A rant on Digital Rights Management

[rcgreen]

Mention Digital Rights Management
http://en.wikipedia.org/wiki/Digital_rights_management

and I go bug eyed with paranoia.
Why is it that no one else seems to see it as an all-encompassing
conspiracy to overthrow all that is good in human civilization
and and enslave us to evil brain-eating cockroaches?

Security is a balancing act.

We all know that computer security is a continuum, with bad choices
at either end of the scale, but have we stopped to think about the
fact that this continuum is just a mirror of the same reality we
face when we consider personal or National security?

Tech people can be very inconsistent between their views on tech
subjects and their views on social or political realities, but
these two worlds are really analogies of one another.
You might be a real "computer security nazi", but a libertarian
in "real life". Why?

What is at stake?

Before you can even think intelligently on computer security,
you need to define what it is that you are attempting
to protect. And this is where your political and social
presuppositions
http://mywebpages.comcast.net/webpages54/ap/presup.html

will silently determine the outcome
of your thought processes, before you have even begun.
Nowhere is this more true than in the emotional and polarized
debate over Intellectual Property.
http://www.wipo.int/about-ip/en/

Whose rights?

If I have made the assumption that I rightfully own a piece of
property, all of my strategies for protecting it will flow
from that assumption. If my computer belongs to me, then I insist
on having control over the software it runs, the content displayed
on the screen, who can write to my hard drive. I may delegate
these rights to those I trust, and I may deny it unconditionally
to all others. It is my computer.
http://www.gnu.org/philosophy/free-sw.html

Whose computer is it?

Maybe it really isn't my computer at all. Once upon a time
not so very long ago there were no personal computers. A business
would own a powerful computer with a multi tasking multi user
operating system. They could then connect numerous dumb
terminals to this machine so that people could log on and
work. Since the company owned the computer, it, or its appointed
sysadmin decided what rights could be safely delegated to
users.
http://www.itsecurity.com/dictionary/leastpriv.htm

Users were digital peons, working on the master's
plantation.

The microprocessor revolution.

The availability of cheap microprocessors shattered, at least
temporarily, the digital paradise of centrally controlled
computing. People bought desktop computers and discovered the
joys of learning to write their own software. They were
empowered. They experienced the feeling of ownership,
responsibility, and rights. Bad news for the advocates
of an authoritarian concept of computing.

A gray area

Having one's own computer probably felt pretty good at first,
but people became bored and discontented with the underpowered
early PCs, and no doubt were thrilled when they became
powerful enough to run networking software, and able to connect
to the fast growing internet. But now, going from a free-standing
personal computer to a participating host on a network,
you enter a gray area, a twilight zone between the totally
decentralized, fragmented world of individual PCs, and the
authoritarian world of mainframe and dumb terminal.
http://www.conroe.isd.tenet.edu/poli...u/can_use.html

Rival Computing Models = Rival Security Models

It should be no surprise that people are arguing radically
different philosophies of computer security. Their underlying
philosophies of computing make this inevitable.
The decentralized model of security says that "It's your
computer", therefore security is your own responsibility.
This philosophy favors firewalls, Anti-virus software,
Spam filters, and other user-initiated and user-maintained
measures to mitigate, but never eliminate security threats.
The centralized model advocates comprehensive and
systemic measures, built into the fundamental design
of the net, its protocols, and even the very hardware,
to make security threats impossible.
http://www.extremetech.com/article2/...,264904,00.asp

Cyberspace and Ordinary Space.

If you suspect that I'm about to make an analogy between
the digital world and the "real" world, you are correct.
The very same arguments about security are raging about our
physical security. One group says that conventional
and traditional security measures are adequate. Local law
enforcement is seen as adequate to deal with crime.
Normal and lawfully mobilized armies can defend nations.
Traditional diplomacy. Civil liberties. Constitutional
safeguards.
The other camp, again, wants a radical and comprehensive
solution, a "new world order", some kind of systemic
redesign that will make security threats impossible.
http://www.truthresources.org/a_nwo.htm

Utopia is Hell.

But before we can talk intelligently about security threats,
we need to ask, "Who is being threatened by whom?"
the answer to this question isn't as obvious as you think.
To you and me, this may seem simple. A security threat
is something that threatens me.
A virus. Spyware. Someone wanting administrative access
to my computer, to steal my personal info, empty my
bank account, or whatever.

But if you are the president of a monopolistic business,
head of the RIAA, the MPAA, your definition of "threat"
may seem curiously inverted, at least from my point of view.
http://www.eff.org/legal/cases/sony_...l_decision.php

New technologies that allow users to share files unsupervised,
the ability to inspect and "reverse engineer" software,
or to write programs that unlock copy protection. These are
"security threats" from their point of view. Things that I
do in the privacy of my own home can be viewed as threats to
their businesses.

Since it is "intellectual property" that they are trying to protect,
my discovery of their secrets is a greater threat to computer security
than some petty virus. To ordinary users, the enemy is the rogue or
criminal who releases the destructive virus or worm. To authoritarians,
it is ordinary users who are the threat, not by doing something
criminally destructive, but by obtaining hidden and forbidden
knowledge.
http://www.gnu.org/philosophy/right-to-read.html

Digital Utopia would be a place where users are only allowed the
minimum privileges necessary to allow them to do their work. This may seem
sensible if you are the sysadmin at a nuclear weapons lab,
http://www.cgisecurity.com/owasp/html/ch04s08.html

but do you want the internet run that way? Do you want your PC to be managed
remotely by the regime of Digital Rights Management?

There is a lot at stake here.

The internet is still a friendly and cooperative place.
It is not the wild wild west, in desperate need of a
gunslinging sheriff to come and impose law and order.
Security is evolving naturally, and meeting the needs of legitimate
users. The rogues and outlaws are a small minority.
If it ain't broke, don't fix it.

[Vorlin]

Amazing post...very good read.

[hellforgedangel]

Members of organizations such as the RIAA and MPAA hope to prevent the creation of any copy of digital media -- even those which consumers are legally entitled to make under the doctrine of "fair use" -- by encrypting audio and video until the very instant they reach your speakers and screen.

Surely it wouldnt be long before someone just plugged a cable from their line out strait into the line in, I mean they cant stop you sharing your home recorded stuff can they?

[jinxy]

Anyone who wants to protect there digital media using DRM should be executed. For the following reasons:

It will not stop piracy.
It will cost them more money than it will return.
It will prevent customers from using their media in the way the the customer want to.
It will limit their potentual customer base.
It will incurrage piracy.
It will create another monopoly.

I could go on and on, but i think i'll go to bed now.

[jdenny]

Support Open Source Software. Support Open License (royalty-free) Music.

See Creative Commons Attribution-ShareAlike license:
Human-readable summary
Lawyer-readable code
Machine-readable code (example)

Not only for musicians, it can be also used by photographers & illustrators, writers & bloggers, filmmakers, and educators & scholars. More info: creativecommons.org.

EFF used to have Open Audio License but now they recommend CC lisence over their license.

And now, for some real free, royalty-free music: www.open-songs.com.

Peace always,
<jdenny>

[slarty]

I think we should just look at the logical conclusions of DRM:

1. DRM allows software vendors to restrict using some technical means, what other software is installed on your machine - how convenient for them (Real, Apple and Microsoft) - they don't need to compete with other media players any more, they can legally, legitimately simply uninstall them or break them.

2. DRM is installed in the BIOS and OS of the machine, which prevents running unsigned software:
- Writing open source software is now comparable to making open source weapons - you can do it, but need to obtain masses of expensive licences / permissions from the government

3. You now need a licence to even OWN a compiler. Yes, that's right. Can't let any normal people own compilers, in case they "accidentally" compile something which violates DRM. The same licence will allow you to run a non-DRM PC (for personal or commercial use only of course, you can't lend it to anyone etc)

It will be stupid because:

a. The system will be circumvented as soon as it is invented (Like PS2 and Xbox DRM measures)
b. Anyone who's bent on creating malicious software, will ignore the rules anyway
c. It will place a massive financial drain on software companies, getting the relevant government licences to develop software under a DRM world - thus further increasing the likelihood of software companies relocating to non-DRM enforcing countries (i.e. not the US or its allies (i.e. not the UK ) )

Slarty

[Vorlin]

I look at "DRM" as a 'rights' movement that does nothing more than protect (and in the process, divide and separate the competition) any business who wants to make sure they get 100% of their product sent out. Making a machine that's "DRM" compliant? Yeah, I'll never have that. Are they saying we can't build our own PCs anymore? Embedded in the bios and motherboard? Sure, we can break that all day. Same as the OS? Yep, broken. Not feasible financially, but that'll be circumvented by the companies because of the increased price of "production".

A failed project and all that suffer are the end users.