts to the public domain. Secondly but more important the viewing tool is also the tool of creation and an enforcement of a franchise on that tool is a clear violation of free speech. To achieve their ends, publishers must control ALL digital devices. They must deny my right to create and share software. Indirectly they will gain the ability to deny the creation and sharing of ALL information. There are few things more morraly reprehensible than violations of free speech. Without free speech, there is no truth. Without truth there can be no justice. Without justice there is only the rule of the strongest, amoral anarchy. Digital Rights Denial is the law to end all laws.

    • You're wrong. We did want you to copy your document. Back it up, share it with friends, read it on your desktop and laptop.

      We wanted to make it as close to a magazine as possible without outright allowing free transmission.

      I think we struck the right balance.

      Don
      • We wanted to make it as close to a magazine as possible without outright allowing free transmission.

        Aha! There you have it. What's wrong is republishing other people's work. Well, there ARE LAWS against that. Enforcing them has nothing to do with softare.

        I'm not wrong to see where this is going, regardless of what prommises you make me. If You stick software on My machine that makes it so You can make files that I can't delete, and You can keep me from doing other things, then You OWN my machine not me. If such things become required, as many publishers and telecomunications firms would like, then what happens on my machine will be under someone else's control or I will go to jail. Sorry, that's unAmerican.

        There are laws against shooting people. It is unconstitutional to make laws against owning arms.

  • "Now MightyWords does not perform authorization anymore, so it would seem that legitimate users of MightyWords eMatter are now out of luck."

    If the Domesday book on laserdisk became unreadable due to technology drift in just a couple of decades, it seems likely that DRM schemes will have the same problem. Fortunately in the case of the Domesday book, there is an analog hardcopy to fall back on.

    It is disturbing to think that our civilization might entrust its new works of art to DRM schemes that make accessibility to the work dependent on the perpetual business success of the vendor.
  • by FreeUser ( 11483 ) on Friday March 08, 2002 @11:39AM (#3130612)
    The software industry confronted the unpleasant reality that their product could be perfectly copied, against their will and in violation of their copyright, without limit. Naturally, the software industry feared the potential loss of revinues.

    The industry tried copy protection, and even before the recent mathematical proof proving that secure copy protection, or DRM, was impossible the industry learned from its own experience that copy restrictive technologies were both ineffective in stopping copyright violation, and harmful to their legitimate customers and, therefor, to their product.

    The industry learned, however, that even a modicum of personal accountability suffices to stop most forms of copyright violation, and that nothing short of a depopulated world will ever stop it all. The solution was quite simple: serialize the product and/or stamp the user's identity onto each piece of software sold. We don't know if there is a mechanism in place to trace serial number N of product P to the credit card number used to purchase it, and hence to the purchaser, but we as consumers do know it is certainly possible, and that alone makes the vast majority of people reluctant to share software illegally, even with their close friends.

    Not everyone, mind you, as warez sites obviously demonstrate, but the vast majority. So much so that the software industry thrives, despite a complete lack of copy restriction technologies, or DRM, whatsoever, and despite a much greater vulnerability to such copying than eBooks, music, or film will ever be. Software has no equivelent alternative revinue streams like live concerts or cinemas, yet it has learned to thrive and prosper in an environment that copyright-obsessed yet technology-naive control freaks, like the sort currently lobbying congress to gut, even outlaw, technologies fundamental to the internet and personal computing, would assume to be inimical.

    The problem of copyright violation and the "threat" the ability to make unlimited, perfect copies of a product has already been confronted, addressed, and successfully solved by the software industry, without DRM, without laws like the SSSCA, and finally without, and prior to, the DMCA.

    eBook authors, musicians, and movie producers need to learn this, and need to seriously look at the motives their publishers, recording companies, and studios have for persuing technological restrictions on a problem for which an elegant social and legal solution stressing personal accountability have already solved. That motive, of course, is to secure their parasitical place as dominant middleman, with power over both the artists and their fans, at the expense of both and at the expense of the art they have usurped "ownership" over.
  • All i want to know, is where can i get a job inventing stupid and pointless drm systems that try and go against the "if i can see it i can copy it" rule and fail. The one in the article is a cheap hack that a 12-year old might pull off. Why do companies pay good money to programmers to come up with this stuff - css, region encoding, ebooks, windows media etc..?

    PS. Would anyone be interested in buying the DRM system i just developed: Basically, the media (cd/dvd etc..) comes with a special label stuck on the front that says: "for every cd bought, we save one 3rd world childs life. If you pirate this cd, you are killing a poor little child, can you handle the guilt??" and it has a picture of a sick and starving mine victim on it.

    Don't worry, your company doesn't have to actually donate any money, all you have to do is put a little notice on the back in 1pt font saying "x company does not donate money to charity and may not actually save one life per cd. all rights reserved"

    Please note that i plan to sell this DRM system for allot of money (3 million) and it is (c) Theodore Allardyce 2002. If i see any such labels on cds, i will know who to sue.

    [This post is protected under the Allardyce DRM 1.0 - I will personally save one starving and sick 3rd world mine/aids/torture victim child for every +1 mod. Can _YOU_ handle the guilt??]
  • Everyone seems to hate the ideas of DRM systems, but what I would like to hear are good ideas for implementing DRM's. From the general concensus I hear a DRM must 1) be anonomyous, 2) be easy to use 3)allow for copying and modifying and 4) not add to the cost of the material. So out of curosity, what would you like to see?
  • Yikes! Now even the editors are trolling!
  • I mean, it's not as if he is a core engineer- that would have been mentioned.
  • The car door lock is a lousy analogy, because it protects the purchaser, not GM. DRM protects the seller, and is nothing but a pain in the rear to the purchaser. Imagine having to call GM to re-activate your car key every time you get an oil change...

    But there are two important lessons you can learn from car locks. One is that they aren't absolute security; anyone who bothers to spend a few hours learning how can steal any car in less than five minutes. The other is that cars are rarely stolen anyhow, because car thieves get caught and severely punished. Go after the thieves, don't cripple the product.
  • by Anonymous Coward
    is better than one designed by the
    riaa and mpaa.

    All histrionics aside, that is the inevitable
    choice.
    What part of this don't status quo geeks understand?

    Current Geek stategy is stupid.

    If you wait til they roll out their DRM it will
    be too late ( for 95%) of us.

    If we came out with a drm that respects legitimate fair use, which file sharing mp3
    with people who haven't ponied up for music, is NOT, then while they dithered it would become a
    standard.
    If the riaa and mpaa then objected to a drm
    that most people thought was fair, they would look like greedy bastards (to everyone, not just
    clued in geeks) for wanting more.

    of course, some l33t types would actually rather
    play cat and mouse with the System.

    in short, a fair use drm ( so i can make compilation cd's and time shift tv- not to file
    swap) now or Riaa-mpaa-Microsoft benefits hell
    within a couple of years.

Understanding is always the understanding of a smaller problem in relation to a bigger problem. -- P.D. Ouspensky

Working...