« Governance at Gunpoint | Main | Book Review: Convergence Culture by Henry Jenkins »

September 12, 2006


Feed You can follow this conversation by subscribing to the comment feed for this post.

Bruce Boyden

First of all, there's something wrong with that CNET reporter if his favorite Star Trek episode is "For The World Is Hollow and I Have Touched the Sky." It's unwatchably awful, right up there with "Spock's Brain" and the one where Data builds a Mayan temple.

But putting that aside, I'm still not sure I agree that "[f]or better or worse, this is exactly the design we should anticipate with digital rights management software." The DRM envisioned by the EULA (who knows what's actually been implemented) seems to encompass at least three different types of controls: locks, monitoring, and automated self-help. Furthermore, it does all of these things in a thoroughly obfuscated way.

One could imagine a world in which one of these three sorts of controls was widely implemented and understood. One might even imagine a world in which content distributors could choose among those three controls at their option. But the technology here not only adopts all 3 controls at once, but is very cagey about how they are being implemented, and there are no likely alternative sources of consumer familiarity.

I.e., it's as if Hertz rented me a car that not only has monitors on my speed and location, but also has a block preventing acceleration above 75 mph, and also will automatically turn off if I make an illegal U-turn. That seems like overkill, but I may still agree to it as long as that's all that's going on. However, there's no guarantee that that's all that's going on: the agreement states that the car may contain all sorts of other controls that Hertz is not specifically telling me about and that I wouldn't have reason to know about otherwise (e.g., a hidden camera in the front seat filming me as I'm driving). There are purple shirts out there, and yellow-polka-dotted shirts, and pink-polka-dotted shirts, but there are very few purple shirts with pink and yellow polka dots sold in an opaque wrapper that does not let you see beforehand how ugly it looks.

There are reasons why the terms in the Unbox EULA are so open-ended and vague, of course. One is that the technologies and business models are in flux, and it is much easier to change either of those things than to pay lawyers (who are way too expensive, even for Amazon) to draft a new agreement. So you see the same thing here that you do with privacy policies -- announcements of what you call "soft rights" along the lines of, "Here, very generally, is what we are doing or may choose to do in the future, but we can choose to do something different at any time." (For privacy policies, at least a few district courts have held such policies can be enforceable contracts, but breaches of the promises have produced no recoverable damages. See, e.g., In re Jetblue Airways Corp. Privacy Litig., 379 F. Supp. 2d 299 (E.D.N.Y. 2005).) The consequences of being vague are thought to be minimal, while the consequences of being specific but wrong are catastrophic.

But unfortunately being vague about the features of the DRM just helps perpetuate the mistrust that led the distributor to be vague about the DRM in the first place.


I believe that Prof. Picker's response is that "If competition is actually working, those changes should be in the joint interests of content producers, download service providers and user/consumers." And, while I do agree that we need to be wary of "soft rights," I also believe that this is a case that demonstrates the viability of this response.

Amazon Unbox has existed for less than a week, and discussion of the sort of problems created by soft rights has been seen in technical, legal, and mainstream news.

The current world is one of quick retaliation against online entities. Just look at Facebook, which last week introduced a new feature that raised the immediate ire of its user base--it took days for this to go from "new feature" to "mistake" to "textbook example" of how not to change policies.

The same ease with which we can copy music and movies that creates the need for DRM can also put a check on many abuses that it makes possible. Abuses of soft rights fall square in the sights of these checks--the service has yet to be around long enough for there to have been abuses, and it is already being scrutinized. So long as there is a legitimate need for future maleability, I think the market can and will tolerate such contracts.

We should also question how we expect Amazon to reshape these soft rights. Do we expect that they will reduce the already minimal set of rights? It seems just as likely that the rights could be upward-revised. Perhaps a year from now they change the service to allow a wider range of uses--and this change could be applied retrospectively. Typically we wouldn't expect a need for a contractual basis for this--no consumer would sue over being given more rights. But there could be technical reasons for the change in this case: changing rights might require changing software on your computer. More, as rights become more complicated, "more" and "less" can be blurred. Perhaps Amazon licenses Apple's DRM and starts only distributing iPod-compatible videos--to be benefit of most consumers but to the detriment of a few.

There might also be issues about updating the software to avoid bugs. Last week there was some discussion about Microsoft's response to holes in its DRM--it patched a bug that allowed users to bypass its DRM faster than it patches critical security holes. (Search Google News for "microsoft DRM patch"--the link is too long to fit in the comment.) That is interesting in itself. But its relevance here is whether a that type of software "problem" is a feature or a bug? If the software lets you bypass its controls, is that a right? I think that the courts would side with Amazon in a case like this no matter what--but the contractual language short-circuits a process that might otherwise take a trial to figure out.

That said, I am a proponent of distrust. And I am alarmed that Amazon's idea of a "sale" is contingent upon continued use of their service. I expect that there is a "technical" basis for this: the Unbox software manages the rights, and once you're off the Unbox wagon, Amazon has no way to manage (permit or deny) access to content.

This is where I have a problem with the soft rights. Imagine a counterfactual world in which I had both disposable income and free time (I seem to remember it--I think it was called "before law school"). In this world I've built up quite a collection of movies from Amazon. Now Amazon comes along and announces some new policy that I just don't want to live with. I face a hold-up situation: rejecting the changes costs me my entire movie collection, accepting it costs me the burden of living with it.

It seems that this is a case where we should prefer that Amazon be required to maintain legacy support for former customers, to allow them to maintain access their content. From a technical perspective this should be relatively painless--we just need to find a way to get Amazon to do it. Really, I would prefer the use of some (yet to be developed) third-party licensing authority. When Amazon sells you rights to a movie, you download the encrypted file, and Amazon sends this third-party a key that gives you access. But now I'm reengineering the industry.





I wonder if anyone has done a comparison of DRM or other online enterprises and the credit card industry. The two have some interesting intersections. We have all received those mail inserts whereby our credit card company changes its agreement with the holder. There are generally opt-out possibilites (rather than opt-in) and the decision to opt-out doesn't actually cancel the card at that moment but generally provides that the holder cannot renew the card unless they accept the new changes. This provides credit card companies the ability to have a consistent card agreement with its holders (if delayed by a few months). Generally, these changes are subject to strict market pressures given the competitive nature of the credit card market. In that sense, all contractual rights are "soft" rights as defined by Prof. Picker in that when a given contractual right becomes too expensive to be maintained, the right disappears in less than a year. I do not have many conclusions to draw from this example, yet, but at least it proffers a strong example by analogy of the drm/online enterprise soft rights model.

Randy Picker


Yes, we talked about this at our faculty lunch on Wednesday. So the point should generalize to service contracts generally (credit cards being a good example) and also arises in employment relations (my U of C example in the post), where Eric Posner noted that the issue had been litigated regarding employment manuals. The differences here are the continuing conversion of products into services in the online world and the fact that past "products/services" are revocable (remote destruction by Amazon of the downloads). In most (?) service situations, the past services aren't revocable. Remote destruction means that the value subject to destruction grows with each download, so that the size of the bond, to draw on a different literature, grows over time.


Prof. Picker,

I think I see your point. Remote destruction is no different than other distributive costs (e.g. querty keyboard and spreadsheet macros). By increasing the use of distributive cost models, businesses can protect themselves from competition by creating barriers to entry via those distributive costs. This creates huge first mover advantages. And perhaps, protecting this contract right (the right to destroy the product) may not be worth the cost in the loss of competition down the road. I guess the tradeoff would consist of the need to create incentives now to create this content/product and the desire to have competition with low barriers to entry in the future.

The comments to this entry are closed.