In the current issue of IP Law & Business, I wrote a column on DRM—that is, a column on the many “digital rights management” technologies that today allow copyright holders to in various ways restrict access to their work. DRM has earned itself a bad reputation in recent months. The DRM on some recent music CDs, for instance, turned out to inadvertently expose purchasers to substantial computer virus and malware risks. Nevertheless, my column is somewhat upbeat. I make two basic points.
First, while DRM might represent a powerful restriction on the use of protected work, the constraint will never be Orwellian. Consumers, after all, will use their dollars to vote against encryption techniques that are too limiting; and, as history teaches, consumers will also find ways to defeat most DRM systems anyway. Moreover, copyright holders themselves might not favor strong DRM even if it were feasible; and, besides, DRM suffers and always will suffer an Achilles heel: in every system designed to control content, at some point consumers must be able to read, hear, or otherwise experience the purchased information. Whenever that happens, the information is necessarily exposed.
Second, if all this is true, then DRM simply makes copyright law look a lot like every other area of legal endeavor: there is a formal set of rules enforced by judges, administrative officials, and the like, and there is in addition a weak but effective overlapping capacity through which private actors can take matters into their own hands. Put differently, as I show in the piece, criminal law, trade secret protection, First Amendment jurisprudence, and indeed every other legal regime is today implemented through a combination of powerful public mechanisms and less costly but weaker private ones. DRM, I argue, simply brings copyright law into the fold.
The published version in IP Law & Business is not online; but the magazine authorized me to write an expanded version, which the Progress & Freedom Foundation is hosting. You can download the 10-pager here, and then later in the week we hopefully will be talking about the topic further at the PFF’s IP Blog here.
Well I am glad you are upbeat and I hope you are right but see please go to: http://lcweb.loc.gov/copyright
see H.R. 4569. The Digital Transmition Content Security Act of 2005. Sponsor of the Bill is Rep James F. Sensenbrenner, Jr. and co-sponsor of the bill is Rep. John Conyers, Jr.
The legislation would mandate end-to-end encryption signals and require all receiving devices to recognize and enforce the broadcaster-chosen DRM rules for content. This legislation would ban recording off the radio. It would require that all devices capable of turning an analog video signal into a digital video signal be forced to recognize and enforce two forms of content protection.
Posted by: Kelly Almond | February 14, 2006 at 12:00 AM
Well, I'm certainly surprised (and happy) to see a PFF-affiliated paper acknowledge that the DMCA anti-circumvention provision "likely" goes too far. Hopefully Joe Barton and Rick Boucher will see this paper and circulate it to some of their less enlightened associates, with appropriate highlighting.
Posted by: Doug Lay | February 14, 2006 at 08:30 AM
I had missed that suggestion, thanks Doug (Lay). Doug Lichtman, interesting paper. I agree with you that the opponents of DRM get too carried away with the "lockdown" doomsday scenarios. But I've got two problems with your suggestion that 1201 goes too far. First, you overstate the prohibition; it doesn't "in essence forbid[] the distribution of any technology that might be used to crack DRM systems." It only prohibits devices that are (1) "primarily designed or produced" for circumvention; (2) have "only limited commercially significant purpose or use other than" circumvention; or (3) are marketed as circumvention devices. Something that just might be used to circumvent (e.g., a computer in the hands of a skilled programmer) doesn't qualify.
Second, wouldn't getting rid of 1201's prohibition on anticircumvention devices lead to exactly the Cubs-style arms race you think should be avoided? The fact that circumvention devices are illegal means, for the most part, they are kept out of reputable, readily accessible, user-friendly machines. If circumvention devices were legal, either content owners and device manufacturers would be forced into a continual arms race, or DRM simply wouldn't work.
Posted by: Bruce | February 14, 2006 at 11:38 AM
Bruce:
Your first argument seems like semantic hairsplitting. Are you arguing that the exercise of fair use in the future will require the services of skilled programmers who can shape a general-purpose device into a cracking machine?
As for your second argument, there is already an arms race between skilled programmers and content owners. Repealing the DMCA anti-circumvention povision would just give device makers the option to (legally) join the fray.
Posted by: Doug Lay | February 14, 2006 at 01:25 PM
Well Doug, I'm a lawyer, so semantic hairsplitting is what I do all day. But it seems pretty obvious to me that 1201 prohibits devices that are primarily designed for or have limited commercial uses other than circumvention, and not just any device that could be used for circumvention. Do you have a different reading?
Re: your second point, I think your "just" is a rather big one.
Posted by: Bruce | February 14, 2006 at 03:07 PM
Bruce said:
"But it seems pretty obvious to me that 1201 prohibits devices that are primarily designed for or have limited commercial uses other than circumvention, and not just any device that could be used for circumvention. Do you have a different reading?"
The law is excessively restrictive, either under your reading or the straw-man alternative you present. Perhaps "semantic hairsplitting" was the wrong term. Is there a legal term for the act of making one's own position seem more moderate by presenting a ludicrous alternative for comparison? That is what you were doing.
Repeal of the DMCA anti-circumvention provision would likely have major market impact on device makers - it would enable greater interoperability, increase competition, and lower the barrier to entry for smaller players. So yes, my "just" is a rather big one - but you're dodging my main point, which is that there already is an intensive arms race between DRM makers and DRM circumventors. Do you really think the DRM makers are winning?
Posted by: Doug Lay | February 14, 2006 at 03:37 PM
Consumers, after all, will use their dollars to vote against encryption techniques that are too limiting.
This faith in the market is not necessarily valid. DRM could be set by industry standard, so that consumers have little choice. A DRM agreement between industry players would be a sort of price-fixing for the quality of a product.
Posted by: c&d | February 14, 2006 at 07:09 PM
Bruce, Doug -
Thanks so much for the comments. Let me try a few quick responses.
Bruce, I do think the DMCA stands in the way of many worthwhile technologies, for example technologies that might help users make "fair use" of protected content. The sentence you quote me for is not meant to say that the DMCA forbids *all* such technology. I meant only to point out that the DMCA sweeps too broadly, and is inconsistent with what I take to be the lesson of "reverse engineering" in the context of trade secret law.
On arms races, meanwhile, Doug stole my thunder. I agree with him that we already have an arms race right now, and the DMCA at best tweaks the race at the edges. Bruce, you rightly point out that stopping some arms races is good; arms races can be wasteful. But, here, I think there are considerations that push the other way. This arms race, after all, leads to better encryption technologies; it inspires a generation of college students to work on innovation new networking and distribution strategies; and so on. Again, I hear your point -- that there is waste in this race -- but parts of the DMCA strike me as a cure that is worse than the disease. (Once more, the analogy to reverse engineering is helpful; reverse engineering leads to a wasteful arms race, but has countervailing charms.)
Many thanks, again, for the comments. They really help.
Posted by: Doug Lichtman | February 14, 2006 at 07:16 PM
Professor,
Interesting paper. But I think the more important antecedent question is whether DRM is good or bad. Because DRM is essentially a price discrimination mechanism, the question boils down to whether enhancing the ability for IP owners to price discriminate is a good idea.
By and large, the standard economics answer is yes, insofar as monopoly with price discrimination is usually welfare enhancing over a monopoly without price discrimination. But due to consumer tolorance limits, DRM can realistically only be deployed where the market power is significant, i.e. the most popular songs, such that the surplus captured through discrimination outweighs the dampening of demand caused by imposing intrusive DRM.
In the end, therefore, DRM is an attempt to make the most successful copyrights even more successful, while having little impact on the vast majority. If this is a good thing, then DRM shouldn't be limited at all. But if we want to impose some type of ceiling on the most successful IP, that is, if one subscribes to the idea that increasing the very extreme awards has little impact on incentives to innovate, then DRM serves very little social purpose. But both options counsel an extreme attitude towards DRM, not the moderate one that you appear to suggest.
Posted by: TJ | February 14, 2006 at 09:06 PM
Thanks Doug(s). On the arms race points, there are lots of distinctions to be drawn. One is between what's available on the "Darknet" ( http://crypto.stanford.edu/DRM2002/darknet5.doc ) and what's available at mass-market retail. I'm not sure there is currently much of an arms race to keep ahead of what's available on the Darknet. Hacks happen, but a hack alone doesn't produce an arms race unless there is a cycle of responses.
However, if circumvention devices were available at mass-market retail, that would either (1) produce an arms race that is much more disruptive to consumers, content owners, and device manufacturers alike, because it would require continual upgrades of equipment, or (2) more likely, it would kill the viability of content protection altogether. Doug Lichtman, I think you prefer the current state of play to either (1) or (2). But that current state is due to 1201's device prohibitions (which may overlap considerably with the inducement/contributory infringement theory being litigated in Grokster, but that's still a little up in the air). Without 1201(a)(2) and (b)(1) or something like them, 321 Studios would still be in business, which would harm the continued viability of current DVD drives and players. http://www.wired.com/news/digiwood/0,1412,64453,00.html
Posted by: Bruce | February 15, 2006 at 12:55 PM
Bruce:
I just did a Google search for "DVD backup software." Here are some links from the first page of results, along with relevant quotes:
http://www.dvdtodivx.net/
"Super DVD ripper handles Macrovision encryption."
http://www.tomdownload.com/dvd_software/dvd_x_backup.htm
"new features include: Have CSS Decryptor to backup copy-protected DVD movies"
http://dvd.brothersoft.com/perfect_dvd_duplication.html
"Copies all DVDs even with anti-piracy encryption."
That's just a sample...all from the first page of results, and not even going into the sponsored links.
At best, the DMCA anti-circumvention provision keeps "prohibited" tools out of the chain stores...but not off the front page of the world's most popular search engine! Just where does the law-abiding world end and the Darknet start?
Also, I'm not a trained economist (and I suspect, neither are you) but your implication that the continued existence of 321 Studios would have caused content producers to stop making DVDs is patently absurd. Why do record companies continue making CDs, instead of forcing a new copy-protected format down the world's throat? Ummmm...because they need the revenue from CDs, maybe? Why would DVDs be any different?
Posted by: Doug Lay | February 15, 2006 at 09:15 PM
Doug, if you trust your credit card number to those sites, you're a braver man than I.
On your second point, I never said content companies would stop releasing content. I said the long-term viability of current DVD drives and players would be threatened (part of that threat has to do with increasing bandwidth available to consumers, but let's put that to one side for the moment). If mass-market decrypters are widely available, either a new encryption scheme would have to be devised -- one not backwardly compatible with older drives and players -- or content producers and device manufacturers would have to give up on content protection entirely. You may embrace the second alternative, but I don't think Doug Lichtman does, and that was my point.
Posted by: Bruce | February 15, 2006 at 11:02 PM
Bruce,
So you're saying that as long as we don't admit a DRM scheme is a failure, we should keep using it no matter how poorly it performs? I don't think denial is a good basis for making public policy.
The threat to copyright isn't from Joe Average Consumer making personal copies of his DVDs--that sort of threat has existed with every technology since the tape player, and the content industries have gotten by just fine. The threat is from commercial pirates and the darknet; the shutdown of 321 Studios did absolutely nothing to counter either of those problems.
Posted by: Tim Lee | February 16, 2006 at 01:00 AM
Bruce:
Ummmm.....have you ever heard of PayPal? One of those marginal Darknet entities, I guess....
You also didn't read my post carefully enough. I said "DVDs", not "content." We were talking about the same scenario, I think, and I think the scenario is ludicrous, though now I see you've hedged with the qualifier "long-term."
I think there is a third alternative scenario to the two you present. Companies could continue using the cracked copy protection system, treating it as a sort of digital "no trespassing" sign. I can't speak for Doug L., but it seems to me this would fit with his vision of a "weaker private enforcement mechanism."
Posted by: Doug Lay | February 16, 2006 at 06:34 AM
It's interesting -- I think I'm somewhere between Tim, the other Doug L., and Bruce.
I think the DMCA as it stands does slow some DRM-cracking. Yes, there are products out there; but no, my Mom isn't yet comfortable enough with PayPal and the like to buy them. Were we to kill the DMCA entirely, then, DRM would take a hit, and content providers would either have to give it up (unlikely) or develop new DRM strategies that are more robust.
But why not do something less than killing the DMCA entirely? Broader exceptions would be one change attractive to me. The Copyright Office has been relatively stingy in the use of its authority in this regard; I would love to see more thoughtful exceptions along the lines of what, say, Ed Felten has asked for this year. (Although Ed's specific request would need some tweaking, his basic motivation is spot-on.) Moreover, I would also favor comparable exceptions to other DMCA provisions, including the indirect liability provisions.
The result, as Doug Lay suggests, would be DRM as a weak but effective private mechanism -- exactly what I think its best use probably is.
Posted by: Doug Lichtman | February 16, 2006 at 07:04 AM
How about Boucher's bill (HR 1201) as an exemption?
As a parting shot (for now) let me state that my biggest objection to the DMCA anti-circumvention provision is the privileged status it grants to large copyright holders in shaping the (legally approved) digital marketplace. Of course, this doesn't always work to the copyright holders' advantage - witness the way the DMCA protects the enormous market power of Apple Computer in the digital music space.
Posted by: Doug Lay | February 16, 2006 at 08:33 AM
Lots of points, very little time. Doug Lay, I'm not sure why you think a format shift is ludicrous. They happen all the time, and in fact a new generation of digital media (HD DVD and Blu-Ray Disc) is coming out later this year. I through the qualifier "long-term" in there (both times, check out my earlier post) because obviously no format change is immediate; my argument is that a protection scheme's lifespan is shortened substantially if non-compliant players are available at mass-market retail, much more substantially than if they're available on Tom's Downloads (sure, there's Paypal, but there's also the risk that you won't get anything for your money -- like sometimes happens with the DVD vendors with the towels in Times Square -- not to mention the general perception of shadiness, which deters sales).
Tim, you're right that there are other sources of piracy. But one of the bigger sources of piracy for, e.g., music is peer-to-peer folders made generally available by consumers to other consumers. That channel is greatly assisted if mass-market tools circumvent a protection scheme designed to deter non-commercial pirates. Commercial pirates have other issues that can be used against them, e.g. the money trail, and the size of their operations. Of course, often those operations are in other countries, but that's an international enforcement issue that plagues all sorts of areas of the law right now, and unless the solution is John Perry Barlow's declaration of anarchy, something will have to be worked out eventually.
Oh yeah, and Doug Lay, I agree with you that DRM serves a "No Trespassing Sign" function, which should not be overlooked. But I believe it becomes less like "No Trespassing" and more like "Pass Only on the Left" on a three-lane highway to the extent mass-market retail circumvention devices are available.
Posted by: Bruce | February 16, 2006 at 02:06 PM
Bruce,
The vast majority of people who share music to a P2P network got the music *from* the P2P network. It only takes one person to break the DRM on a particular song in order to get the P2P process started. After that first copy is uploaded, DRM is powerless to prevent its further spread. So it's not clear to me how DRM has any significant impact on P2P-based piracy.
Posted by: Tim | February 16, 2006 at 04:12 PM
If there's only one copy out there, good luck finding it.
Posted by: Bruce | February 16, 2006 at 05:05 PM
Bruce,
Have you ever used P2P software? Typically, whenever a user downloads a file from a peer-to-peer network, a copy is automatically placed in that user's file-upload folder. That, in turn, makes it more visible for other users seeking the same file. They also download it, and the file appears in their upload folders. Using this process, a popular file can spread like wildfire through the network.
Also, it's a big world. Even if only 0.1% of users have cracking tools, that's going to be enough to put hundreds of copies of a platinum album online. The number of copies uploaded is far less important than the total number of users using P2P services.
Posted by: Tim | February 17, 2006 at 01:24 PM
Well, it looks like Prof. Lichtman's paper got no comments whatsoever from the PFF principals over at their own blog. I'm not surprised - anything that questions their beloved DMCA is likely to be greeted with all the enthusiasm of a wet fart.
If the professor isn't feeling too discouraged, I'd still be very interested in hearing what he thinks of HR 1201, which is, after all, a concrete attempt to reform, not eliminate, the DMCA anti-circumvention provision.
Posted by: Doug Lay | February 21, 2006 at 10:13 AM