Adding Mistrust to Digital Rights Management
I am giving a talk Sunday—yes, law profs work the odd Sunday—on DRM at the Digital Broadband Migration conference in Colorado. Since Doug Lichtman has been talking about DRM on the blog this week, I thought that I would jump in with a preview of my talk (and forthcoming paper).
Try four ideas:
1. The Sony BMG rootkit fiasco makes clear how difficult it will be to make add-on DRM work for music CDs.
2. Even when DRM is introduced into a technology from the getgo, such as was attempted with the digital television broadcast flag, that technology may fail as people who get the content will have a shared interest with professional decryptors in removing content limitations.
3. Meaningful DRM may need to be identity-based, meaning that we can glean the identity of the content purchaser from the content itself. Again, it will be hard to inject identity into one-to-many—broadcast—approaches to content distribution, be that for digital television or high-def audio. In contrast, as we drop physical media such as music CDs and DVDs and switch over to online distribution of content—iTunes and Google Video—we can add identity-based DRM if we want to do so.
4. Identity may suffice, but we might conclude that we need to do more. We may need to give content purchasers reasons to be reluctant to deal with professional decryptors. Put differently, we may need to add mistrust to DRM schemes.
Take these one by one.
Start with Sony BMG. Adding DRM to music CDs faces a disabling problem: music CDs need to play in CD players. For decades, CDs have played in CD players and a new CD needs to be able to do that as well. So somehow an ordinary CD player needs to play the CD flawlessly, yet when that same CD is inserted into the CD drive built into your computer, it needs to work differently. Otherwise if the computer is given unfettered access to the music, it’s rip, upload, and off to the p2p networks. This is a real problem: make sure that the product can be used in its traditional, standard uses and yet limit new uses. It is as if the CD needs to play in the CD player and yet somehow be prevented from being inserted into a toaster when the purchaser really wants to pop it in.
Sony BMG tried that and failed. Its approach—which relied on getting consumers to install software on their computers and, in some cases, seemingly without consent—led to consumer howls, investigations by state attorneys general and class action lawsuits. Sony BMG has settled at least one of those suits and has agreed to walk away from this version of the technology. So much for that.
Even if we can build-in DRM from the beginning, we will face problems. The broadcast industry sought to have a broadcast flag included as part of the digital television specification. The purpose of the flag was to limit the redistribution of content. The flag didn’t make it past the D.C. Circuit, as the court concluded that the Federal Communications Commission had exceeded its authority in implementing the flag.
But even if implemented, the flag would still face a more basic challenge. Some of the people who received the content would want to evade the use limits defined by the flag. Those people would have the incentive to seek out tools to allow them to get around the flag. And once that was done, we have the darknet critique of DRM: it only takes one, just one person to get around the DRM and put the content out into the clear free of the wrapper.
One-to-many technologies such as broadcast face another limit: they will find it hard to implement identity-based DRM. Identity-based DRM embeds the content purchaser’s identity—or at least parts of it—into the content. Identity-based DRM is being implemented into online digital distribution, and that is where distribution will shift was we move away from products, such as CDs and DVDs, to services, such as iTunes, Google Video and Amazon Upgrade.
Watermarks are a form of identity-based DRM. The embedded watermark would allow a content owner to scan p2p networks in search of available content. Having found the content and the associated identity, the content owner would be able to respond to the illegal distribution.
But respond how and won’t the anti-DRM software just strip the watermark anyhow? This is where mistrust comes in. In embedding identity into content, we may also need to embed access to something valuable, a hostage or mini-bond as it were. Consider a couple of versions of this. If access to content brought with it full-access to a customer’s account, customers would be quite careful about sharing access to the content. As I noted in a prior post on Amazon’s announced Amazon Upgrade, this appears to the path that Amazon is taking. Alternatively, we could imagine that the identity information embedded in the content gave someone with access to the content the ability to spend a say $50 account balance at the site in question.
The point of this is to raise the cost of sharing content and to drive an incentives wedge between the content purchaser and the professional decryptor. If the content purchaser can’t be sure that the decryptor will act as an honest agent in stripping the DRM scheme—if the purchaser instead fears that the decryptor will harvest the account information—the content purchaser may back away from sharing. The interesting, almost sociological question is how much suspicion do you need to introduce into a file-sharing system for content owners to refuse to share with anonymous recipients over peer-to-peer networks?