EOF - If You Don't Believe in DRM, It Can't Hurt You

“Keep your management off my digital rights” isn't merely a slogan for freedom lovers. It's a smart IT decision.

The last time I talked with Martin Fink, HP's Vice President of Linux, the problem on his mind was digital rights management (DRM) and if it could ever be compatible with free software. It's a puzzling question, but Martin, like everyone else in the Linux business, can find better problems to work on.

DRM is any technology that selectively disables features or affordances of a program or device in order to control use of a copy of information by the owner or authorized user of the copy. Think “unrippable” CDs for the home market or, on the office side, e-mail software that lets someone who sends you mail disable your forward or print function.

A coin-operated jukebox is not DRM, and chmod 600 my-secret-file.txt on a multiuser system is not DRM. Those technologies exclude only unauthorized users. DRM starts when the technology begins nit-picking about what you can do. For example, “play only on example.com's media player” is DRM. Certainly such a system helps example.com hang onto its customers, but there's no demand for it.

In this crazy business of ours, every once in a while, companies go into a frenzy to sell technology that doesn't work to customers who don't want it. In the 1990s, did customers want overpriced UNIX from bickering vendors or stable-any-day-we-promise Windows NT? Sorry, neither one works for us. Support Linux, please. Or on-line services. AOL or Compuserve? We'll take the Internet, thanks.

When I met Intel VP Donald Whiteside a while back, he summed up the IT industry party line on DRM. IT companies have to do DRM in order to work with the “consumer electronics”, movie and record companies who put together media standards. He said computer DVD drives are so locked down because the DVD Copy Control Association would have refused to license the DVD format for computer drives otherwise.

Mr Whiteside is too modest about the IT industry's negotiating position. People started shifting their leisure time from big-budget TV productions to the slow-loading, frustrating Internet long before the big entertainment industry made it there. And the big copyright holders make pie-in-the-sky DRM demands, but a little Internet Movie Database search of actual DVD release dates show a different story in the real world.

The five top grossing movies for 1998, before the DVD descrambling story broke, took an average of 367 days after first release to come out in DVD format. By 2000, disinfecting DVDs was common knowledge in tech circles, but the top five movies for 2000 actually came out sooner after theatrical release—252 days.

The story is the same for before and after the “DVD X Copy” application for Microsoft Windows—from 190 days in 2002, before it came out, to 160 days during 2003 when it was available. Yes, the movie industry has an infringement problem, and they might even be releasing DVDs sooner than they would want in order to compete with infringing copies. But the DRM features of the DVD itself are a pointless sideshow.

The other hyped-up use for DRM is at the office. Deploy DRM and you can keep employees from forwarding embarrassing e-mail to the media. That sounds like the answer to network-illiterate managers' prayers, but if it's juicy enough to leak, it's juicy enough to write down and retype. Bill Gates of Microsoft, in an interview with gizmodo.com, tried to pitch DRM using the example of an HIV test result, which is literally one bit of information. If you hired someone untrustworthy enough to leak that but unable to remember it, you don't need DRM, you need to fix your hiring process.

When I talk to working IT professionals, the trend is to open up information “behind the firewall” at a company—not lock it down. People aren't worried about how to DRM-ize everything. Instead, I'm seeing enterprise Wikis. “Enterprise Wiki” still sounds funny, but companies with lots of trade secrets are rolling them out. “Edit this Page” adds value, and DRM has the opposite effect.

Even the mighty US Army is adopting discussion-friendly social software. Doc Searls sent me a link to Dan Baum's great New Yorker article about Companycommand.com and Platoonleader.org, which two Army captains started as a side project to exchange advice outside the normal channels. The Army promoted them and brought the sites in-house.

What if I'm wrong, DRM really is the Next Big Thing, and the herd of IT vendors is right for the first time in history? Network effects practically guarantee that one DRM system will be a global standard. Picking the winner, though, depends on unpredictable DRM-circumvention efforts by security researchers worldwide.

And when even a PC operating system can be an “essential facility” to be regulated on antitrust grounds, DRM that actually worked would be too much power for governments to let anyone else have. Win the DRM war, and the prize is becoming a regulated industry like the pre-breakup AT&T. Martin Fink doesn't want Linux users to miss the DRM boat. I'll miss that ship of fools any day.

Resources for this article: /article/8127.

Don Marti is editor in chief of Linux Journal.

______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Details on DVD release dates

Anonymous's picture

wow

Anonymous's picture

too bad I can't leave comments there. DVDs get copied really easy.

It gets pirated anyway.

Anonymous's picture

Everything gets pirated, DRM or not.

Absolutely. The fact is, if p

powdermonkey's picture

Absolutely. The fact is, if pirates (or even the merely curious and bored) want to break something, it will be broken and, probably, distributed in a broken form. People who are willing to circumvent the law will get the broken (ie, fully functional) version; people who are "honest" get the function-limited version. By paying for the genuine article they receive a product of lesser value. So where is the incentive to be honest?

James's Law?

James's picture

There needs to be a named Internet Law (like Godwin's, etc.) that states something along the lines of:

As a DRM scheme grows more complex, the ratio of illegitimate users affected to legitimate users affected approaches zero.

The only people DRM hurts are those who purchase the DRM'd product. Pirates will crack it, then distribute the product with DRM disabled. This is not hard to understand.

Don't forget artists

Anonymous's picture

DRM also hurts artists when it's easier to use an illegal copy than a paid-for but DRM-infected copy.

It's not about honesty.

Anonymous's picture

If it were about honesty, there would be some form of ethics involved.

One bit of information?

Greg's picture

This may be a little pedantic but ...

Bill Gates of Microsoft, in an interview with gizmodo.com, tried to pitch DRM using the example of an HIV test result, which is literally one bit of information.

According to Shannon's Information Theory, an HIV test result would only be "literally one bit of information" if the test result has a 50% chance of being positive and 50% chance of being negative.

Now, while these a priori probabilities may be the case for a health service primarily serving gay prostitutes in Thailand, for the general population something like 99%/1% would be closer.

This would require something like

H(T) = -0.01 log2 0.01 - 0.99 log2 0.99
= 0.0664 + 0.0144
= 0.0808 bits

or 8% of a bit!

NB: This makes the author's original argument even more compelling.

See: http://en.wikipedia.org/wiki/Information_theory

Cheers,

-Greg.

One Bit?

Anonymous's picture

I might be missing something but I cannot see how you could convey a test result (+ve/-ve) with less than one bit (regardless of how much "information" is in that bit.

You can convey the result in

Anonymous's picture

You can convey the result in less than one bit of actual data if you compress it along with other stuff. For example, assume 1 in 16 of 15000 independent tests are positive and you want to encode these 15000 bits. Without even getting into serious compression algorithms, let's pack results in groups of two:
0 both negative
100, 101 one or the other positive
11 both negative
This crappy code uses an average of 0.5*(225/256)+1.5*(15/256)*2+1*(1/256), that is (112.5+45+1)/256 =
0.619, bits per input bit.

LOL

Anonymous's picture

it takes more bits to explain the 8% bit.

leakable bits

Anonymous's picture

But we're only concerned with test results that are at risk of being leaked, not all the test results in the whole database. Untrustworthy employees are probably more likely to leak a + than a -.

White Paper
Linux Management with Red Hat Satellite: Measuring Business Impact and ROI

Linux has become a key foundation for supporting today's rapidly growing IT environments. Linux is being used to deploy business applications and databases, trading on its reputation as a low-cost operating environment. For many IT organizations, Linux is a mainstay for deploying Web servers and has evolved from handling basic file, print, and utility workloads to running mission-critical applications and databases, physically, virtually, and in the cloud. As Linux grows in importance in terms of value to the business, managing Linux environments to high standards of service quality — availability, security, and performance — becomes an essential requirement for business success.

Learn More

Sponsored by Red Hat

White Paper
Private PaaS for the Agile Enterprise

If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.

Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.

Learn More

Sponsored by ActiveState