Copyright Instead of Data Protection
“Most people, I think, don’t even know what a rootkit is, so why should they care about it?” (Sony BMG Global Digital Business President Thomas Hesse)
The issue of Digital Rights Management (DRM) is only of historical interest today— or so you might think if you were optimistic. Industry observers already see 2007 as the beginning of the end of DRM, and signs of this are in fact mounting. But in order for DRM to become a non-issue, if this indeed really happens, we need alternatives that safeguard the personal rights of information users while rewarding creativity.
Technical rights control systems (“Digital Rights Management” or “Digital Restrictions Management”— DRM) are designed to turn back the digital clock and make piles of bits behave as if they were books or record albums, only a little bit more to the benefit of the commercializers. To this end, the content is locked in a cryptographic capsule that can only be opened if certain prescribed conditions are met. DRM controls who can use what in which way. “Who” and “what” require the implementation of identification systems for customers and for copyrighted works. The “what” must be protected from non-authorized use by the “who.” The “who,” i.e. the legitimate customer, is therefore the main opponent from which DRM must protect the content.
Books and albums are sold with “all rights reserved.” What exactly these rights are is stated in copyright law. But this law does not affect what people do in the privacy of their own homes. If someone violates these rights by distributing copies without permission, the act of publication itself means he can be prosecuted by the state or by a private person. So the presumption is that the customer is fundamentally honest. Prosecution is only set off by a violation.
The presumption in DRM by contrast is that the customer is dishonest, as Mark Stefik, one of the founding fathers of the concept, expressed in no uncertain terms at Xerox PARC. DRM not only monitors sale and delivery (in order, for example, to prevent actions on the digital plane that correspond to store theft), but also the use of the content on devices in the customer’s private sphere. This supervision continues even after the purchase transaction has been completed, and in principle until the copyright to the work in question expires 70 years after the author's death. The rights holders thus in effect take control of their customers’ PC and audio and video devices in order to enforce their usage restrictions on them.They keep their works under lock and key unless certain conditions for use are fulfilled. And the administrators of the copyrights even reserve the right to change these conditions long after the transaction has been completed.The DRM systems send information on the works and their usage back to the rights holders and ask them for authorization for use.The rights holders (or their DRM providers) sit at the remote controls for the DRM systems.They query information, send instructions, upload updates to users' devices as soon as defense mechanisms against circumventing the system or new control technologies are available and—if this kind of in situ update is not possible—they completely deactivate the DRM, thus locking the legally acquired content that they control forever. It is hard to imagine how this could not be perceived as a systematic, ubiquitous and lasting violation of the private sphere.
The fact that such a powerful, invasive and far-reaching technology needs to be legally regulated seems obvious. And in fact the World Intellectual Property Organization of the UN (WIPO) did create a global regulatory framework especially for DRM in 1996. However, it does not serve to protect the private sphere or the open architecture of PC and Internet, but rather to safeguard the DRM systems themselves. The WIPO Internet treaties obligate the member states to establish “adequate legal protection and effective legal remedies” against circumventing what are characterized as “effective technical measures”for copyright protection.What is ironic is that, if the technology itself were effective, it wouldn't need any additional legal safeguards. In actuality, however, every single DRM system that has come onto the market has been hacked into in no time. The jurists tell us that people have no right to anonymous media use. It was a random effect of analog media that you could purchase a book in a store and pay in cash without showing any ID. Just as randomly, digital technology put an end to anonymity.The paramount dogma of intellectual property justifies the rights holders in doing anything that is technically possible to protect their rights.
Or almost anything. In 2005 Sony BMG put several million music CDs on the market that install a rootkit on the PC when they are played the first time. This is equivalent to a set of digital break-in tools. Typically, an intruder installs a rootkit on a compromised system so that it can log on, intercept key entries, copy files or open network connections in order, for example, to attack other systems or send spam—doing it all in a way that cannot be detected by the usual system maintenance tools and virus and spyware scanners. When this innovative concept for protecting music became known, it triggered the greatest fiasco in DRM history. A random sample in November 2005 showed that computers in at least half a million networks were affected. The case led to a consumer boycott and a wave of lawsuits.
Sony BMG admitted that the rootkit “phones home,” i.e. sends information about the CD that has just been played to a server at Sony BMG. But the company denied that the information was used for anything else but to supply the customer with updated cover pictures and song texts. That may be so, but the user nonetheless has no assurances and no way to verify this fact. All he can do is have faith that Sony BMG will not misuse the information it is privy to. Expecting users to trust a firm that clearly signalizes that it does not trust them, and which has given them every reason to mistrust the company, is asking quite a lot.
One would think it would have taken no further proof to consign DRM as a temporary aberrance to technological history's chamber of horrors. And yet the rights industry continues to clutch at this straw. In the meantime, DRM mechanisms can be found in almost all hardware and software used to play and edit media data, whether MP3,DVD or Minidisc player, as well as PDF software, mobile phones, photo and video cameras and HDTV receivers.
But evidently the rootkit fiasco did have some repercussions. More than a year later, in January 2007, at the world's largest music trade show, Midem in Cannes, there were signs that the industry was planning to phase out DRM. The online market was stagnating. Consumers did not accept technical methods of compulsion on their devices. Shortly thereafter, EMI was the first of three major labels to announce that it would forgo DRM.
Then, in February an open letter from Steve Jobs, “Thoughts on Music,” shook the industry. The music industry is dependent on iTunes as the only download option that has demonstrated success in the major leagues. Apple’s DRM, called FairPlay, had come under fire in Europe. The EU Commission demanded interoperability of DRM systems in the interest of promoting competition and protecting consumers. It was not acceptable that music from iTunes could only be played on iPods and music from the Microsoft store only on the Zune.
But Jobs pointed out two plain facts. DRM is based on secrets. And they are hard enough to keep secret within a company and in the course of constant updates of millions of installed DRM systems. Making them available to rival technology and content providers for the purpose of interoperability was out of the question. And, second, the industry sold the overwhelming majority of its music completely unprotected on standard audio CDs. What benefits would it bring to saddle the small fraction sold online with DRM?
If interoperability is a sine qua non for competitiveness and consumer protection policy, and at the same time it is impossible from an administrative standpoint to safeguard its secrets, then the vision of DRM has ultimately failed, according to Jobs.
This unfortunately doesn’t mean, however, that our personal rights have prevailed over the claims to omnipotence asserted by the rights industry. Although it is true that the technical enforcement of license conditions has been discredited, a version of DRM is still spreading today that is presented as more “moderate” and “consumer-friendly.”This version involves embedding personal purchaser identification in the copy of the work sold, via so-called transactional watermarking. If duplicates then show up in P2P networks, they can be traced back to the buyer. Even the reformed iTunes 7.2, touted as “DRM-free,” embeds at least name and email address of the purchaser in its non-copy-protected songs.
When bits gush out of the Internet like water out of a tap, the appropriate business model cannot consist of selling single droplets. The solution has been around for 150 years and has been steadily developed in the meantime. It is called: flat-fee licenses. In 1847 composer Ernest Bourget sat in a Paris concert café listening to a performance of his chansons.When he refused to pay for his coffee since the café’s owner wasn't paying him to use his music, a dispute arose. The conflict ended in the courtroom and marked the beginning of collective assertion of rights by copyright collecting agencies. Ever since then, cafés, clubs, shoe stores and other music users have paid a flat fee to the music copyright agency. When radio became popular in the 1920s, the operators agreed with the music rights societies on a flat-fee solution. Paying a fixed amount to the copyright collecting agency gave the station the right to play any piece of music.When tape recorders made their way into homes in the 1950s, German legislation gave the users a legal license to make private copies in return for a lump-sum surcharge when purchasing duplication devices and blank media.
Protecting the private sphere played a vital role here. Namely, the Society for Musical Performing and Mechanical Reproduction Rights in Germany, GEMA for short, had demanded that dealers keep records of the identification card data for buyers of tape recorders and report it to GEMA. The German Federal Court of Justice decided in 1964 that manufacturers and buyers of recording devices can actually be held liable for copyright infringements committed using such devices, but that the monitoring demanded by GEMA was not permissible because the inviolability of the private sphere outweighs the legally protected interests. The private copy limitation was thus applied to photocopiers, cassette and VHS recorders and all other recording devices. The private copy limitation was a sensible response to a situation that was making inroads everywhere. For this reason, many other countries followed suit. Today we are facing a comparable situation. File sharing continues to proliferate. DRM has shown itself to be a collective illusion on the part of the content industry.What could be more reasonable, then, than to apply the proven flat-fee model to P2P and Web 2.0 contributor sites like MySpace and YouTube?
Since 2001, legal scholars, authors and musicians, publishers and representatives of the copyright collecting agencies have been conducting a lively debate on this issue, among them William Fisher, Lawrence Lessig, Jim Griffin, Bennett Lincoff and Neil Netanel. A series of collecting agencies in Scandinavia, Australia, Canada, France and Spain are likewise positively disposed toward this alternative model.
Based on the initiative of the two music rights societies ADAMI and SPEDIDAM in France, 15 organizations of musicians, photographers, designers, independent producers, education professionals, Internet users and consumers in that country came together to form a broad coalition of creatives and consumers. L'Alliance Public.Artistes has conducted a series of feasibility studies on the legal, economic and technical aspects of a global license.Their model calls for ISPs to collect a monthly fee of about five euros from their P2P-using customers—and in France that means virtually everyone—and to measure the number of downloads, without personal data attached of course, since this is not required here for creating a fair payment key. The ISPs would then hand over both fees and information to a copyright collecting agency that would distribute the money to those entitled to it.
L’Alliance Public.Artistes succeeded in gaining support for their model from two members of parliament—a conservative and a social democrat. Both proposed corresponding changes to an amendment of the French copyright act. When these proposals passed the first chamber on December 22, 2005, one might have thought that reason had finally triumphed. Unfortunately, however, a massive music industry protest at Midem 2006 caused the global license to be shelved for the time being.
A flat-fee royalty is conducive to data privacy. No personal data needs to be recorded and stored over decades, as in the case of DRM. The P2P market research firm BigChampagne demonstrated in an expert report commissioned by L’Alliance how it is nonetheless possible to determine precise usage figures so that rights holders can be compensated fairly.This makes a mass criminalization of users superfluous, removing the burden from both the file-sharing users and the criminal authorities. It generates considerably lower transaction costs than DRM and fosters competition because it avoids the market-distorting effects of technology monopolies as can be expected from the use of DRM. Flat fees ensure compensation for authors and performing artists, negotiated and administered transparently and fairly by the copyright collecting agencies under public supervision. This is why a flat fee for the permission to use music, such as the French global license, is the best possible solution for consumers, authors, performing artists and publishers.
But when will this kind of common(s) sense finally prevail? Perhaps the music and film market has to shrink down to the limit of tolerability and a few more Midems have to go by before the rights industry comes to the same realization as it did in the case of DRM? Absurdly enough, those fighting most vehemently against flat-fee solutions are the people who have always been the ones to enforce them. At the Copyright Summit held by the International Confederation of Societies of Authors and Composers (CISAC) in Brussels,May 2007, flat-fee licensing was a topic on everyone’s lips. Representatives from the music industry, from individual collecting societies and from the field of futurology presented it as the most sensible of all solutions.
But the most powerful among the “authors’ societies,” which represent not only authors but also publishers, such as GEMA, rejected the solution out of hand. After the show, Eric Baptiste, the outgoing general director of CISAC, predicted in an interview that flat fees would spell the end of the music industry. Instead, he proposed the same recipe made up of consumer education, tougher punishments and DRM that the industry has been trying for 15 years now with little success.
The closing speech at the summit was held by Robin Gibb of the Bee Gees, one of the few musicians to take the stage. He spoke of how the band was motivated by the urge to write music and to perform it. They didn’t get together and say,“Now it’s time to produce a new piece of “intellectual property.” Record companies come and go, but the authors' society remains. It takes care of the 'intellectual property' part for us and leaves room for us to do what we really want to do:make music.” On the third day of the summit, which was not open to the general public, Gibb was elected as new general director of CISAC.We hope for his sake, and for all of us, that he will succeed in putting the alliance of doubters on a more realistic course. Until that time, Gibb may as well join the heads of the most powerful authors’ societies in singing his all-time best-seller: “I’ve been kicked around since I was born / feel the city breaking and everybody shaking / Life going nowhere somebody help me / and we're staying alive staying alive / ah ha ha ha staying alive.”
Translated from German by Jennifer Taylor-Gaida