What are the lessons to learn from DRM?

1. DRM hurts paying customers

Customers have paid for the texts/pictures/music/movies they purchased, and they expect to be able to use them as they’d like. You can argue that they’re not really buying the content, they’re just buying licenses for that content, but that argument, while technically legal, is facile and doesn’t take into account how real human beings think. When a normal person buys a song, he considers it his … after all, he just paid for it!

Intelligent people can disagree about the economic impact of file sharing – it seems pretty clear to me that it actually encourages sales and awareness of movies, music, and other content – but that’s not what I’m talking about here. I’m talking about moving pictures and movies between devices, about transferring files between the many computers I own, and about changing formats as I please.

When you finally realize that you can’t perform a Fair Use action you previously were capable of you feel like a sucker, you feel ripped off – a sucker that has been conned by the same people to whom you willingly gave your money.

2. DRM destroys Fair Use rights

… unless the consumer is willing to break the law. Thanks to the wonderful DMCA, it’s illegal for anyone to break the DRM protecting a file, no matter how trivial it might be to do so, in order to exercise the Fair Use Rights that are legally granted to American citizens. Rick Boucher, a Representative in Congress who actually “gets it,” had this to say about the DMCA and Fair Use in 2002:

“… section 1201 of the DMCA … created the new crime of circumvention. Section 1201 (a)(1), for example, prohibits unauthorized access to a work by circumventing an effective technological protection measure used by a copyright owner to control access to a copyrighted work. Because the law does not limit its application to circumvention for the purpose of infringing a copyright, all types of traditionally accepted activities may be at risk. Any action of circumvention without the consent of the copyright owner is made criminal.”

So even though a Fair Use exemption is granted for “nonprofit educational purposes,” most NP can’t really exercise that legal right since it would require the commission of a felony to do so. Other uses of Fair Use include, and I’m quoting from the United States Copyright Office, “criticism, comment, news reporting, teaching, scholarship, and research.” DRM means that Fair Use for the file protected via DRM is at the whim of the file’s creator, which flies in the face of the whole idea of Fair Use. We shouldn’t have to beg for our Fair Use rights, since that’s the whole point of Fair Use!

3. DRM renders customers’ investments worthless

DRM means that any investment in most DRM crippled material will one day be completely worthless.

TiVo is a different matter, since it’s essentially a closed box (although there are ways to get around that). In this, we need to trust that TiVo will not use a forced upgrade to further decrease functionality that was there when the machine was originally purchased. Seeing that the company has already done this once, by adding support for a type of broadcast flag that limits timeshifting, I don’t have high hopes that TiVo will do the right thing. Hello, MythTV.

I feel especially sorry for the people that have spent hundreds or even thousands of dollars at the iTunes Music Store. What happens when Apple downgrades iTunes again, further limiting what users can do with the songs they’ve purchased? What happens in five years, when Apple moves on to another format? What happens to your music collection when the iPod is no longer the de facto standard, and you want to switch to a new portable player? How are you going to get your encrypted AAC files to play on that new device, with something approaching the same level of quality?

DRM means that you have no control over the files on your computer. You can only do what the company supplying you with the DRM’d files want you to do.

4. DRM can be defeated

It may take some time, but all DRM can be defeated. Or rather, as Chris Anderson, the thinker and writer behind The Long Tail contends, “Any protection technology that is really difficult to crack is probably too cumbersome to be accepted by consumers.” And anything that is not that cumbersome can be defeated (although so-called “Trusted Computing” is going to make that process a lot harder … but I think it will eventually be overcome by those determined to get around it). Cory Doctorow put it best when he explained that the only way that DRM can work is if all of the following conditions are met:

* Every copy of the song circulated, from the recording studio to the record store, had strong DRM on it
* No analog to digital converters were available to anyone, anywhere in world, who might have an interest in breaking the DRM (since you can just avoid the DRM by … taking the analog output off the player and re-digitizing the song in an open format)
* Peer-to-peer networks ceased to exist
* Search engines ceased to index file-sharing sites
* No “small worlds” file-sharing tools were in circulation

Although Cory is talking about music here, the same principles apply to any kind of file that can be protected with DRM. Even if Trusted Computing and Microsoft’s vision of DRM’d Word documents and emails comes to fruition, if it’s hot enough to protect, it’s hot enough for someone looking at it – and someone does need to eventually look at it, or how can it be used? – to copy it by hand.

Of course, some might argue that it’s enough that the average Joe can’t break the DRM. If that’s true, then why use DRM? What’s the goal? If the goal is to prevent all unauthorized copies from being made and circulated, then it isn’t enough to put up roadblocks; you must seek to lock down your “content” (as a writer, I hate that word) completely. If the goal is just to frustrate users, then why use DRM at all, since you must realize that un-DRM’d copies of your materials are going to circulate? And even if Joe can’t break the DRM, he’ll eventually figure out how to use a P2P network, or ask his nerd friend for help, and then you’ve got another unauthorized copy and an upset and now more knowledgeable former customer. What publisher wants that?

DRM has wormed its way into the imaginations of Hollywood, the RIAA, and publishers, and they in turn have convinced the computer industry (who, it must be admitted, needed little convincing) that DRM must be applied and supported throughout their products. To the **AAs, I’m sure that DRM made lots of sense. In reality, though, it doesn’t. DRM has angered the customer base (and most others), eviscerated my Fair Use rights, ultimately rendered the money I spent moot, and it can still be copied anyway! Where does that leave the publisher? It sounds to me like we were both – consumer and publisher – sold a bill of goods.

Welcome to the future, even if it isn’t so bright……

HBO’s controversial special ‘Hacking Democracy’ on issues with Diebold voting machines is now available in full on Google Video.

This is a must watch documentary…….

http://www.hbo.com/docs/programs/hackingdemocracy/?ntrack_para1=leftnav_category6_show1

The November 2006 elections that will decide the make-up of the U.S. Congress and state and local governments are facing more uncertainty than any election to date. Instead of “Democrat or Republican,” the more pressing question has become “accurate count or complete debacle?” More than 60 million Americans will be casting their votes on electronic voting machines for the first time. Some fear human and machine error, both of which have occurred in almost all electronic voting since the machines were introduced in limited scope in 2002. Others fear a darker foe, and it’s not just conspiracy theorists: For the past three or four years, computer scientists have been tampering with voting machines to prove it can be done. And they say it’s actually pretty easy.

With electronic voting, the entire setup is electronic, not just the actual casting of the vote. The general process of electronic voting on the most common touchscreen models goes something like this:

1. The voter checks in with election personnel, who enter the voter’s name into a computer database to make sure he or she has not already voted.
2. The voter is given a “smart card” — basically a credit-card-type device with a microchip in it — that activates the electronic voting machine.
3. The voter casts his or her vote by touching a name on the screen.
4. If the model includes printout capabilities (which is required by more than half of U.S. states), the voter receives a printout that verifies his or her choices before leaving the booth. If the printout is correct, the voter inserts it into voting machine before leaving the booth to complete the voting process. (If it’s incorrect, different models have different remedies, but it’s safe to say it starts to get messy at that point). In non-print-out models, the voter leaves the booth after cast his or her vote on the touchscreen.
5. Once the polling place has closed, an election official inserts a supervisor’s smart card into the voting machine and enters a password to access the tally of all votes on that machine. Election officials either transmit the tallies electronically, via a network connection, to a central location for the county, or else carry the memory card by hand to the central location.

Election officials point out that there are many safeguards in place to make sure no one tampers with the voting machines — this is an election we’re talking about, after all. Some of those safeguards include tamper-resistant tape over the machine’s memory card slot, a lock over the memory card slot and the machine’s battery, and the process of comparing the total votes on the memory card to the number of voters at polling place and to a voting record stored on the machine’s hard disk (and to physical printouts if available). Machines are password protected and require special access cards for anyone to get to the memory card, and most polling places conduct background checks of election workers. Finally, the software on these machines automatically encrypts every vote that is cast. So, where does the problem come in?

Experts point out lots of areas that need improvement, but as you can probably tell from the list of safeguards above, the memory card is considered to be the weakest point in the system. Princeton University computer-science professor Edward Felton and a couple of his graduate students got themselves one of the most common voting machines — a Diebold AccuVote-TS — and had their way with it. They picked the lock blocking access to the memory card and replaced it with a memory card they had infected with a virus. The virus altered the votes cast on the machine in a way that would be undetectable to election officials, because the vote numbers were not only changed on the memory card, but also in all of the backup logs on the machine’s hard disk. So the final numbers matched up just fine. Another report, this one by a computer science professor who is also an election volunteer, states that the security tape protected the memory card slot looks almost exactly the same after someone removes it and then replaces it — you have to hold the machine at a certain angle in the light to see the “VOID” imprint that arises after tampering.

Other experts focus on the software that records each vote. It’s too simple, they say, and not encrypted well enough. The typical code is a standard “Roger Moore = 1″ and “Sean Connery = 2″ type of setup, which even a computer neophyte could tamper with if they have access to the machine. All it would take is a memory card with a bug loaded onto it to switch the values. Also at issue is the type of encryption used in the voting machines, which experts say is far from state of the art. But at least in the case of the Diebold machines, experts really only have access to one older version of the software that was leaked through a security hole in the Diebold network, so no one can be sure whether the same flaws exist in the latest version of the program. Diebold won’t release the software for public review because it’s proprietary.

Beyond the machine itself, the method of electronically transferring tallies between polling places and a central location for the county is another possible point of weakness. A hacker can intercept the vote tallies on their way to the central counting location by attaching a what amounts to a tap at the network router or hub. He or she could grab the numbers on their way across the network — which in many cases isn’t encrypted — and load up a different set of tallies in their place. However, as long as the central location double checks the electronically transmitted numbers with the memory cards and printouts from each polling place, this method of fraud would ultimately fail.

————————–

However, above all, one of the biggest questions facing many voters across the nation this election season is;
“Why haven’t mandatory guidelines been implemented that would provide for a voter-verifiable paper trail?”

I’m not merely suggesting a ‘vote-receipt’ that a voter takes home, but additionally an ‘official’ paper ballot print-out that a voter can use to verify that his selections were made correctly and subsequently submitting that paper ballot to the poll authorities (in a tally box perhaps?) that can be utilized in contested races. Seems simple, honest and fair enough to implement, but for some odd reason many officials and politicians oppose such open measures, which I personally find shady at best.

IANAL AND THIS IS NOT LEGAL ADVICE…..