The last few weeks have been bad ones for SonyBMG. The music giant included copy-protection software on many of its recent CDs, and that software turned out to expose purchasers to significant security risks. In one case, for example, the software hid itself on the purchaser's computer in order to stop the purchaser from disabling the software; but now virus writers can use that "hidden" section to sneak in other unwanted code, like dangerous viruses. The result has been a PR disaster, a massive recall of protected CDs, and now also a series of filed lawsuits. Ed Felten has a fantastic series of posts on all this and I would encourage anyone with interest in the details to read those posts with care.
On the legal side, meanwhile, the EFF's Fred von Lohmann has been offering a great deal of commentary on the controversy, and it is no overstatement to say that Fred is downright gleeful to see SonyBMG stumble in this way. Writes Fred:
So here's to the eventual demise of DRM [digital rights management] on digital music. Once the DRM is gone, we can see what a real, robust, competitive digital music marketplace looks like.
I think, by contrast, that Fred's enthusiasm is at best premature and most likely embarrassingly wrong. Despite what Fred says, this is not the end of DRM, and the end of DRM is certainly not something to celebrate in any event.
1. First, suppose that Fred is correct and legal liability plus bad PR will indeed mean the end of DRM. Is that a good thing? Surely it would be if, in response, we think that the music industry will continue to invest in music at the same or a higher clip, and we think that there will be no strategic alternative for restricting access to music. But both of those assumptions are remarkably ambitious. Without some form of protection against unauthorized redistribution, isn't it likely that the music industry will (say) invest less or develop other ways of fighting piracy? Remember what happened when viewers started to skip television commericals. Advertisers responded by resorting to more product placement. I am not sure that was a good trade; viewers might be better off in a world where we commit to not skip commercials and in return advertisers stop paying poor Rory Gilmore to down Coke after Coke. Fred's argument is a slam-dunk only if no response of this sort is possible; and I don't see why that's even a remotely reasonable assumption to make.
2. What responses might we see? Ed Felten predicts that this might be the end of one type of DRM: namely, programs that install themselves on your computer, hide from you, and try to stop you from doing things you want to do. He likens DRM of this sort to spyware, which similarly is software that must hide from users becauses users don't like it. My colleague Randy Picker notes in the comments that consumers might ultimately and rightly grin and bear it. True, I don't like computer programs that stop me from rip-mix-burn'ing my music; but I still might agree to live with them if that is the best way to get fast, cheap, legal music. In any event, if "I'm hiding" is no longer a viable strategy, what then? For instance, might we see more services (like the SBC Yahoo Music Engine) that stream music but only to a specific proprietary player? That is, one response to a world without DRM is to stop selling CDs entirely and instead stream encrypted music to a compliant player that in turn protects the music. Is that a better approach from a social welfare perspective? (Fred, you seem to know that it is, but I don't see how you could possibly.)
3. DRM has other charms as well, and here again I fear that Fred is too quick to condemn it. Indeed, as I have argued elsewhere, self-help technologies like DRM can significantly reduce the costs of administering legal regimes. Self-help can be much less expensive than litigation as a means for protecting one party's interests; compare in this light the costs of building a fence to the costs of litigating over trespass to land. Moreover, self-help can also serve to identify which interests to protect. Trade secret law, for instance, protects only that information which the relevant trade secret holder himself has taken efforts to protect; one reason is that self-help here signals that the relevant trade secret holder genuinely values the information, and thus that this information might warrant more effective legal protection as well. (I suspect that section 1201 of the DMCA is in part explained along these very lines.)
4. Lastly, returning to SonyBMG, I think it would be a mistake if all this simply leads to better labeling. Yes, SonyBMG could put a warning on the outside of each CD that "this product contains DRM and might reduce the security of your computer system," but I don't see much value in that sort of notice. Consumers will have a hard time evaluating the risk, and these generic disclaimers are largely ignored in any event. It might be that legal rules have to condemn certain forms of DRM as too dangerous, much as shopkeepers are today not allowed to run electricity through their shop windows, even though the threat of electrocution would be a formidable deterrent to theft. That technique is too punishing and it has too many undesirable side-effects, for example the risk that some innocent youngster might break the window by accident and then be injured severely. Applied here, DRM of the sort adopted by SonyBMG might similarly be so bad as to be impermissible. But then we need to say more about what forms of DRM would be permissible, just as we similarly today allow shopkeepers to put locks on their doors, call the police in the event of a burglary, and so on.
> 2. What responses might we see? Ed Felten predicts that this might be the end of one type of DRM: namely, programs that install themselves on your computer, hide from you, and try to stop you from doing things you want to do.
...and modify the interface to a major piece of system hardware used by the OS and multiple applications, and (last but not least) install themselves even after the user declines the EULA.
> That is, one response to a world without DRM is to stop selling CDs entirely and instead stream encrypted music to a compliant player that in turn protects the music.
I'd love to see the major labels try this approach. It would go over great with retailers, not to mention the CD purchasers who still account for ~90% of recorded music revenues.
> Applied here, DRM of the sort adopted by SonyBMG might similarly be so bad as to be impermissible.
Ya think? Or does the fact that Sony is exposing all consumers, not just infringers, to vulnerabilities make it more acceptable?
> But then we need to say more about what forms of DRM would be permissible..
Why? If Sony broke the law, then lets focus on what they did that was wrong, and what sanction hey should receive.
Posted by: Doug Lay | December 13, 2005 at 10:23 AM
Professor Lichtman, you're operating on the assumption that DRM is, or will be in the future, an effective piracy deterrent. I think there's ample evidence that it hasn't been effective so far, and I think there are strong theoretical reasons why it will continue to be true in the future. In the abstract, you're right: a theoretical DRM scheme that effectively prevents piracy could be pro-consumer if it thereby increased the incentive for the creation of new content.
However, in practice, DRM only slows down honest customers. Pirates download illicit cracking tools off the Internet, strip out the DRM, and upload the unprotected files to a peer-to-peer network. You'll never stop that, and it only takes one person to do so for the files to be distributed freely to everyone on the Internet.
So in practice, the question is not whether self-help measures are desirable in the abstract, but whether self-help measures are effective in practice. If they aren't, then they're obviously not good for consumers or anyone else.
Posted by: Tim | December 13, 2005 at 04:32 PM
[This comment was written with some inflammatory language, and so we have edited it on that ground. The substance of the comment was to say that DRM is hopelessly problematic and the music industry should give up on this method of protection. The original post said these things in a more, uhm, colorful fashion.]
Posted by: Anarchy 99 | December 14, 2005 at 10:26 AM
The big lie here is that DRM can solve piracy.
As long is we listen to music with our ears, there will be microphones and bootlegs.
Short of aural implants or chiping every audio recording device, DRM cannot solve the problem of piracy.
Posted by: anon | December 14, 2005 at 03:58 PM
Careful, anon, there are plenty of people in the entertainment industry who believe mandatory chipping of every audio recording device is a feasible and worthwhile goal. There are probably even a few dreamers who are looking forward to audio implants with micropayment meters attached.
However, I don't think reduction of piracy is the real goal of the more intelligent DRM advocates in the content industries. DRM is really about exerting control over technology producers, and restraining competition.
Posted by: Doug Lay | December 14, 2005 at 08:05 PM
"However, I don't think reduction of piracy is the real goal of the more intelligent DRM advocates in the content industries. DRM is really about exerting control over technology producers, and restraining competition."
~Bingo! And I, as an independent hobbyist/music-producer, take special interest in THAT reality! A good article from none other than Popular Mechanics points out how people like me are *exactly* what that "competition" might be! Here's the link: http://www.popularmechanics.com/specials/features/1712111.html?page=1&c=y Ironically, Sony was a sponsor of this story, which only validates a popular criticism of that company; that they happily create many of the tools needed to commit the "crimes" they so hope to stop! (Of course, this article was printed before the whole rootkit mess was made public. In any case...)
The genie's out of the bottle now, because people no longer need the old-school distribution system to get their productions aired worldwide. One doesn't have to search too hard within the EFF to see how far "they're" willing to go to rebottle that genie!
I don't foresee success for them with any sort of chip/watermark, automated-Soviet-style censorship scheme they might create. It's bad enough to alienate your customers, but you've got a major cultural shift on your hands when you start angering artists. And DRM (and Sony-BMG) are at the heart of it now! It'll be interesting to see how this all plays out...
Posted by: Eric Garner | December 15, 2005 at 02:08 AM
For a detailed response please see:
http://member.telpacific.com.au/rolyroper/DougLichtman.htm
Posted by: Roly Roper | December 25, 2005 at 08:19 AM
Good post.However, I don't think reduction of piracy is the real goal of the more intelligent DRM advocates in the content industries. DRM is really about exerting control over technology producers, and restraining competition.
Posted by: HID Kit | October 27, 2009 at 11:17 PM